Peer-to-Peer Computing
|
|
- Maurice Green
- 5 years ago
- Views:
Transcription
1 Peer-to-Peer Computing P2p Security
2 Outline P2P as an architecture that spreads security threats P2P Security issues Sybil attack Distributed Hash issues P2P overlay network problems
3 Threats dissemination
4 Most popular downloads ( ) By the software itself Its popularity makes it a very valuable infection vector
5 Viruses inside clients grokster.com 1 January 2002 «It has recently come to our attention that our previous Grokster installer for about a three week period contained a program being called by the anti-virus companies W32.DlDer.Trojan. This program was apparently installed by one of our advertisers, ClickTilUWin.»
6 Dissemination By the content provided Each user acts as a server for each other user No centralized server to upload and download files No way for the software developer to check the content provided Protection is up to the user A downloaded file is usually made available immediately for upload to other users
7 Dissemination kazaa.com/en/help/virus..com/en/help/virus.htm htm «Most files that are accessible using Kazaa Media Desktop originate from other users. This means that there will always be the risk of irresponsible users introducing viruses.» P2P File-Sharing networks have become a very easy mean to spread viruses
8 Example Win32/Merkur ( ) Mass mailing Internet worm in VB6 Also spreads via IRC network (using mirc) P2P network (using Kazaa, edonkey, BearShare) Copies itself to C:\Program Files\Kazaa\My Shared Folder\IPspoofer.exe C:\Program Files\Kazaa\My Shared Folder\Virtual Sex Simulator.exe
9 Example Win32/HLLW.Gool Gool.B ( ) Backdoor with trojan and internet worm capabilities in Delphi Sets in the registry the sharing folders for Kazaa to C:\Windows\Sys32 Copies itself in this folder to Britney.jpg.exe Catherine_Zeta_Jones_Nude.jpg.exe X_Box_Emulator.txt.exe
10 Screenshot XBOX Emulator search results on KaZaA From Kostya Kortchinsky s slides
11 Screenshot NO CD search results on emule From Kostya Kortchinsky s slides
12 Spyware In general, spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet, spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.
13 Screenshot From Kostya Kortchinsky s slides
14 Sharing Private Data The risk is great that unintended files will be shared Users may often be sharing private data without being aware of it Although theoretically the user controls what subdirectories he/she makes available to peer users, sometimes more subdirectories are shared than is known or intended
15 Screenshot Downloading 260 megabytes Inbox file from KaZaA Several Inbox.dbx in search results from edonkey From Kostya Kortchinsky s slides
16 Advices bearshare.com/help/citizen..com/help/citizen.htm htm «You don't need to get rid of your firewall completely, you just need to "drill a hole" in it for BearShare. It won't decrease your security because BearShare doesn't contain any security holes. Please read BearShare Firewall Tutorial for instructions how to configure your firewall.»
17 went bad! securityfocus.com/bid/5888 «The BearShare webserver is prone to directory traversal attacks. This may allow remote attackers to break out of the web root directory and browse the filesystem of the host running the software. This issue is a variant of the vulnerability described in Bugtraq ID The variant issue was unsuccessfully addressed in version It is still possible to disclose files with a malicious URL encoded request to the webserver.»
18 Easy to face external attacks securityfocus.com/bid/4951 «The edonkey 2000 Windows client includes a handler for a custom URI, ed2k://. It has been reported that the handler for edonkey 2000 is vulnerable to a buffer overflow condition when parsing maliciously constructed URIs. This may be exploited to crash the user's browser or execute arbitrary code on the victim client.»
19 Easy to face external attacks securityfocus.com/bid/6747 «KaZaA version is vulnerable to a denial of service attack caused by a buffer overflow. By sending a malicious response to an affected system for the automated advertisement download, a remote attacker could overflow a buffer and cause the system to crash or possibly execute code on the system.»
