Presented by:Vijaya Krishnan.S
Security Issues of P2P Networks
P2P applications introduce a whole new series of security issues, security within the virtual P2P networks themselves and security with respect to the environments they ride on. P2P technology can undermine network security and can leave computing devices open to threats ranging from violations of intellectual property laws, viruses, malicious software that is undetected by antivirus protection, password and data theft, to Denial of Service (DoS) attacks that flood the network with data and incapacitate computers. This report deals with various security aspects of P2P applications.
P2P is a communications model in which each party has the same capabilities and either party can initiate a communication session. So we could define P2P as direct communication or collaboration (mostly file-sharing) between computers, where none are simply clients or servers, but all machines are equals - peers. Peer-to-Peer (P2P) is a form of distributed computing that can be described as the sharing of computer resources such as files, MP3s etc and computer services by direct transfer between two computer systems.
Traditionally, the exchange of resources and services between computer systems is done using Client-Server techniques. A Client-Server system is one in which there is a dominant computer (the Server), that is connected to several other computers with less control (the Clients). Clients can communicate with other clients only through the Server. With P2P systems, there is no such dominant server, control is decentralized. Each node or peer on the network may act as both a client and server. Clients in a P2P network can interact freely with other clients without the intervention of a server although sometimes there is the presence of a directory server (which stores IP addresses and other information about the computers in the network) for look up purposes.
The problem faced is that of trust: spammers, crackers will target P2P networks. Their open nature makes them easy targets. Anyone can join and if users feel they cannot trust their peers on the network, they will not use it. Even if such concerns are unjustified, the perception that such dangers exist may be enough. Allowing strangers access to your home computer may prove to be a bad idea.
2 NEED FOR SECURITY
In these turbulent times you would think that P2P security would be the least of the world's problems. However corporate fraud and loss of revenue due to attacks on their internal networks has brought P2P to the forefront in the IT world. Napster was the headliner but since its high profile court case more and more P2P applications have been causing the corporate world headaches, which it could do without. With better security protocols this headache could be turned into a valuable asset for the corporate world and for the world.
The main points of this are connection control, access control, operation control, anti-virus, and of course the protection of the data stored on our machines. The connection, access, and operation control are the priority issues here. If we can make these secure, the other two points should follow from these. The diagram illustrates all the main points that we must deal with.
3 THREATS FACED BY P2P
Threats faced by P2p can be classified into two:
• External Threats
• Internal Threats
3.1 External Threats
P2P networking allows your network to be open to various forms of attack, break-in, espionage, and malicious mischief. P2P doesn't bring any novel threats to the network, just familiar threats such as worms and virus attacks. P2P networks can also allow an employee to download and use copyrighted material in a way that violates intellectual property laws, and to share files in a manner that violates an organizations security policies. Applications such as Napster, Kazaa, Grokster and others have been popular with music-loving Internet users for several years, and many users take advantage of their employers high-speed connections to download files at work. This presents numerous problems for the corporate network such as using expensive bandwidth and being subject to a virus attack via an infected file download.
Unfortunately, P2P networking circumvents enterprise security by providing decentralized secu¬rity administration, decentralized shared data storage, and a way to circumvent critical perime¬ter defences such as firewalls and NAT devices. If users can install and configure their own P2P clients, all the network managers server-based security schemes are out of the window. The various external threats are as follows: Theft
Companies can lose millions of euros worth of property such as source code due to disguising files using P2P technologies. P2P wrapping tools, such as Wrapstar can disguise a .zip file, containing company source code, as an MP3 of a music hit. To the companies security this looks like a common transaction, even if the company has frowned upon employees using P2P in music sharing.
