Security Issues and Solutions in Peer-topeer Systems for Real-time Communications

Size: px

Start display at page:

Download "Security Issues and Solutions in Peer-topeer Systems for Real-time Communications"

Valentine Pierce Kelly
8 years ago
Views:

1 Security Issues and Solutions in Peer-topeer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00 Henning Schulzrinne Enrico Marocco Emil Ivov March 2009 (IETF 74) IETF - P2PRG 1

2 Overview Attacker motivations Attacker resources P2P for real-time (vs. file sharing) more than just a DHT March 2009 (IETF 74) IETF - P2PRG 2

3 Attacker motivations Disrupt communications extortion, dislike, political, incumbent operator? Financial gain impersonation theft of service spamming (SPIT) Fun & fame March 2009 (IETF 74) IETF - P2PRG 3

Financial gain impersonation theft of service

4 Attacker resources Identities: IP addresses if used for DHT position user subscription limitations mobile phone # s addresses, Computational resources botnets make proof-of-work largely useless March 2009 (IETF 74) IETF - P2PRG 4

s email addresses, Computational resources botnets make

5 Attack timing March 2009 (IETF 74) IETF - P2PRG 5

6 Review: P2P for real-time Map names to other identifiers Provide (computational) services proxying (registration, services) relaying (NAT traversal) Store data configuration data voic March 2009 (IETF 74) IETF - P2PRG 6

1 Provide (computational) services proxying (registration,

7 File sharing vs. real time File sharing Real-time Distributed database Availability Integrity Confidentiality file location hundreds or thousands per user same file, hundreds of copies poison file store with bogus material but no direct threat to user Files are public (may want to hide origin) User locations: one per user each user is unique impersonate user compromise user communication integrity Communications is private (src/dest & content) March 2009 (IETF 74) IETF - P2PRG 7

thousands per user same file, hundreds of copies poison file store with bogus material but no direct threat to user

8 Admission control Goal: keep rogue percentage low allows detection, voting, bypassing Group charter + group authority authority certifies candidates compliance with charter central authority or voting how practical in semi-anonymous systems? what information can votes be based on? ballot stuffing by compromised nodes Use CAPTCHA to reduce impact of bots RELOAD (and Skype) uses central authority March 2009 (IETF 74) IETF - P2PRG 8

in semi-anonymous systems? what information can votes be based on?

9 Position in overlay Sybil attacks do not depend on identifier but preventing nodes from choosing location randomizes attacks IP address or identifier provided by central authority IP address doesn t work well for NATed devices Allows attacker more choice Use temporary identifiers? randomizes attack targets Use diametrically opposed IDs to avoid local collusion rogue nodes can add neighbors March 2009 (IETF 74) IETF - P2PRG 9

NATed devices Allows attacker more choice Use temporary identifiers?

10 Identifying malicious peers Proactive use test cases to detect misbehavior mystery shopper Reactive detect and report misbehavior Reputation management mostly investigated for file sharing difficult to prevent another denial-of-service attacks of rogue nodes transitive trust March 2009 (IETF 74) IETF - P2PRG 10

mostly investigated for file sharing difficult to prevent another

11 Real-time services are different Don t need everyone to be a peer just enough resources to get job done just increases routing latency (log(n)) increases chances of corruption Typically, promote nodes from clients to peers use invitation, rather than self-promotion based on uptime, resources, public IP address, geographic need Why would a client want to become peer? Skype: closed (almost) no choice Open systems: incentives randomized promotion for sybil prevention March 2009 (IETF 74) IETF - P2PRG 11

self-promotion based on uptime, resources, public IP address, geographic need Why would a client want to become peer?

12 Attack Denial of service black hole signaling or media fictitious error responses ( no such number ) use iterative routing getting closer? Integrity of location bindings Identity-based crypto non-intuitive identifiers Integrity of content (voice mail, ) generally, only inserter needs access March 2009 (IETF 74) IETF - P2PRG 12

Integrity of location bindings Identity-based crypto non-intuitive identifiers

13 Summary (& my take) P2P systems for real-time applications file sharing more than just key value mapping Identity scarcity is crucial leverage existing hard-to-clone identities Reputation systems are unlikely to work either central entity knows good guys or they all look the same Avoiding centralization at all cost may not matter for realtime services typically, don t have Napster/PirateBay problem March 2009 (IETF 74) IETF - P2PRG 13

work either central entity knows good guys or they all look the same Avoiding centralization at all cost may

RELOAD Usages for P2P Data Storage and Discovery

RELOAD Usages for P2P Data Storage and Discovery AW2-presentation from Alexander Knauf Alexander.Knauf@Haw-Hamburg.de Review Infrastructure Independent Conferencing: Decentralized fashion Multiple conference