20 The Sybil Attack The Sybil Attack
21 Background P2P systems use multiple, independent entities to mitigate possible damage by other hostile entities Replication Computations Storage Fragmentation Protects against privacy violations Sybil Attack Attacker can assume multiple identities Aims to control substantial fraction of system
22 Model Overview Generic distributed computing environment Entities E Correct C union Faulty F = E Send messages Pipe Messages cloud Messages Uninterrupted, finite-length bit string Cloud Broadcast Bounded time Guaranteed Unordered
23 Model Definitions Identity Abstract representation that persists across multiple communication events Entities perceive other entities through identities Present Each entity presents an identity to other entities in the system Local entity L A specific entity that results are stated with respect to Accept If an entity e successfully presents an identity i for itself to L, L accepts i
24 Model Characteristics General Leaves internals of cloud unspecified Includes any topology/geometry Friendly Limits obstructive power of corrupt entities DoS attacks not possible Strengthens negative results Entities can perform operations with complexity polynomial in n Allows public-key cryptography Entities can establish point-to-point communication
25 Model Main Idea Each entity e attempts to present one legitimate identity Each faulty entity f additionally attempts to present one or more counterfeit identities Goal: system should accept all legitimate identities, zero counterfeit
26 Lemmas Four lemmas Collectively show impracticality of establishing distinct identities in large-scale distributed system Proofs trivial (refer to paper) In absence of trusted authority, entities accept identities only when identity is: 1. Validated by entity itself (direct validation) Lemmas 1 and 2 2. Vouched for by other already validated identities (indirect validation) Lemmas 3 and 4
27 Lemma 1: Resources Let min = minimally capable entity R x = resources of x ρ = R f / R min f can present floor(ρ) distinct identities to L Gives lower bound on damage achievable by f
28 Lemma 1: Counter measurements Communication limitation L broadcasts request for identities and accept replies that come within given time interval Storage limitation L challenges identities to store large amount of unique, uncompressible data Computation limitation L challenges identities to solve unique computational puzzle
29 Lemma 2: Concurrency If L accepts entities not validated simultaneously Single f can present an arbitrary large number of counterfeit identities to L f presents a distinct identity to L using R f R f is freed and f repeats process
30 Lemma 2: Counter measurements Insurmountable for temporal resources (computation and communication), not for storage L can indefinitely extend challenge duration: periodically demand different data excerpts Challenge consumes R, so real work limited
31 Lemma 3: Resources If L accepts any identity vouched for by q accepted identities, a group F can present many counterfeit identities to L if either: Size of group F >= q R F >= resources taken by q + F minimally capable entities
32 Lemma 4: Concurrency If correct entities C do not coordinate time intervals to accept identities, and if L accepts any identity vouched for by q accepted identities Minimally capable f can present floor( C / q ) counterfeit identities to L
33 Lemma 4: Concurrency Shows need for multiple entities in C to issue concurrent challenges May or may not be possible depending on resource Communication: possible because of broadcast cloud Storage: information theory says probably not Computation: possible by combining puzzles
34 Conclusion Without centralized authority, Sybil attacks always possible except when: All entities have nearly identical resources All presented identities are validated simultaneously When accepting identities not directly validated, required number of vouchers exceeds number of system-wide failures Not justifiable as assumptions Not practically realizable as requirements
35 Distributed Hash Table issues
36 Attacks on Nodes Goal of the adversary is to fragment the network Since p2p networks follow power-law an adversary can selectively knock down highly connected nodes
37 Attacks on Routing P2P routing mechanism in general A key identifier space A node identifier space Rules for associating keys to particular nodes Per-node routing tables that refer to other nodes Rules for updating the tables as nodes join and leave Routing Attacks Incorrect Lookup Routing Incorrect Routing Updates Partitioning
38 Incorrect Lookup Routing Malicious node forwards lookups to incorrect or non-existence node Detection Mechanism: At each hop lookup is suppose to get closer to the key identifier For the detection to work, querier must be allowed to observe lookup progress Criteria for verifiable lookup Querier should ensure that the destination itself agrees that it is the correct termination point Assign keys to nodes in a verifiable way Long term identities using public-keys
