[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...
From: |
Hermanni Hyytiälä |
Subject: |
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert... |
Date: |
Mon, 03 Mar 2003 10:02:13 -0500 |
CVSROOT: /cvsroot/gzz
Module name: gzz
Changes by: Hermanni Hyytiälä <address@hidden> 03/03/03 10:01:47
Modified files:
Documentation/misc/hemppah-progradu: masterthesis.tex
progradu.bib
Log message:
More security problems
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.104&tr2=1.105&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/progradu.bib.diff?tr1=1.91&tr2=1.92&r1=text&r2=text
Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.104
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.105
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.104 Mon Mar
3 06:55:33 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex Mon Mar 3
10:01:47 2003
@@ -1117,41 +1117,212 @@
\subsection{Access Control}
-\subsection{Fault-tolerance}
+
+Any distributed computing system must support different levels of access
control. For instance, we may
+want to restrict the accessibility of data to only limited amount of
participating peers. Currently,
+Peer-to-Peer systems doesn't support working, trusted and distributed access
control scheme. Moreover,
+there has been a lot of violation of copyright laws by users of Peer-to-Peer
filesharing systems. As a consequence, some
+lawsuits has been created againts the companies how have build popular
file-sharing programs.
+
+To our knowledge, Nejdl et al \cite{nejdl03accesscontrol} have proposed first
practical solution to access
+control problem in Peer-to-Peer systems. They use RDF-based schema policies to
restrict access to certain
+data. To be distributed system feasible, there must be way of control.
Unfortunately, their solution
+works only in loosely structured systems.
+
+
\subsection{Hostile entities}
+
+One serious problem in Peer-to-Peer system is lack of ability to identify
hostile entities trustworthy.
+Possible solutions include self-monitoring systems \cite{zhang03somo},
maintaining system invariants as
+proposed in \cite{sit02securitycons}, distributed and secure peer identifier
assignment
+\cite{castro02securerouting}, \cite{clarke00freenet} and self-certifying data
using cryptographic
+content hashes (e.g., SHA-1). Identification of hostile entities is essential
in tightly structured
+approach, in which fundamental (and implicit) assumption is that there is
random, uniform distribution
+of peer identifiers that cannot be controlled by hostile entity.
+
+Of course centralized authorities could be used for assignment of peer
identifiers, but they have
+property of single point of failure. Furthermore, distributed peer
identification assignment can
+be problematic as long as Sybil attack remains unsolved. However, there are
some partial solutions
+for controlling the rate at which and hostile entity is able to obtain peer
identifier, such as crypto-based
+puzzles \cite{juels99clientpuzzles}.
+
+In the end, none of previously mentioned solutions are able to identify
hostile entities in practical,
+efficient way. More research is required to solve this problems.
+
+
\subsection{Secure Query Routing}
-\subsection{Other Security threds}
+
+Much work has been done on secure routing, especially in tightly structured
systems. In
+\cite{castro02securitystructured} and \cite{castro02securerouting}, authors
suggests the usage
+of constrained routing tables and diverse routes, and detection of faults
during query routing.
+Additionally, authors present a important aspect of tightly structured
approach with regard
+to fault-tolerant query routing: the probability of routing succesfully
between to arbitrary,
+correct peers, when a fraction $f$ of the other peers are faulty or hostile,
is only $(1-f)^{h-1}$.
+
+Sit and Morris \cite{sit02securitycons} discuss the possibility of allowing
query originator
+to observe lookup progress and cross-check routing tables using random
queries. However, Sit and
+Morris approach is not very efficient, since proposals create a lot of
additional network traffic when
+in function.
+
+Additionally, Lynch et al. \cite{lynch02atomicdataaccess} propose a solution
to secure routing table
+maintenance, but their solution seems to have to major problems
\cite{castro02securitystructured}. First,
+the solution is very expensive even without faulty or hostile entities.
Second, each group of replicas
+in their solution must have less than 1/3 of its peer faulty. Thus, this
feature results in a low
+probability of succesfull routing.
