Authors:Declan Murphy firstname.lastname@example.org
Jarlath Kelly email@example.com
Keith Curley firstname.lastname@example.org
John Vickery email@example.com
Dan O'Keeffe firstname.lastname@example.org
Security is an essential component of any computer system, and it is especially relevant for P2P systems. In the following sections we will outline the main topics of P2P security, including:
- The Need for Security
- Consequences of poor Security
- Current Security methods
- Security in the Future
Need for Security
In these turbulent times you would think that P2P security would be the least of the world’s problems. However corporate fraud and loss of revenue due to attacks on their internal networks has brought P2P to the forefront in the IT world. Napster was the headliner but since its high profile court case more and more P2P applications have been causing the corporate world headaches, which it could do without. With better security protocols this headache could be turned into a valuable asset for the corporate world and for the world.
The diagram on the next page illustrates the gaps in security when using P2P applications. We can see that we are letting these applications get inside our networks. The security of our “secure” network is now in jeopardy.
Following on from this, is the question of what must we protect ourselves against. We must outline the elements that our important to use, before we address the issue of the security. The main points of this are connection control, access control, operation control, anti-virus, and of course the protection of the data stored on our machines.
The connection, access, and operation control are the priority issues here. If we can make these secure, the other two points should follow from these. The diagram illustrates all the main points that we must deal with.
Outlined in this section is a selection of threats that P2P applications are vulnerable to.
P2P networking allows your network to be open to various forms of attack, break-in, espionage, and malicious mischief. P2P doesn’t bring any novel threats to the network, just familiar threats such as worms and virus attacks.
P2P networks can also allow an employee to download and use copyrighted material in a way that violates intellectual property laws, and to share files in a manner that violates an organisations security policies. Applications such as Napster, Kazaa, Grokster and others have been popular with music-loving Internet users for several years, and many users take advantage of their employers' high-speed connections to download files at work. This presents numerous problems for the corporate network such as using expensive bandwidth and being subject to a virus attack via an infected file download.
Unfortunately, P2P networking circumvents enterprise security by providing decentralized security administration, decentralized shared data storage, and a way to circumvent critical perimeter defences such as firewalls and NAT devices. If users can install and configure their own P2P clients, all the network managers server-based security schemes are out the window.
Companies can lose millions of euros worth of property such as source code due to disguising files using P2P technologies. P2P wrapping tools, such as Wrapstar (a freeware utility (http://members.fortunecity.com/wrapster), can disguise a .zip file, containing company source code, as an MP3 of a music hit. As a result an accomplice outside the company can use Morpheus to download the disguised file. To the companies security this looks like a common transaction, even if the company has frowned upon employees using P2P in music sharing. Little do they know is that their company has just been robbed, and possibly millions of euros worth of software has been lost.
Bandwidth Clogging and File Sharing:
P2P applications such as Kazaa (www.kazaa.com), Gnutella (http://gnutella.wego.com) and FreeNet (http://freenet.sourceforge.net) make it possible for one computer to share files with another computer located somewhere else on the Internet. A major problem with P2P file-sharing programs is that they result in heavy traffic, which clogs the institution networks. The rich audio and video files that P2P users share are very big. This affects response times for internal users as well as e-business customers and that results in lost income.
In order for P2P file-sharing applications to work the appropriate software must be installed on the users system. If this software contains a bug it could expose the network to a number of risks e.g. conflict with business applications or even crash the system.
Distributed processing is another P2P application. Taking lots of desktop computers and adding them together, results in a large amount of computing power to apply to difficult problems. Distributed.Net is a prominent example of this. In 1999 Distributed.Net along with the Electronic Frontier Foundation (www.eff.org) launched a brute-force attack on the 56-bit DES encryption algorithm. They broke DES in less then 24 hours. Distributed.Net were able to test 245 billion keys per second. At the time DES was the strongest encryption algorithm that the US government allowed for export.