39 Incorrect Routing Update A malicious node could corrupt the routing table with incorrect updates to neighbors Systems that have the freedom to choose between multiple routes are especially vulnerable Detection Mechanism: Verifiable routing updates e.g. Pastry s update prefix requirements
40 Partitioning Set of malicious nodes form a parallel network and trap new nodes inside them rendering the network useless for new nodes Detection Mechanism: Incorrect functioning of the network/queries etc. Criteria for reliable join: Use history of queries and verify the current network s results with random queries Out-of-band trusted source Use of public-key for trust systems
41 Semantic Attacks Goal is not to knock down the entire system but to make the system look inefficient or faulty to the user and convince them to abandon the system (probably what RIAA will do) E.g. For all the queries to MP3 return false data but queries for text files return proper results Semantic Attacks Storage and Retrieval Attacks Flooding Face/Off
42 Storage & Retrieval Storage and Retrieval Attacks Disinformation about storage Deny access to stored data (natural on p2p) Return incorrect data (overpeering inc.) Detection Mechanism: Wrong results, denial of service etc. Criteria for Reliable Storage & Retrieval: Maintain replication invariant Avoid single point responsibilities Verification queries from different sources
43 Miscellaneous Attacks Face/Off Just like the movie Show good face to part of the network and the other face to rest Flooding/DoS As usual Replication may provide certain level of defense Rapid Joins & Leaves Unsolicited Messages
44 Security for Structured Peer-to-peer Overlay Networks
45 What is the paper about and not about Not about traditional attacks SYN flood, IP Spoofing, Buffer overflow, DoS attacks on resource access Keep in mind these attacks still work About unique security problems in P2P Goal: Secured Routing Ensure that when a correct node sends a message to a key, the message reaches all correct replica roots for the key with very high probability.
46 What s new in P2P for security? Nodes are MUCH more powerful Assign nodeid themselves Act as a router: has routing table, forwarding messages.. Fully Decentralized no authorization and authentication You can trust nobody Dynamic & self-organizing
47 Typical Routing Model Routing Given a key, locate the corresponding node with high probability Pastry, Tapestry Internet topology-aware in routing-table Chord, CAN Routing-table constrained Performance and security assumption: nodeid uniform random distribution
48 Fault model Byzantine failure model N: number of total nodes f: (0<=f<=1) the fraction of nodes that may be faulty c: (1/N<=c<=f) bound size of independent coalitions
49 Network model Assumption: no NAT, no DHCP Network level and Overlay level Adversary has complete control over network-level communication
50 Sub-problems Securely assigning IDs to nodes attacker may capture all replicas for an object attacker may target a particular victim Securely maintaining routing tables attackers may populate with faulty entries most messages are routed to faulty nodes Securely forwarding messages even with proper routing tables, faulty nodes can corrupt, drop, misroute messages
51 NodeID Assignment Attack What if attacker can choose nodeid? Surround a victim node Partition a p2p network become the key holder (root) Self ID generation Random (freenet), bad hash IP (chord), bad
52 Solution: Certified nodeids Offline certification authorities assign random IDs to nodes certificate binds the ID to public key and IP attacker cannot swap IDs between his nodes bad for dynamic address assignment, host mobility, or organizational changes CAN nodeids change when nodes join and depart Avoid giving multiple IDs to one entity (Sybil attack) charge for each certificate increases cost of attack bind IDs to existing trustworthy identities
53 Attack on maintaining routing table Fake the closest node, or during update Supply faulty routing update Faulty info propagate (1-f)*f+f*1>f Routing algorithm related
54 Attack on forwarding Probability of routing successfully between two non-faulty nodes is (1-f) h-1 h is log 2 b(n) for Pastry Probability of routing correctly to a non- faulty replica root is (1-f) h Tradeoff: increasing b decreases the number of hops but also increases the amount of state information
55 Solution on forwarding The most important part of Secure Routing Basic Idea Apply failure test to determine if routing worked correctly. If no, use redundant and/or iterative routing. Goal accomplish in reasonable time/expense
56 Now we have Secure Routing Ensure that when a correct node sends a message to a key, the message reaches all correct replica roots for the key with very high probability. Slow, expensive Use common routing as possible as we can
Security for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818
