gzz-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...

From: Hermanni Hyytiälä
Subject: [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...
Date: Mon, 03 Mar 2003 10:02:13 -0500 
CVSROOT:        /cvsroot/gzz
Module name:    gzz
Changes by:     Hermanni Hyytiälä <address@hidden>      03/03/03 10:01:47

Modified files:
        Documentation/misc/hemppah-progradu: masterthesis.tex 
                                             progradu.bib 

Log message:
        More security problems

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.104&tr2=1.105&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/progradu.bib.diff?tr1=1.91&tr2=1.92&r1=text&r2=text

Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.104 
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.105
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.104      Mon Mar 
 3 06:55:33 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex    Mon Mar  3 
10:01:47 2003
@@ -1117,41 +1117,212 @@
 
 
 \subsection{Access Control}
-\subsection{Fault-tolerance}
+
+Any distributed computing system must support different levels of access 
control. For instance, we may
+want to restrict the accessibility of data to only limited amount of 
participating peers. Currently, 
+Peer-to-Peer systems doesn't support working, trusted and  distributed access 
control scheme. Moreover, 
+there has been a lot of violation of copyright laws by users of Peer-to-Peer 
filesharing systems. As a consequence, some
+lawsuits has been created againts the companies how have build popular 
file-sharing programs.
+
+To our knowledge, Nejdl et al \cite{nejdl03accesscontrol} have proposed first 
practical solution to access 
+control problem in Peer-to-Peer systems. They use RDF-based schema policies to 
restrict access to certain
+data. To be distributed system feasible, there must be way of control. 
Unfortunately, their solution
+works only in loosely structured systems.
+
+
 \subsection{Hostile entities}
+
+One serious problem in Peer-to-Peer system is lack of ability to identify 
hostile entities trustworthy.
+Possible solutions include self-monitoring systems \cite{zhang03somo}, 
maintaining system invariants as
+proposed in \cite{sit02securitycons}, distributed and secure peer identifier 
assignment 
+\cite{castro02securerouting}, \cite{clarke00freenet} and self-certifying data 
using cryptographic 
+content hashes (e.g., SHA-1). Identification of hostile entities is essential 
in tightly structured 
+approach, in which fundamental (and implicit) assumption is that there is 
random, uniform distribution 
+of peer identifiers that cannot be controlled by hostile entity.
+
+Of course centralized authorities could be used for assignment of peer 
identifiers, but they have 
+property of single point of failure. Furthermore, distributed peer 
identification assignment can
+be problematic as long as Sybil attack remains unsolved. However, there are 
some partial solutions
+for controlling the rate at which and hostile entity is able to obtain peer 
identifier, such as crypto-based
+puzzles \cite{juels99clientpuzzles}.
+
+In the end, none of previously mentioned solutions are able to identify 
hostile entities in practical,
+efficient way. More research is required to solve this problems.
+
+
 \subsection{Secure Query Routing}
-\subsection{Other Security threds}
+
+Much work has been done on secure routing, especially in tightly structured 
systems. In 
+\cite{castro02securitystructured} and \cite{castro02securerouting}, authors 
suggests the usage
+of constrained routing tables and diverse routes, and detection of faults 
during query routing.
+Additionally, authors present a important aspect of tightly structured 
approach with regard
+to fault-tolerant query routing: the probability of routing succesfully 
between to arbitrary, 
+correct peers, when a fraction $f$ of the other peers are faulty or hostile, 
is only $(1-f)^{h-1}$.
+
+Sit and Morris \cite{sit02securitycons} discuss the possibility of allowing 
query originator 
+to observe lookup progress and cross-check routing tables using random 
queries. However, Sit and
+Morris approach is not very efficient, since proposals create a lot of 
additional network traffic when
+in function.
+
+Additionally, Lynch et al. \cite{lynch02atomicdataaccess} propose a solution 
to secure routing table 
+maintenance, but their solution seems to have to major problems 
\cite{castro02securitystructured}. First,
+the solution is very expensive even without faulty or hostile entities. 
Second, each group of replicas
+in their solution must have less than 1/3 of its peer faulty. Thus, this 
feature results in a low
+probability of succesfull routing.
+
+Aspnes et al in \cite{aspnes02faultrouting} and Kaashoek et all in 
\cite{kaashoek03koorde} formally 
+prove the lower and upper bounds for space requirements of locating a specific 
date item in 
+Peer-to-Peer system. They show that to provide high degree of fault tolerance 
efficiency, a peer 
+must maintain $O(\log{n})$ neighbors. In addition, most existing
+
+Fiat et al in \cite{fiat02censorship}, \cite{saia02dynamicfaultcontentnetwork} 
and Datar in \cite{datar02butterflies}  
+describe tightly structured overlay with analytical results in the presence of 
hostile entities. However,
+none of these proposals doesn't address an efficient, dynamic tightly 
structured overlay and multiple rounds
+of hostile attack. Indeed, above mentioned solutions are not very efficient. 
In Fiat et al, each node 
+must maintain information of $O(\log^3{n})$ other peers, and in Datar 
$O(\log^3{n})$ is required.
+
+Finally, Ratnasamy and Gavoille \cite{ratnasamy02routing}, 
\cite{gavoille01routing} list several open problems
+regarding routing in distributed networks. Obviously, more research is 
required for make secure
+routing possible in Peer-to-Peer networks.
+
+
+\subsection{Other Security threats}
+
+Ross Lee graham lists several external threats againts Peer-to-Peer networks 
\cite{grahamp2psecurity}. The list 
+includes viruses, trojans and bugs in Peer-to-Peer software. Currently, there 
are not even partial solutions
+to the problems mentioned above.
+
+
+\scriptsize
+\begin{longtable}{|l|l|l|l|}
+
+\hline 
+\multicolumn{1}{|c|}{\textbf{Problem}} & 
+\multicolumn{1}{c|}{\textbf{Problem description}} & 
+\multicolumn{1}{c|}{\textbf{Solutions}} &
+\multicolumn{1}{c|}{\textbf{Comments/Status}}
+\\ \hline 
+\endfirsthead
+
+\multicolumn{4}{c}%
+{{\tablename\ \thetable{} -- continued from previous page}} \\
+\hline \multicolumn{1}{|c|}{\textbf{Problem}} &
+\multicolumn{1}{c|}{\textbf{Problem description}} &
+\multicolumn{1}{c|}{\textbf{Solutions}} &
+\multicolumn{1}{c|}{\textbf{Comments/Status}} 
+\\ \hline 
+\endhead
+
+\endfoot
 