+
+Aspnes et al in \cite{aspnes02faultrouting} and Kaashoek et all in
\cite{kaashoek03koorde} formally
+prove the lower and upper bounds for space requirements of locating a specific
date item in
+Peer-to-Peer system. They show that to provide high degree of fault tolerance
efficiency, a peer
+must maintain $O(\log{n})$ neighbors. In addition, most existing
+
+Fiat et al in \cite{fiat02censorship}, \cite{saia02dynamicfaultcontentnetwork}
and Datar in \cite{datar02butterflies}
+describe tightly structured overlay with analytical results in the presence of
hostile entities. However,
+none of these proposals doesn't address an efficient, dynamic tightly
structured overlay and multiple rounds
+of hostile attack. Indeed, above mentioned solutions are not very efficient.
In Fiat et al, each node
+must maintain information of $O(\log^3{n})$ other peers, and in Datar
$O(\log^3{n})$ is required.
+
+Finally, Ratnasamy and Gavoille \cite{ratnasamy02routing},
\cite{gavoille01routing} list several open problems
+regarding routing in distributed networks. Obviously, more research is
required for make secure
+routing possible in Peer-to-Peer networks.
+
+
+\subsection{Other Security threats}
+
+Ross Lee graham lists several external threats againts Peer-to-Peer networks
\cite{grahamp2psecurity}. The list
+includes viruses, trojans and bugs in Peer-to-Peer software. Currently, there
are not even partial solutions
+to the problems mentioned above.
+
+
+\scriptsize
+\begin{longtable}{|l|l|l|l|}
+
+\hline
+\multicolumn{1}{|c|}{\textbf{Problem}} &
+\multicolumn{1}{c|}{\textbf{Problem description}} &
+\multicolumn{1}{c|}{\textbf{Solutions}} &
+\multicolumn{1}{c|}{\textbf{Comments/Status}}
+\\ \hline
+\endfirsthead
+
+\multicolumn{4}{c}%
+{{\tablename\ \thetable{} -- continued from previous page}} \\
+\hline \multicolumn{1}{|c|}{\textbf{Problem}} &
+\multicolumn{1}{c|}{\textbf{Problem description}} &
+\multicolumn{1}{c|}{\textbf{Solutions}} &
+\multicolumn{1}{c|}{\textbf{Comments/Status}}
+\\ \hline
+\endhead
+
+\endfoot
+\parbox{90pt}{Query routing \cite{sit02securitycons},
\cite{aspnes02faultrouting}, \cite{castro02securerouting},
\cite{ratnasamy02routing}, \cite{gavoille01routing},
\cite{lynch02atomicdataaccess}} &
+\parbox{110pt}{Incorrect forwarding (hostile), incorrect routing (hostile)} &
+\parbox{110pt}{Query monitoring, cross check routing tables, verify routing
tables, create routing table invariants} &
+\parbox{110pt}{Increases system complexity}
+\\ \hline
+\parbox{90pt}{DoS attack \cite{sit02securitycons},
\cite{saia02dynamicfaultcontentnetwork}, \cite{datar02butterflies},
\cite{daswani02queryflooddos}, \cite{juels99clientpuzzles}} &
+\parbox{110pt}{Distributed, controlled burden againts specific computer(s)} &
+\parbox{110pt}{Client puzzles, load balancing, traffic measurements, traffic
models, replication} &
+\parbox{110pt}{Only partial solutions, traffic models most effective}
+\\ \hline
+
+
+\parbox{90pt}{Sybil attack \cite{douceur02sybil},
\cite{castro02securerouting}} &
+\parbox{110pt}{Single hostile entity present multiple entities} &
+\parbox{110pt}{Identify all nodes simultaneously across the system, collect
pool of nodes which are validated, distributed node ID creation} &
+\parbox{110pt}{Not practically realizable, research focused on persistence,
not on identity distinction}
+\\ \hline
+\parbox{90pt}{Spam attack \cite{naor03simpledht}} &
+\parbox{110pt}{Hostile entity creates false versions of data} &
+\parbox{110pt}{Do not trust to single entity, get information from multiple
entities, trust on majority's opinion} &