Security for Structured Peer-to-peer Overlay Networks By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818 1 Acknowledgement Some of the following slides are borrowed from talks by Yun Mao
More informationDetecting and Recovering from Overlay Routing Attacks in Peer-to-Peer Distributed Hash Tables
Detecting and Recovering from Overlay Routing Attacks in Peer-to-Peer Distributed Hash Tables A thesis for the degree of Master of Science in Computer Science Keith Needels keithn@csh.rit.edu Department
More informationCS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University
CS 555: DISTRIBUTED SYSTEMS [P2P SYSTEMS] Shrideep Pallickara Computer Science Colorado State University Frequently asked questions from the previous class survey Byzantine failures vs malicious nodes
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationIntroduction to Security. Computer Networks Term A15
Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet
More informationIntroduction to Peer-to-Peer Systems
Introduction Introduction to Peer-to-Peer Systems Peer-to-peer (PP) systems have become extremely popular and contribute to vast amounts of Internet traffic PP basic definition: A PP system is a distributed
More informationPeer-to-peer systems and overlay networks
Complex Adaptive Systems C.d.L. Informatica Università di Bologna Peer-to-peer systems and overlay networks Fabio Picconi Dipartimento di Scienze dell Informazione 1 Outline Introduction to P2P systems
More informationPeer-to-Peer Systems. Network Science: Introduction. P2P History: P2P History: 1999 today
Network Science: Peer-to-Peer Systems Ozalp Babaoglu Dipartimento di Informatica Scienza e Ingegneria Università di Bologna www.cs.unibo.it/babaoglu/ Introduction Peer-to-peer (PP) systems have become
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #10 Network Layer Threats; Identity Mgmt. 2015 Patrick Tague 1 Class #10 Summary of wireless network layer threats Specific threats related to
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationAdvantages of P2P systems. P2P Caching and Archiving. Squirrel. Papers to Discuss. Why bother? Implementation
Advantages of P2P systems P2P Caching and Archiving Tyrone Nicholas May 10, 2004 Redundancy built in - by definition there are a large number of servers Lends itself automatically to multiple copies of
More informationMalware, , Database Security
Malware, E-mail, Database Security Malware A general term for all kinds of software with a malign purpose Viruses, Trojan horses, worms etc. Created on purpose Can Prevent correct use of resources (DoS)
More information- Content Security in P2P
Why Jenny can t share the content with Jane? - Content Security in P2P Heather Yu Huawei Technologies heathery@ieee.org Future of Networked Home A vision voice video text Data gaming IPTV streaming IM
More informationSystem Models. 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models. Nicola Dragoni Embedded Systems Engineering DTU Informatics
System Models Nicola Dragoni Embedded Systems Engineering DTU Informatics 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models Architectural vs Fundamental Models Systems that are intended
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationSearching for Shared Resources: DHT in General
1 ELT-53206 Peer-to-Peer Networks Searching for Shared Resources: DHT in General Mathieu Devos Tampere University of Technology Department of Electronics and Communications Engineering Based on the original
More informationScalable overlay Networks
overlay Networks Dr. Samu Varjonen 1 Lectures MO 15.01. C122 Introduction. Exercises. Motivation. TH 18.01. DK117 Unstructured networks I MO 22.01. C122 Unstructured networks II TH 25.01. DK117 Bittorrent
More informationSearching for Shared Resources: DHT in General
1 ELT-53207 P2P & IoT Systems Searching for Shared Resources: DHT in General Mathieu Devos Tampere University of Technology Department of Electronics and Communications Engineering Based on the original
More informationMotivation for peer-to-peer
Peer-to-peer systems INF 5040 autumn 2015 lecturer: Roman Vitenberg INF5040, Frank Eliassen & Roman Vitenberg 1 Motivation for peer-to-peer Ø Inherent restrictions of the standard client/ server model
More informationSecure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures By Chris Karlof and David Wagner Lukas Wirne Anton Widera 23.11.2017 Table of content 1. Background 2. Sensor Networks vs. Ad-hoc
More informationProblems in Reputation based Methods in P2P Networks
WDS'08 Proceedings of Contributed Papers, Part I, 235 239, 2008. ISBN 978-80-7378-065-4 MATFYZPRESS Problems in Reputation based Methods in P2P Networks M. Novotný Charles University, Faculty of Mathematics
More informationThe Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla
The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Venugopalan Ramasubramanian Emin Gün Sirer Presented By: Kamalakar Kambhatla * Slides adapted from the paper -
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationNext Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.