 
 
+\parbox{90pt}{Query routing \cite{sit02securitycons}, 
\cite{aspnes02faultrouting}, \cite{castro02securerouting}, 
\cite{ratnasamy02routing}, \cite{gavoille01routing}, 
\cite{lynch02atomicdataaccess}} &                        
+\parbox{110pt}{Incorrect forwarding (hostile), incorrect routing (hostile)} &
+\parbox{110pt}{Query monitoring, cross check routing tables, verify routing 
tables, create routing table invariants} &
+\parbox{110pt}{Increases system complexity} 
+\\ \hline
 
 
+\parbox{90pt}{DoS attack \cite{sit02securitycons}, 
\cite{saia02dynamicfaultcontentnetwork}, \cite{datar02butterflies}, 
\cite{daswani02queryflooddos}, \cite{juels99clientpuzzles}} &
+\parbox{110pt}{Distributed, controlled burden againts specific computer(s)} &
+\parbox{110pt}{Client puzzles, load balancing, traffic measurements, traffic 
models, replication} &
+\parbox{110pt}{Only partial solutions, traffic models most effective}
+\\ \hline 
+
+
+\parbox{90pt}{Sybil attack \cite{douceur02sybil}, 
\cite{castro02securerouting}} &
+\parbox{110pt}{Single hostile entity present multiple entities} &
+\parbox{110pt}{Identify all nodes simultaneously across the system, collect 
pool of nodes which are validated, distributed node ID creation} &
+\parbox{110pt}{Not practically realizable, research focused on persistence, 
not on identity distinction}
+\\ \hline 
 
