P2P Security

Interest in P2P overlay networks has increased in recent years as an efficient, scalable, fault-resilient, and self-organizing substrate for building distributed applications. Specifically, the major aim of a P2P network is to provide a scalable and fault-tolerant mechanism to locate nodes anywhere on a network without maintaining a large amount of routing state. This allows for a variety of applications beyond simple file sharing. Examples include multicast systems, anonymous communications systems, and web caches.

P2P networks also deliver interesting services, such as distributed hash tables (DHTs), for transparently decoupling upper-level applications from the physical network. A DHT is like a traditional hash table except that the key-value pairs map to physical network nodes rather than hash buckets.

Although popular, however, both DHT-based and unstructured P2P systems present many security vulnerabilities. For example, many routing protocols fail to fulfill availability concerns to ensure network services’ survivability in the face of denial-of-service attacks. In general, any system not designed to withstand an adversary is going to be broken easily by one, and P2P networks are no exception. If P2P networks are to be widely deployed on the Internet, they must be robust against a conspiracy of some nodes, acting in concert, to attack the remainder of the nodes.

A malicious node might give erroneous responses to a query, either by returning false data (perhaps in an attempt to censor the legitimate data) or returning false routing information (perhaps in an attempt to partition the network). Adversaries might have a number of other goals, including traffic analysis against systems that strive to provide anonymous channels of communication, and censorship against systems that try to provide high availability. In addition to such “hard” attacks, some users may simply wish to gain more from the network than they give back to it. Such disparities could be expressed in terms of disk space or in terms of bandwidth (where an attacker refuses to use its limited network bandwidth to transmit a file, forcing the requester to use some other replica). While many P2P applications are explicitly designed to balance load across nodes, “hot-spots” can still occur, particularly if one node is responsible for a particularly popular document. Moreover, a number of “trust” issues can happen in P2P networks. The data being shared, itself, might not be trustworthy. Popularity-based ranking systems will be necessary to help users discover legitimate versions of the documents they desire.

To illustrate why securing P2P applications is a challenging task, now we announce which requirements P2P networks must fulfill in order to provide a secure routing primitive. According to Miguel Castro and colleagues [1], secure routing presents several main drawbacks that must be solved:

1. Secure node-identifier assignment to stop attackers from choosing locations in the overlay from which to mediate victim nodes’ network access — similar to “man-in-the-middle” attacks, attackers can choose their IDs, and hence locations, to get near victim nodes and control all the messages they insert into the overlay;
2. Secure routing-information maintenance to ensure that pointers to malicious nodes don’t exceed, on average, the fraction of faulty peers in the overlay; and
3. Secure message forwarding to ensure that each key is delivered to the node that’s responsible for it.

In the next secion, we review related work on this topic.

Related Work

1. Miguel Castro, Ayalvadi Ganesh, Antony Rowstron, Peter Druschel and Dan S. Wallach. Secure routing for structured peer-to-peer overlay networks. Proceedings of the 5th Usenix Symposium on Operating Systems Design and Implementation (OSDI 2002), Boston, Massachusetts, December 2002. This paper discusses several vulnerabilities of current DHT overlays such as CAN, Chord, Tapestry and Pastry. It offers some ideas to make routing and node id assignment secure.
2. Mudhakar Srivatsa and Ling Liu. Vulnerabilities and Security Threats in Structured Overlay Networks: A Quantitative Analysis. Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), Tucson, AZ, USA, December 2004. This paper studies several serious security threats in DHT-based systems through three targeted attacks at the overlay layer. The first attack explores the routing anomalies that can be caused by malicious nodes returning incorrect lookup routes. The second attack targets the tight data placement scheme. We show that replication of data items, by itself, is insufficient to secure the data items. The third attack targets the ID mapping scheme.
3. Emil Sit and Robert Morris. Security Considerations for Peer-to-Peer Distributed Hash Tables. Proceedings of the first International Workshop on Peer-to-Peer Systems (IPTPS'02), MIT Faculty Club, Cambridge, MA, USA, March 2002. This paper looks at what sort of security problems are inherent on peer-to-peer systems based on distributed hash lookup systems. It discusses the details of those attacks when applied to some specific systems, and suggests defenses in some cases.
4. Dan S. Wallach. A Survey of Peer-to-Peer Security Issues. Proceedings of the International Symposium on Software Security, Tokyo, Japan, November 2002. A general view of the security issues that occur in the underlying p2p routing protocols, as well as the fairness and trust issues that arise in file sharing and other p2p applications. It discusses how techniques, ranging from cryptography to economic incentives, can be used to address such problems.
5. Marc S. Artigas, Pedro García and Antonio G. Skarmeta. A Novel Methodology for Constructing Secure Multipath Overlays. IEEE Internet Computing, 9(6):50–57, 2005. Secure distribution of content over structured P2P overlays demands robust new routing protocols to defend against malicious actions such as denial-of-service attacks. In this article, the authors present a generic methodology for strengthening circular overlays by increasing the number of independent paths among peers.
6. Sergio Marti, Prasanna Ganesan and Hector Garcia-Molina. DHT Routing Using Social Links. Proceedings of the third International Workshop on Peer-to-Peer Systems (IPTPS'04), La Jolla, CA, USA, February 2004. The equality and anonymity of peer-to-peer networks makes them vulnerable to routing denial-of-service attacks from misbehaving nodes. This paper shows the way in which social networks can benefit peer-to-peer networks by leveraging the inherent trust associated with social links.
7. Sergio Marti, Prasanna Ganesan and Hector Garcia-Molina. SPROUT: P2P Routing with Social Networks. Proceedings of first International Workshop on Peer-to-Peer Computing and Databases (P2P&DB 2004), Heraklion, Greece, March 2004. In this paper, the authors investigate how existing social networks can benefit P2P data networks by leveraging the inherent trust associated with social links. They present a trust model that allows them to compare routing algorithms for P2P networks overlaying social networks. They propose SPROUT, a DHT routing algorithm that, by using social links, significantly increases the number of query results while reducing query delays.
8. Neil Daswani, Hector Garcia-Molina, and Beverly Yang. Open Problems in Data-Sharing Peer-to-Peer Systems. Proceedings of 9th International Conference on Database Theory (ICDT 2003), Siena, Italy, January 2003. This paper focuses on two fundamental aspects of P2P systems: search and security while suggesting several open and important research problems for the p2p community to address.
9. Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. The EigenTrust Algorithm for Reputation Management in P2P Networks. Proceedings of the twelfth International World Wide Web Conference (WWW'03), Budapest, Hungary, May 2003. This paper describes a secure algorithm to decrease the number of downloads of inauthentic files on p2p file-sharing networks by assigning each peer a unique global trust value based on the peer's history of authentic and inauthentic uploads.
10. Ali Aydin Selçuk, Ersin Uzun and Mark Resat Pariente. A Reputation-Based Trust Management System for P2P Networks. Proceedings of IEEE International Symposium on Cluster Computing and the Grid (CCGrid 2004), Chicago, USA, April 2004. This paper describes a reputation-based trsut management protocol for P2P networks where users rate the reliability of parties they deal with. The protocol helps establishing trust among good peers as well as identifying the malicious ones.
11. Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. Incentives for Combatting Freeriding on P2P Networks. Proceedings of Euro-Par 2003, Klagenfurt, Austria, August 2003. This paper addresses the problem of free-riding on peer-to-peer networks. Free riders are the peers which use p2p systems only to download content but do not serve to other peers. The goal of the paper is to develop incentive mechanisms to encourage peers to cooperate, thus avoding free-riding.