Next Week No sections Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More informationSecure Distributed Storage in Peer-to-peer networks
Secure Distributed Storage in Peer-to-peer networks Øyvind Hanssen 07.02.2007 Motivation Mobile and ubiquitous computing Persistent information in untrusted networks Sharing of storage and information
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationNetwork Security (and related topics)
Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton
More informationOn Demand secure routing protocol resilient to Byzantine failures
On Demand secure routing protocol resilient to Byzantine failures Primary Reference: B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, An on-demand secure routing protocol resilient to Byzantine failures,
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationOverview of Information Security
Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information
More informationP2PNS: A Secure Distributed Name Service for P2PSIP
P2PNS: A Secure Distributed Name Service for P2PSIP Mobile P2P 2008, Hong Kong, China Outline Decentralized VoIP (P2PSIP) Peer-to-Peer name service (P2PNS) Architecture Two-stage name resolution P2PNS
More informationLecture 6: Worms, Viruses and DoS attacks. II. Relationships between Biological diseases and Computers Viruses/Worms
CS 4740/6740 Network Security Feb. 09, 2011 Lecturer: Ravi Sundaram I. Worms and Viruses Lecture 6: Worms, Viruses and DoS attacks 1. Worms They are self-spreading They enter mostly thru some security
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationS/Kademlia: A Practicable Approach Towards Secure Key Based Routing
S/Kademlia: A Practicable Approach Towards Secure Key Based Routing Ingmar Baumgart, Sebastian Mies P2P NVE 2007, Hsinchu, Taiwan, Institute of Telematics Prof. Dr. M. Zitterbart Motivation Kademlia is
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationMaking Gnutella-like P2P Systems Scalable
Making Gnutella-like P2P Systems Scalable Y. Chawathe, S. Ratnasamy, L. Breslau, N. Lanham, S. Shenker Presented by: Herman Li Mar 2, 2005 Outline What are peer-to-peer (P2P) systems? Early P2P systems
More informationChapter 10: Peer-to-Peer Systems
Chapter 10: Peer-to-Peer Systems From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4, Addison-Wesley 2005 Introduction To enable the sharing of data and resources
More informationDistributed Systems Final Exam
15-440 Distributed Systems Final Exam Name: Andrew: ID December 12, 2011 Please write your name and Andrew ID above before starting this exam. This exam has 14 pages, including this title page. Please
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationPeer to Peer Networking, the security perspective Eric Vyncke Cisco Systems Distinguished Engineer
Peer to Peer Networking, the security perspective Eric Vyncke Cisco Systems Distinguished Engineer evyncke@cisco.com 2002, Cisco Systems, Inc. All rights reserved. 1 Agenda Introduction to peer to peer
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationINTRODUCTION ON D-DOS. Presentation by RAJKUMAR PATOLIYA
INTRODUCTION ON D-DOS Presentation by RAJKUMAR PATOLIYA What is d-dos??? The full form of the D-DOS is Distributed Denial of Service. The attacks are carried out by flooding site traffic at appoint in
More informationDepartment of Computer Science Institute for System Architecture, Chair for Computer Networks. File Sharing
Department of Computer Science Institute for System Architecture, Chair for Computer Networks File Sharing What is file sharing? File sharing is the practice of making files available for other users to
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon {bethenco, jfrankli, vernon}@cs.wisc.edu Computer Sciences Department University of Wisconsin, Madison
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2014 www.cs.cmu.edu/~prs/15-441-f14 Yes: Creating a secure channel for communication (Part I) Protecting
More informationChapter 1 B: Exploring the Network
Chapter 1 B: Exploring the Network Types of Networks The two most common types of network infrastructures are: Local Area Network (LAN) Wide Area Network (WAN). Other types of networks include: Metropolitan
More informationSlides for Chapter 10: Peer-to-Peer Systems
Slides for Chapter 10: Peer-to-Peer Systems From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, Addison-Wesley 2012 Overview of Chapter Introduction Napster
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationShould we build Gnutella on a structured overlay? We believe
Should we build on a structured overlay? Miguel Castro, Manuel Costa and Antony Rowstron Microsoft Research, Cambridge, CB3 FB, UK Abstract There has been much interest in both unstructured and structured
More informationVeracity: Practical Secure Network Coordinates via Vote-Based Agreements
Veracity: Practical Secure Network Coordinates via Vote-Based Agreements Micah Sherr, Matt Blaze, and Boon Thau Loo University of Pennsylvania USENIX Technical June 18th, 2009 1 Network Coordinate Systems
More informationUnit 2 Assignment 2. Software Utilities?