Trojans, Viruses, Sabotage:
A user could quite possibly download and install a booby-trapped P2P application that could inflict serious damage. For example a piece of code that looks like a popular IM or file-sharing program could also include a backdoor to allow access to the user’s computer. An attacker would then be able to do serious damage or to obtain more information then they should have.
P2P software users can easily configure their application to expose confidential information for personal gain. P2P file-sharing applications can result in a loss of control over what data is shared outside the organisation.
P2P applications get around most security architectures in the same way that a Trojan horse does. The P2P application is installed on a “trusted device” that is allowed to communicate through the corporate firewall with other P2P users. Once the connection is made from the trusted device to the external Internet attackers can gain remote access to the trusted device for the purpose of stealing confidential corporate data, launching a Denial of Service attack or simply gaining control of network resources.
P2P applications such as KazaA, Morpheus (www.morpheus.com) or Gnutella enable people all over the world to share music, video and software applications. These applications expose data on a users computer to thousands of people on the Internet. These P2P applications were not designed for use on corporate networks and as a result introduce serious security vulnerabilities to corporate networked if installed on networked PCs. For example if a user starts Gnutella and then clicks into the corporate Intranet to check their email, an attacker could use this as a backdoor to gain access to the corporate LAN.
Instant messaging applications like those provided by AOL, Microsoft and Yahoo, also pose an information threat to a company. If these applications are used to discuss sensitive information, an attacker can read all the messages that are sent back and forth across the network or Internet by using a network-monitoring program.
IM applications are been developed and enhanced with new capabilities such as voice messaging and file sharing. Adding file sharing to the IM application also adds all of the risks of the file-sharing applications as described previously.
Kazaa and Gnutella give all clients direct access to files that are stored on a user’s hard drive. As a result it is possible for a hacker to find out what operating system the peer computer has and connect to folders that are hidden shares, thus gaining access to folders and information that is confidential.
There is also the issue of authentication and authorization. When using P2P you have to be able to determine whether the peer accessing information is who they really say they are and that they access only authorized information.
Along with the external threats previously described there are a few internal issues that have to be dealt with.
Interoperability is a major security concern within P2P networks. The introduction of different platforms, different systems, and different applications working together in a given infrastructure opens a set of security issues we associate with interoperability. The more differences in a given infrastructure, the more compounded the security problems.
Private Business on a Public Network:
Many companies conduct private business on a public network. This leads to an exposure to various security risks. These risks must be addresses in order to avoid the liability this use entails.
Adding and Removing Users:
There must be a feasible method to add/delete users to/from the network without increasing vulnerability. The system is under the most threat from users and former users who know the ins and outs of the system e.g. the existence of trapdoors etc.
P2P shares many security problems and solutions with networks and distributed systems e.g. data tampering, unreliable transport, latency problems, identification problems etc
When using distributed processing applications the user is required to download, install and run an executable file on their workstation in order to participate. A denial of service could result if the software is incompatible or if it contains bugs.
The People Problem:
There will always be malicious users who are intent on gaining clandestine access to corporate networks. And no matter what security protocols are put in place a skilful attacker, given enough time, will find a way around them. So all that the security buffs need to do is to keep ahead of the hackers by creating bigger and better protocols. But that’s easier said then done!
Existing Security standards and techniques in P2P networks
At an alarming rate, people are adopting, in an ad hoc fashion, the tools of the Peer-to-Peer (P2P) revolution. Company files are increasingly made available by being published to the world directly from a user's PC. Databases, spreadsheets, even entire applications, are becoming enabled with P2P features and critical information is flowing out from every PC. P2P systems typically provide mechanisms that include searching for specific content or documents, discovering other peers running the software, and implementing any number of other application level tools, such as collaborative editing, instant messaging, or remote wireless mobility support So it is easy to see why security is such a crucial factor in P2P networks.
Defending against the threats of ad hoc P2P deployment, and managing or reducing the risks of loss of information or availability of systems requires foresight, planning, and careful selection of the P2P infrastructure upon which your P2P enabled applications and services will be built.
