UAB - The University of Alabama at Birmingham

Security and Privacy of P2P Systems

Peer-to-Peer (P2P) has become an accepted paradigm for large-scale Internet applications. In addition to file distribution (e.g., BitTorrent), today many critical (live and on-demand) video streaming and Voice-over-IP (VoIP) services currently employ P2P. In the long term, we expect to see other services migrate to P2P, possibly including backup, search, e-mail and patch distribution.The BitTorrent Ecosystem

Fig: The BitTorrent Ecosystem

Although the P2P paradigm can provide reduced cost and rapid deployment, it also generates a vast array of new security concerns. In transitioning from a client-server to a P2P deployment, the core of the service shifts from a set of servers, which are under direct control of the service provider, to peers distributed around the world and operated by millions of independent users. This loss of control leads to a wide range of new vulnerabilities that can be exploited by attackers. As an example, an attacker can exploit the privacy problem in a P2P distribution of security patches. This problem occurs when  a peer A requests a patch from another peer B, it announces to B its vulnerability, which B can exploit instead of providing the patch.

There are two compelling reasons for studying P2P vulnerabilities. First, given our growing dependence on P2P-based services, it is critical that the P2P services be highly-resilient to Denial-of-Service (DoS) at-tacks. These include attacks on integrity of the content, injection of decoy distributions, poisoning of the distributed index, and bandwidth and connection flooding attacks on peers and content sources. Second, given the massive number of concurrently participating hosts in a P2P application, an attacker can potentially leverage the peers to create devastating attacks on external hosts (such as web, email servers) and subnetworks. These include distributed DoS attacks on external hosts and exploiting a P2P system as a command and control infrastructure for botnets.

The goal of our research is to arrive at a deep and comprehensive understanding of intrinsic P2P vulnerabilities and, once equipped with a such an understanding, develop a broad array of mechanisms for making future P2P systems secure. We study the security of a broad class of emerging P2P systems, which we refer to as 4G-P2P systems. 4G-P2P systems include the BitTorrent ecosystem in its entirety, a multitude of live P2P video streaming systems, and the emerging P2P Video-on-Demand (VoD) systems.

Our research falls into three broad areas:

  1. DoS vulnerabilities of P2P systems;
  2. P2P- leveraged vulnerabilities; and
  3. Design of resilient P2P systems.

In studying DoS vulnerabilities, we will develop a measurement infrastructure to rapidly crawl millions of peers in 4G-P2P systems and evaluate ongoing massive-scale attacks from “interdiction companies” (which work on the behalf of the movie studios and record labels). We will also fabricate our own, potentially devastating attacks, and evaluate them with real-world clients running on PlanetLab (allowing us to circumvent attacking actual real-world deployments in the wild). For the research on P2P-leveraged vulnerabilities, by creating our own benevolent bots, deploying them in PlanetLab, and having them enroll in operational Distributed Hash Tables (DHTs), we will study how P2P systems can become the next generation command-and-control infrastructure for botnets. In addition to developing measurement infrastructures and evaluation methodologies, we will build insightful mathematical models for DoS attacks on P2P systems as well as for external attacks leveraging P2P systems. Based on our understanding of above P2P vulnerabilities, we will design fundamental primitives that will make future P2P systems resilient. Many of the solutions we will consider will be far reaching and experimental, but nevertheless promising. These defense mechanisms include a distributed certification authority based on threshold cryptography, which will provide a robust mechanism for peer authentication and message confidentiality, efficient and robust content-integrity mechanisms broadly applicable to 4G- P2P systems; machine learning methodologies and user-assisted solutions for detecting decoy distributions; router-based mechanisms for identifying Sybil nodes; and poisoning attacks for combating P2P-leveraged command-and-control for botnets. We will incorporate the best of our defense mechanisms as plugins for Azureus, a popular open-source client for BitTorrent.