 
+\parbox{90pt}{Spam attack \cite{naor03simpledht}} &
+\parbox{110pt}{Hostile entity creates false versions of data} &
+\parbox{110pt}{Do not trust to single entity, get information from multiple 
entities, trust on majority's opinion} &
+\parbox{110pt}{Easy to implement, creates more network traffic} 
+\\ \hline
 
 
-\cite{grahamp2psecurity}
+\parbox{90pt}{Resource spoofing} &
+\parbox{110pt}{Hostile entity gives wrong information about the data which 
entity is responsible for/knows about} &
+\parbox{110pt}{Do not trust to single entity, get information from multiple 
entities, trust on majority's opinion} &
+\parbox{110pt}{Easy to implement, creates more network traffic} 
+\\ \hline
 
-\cite{nejdl03accesscontrol}
 
-%dup
-\cite{castro02securitystructured}
-\cite{castro02securerouting}
+\parbox{90pt}{Entity identification \cite{ajmani02conchord}} &
+\parbox{110pt}{Identify participating entities reliably and efficiently        
} &
+\parbox{110pt}{Digital signatures, key infrastructure} &
+\parbox{110pt}{Not practically realizable}
+\\ \hline
+
+
+\parbox{90pt}{Data integrity/authenticity \cite{dabek01widearea}} &
+\parbox{110pt}{Integrity/originality of data is unknown} &
+\parbox{110pt}{Cryptographic content hashes, key architectures} &
+\parbox{110pt}{For data integrity, there are working solutions, but for data 
authenticity, some of the solutions are partial, which may be practically 
realizable}
+\\ \hline
+
+
+\parbox{90pt}{Anonymity \cite{reiter98crowds}, \cite{tarzan:ccs9}, 
\cite{pub00}, \cite{clarke00freenet}, \cite{reiter98crowds}, 
\cite{352607},\cite{502002}} &
+\parbox{110pt}{Anonymity cannot be provided in all cases} &
+\parbox{110pt}{Remailers, pre-routing} &
+\parbox{110pt}{Total anonymity cannot be provided yet}
+\\ \hline
+
+
+\parbox{90pt}{Malicious nodes \cite{sit02securitycons}, 
\cite{castro02securerouting}} &
+\parbox{110pt}{How to identify malicious nodes in the system} &
+\parbox{110pt}{Create invariants for node behaviour, verify invariants, 
self-certifying data} &
+\parbox{110pt}{Partial solutions, self-certifying data most realiable}
+\\ \hline
+
+
+\parbox{90pt}{Access Control \cite{nejdl03accesscontrol}, 
\cite{daswani03openproblems}} &
+\parbox{110pt}{Can we define access control levels in Peer-to-Peer network ?} &
+\parbox{110pt}{Schema-based rules} &
+\parbox{110pt}{Some initial experiences, need more research}
+\\ \hline
+
+
+\parbox{90pt}{Inconsistent behaviour \cite{sit02securitycons}} &
+\parbox{110pt}{Hostile node could act correctly with its neighbors, but 
incorrectly with others} &
+\parbox{110pt}{Public keys, digital signatures} &
+\parbox{110pt}{Not practical approach/working proposal created yet}
+\\ \hline
+
+
+\parbox{90pt}{Hostile groups \cite{castro02securerouting}} &
+\parbox{110pt}{Joining node may join parallel network, formed a group of 
hostile nodes, hostile node(s) controls the construction of the network} &
+\parbox{110pt}{Use trusted nodes, based on history information, Cryptography, 
key infrastructure} &
+\parbox{110pt}{Not 100\% sure if Centreal Authority (CA) is missing, not 
practical approach/working proposal created yet}
+\\ \hline
 
-\cite{datar02butterflies}
 
-\cite{fiat02censorship}
+\parbox{90pt}{External security threats} &
+\parbox{110pt}{Viruses, trojans, sniffers} &
+\parbox{110pt}{Data integrity/authenticity, distributed antivirus software} &
+\parbox{110pt}{Not much research has been done on this}
+\\ \hline
+
+\caption{Security problems in Peer-to-Peer.} 
+\label{table_security_problems_Peer-to-Peer}
+
+
+\end{longtable}
+\normalsize
+       
+
 