1 Unit 2 Assignment 2 Software Utilities? OBJECTIVES Identify software utility types and examples of common software Why are software utilities used? Identify and describe the various networking threats.
More informationEarly Measurements of a Cluster-based Architecture for P2P Systems
Early Measurements of a Cluster-based Architecture for P2P Systems Balachander Krishnamurthy, Jia Wang, Yinglian Xie I. INTRODUCTION Peer-to-peer applications such as Napster [4], Freenet [1], and Gnutella
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #11 - Identity Mgmt.; Routing Security 2016 Patrick Tague 1 Class #11 Identity threats and countermeasures Basics of routing in ad hoc networks
More informationEthics and Information Security. 10 주차 - 경영정보론 Spring 2014
Ethics and Information Security 10 주차 - 경영정보론 Spring 2014 Ethical issue in using ICT? Learning Outcomes E-policies in an organization relationships and differences between hackers and viruses relationship
More informationEE 122: Network Security
Motivation EE 122: Network Security Kevin Lai December 2, 2002 Internet currently used for important services - financial transactions, medical records Could be used in the future for critical services
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe
More informationDebunking some myths about structured and unstructured overlays
Debunking some myths about structured and unstructured overlays Miguel Castro Manuel Costa Antony Rowstron Microsoft Research, 7 J J Thomson Avenue, Cambridge, UK Abstract We present a comparison of structured
More informationGCIH. GIAC Certified Incident Handler.
GIAC GCIH GIAC Certified Incident Handler TYPE: DEMO http://www.examskey.com/gcih.html Examskey GIAC GCIH exam demo product is here for you to test the quality of the product. This GIAC GCIH demo also
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK PEER-TO-PEER FILE SHARING WITH THE BITTORRENT PROTOCOL APURWA D. PALIWAL 1, PROF.
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationAgent and Object Technology Lab Dipartimento di Ingegneria dell Informazione Università degli Studi di Parma. Distributed and Agent Systems
Agent and Object Technology Lab Dipartimento di Ingegneria dell Informazione Università degli Studi di Parma Distributed and Agent Systems Peer-to-Peer Systems & JXTA Prof. Agostino Poggi What is Peer-to-Peer
More informationHacking Terminology. Mark R. Adams, CISSP KPMG LLP
Hacking Terminology Mark R. Adams, CISSP KPMG LLP Backdoor Also referred to as a trap door. A hole in the security of a system deliberately left in place by designers or maintainers. Hackers may also leave
More informationDistributed Systems. 17. Distributed Lookup. Paul Krzyzanowski. Rutgers University. Fall 2016
Distributed Systems 17. Distributed Lookup Paul Krzyzanowski Rutgers University Fall 2016 1 Distributed Lookup Look up (key, value) Cooperating set of nodes Ideally: No central coordinator Some nodes can
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Attacks! Christian Grothoff Technische Universität München April 13, 2013 Salsa & AP3 Goal: eliminate trusted blender server Idea: Use DHT (AP3: Pastry, Salsa: custom
More informationUser s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.