All security mechanisms deployed today are based on either symmetric/secret key or asymmetric/public key cryptography, or sometimes a combination of the two. Here we will introduce the basic aspects of the secret key and public key techniques and compare their main characteristics.
Secret Key Techniques:
Secret key techniques are based on the fact that the sender and recipient share a secret, which is used for various cryptographic operations, such as encryption and decryption of messages and the creation and verification of message authentication data. This secret key must be exchanged in a separate out of bound procedure prior to the intended communication (using a PKI for example).
Public Key Techniques:
Public Key Techniques are based on the use of asymmetric key pairs. Usually each user is in possession of just one key pair. One of the pair is made publicly available, while the other is kept private. Because one is available there is no need for an out of band key exchange, however there is a need for an infrastructure to distribute the public key authentically. Because there is no need for pre-shared secrets prior to a communication, public key techniques are ideal for supporting security between previously unknown parties.
Asymmetric Key Pairs:
Unlike a front door key, which allows its holder to lock or unlock the door with equal facility, the public key used in cryptography is asymmetric. This means just the public key can encrypt a message with relative ease but decrypt it, if at all, with considerable difficulty.
Besides being one-way functions, cryptographic public keys are also trapdoor functions- the inverse can be computed easily if the private key is known.
Mechanisms for establishing strong, cryptographically verifiable identities are very important. These are industry standard authorization protocols that allow peers to ensure that they are speaking with the intended remote system.
Secure Sockets Layer (SSL) protocol:
For protection of information transmitted over a P2P network, some P2P’s employ the industry-standard Secure Sockets Layer (SSL) protocol. This guarantees that files and events sent will arrive unmodified, and unseen, by anyone other than the intended recipient. Moreover, because both peers use SSL both sides automatically prove who they are to each other before any information is transferred over the network. The protocol provides mechanisms to ensure tamperproof, confidential communications with the right counterpart, using the same, well-proven techniques used by all major website operators to protect consumer privacy and financial information transmitted on the Internet.
Most VPNs (virtual private networks) use IPSec technologies, the evolving framework of protocols that has become the standard for most vendors. IPSec is useful because it is compatible with most different VPN hardware and software, and is the most popular for networks with remote access clients. IPSec requires very little knowledge for clients, because the authentication is not user-based, which means a token (such as Secure ID or Crypto Card) is not used. Instead, the security comes from the workstation's IP address or its certificate (e.g. X.509), establishing the user's identity and ensuring the integrity of the network. An IPSec tunnel basically acts as the network layer protecting all the data packets that pass through, regardless of the application.
Public Key Infrastructure (PKI) An industry standard:
A full-featured X.509 Public Key Infrastructure (PKI) over a Secure Sockets Layer (SSL) network backbone - the combination of X.509 PKI authentication and SSL transport encryption is the established cryptographic standard for Internet e-commerce.
Use of X.509 PKI authentication allows security certificates from Endeavors, or from any other recognized X.509 certificate authority, to be used to establish the true identity of any peer device when it comes on-line. Use of SSL point-to-point security encryption enables each pair of peers that communicate with each other to have a unique key for that pairing. The advantage of SSL encryption is that when a peer goes off-line from a community, all its unique pairing keys become invalid, but no pairing keys between other members of the community are affected.
What about VPN Security?
The key word in "virtual private networks" is private. The last thing a business wants is to have sensitive corporate information end up in the hands of some hacker, or worse, the competition. Fortunately, VPNs are widely considered extremely secure, despite using public networks.
Why are they secure?
In order to authenticate the VPNs users, a firewall will be necessary. All VPNs require configuration of an access device, either software- or hardware-based, to set up a secure channel. A random user cannot simply log in to a VPN, as some information is needed to allow a remote user access to the network, or to even begin a VPN handshake. When used in conjunction with strong authentication, VPNs can prevent intruders from successfully authenticating to the network, even if they were able to somehow capture a VPN session.