-\cite{juels99clientpuzzles}
 
 
 Censorship \cite{502002}
 
 \cite{douceur02sybil}
 
-\cite{saia02dynamicfaultcontentnetwork}
 
-\cite{lynch02atomicdataaccess}
 
 
 \section{Performance and usability problems in Peer-to-Peer}
@@ -1223,6 +1394,8 @@
 Locality \cite{keleher-02-p2p}
 \cite{ng02predicting}
 
+\subsection{Fault-tolerance and robustness}
+
 \subsection{Fast and usable search}
 \cite{yang02improvingsearch}
 \cite{kronfol02fasdsearch}
@@ -1377,127 +1550,7 @@
        -solution: need a way to control creation of node IDs (ID = 
SHA-1(ip-address), challange node verify its ID)
 
 
-\scriptsize
-\begin{longtable}{|l|l|l|l|}
-
-\hline 
-\multicolumn{1}{|c|}{\textbf{Problem}} & 
-\multicolumn{1}{c|}{\textbf{Problem description}} & 
-\multicolumn{1}{c|}{\textbf{Solutions}} &
-\multicolumn{1}{c|}{\textbf{Comments/Status}}
-\\ \hline 
-\endfirsthead
-
-\multicolumn{4}{c}%
-{{\tablename\ \thetable{} -- continued from previous page}} \\
-\hline \multicolumn{1}{|c|}{\textbf{Problem}} &
-\multicolumn{1}{c|}{\textbf{Problem description}} &
-\multicolumn{1}{c|}{\textbf{Solutions}} &
-\multicolumn{1}{c|}{\textbf{Comments/Status}} 
-\\ \hline 
-\endhead
-
-\endfoot
-
-
-
-\parbox{90pt}{Query routing \cite{sit02securitycons}, 
\cite{aspnes02faultrouting}, \cite{castro02securerouting}, 
\cite{ratnasamy02routing}, \cite{gavoille01routing}, 
\cite{lynch02atomicdataaccess}} &                        
-\parbox{110pt}{Incorrect forwarding (hostile), incorrect routing (hostile)} &
-\parbox{110pt}{Query monitoring, cross check routing tables, verify routing 
tables, create routing table invariants} &
-\parbox{110pt}{Increases system complexity} 
-\\ \hline
-
-
-\parbox{90pt}{DoS attack \cite{sit02securitycons}, 
\cite{saia02dynamicfaultcontentnetwork}, \cite{datar02butterflies}, 
\cite{daswani02queryflooddos}, \cite{juels99clientpuzzles}} &
-\parbox{110pt}{Distributed, controlled burden againts specific computer(s)} &
-\parbox{110pt}{Client puzzles, load balancing, traffic measurements, traffic 
models, replication} &
-\parbox{110pt}{Only partial solutions, traffic models most effective}
-\\ \hline 
-
-
-\parbox{90pt}{Sybil attack \cite{douceur02sybil}, 
\cite{castro02securerouting}} &
-\parbox{110pt}{Single hostile entity present multiple entities} &
-\parbox{110pt}{Identify all nodes simultaneously across the system, collect 
pool of nodes which are validated, distributed node ID creation} &
-\parbox{110pt}{Not practically realizable, research focused on persistence, 
not on identity distinction}
-\\ \hline 
-
-
-\parbox{90pt}{Spam attack \cite{naor03simpledht}} &
-\parbox{110pt}{Hostile entity creates false versions of data} &
-\parbox{110pt}{Do not trust to single entity, get information from multiple 
entities, trust on majority's opinion} &
-\parbox{110pt}{Easy to implement, creates more network traffic} 
-\\ \hline
-
-
-\parbox{90pt}{Resource spoofing} &
-\parbox{110pt}{Hostile entity gives wrong information about the data which 
entity is responsible for/knows about} &
-\parbox{110pt}{Do not trust to single entity, get information from multiple 
entities, trust on majority's opinion} &
-\parbox{110pt}{Easy to implement, creates more network traffic} 
-\\ \hline
-
-
-\parbox{90pt}{Entity identification \cite{ajmani02conchord}} &
-\parbox{110pt}{Identify participating entities reliably and efficiently        
} &
-\parbox{110pt}{Digital signatures, key infrastructure} &
-\parbox{110pt}{Not practically realizable}