Bandwidth Clogging and File Sharing
P2P applications such as Kazaa, Gnutella and FreeNet make it possible for one computer to share files with another computer located somewhere else on the Internet. A major problem with P2P file-sharing programs is that they result in heavy traffic, which clogs the institution networks. The rich audio and video files that P2P users share are very big. This affects re¬sponse times for internal users as well as e-business customers and that results in lost income. Bugs
In order for P2P file-sharing applications to work, the appropriate software must be installed on the users system. If this software contains a bug it could expose the network to a number of risks e.g. conflict with business applications or even crash the system. Encryption Cracking
Distributed processing is another P2P application. Taking lots of desktop computers and adding them together, results in a large amount of computing power to apply to difficult prob¬lems. Distributed.Net is a prominent example of this. In 1999 Distributed.Net along with the Electronic Frontier Foundation launched a brute-force attack on the 56-bit DES encryption algorithm. They broke DES in less then 24 hours. Distributed.Net was able to test 245 billion keys per second. At the time DES was the strongest encryption algorithm that the US govern¬ment allowed for export.
Trojans, Viruses, Sabotage
A user could quite possibly download and install a P2P application that could inflict serious damage. For example a piece of code that looks like a popular IM or file-sharing program could also include a backdoor to allow access to the user's computer. An attacker would then be able to do serious damage or to obtain more information than they should have. P2P software users can easily configure their application to expose confidential information for personal gain. P2P file-sharing applications can result in a loss of control over what data is shared outside the organization. P2P applications get around most security architectures in the same way that a Trojan horse does. The P2P application is installed on a trusted device that is allowed to communicate through the corporate firewall with other P2P users. Once the connection is made from the trusted device to the external, Internet attackers can gain remote access to the trusted device for the purpose of stealing confidential corporate data, launching a Denial of Service attack or simply gaining control of network resources. Backdoor Access
P2P applications such as Kazaa, Morpheus or Gnutella enable people all over the world to share music, video and software applications. These applications expose data on a users computer to thousands of people on the Internet. These P2P applications were not designed for use on corporate networks and as a result introduce serious security vulnerabilities to corporate networked, if installed on networked PCs. For example if a user starts Gnutella and then clicks into the corporate Intranet to check their email, an attacker could use this as a backdoor to gain access to the corporate LAN. Non-encrypted IM
Instant messaging applications like those provided by AOL, Microsoft and Yahoo, also pose an information threat to a company. If these applications are used to discuss sensitive informa¬tion, an attacker can read all the messages that are sent back and forth across the network or Internet by using a network-monitoring program. IM applications are been developed and enhanced with new capabilities such as voice messaging and file sharing. Adding file sharing to the IM application also adds all of the risks of the file-sharing applications. Confidentiality
Kazaa and Gnutella give all clients direct access to files that are stored on a user's hard drive. As a result it is possible for a hacker to find out what operating system the peer computer has and connect to folders that are hidden shares, thus gaining access to folders and information that are confidential. Authentication
There is also the issue of authentication and authorization. When using P2P you have to be able to determine whether the peer accessing information is who they really say they are and that they access only authorized information.
3.2 Internal Threats
Interoperability is a major security concern within P2P networks. The introduction of different platforms, different systems, and different applications working together in a given infrastruc¬ture opens a set of security issues we associate with interoperability. The more differences in a given infrastructure, the more compounded the security problem.
Private Business on a Public Network
Many companies conduct private business on a public network. This leads to an exposure to various security risks. These risks must be addressed in order to avoid the liability this use entails.
P2P shares many security problems and solutions with networks and distributed systems e.g. data tampering, unreliable transport, latency problems, identification problems etc.
Adding and Removing Users
There must be a feasible method to add/delete users to/from the network without increas¬ing vulnerability. The system is under the most threat from users and former users who know the ins and outs of the system.
When using distributed processing applications, the user is required to download, install and run an executable file on their workstation in order to participate. A denial of service could result if the software is incompatible or if it contains bugs.
The People Problem
There will always be malicious users who are intent on gaining clandestine access to corpo¬rate networks. And no matter what security protocols are put in place a skilful attacker, given enough time, will find a way around them. So all that the security buffs need to do is to keep ahead of the hackers by creating bigger and better protocols.