The Future of P2P Security
The constant running theme in the security of P2P is that of trust. Trust in the other users who we interact with, and trust within the software vendors who supply us with the necessary applications. If we could have more faith in this trust, or feel a greater sense of security, maybe the development of P2P would grow even faster than it is already doing.
Many proposals are already being studied. People are acknowledging that security is an area P2P must address, if it is to be accepted by consumers.
Users Gaining Their Own Trust:
One very interesting idea recently proposed, is that of users gaining trust within the P2P community. All users would be assigned a unique digital signature, like IP, but per user and not per machine. Associated with this digital signature would be a level of trust. Trust levels would vary from say zero, to twenty. Depending on a users behaviour in the past, their trust level would either be promoted on the grounds of valid use of the network, of demoted with acts of malice and misuse.
The proposed plan states that all users trust level would begin at a rather low level. This is merely to combat unwanted users creating new accounts, and abusing the new high trust level immediately. Users would have to be active on the network for some time ( say one/two months), before their trust level would be pushed up a level. Users could also keep a local record of other known users, to which they may want to share a local trust level, and bypass the global trust policy.
This proposal has many hurdles to jump of course. It is merely an idea to be developed. The problem that it overcomes is that of the centralized managing authority. Instead, the users of the network are the authority. If the general public continuously try to demote a user, he/she will eventually lose all their privileges, and become silenced from other users. This idea also rewards genuine users, for their efforts in keeping the network policed, and for their good behaviour on the network.
The idea is possibly a bit too naive, as we all know that must humans(especially adolescent ones), will do the exact opposite of what they are meant to do, if given no choice. In other words, people do not like to be told what to do.
Biometrics involves the use of a person’s unique characteristics to authenticate them. Traits that are commonly utilized include a person’s facial image, signature, fingerprint or retinal pattern. One key feature of biometrics is that the user is no longer required to remember any passwords or store any key data, a major weakness in conventional authentication systems.
Ultimately, the technology could find its strongest role as an integrated and complementary piece of a larger authentication system, perhaps in combination with the cryptographic certificates mentioned above, rather than a stand-alone single point of defense.
In the future, many experts foresee biometrics both playing a key role in enabling public key infrastructure deployment by protecting public and private keys and residing in smart card technology in an effort to support personalized e-commerce.
Quantum Key Cryptography:
For the short term, The US Government is adopting a new encryption standard called Advanced Encryption Standard (AES), which will eventually replace DES. "When approved, the AES will be a public algorithm designed to protect sensitive government information well into the 21st century." If that's true, what will be used after AES?
One idea currently being proposed is the notion of Quantum Cryptography. Many modern encryption systems depend on the difficulty in mounting brute force attacks on secret keys, due to processing and time constraints. Although still at the theoretical stage, the performance improvements given by a hypothetical quantum computer would render many algorithms useless.
Obviously new encryption algorithms would be needed. Quantum encryption uses photon state as the key for encoding information. According to the Heisenberg uncertainty principle, it's impossible to discover both the momentum and position of a particle at any given instant in time. Therefore, in theory, an intruder can't discover secret keys based on particle state information; the intruder would need the actual particle to decipher any data encrypted with a key.
Unfortunately this concept is, for the moment, incredibly complex to implement. IBM scientists constructed the first working prototype of a quantum key distribution (QKD) system in the late 80’s. Back then they could transmit quantum signals just under half a meter through open air. Today, fiber optic cables can transmit the signal up to 31 miles. This still isn't very far, but it is definitely good progress. And although we might not see QKD come to market for quite some time, the technology sounds incredibly promising.
It is obvious from the above that security is a crucial issue when it comes to designing and implementing P2P systems. At the moment it is probably the main inhibiting factor for the growth of P2P. It is vital that users become confident in the ability of the security measures being utilised to protect them, in order for P2P technology to reach its full potential. At the moment, security measures in general are failing to inspire consumer confidence, a problem that must be addressed immediately.