-\\ \hline
-
-
-\parbox{90pt}{Data integrity/authenticity \cite{dabek01widearea}} &
-\parbox{110pt}{Integrity/originality of data is unknown} &
-\parbox{110pt}{Cryptographic content hashes, key architectures} &
-\parbox{110pt}{For data integrity, there are working solutions, but for data 
authenticity, some of the solutions are partial, which may be practically 
realizable}
-\\ \hline
-
-
-\parbox{90pt}{Anonymity \cite{reiter98crowds}, \cite{tarzan:ccs9}, 
\cite{pub00}, \cite{clarke00freenet}, \cite{reiter98crowds}, 
\cite{352607},\cite{502002}} &
-\parbox{110pt}{Anonymity cannot be provided in all cases} &
-\parbox{110pt}{Remailers, pre-routing} &
-\parbox{110pt}{Total anonymity cannot be provided yet}
-\\ \hline
-
-
-\parbox{90pt}{Malicious nodes \cite{sit02securitycons}, 
\cite{castro02securerouting}} &
-\parbox{110pt}{How to identify malicious nodes in the system} &
-\parbox{110pt}{Create invariants for node behaviour, verify invariants, 
self-certifying data} &
-\parbox{110pt}{Partial solutions, self-certifying data most realiable}
-\\ \hline
-
-
-\parbox{90pt}{Access Control \cite{nejdl03accesscontrol}, 
\cite{daswani03openproblems}} &
-\parbox{110pt}{Can we define access control levels in Peer-to-Peer network ?} &
-\parbox{110pt}{Schema-based rules} &
-\parbox{110pt}{Some initial experiences, need more research}
-\\ \hline
-
-
-\parbox{90pt}{Inconsistent behaviour \cite{sit02securitycons}} &
-\parbox{110pt}{Hostile node could act correctly with its neighbors, but 
incorrectly with others} &
-\parbox{110pt}{Public keys, digital signatures} &
-\parbox{110pt}{Not practical approach/working proposal created yet}
-\\ \hline
-
-
-\parbox{90pt}{Hostile groups \cite{castro02securerouting}} &
-\parbox{110pt}{Joining node may join parallel network, formed a group of 
hostile nodes, hostile node(s) controls the construction of the network} &
-\parbox{110pt}{Use trusted nodes, based on history information, Cryptography, 
key infrastructure} &
-\parbox{110pt}{Not 100\% sure if Centreal Authority (CA) is missing, not 
practical approach/working proposal created yet}
-\\ \hline
-
-
-\parbox{90pt}{External security threats} &
-\parbox{110pt}{Viruses, trojans, sniffers} &
-\parbox{110pt}{Data integrity/authenticity, distributed antivirus software} &
-\parbox{110pt}{Not much research has been done on this}
-\\ \hline
-
-\caption{Security problems in Peer-to-Peer.} 
-\label{table_security_problems_Peer-to-Peer}
-
-
-\end{longtable}
-\normalsize
-               
+       
                
 
 \scriptsize
Index: gzz/Documentation/misc/hemppah-progradu/progradu.bib
diff -u gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.91 
gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.92
--- gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.91   Mon Mar  3 
06:55:33 2003
+++ gzz/Documentation/misc/hemppah-progradu/progradu.bib        Mon Mar  3 
10:01:47 2003
@@ -1820,7 +1820,7 @@
 
 %Schema based access control
 @misc{nejdl03accesscontrol,
-       author = {Wolfgang Nejdl and Wolf Siberski and Martin Wolpers and 
Alexander L?ser},
+       author = {Wolfgang Nejdl and Wolf Siberski and Martin Wolpers and 
Alexander Löser},
        title = {Information Integration in Schema-Based Peer-To-Peer Networks},
        booktitle = {Submitted at the 15th Conference On Advanced Information 
Systems Engineering(CAiSE)},
        year = {2003},
reply via email to
[Prev in Thread] Current Thread [Next in Thread]