Abstract
Peer-to-peer (p2p) networking technologies have gained popularity as a mechanism for users to share files without the need for centralized servers.A p2p network provides a scalable and fault-tolerant mechanism to locate nodes anywhere on a network without maintaining a large amount of routing state. This allows for a variety of applications beyond simple file sharing. Examples include multicast systems, anonymous communications systems, and web caches. We survey security issues that occur in the underlying p2p routing protocols, as well as fairness and trust issues that occur in file sharing and other p2p applications.We discuss how techniques, ranging from cryptography, to random network probing, to economic incentives, can be used to address these problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: Ascalable content-addressable network. In: Proc. ACM SIGCOMM’01, San Diego, California (2001)
Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord:A scalable peerto-peer lookup service for Internet applications. In: Proc. ACM SIGCOMM’01, San Diego, California (2001)
Rowstron, A., Druschel, P.: Pastry: Scalable, distributed object location and routing for largescale peer-to-peer systems. In: Proc. IFIP/ACM Middleware 2001, Heidelberg, Germany (2001)
Zhao, B.Y., Kubiatowicz, J.D., Joseph, A.D.: Tapestry: An infrastructure for fault-resilient wide-area location and routing. Technical Report UCB//CSD-01-1141, U. C. Berkeley (2001)
Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, D.S.: Secure routing for structured peer-to-peer overlay networks. In: Proc. OSDI 2002, Boston, Massachusetts (2002) To appear.
Sit, E., Morris, R.: Security considerations for peer-to-peer distributed hash tables. In: Proceedings for the 1st InternationalWorkshop on Peer-to-Peer Systems (IPTPS’ 02), Cambridge, Massachusetts (2002)
Saroiu, S., Gummadi, K.P., Dunn, R.J., Gribble, S.D., Levy, H.M.: An analysis of internet content delivery systems. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), Boston, Massachusetts (2002)
Rowstron, A., Kermarrec, A.M., Druschel, P., Castro, M.: Scribe: The design of a large-scale event notification infrastructure. In: Proc. NGC’2001, London, UK (2001)
Castro, M., Druschel, P., Kermarrec, A.M., Rowstron, A.: SCRIBE:A large-scale and decentralized application-level mul ticast infrastructure. IEEE JSAC 20 (2002)
Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: Proceedings of the Third Symposium on Operating Systems Design and Implementation (OSDI’99), New Orleans, Louisiana (1999)
Douceur, J.R.: The Sybil attack. In: Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS’ 02), Cambridge, Massachusetts (2002)
Merkle, R.C.: Secure communications over insecure channels. Communications of theACM 21 (1978) 294–299
Dabek, F., Kaashoek, M.F., Karger, D., Morris, R., Stoica, I.: Wide-area cooperative storage with CFS. In: Proc. ACM SOSP’01, Banff, Canada (2001)
Rowstron, A., Druschel, P.: Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility. In: Proc. ACM SOSP’01, Banff, Canada (2001)
Mazières, D., Kaminsky, M., Kaashoek, M.F., Witchel, E.: Separating key management from file system security. In: Proc. SOSP’99, Kiawah Island, South Carolina (1999)
Bolosky, W.J., Douceur, J.R., Ely, D., Theimer, M.: Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs. In: Proc. SIGMETRICS’2000, Santa Clara, California (2000)
Feigenbaum, J., Shenker, S.: Distributed algorithmic mechanism design: Recent results and future directions. In: Proceedings of the 6th InternationalWorkshop on Discrete Algorithms and Methods for Mobile Computing and Communications (DIAL-M 2002), Atlanta, Georgia (2002) 1–13
Reiter, M.K., Rubin, A.D.: AnonymousWeb transactions with Crowds. Communications of the ACM 42 (1999) 32–48
Fehr, E., Gachter, S.: Altruistic punishment in humans. Nature (2002) 137–140
Schwartz, J., Tedeschi, B.: New software quietly diverts sales commissions. NewYork Times (2002) http://www.nytimes.com/2002/09/27/technology/27FREE.html.
Spring, T.: KaZaA sneakware stirs inside PCs. PC World (2002) http://www.cnn.com/2002/TECH/internet/05/07/kazaa.software.idg/index.html.
Weatherall, D.: Active network vision and reality: lessons from a capsule-based system. In: Proceedings of the Seventeenth ACM Symposium on Operating System Principles, Kiawah Island, SC (1999) 64–79
Hicks, M., Kakkar, P., Moore, J.T., Gunter, C.A., Nettles, S.: PLAN: A Packet Language for Active Networks. In: Proceedings of the ThirdACM SIGPLAN International Conference on Functional Programming Languages, ACM (1998) 86–93
Wallach, D.S., Balfanz, D., Dean, D., Felten, E.W.: Extensible security architectures for Java. In: Proceedings of the Sixteenth ACM Symposium on Operating System Principles, Saint-Malo, France (1997) 116–128
Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communication: Special Issue on Copyright and Privacy Protection 16 (1998)
Waldman, M., Rubin, A.D., Cranor, L.F.: Publius: A robust, tamper-evident, censorshipresistant, web publishing system. In: Proc. 9th USENIX Security Symposium, Denver, Colorado (2000) 59–72
Waldman, M., Mazires, D.: Tangler: A censorship resistant publishing system based on document entanglements. In: 8thACMConference on Computer and Communcation Security (CCS-8), Philadelphia, Pennsylvania (2001)
Hazel, S., Wiley, B.: Achord: A variant of the Chord lookup service for use in censorship resistant peer-to-peer. In: Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS’ 02), Cambridge, Massachusetts (2002)
Serjantov, A.: Anonymizing censorship resistant systems. In: Proceedings for the 1st InternationalWorkshop on Peer-to-Peer Systems (IPTPS’ 02), Cambridge, Massachusetts (2002)
Freedman, M.J., Sit, E., Cates, J., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS’ 02), Cambridge, Massachusetts (2002)
Dingledine, R., Freedman, M.J., Molnar, D.: Accountability measures for peer-to-peer systems. In: Peer-to-Peer: Harnessing the Power of Disruptive Technologies, O'Reilly and Associates (2000)
Bellovin, S.: Security aspects of Napster and Gnutella. In: 2001 Usenix Annual Technical Conference, Boston, Massachusetts (2001) Invited talk.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wallach, D.S. (2003). A Survey of Peer-to-Peer Security Issues. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_4
Download citation
DOI: https://doi.org/10.1007/3-540-36532-X_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00708-1
Online ISBN: 978-3-540-36532-7
eBook Packages: Springer Book Archive