4 SECURITY METHODS
All security mechanisms deployed today are based on either symmetric/secret key or asymmet¬ric/public key cryptography, or sometimes a combination of the two.
4.1 Secret Key Techniques
Secret key techniques are based on the fact that the sender and recipient share a secret, which is used for various cryptographic operations, such as encryption and decryption of messages and the creation and verification of message authentication data. This secret key must be exchanged in a separate out of bound procedure prior to the intended communication.
4.2 Public Key Techniques
Public Key Techniques are based on the use of asymmetric key pairs. Usually each user is in possession of just one key pair. One of the pair is made publicly available, while the other is kept private. Because one is available there is no need for an out of band key exchange, however there is a need for an infrastructure to distribute the public key authentically. Because there is no need for pre-shared secrets prior to a communication, public key techniques are ideal for supporting security between previously unknown parties.
4.3 Asymmetric Key Pairs
Unlike a front door key, which allows its holder to lock or unlock the door with equal facility, the public key used in cryptography is asymmetric. This means just the public key can encrypt a message with relative ease but decrypt it, if at all, with considerable difficulty. Besides being one-way functions, cryptographic public keys are also trapdoor functions- the inverse can be computed easily if the private key is known.
5 SECURITY PROTOCOLS
5.1 Secure Sockets Layer (SSL) protocol
For protection of information transmitted over a P2P network, some P2P's employ the industry-standard Secure Sockets Layer (SSL) protocol. This guarantees that files and events sent will arrive unmodified, and unseen, by anyone other than the intended recipient. Moreover, because both peers use SSL both sides automatically prove who they are to each other before any information is transferred over the network. The protocol provides mechanisms to ensure tamperproof, confidential communications with the right counterpart, using the same, well-proven techniques used by all major website operators to protect consumer privacy and financial information transmitted on the Internet.
5.2 IPSec technologies
Most VPNs (virtual private networks) use IPSec technologies, the evolving framework of pro¬tocols that has become the standard for most vendors. IPSec is useful because it is compatible with most different VPN hardware and software, and is the most popular for networks with remote access clients. IPSec requires very little knowledge for clients, because the authentica¬tion is not user-based, which means a token (such as Secure ID or Crypto Card) is not used. Instead, the security comes from the workstation's IP address or its certificate (e.g. X.509), establishing the user's identity and ensuring the integrity of the network. An IPSec tunnel basically acts as the network layer protecting all the data packets that pass through, regardless of the application.
5.3 Public Key Infrastructure (PKI) An industry standard
A full-featured X.509 Public Key Infrastructure (PKI) over a Secure Sockets Layer (SSL) net¬work backbone - the combination of X.509 PKI authentication and SSL transport encryption is the established cryptographic standard for Internet e-commerce. Use of X.509 PKI authentica¬tion allows security certificates from Endeavors, or from any other recognized X.509 certificate authority, to be used to establish the true identity of any peer device when it comes on-line. Use of SSL point-to-point security encryption enables each pair of peers that communicate with each other to have a unique key for that pairing. The advantage of SSL encryption is that when a peer goes off-line from a community, all its unique pairing keys become invalid, but no pairing keys between other members of the community are affected.
Why is VPN secure? In order to authenticate the VPNs users, a firewall will be necessary. All VPNs require configu¬ration of an access device, either software-based or hardware-based, to set up a secure channel. A random user cannot simply log in to a VPN, as some information is needed to allow a remote user access to the network, or to even begin a VPN handshake. When used in conjunction with strong authentication, VPNs can prevent intruders from successfully authenticating to the network, even if they were able to somehow capture a VPN session.
6 THE FUTURE OF P2P SECURITY
Trust in the other users who we interact with, and trust within the software vendors who supply us with the necessary applications. If we could have more faith in this trust, or feel a greater sense of security, maybe the development of P2P would grow even faster than it is already doing.