User s Guide SingNet Desktop Security 2011 Copyright 2010 F-Secure Corporation. All rights reserved. Table of Contents 1. Getting Started... 1 1.1. Installing SingNet Desktop Security... 1 1.1.1. System
More informationOverlay and P2P Networks. Unstructured networks. PhD. Samu Varjonen
Overlay and P2P Networks Unstructured networks PhD. Samu Varjonen 25.1.2016 Contents Unstructured networks Last week Napster Skype This week: Gnutella BitTorrent P2P Index It is crucial to be able to find
More informationSnort Rules Classification and Interpretation
Snort Rules Classification and Interpretation Pop2 Rules: Class Type Attempted Admin(SID: 1934, 284,285) GEN:SID 1:1934 Message POP2 FOLD overflow attempt Summary This event is generated when an attempt
More informationJ. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering
Auburn Information Assurance Laboratory J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering 107 Dunstan Hall Auburn
More informationReputation Management in P2P Systems
Reputation Management in P2P Systems Pradipta Mitra Nov 18, 2003 1 We will look at... Overview of P2P Systems Problems in P2P Systems Reputation Management Limited Reputation Sharing Simulation Results
More informationA Survey of Peer-to-Peer Content Distribution Technologies
A Survey of Peer-to-Peer Content Distribution Technologies Stephanos Androutsellis-Theotokis and Diomidis Spinellis ACM Computing Surveys, December 2004 Presenter: Seung-hwan Baek Ja-eun Choi Outline Overview
More informationDistributed hash table - Wikipedia, the free encyclopedia
Page 1 sur 6 Distributed hash table From Wikipedia, the free encyclopedia Distributed hash tables (DHTs) are a class of decentralized distributed systems that provide a lookup service similar to a hash
More informationPeer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University
Peer-to-peer Sender Authentication for Email Vivek Pathak and Liviu Iftode Rutgers University Email Trustworthiness Sender can be spoofed Need for Sender Authentication Importance depends on sender Update
More informationGNUnet Distributed Data Storage
GNUnet Distributed Data Storage DHT and Distance Vector Transport Nathan S. Evans 1 1 Technische Universität München Department of Computer Science Network Architectures and Services July, 24 2010 Overview
More informationOverlay and P2P Networks. Unstructured networks. Prof. Sasu Tarkoma
Overlay and P2P Networks Unstructured networks Prof. Sasu Tarkoma 20.1.2014 Contents P2P index revisited Unstructured networks Gnutella Bloom filters BitTorrent Freenet Summary of unstructured networks
More informationSECURING INFORMATION SYSTEMS
SECURING INFORMATION SYSTEMS (November 7, 2016) BUS3500 - Abdou Illia - Fall 2016 1 LEARNING GOALS Understand security attacks preps Discuss the major threats to information systems. Discuss protection
More informationInternet Technology. 06. Exam 1 Review Paul Krzyzanowski. Rutgers University. Spring 2016
Internet Technology 06. Exam 1 Review Paul Krzyzanowski Rutgers University Spring 2016 March 2, 2016 2016 Paul Krzyzanowski 1 Question 1 Defend or contradict this statement: for maximum efficiency, at
More informationDOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationOverlay and P2P Networks. Unstructured networks. Prof. Sasu Tarkoma
Overlay and P2P Networks Unstructured networks Prof. Sasu Tarkoma 19.1.2015 Contents Unstructured networks Last week Napster Skype This week: Gnutella BitTorrent P2P Index It is crucial to be able to find
More informationCyber Security Practice Questions. Varying Difficulty
Cyber Security Practice Questions Varying Difficulty 1 : This is a class of programs that searches your hard drive and floppy disks for any known or potential viruses. A. intrusion detection B. security
More informationInternet Technology 3/2/2016
Question 1 Defend or contradict this statement: for maximum efficiency, at the expense of reliability, an application should bypass TCP or UDP and use IP directly for communication. Internet Technology
More informationAuthors: Mark Handley, Vern Paxson, Christian Kreibich
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics Authors: Mark Handley, Vern Paxson, Christian Kreibich Exploitable Ambiguities NIDS does not have full range
More informationTelematics Chapter 9: Peer-to-Peer Networks
Telematics Chapter 9: Peer-to-Peer Networks Beispielbild User watching video clip Server with video clips Application Layer Presentation Layer Application Layer Presentation Layer Session Layer Session
More informationSaarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis
Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science Masters Thesis Experimental Comparison of Byzantine Fault Tolerant Distributed Hash Tables submitted by Supriti
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationSybilGuard: Defending Against Sybil Attacks via Social Networks
Expanded Technical Report. The original version appears In Proceedings of the ACM SIGCOMM Conference on Computer Communications (SIGCOMM 2006), Pisa, Italy, September 2006 SybilGuard: Defending Against
More information