+\parbox{110pt}{Easy to implement, creates more network traffic}
+\\ \hline
-\cite{grahamp2psecurity}
+\parbox{90pt}{Resource spoofing} &
+\parbox{110pt}{Hostile entity gives wrong information about the data which
entity is responsible for/knows about} &
+\parbox{110pt}{Do not trust to single entity, get information from multiple
entities, trust on majority's opinion} &
+\parbox{110pt}{Easy to implement, creates more network traffic}
+\\ \hline
-\cite{nejdl03accesscontrol}
-%dup
-\cite{castro02securitystructured}
-\cite{castro02securerouting}
+\parbox{90pt}{Entity identification \cite{ajmani02conchord}} &
+\parbox{110pt}{Identify participating entities reliably and efficiently
} &
+\parbox{110pt}{Digital signatures, key infrastructure} &
+\parbox{110pt}{Not practically realizable}
+\\ \hline
+
+
+\parbox{90pt}{Data integrity/authenticity \cite{dabek01widearea}} &
+\parbox{110pt}{Integrity/originality of data is unknown} &
+\parbox{110pt}{Cryptographic content hashes, key architectures} &
+\parbox{110pt}{For data integrity, there are working solutions, but for data
authenticity, some of the solutions are partial, which may be practically
realizable}
+\\ \hline
+
+
+\parbox{90pt}{Anonymity \cite{reiter98crowds}, \cite{tarzan:ccs9},
\cite{pub00}, \cite{clarke00freenet}, \cite{reiter98crowds},
\cite{352607},\cite{502002}} &
+\parbox{110pt}{Anonymity cannot be provided in all cases} &
+\parbox{110pt}{Remailers, pre-routing} &
+\parbox{110pt}{Total anonymity cannot be provided yet}
+\\ \hline
+
+
+\parbox{90pt}{Malicious nodes \cite{sit02securitycons},
\cite{castro02securerouting}} &
+\parbox{110pt}{How to identify malicious nodes in the system} &
+\parbox{110pt}{Create invariants for node behaviour, verify invariants,
self-certifying data} &
+\parbox{110pt}{Partial solutions, self-certifying data most realiable}
+\\ \hline
+
+
+\parbox{90pt}{Access Control \cite{nejdl03accesscontrol},
\cite{daswani03openproblems}} &
+\parbox{110pt}{Can we define access control levels in Peer-to-Peer network ?} &
+\parbox{110pt}{Schema-based rules} &
+\parbox{110pt}{Some initial experiences, need more research}
+\\ \hline
+
+
+\parbox{90pt}{Inconsistent behaviour \cite{sit02securitycons}} &
+\parbox{110pt}{Hostile node could act correctly with its neighbors, but
incorrectly with others} &
+\parbox{110pt}{Public keys, digital signatures} &
+\parbox{110pt}{Not practical approach/working proposal created yet}
+\\ \hline
+
+
+\parbox{90pt}{Hostile groups \cite{castro02securerouting}} &
+\parbox{110pt}{Joining node may join parallel network, formed a group of
hostile nodes, hostile node(s) controls the construction of the network} &
+\parbox{110pt}{Use trusted nodes, based on history information, Cryptography,
key infrastructure} &
+\parbox{110pt}{Not 100\% sure if Centreal Authority (CA) is missing, not
practical approach/working proposal created yet}
+\\ \hline
-\cite{datar02butterflies}
-\cite{fiat02censorship}
+\parbox{90pt}{External security threats} &
+\parbox{110pt}{Viruses, trojans, sniffers} &
+\parbox{110pt}{Data integrity/authenticity, distributed antivirus software} &
+\parbox{110pt}{Not much research has been done on this}
+\\ \hline
+
+\caption{Security problems in Peer-to-Peer.}
+\label{table_security_problems_Peer-to-Peer}
+
+
+\end{longtable}
+\normalsize
+
+
-\cite{juels99clientpuzzles}
Censorship \cite{502002}
\cite{douceur02sybil}
-\cite{saia02dynamicfaultcontentnetwork}
-\cite{lynch02atomicdataaccess}
\section{Performance and usability problems in Peer-to-Peer}
@@ -1223,6 +1394,8 @@
Locality \cite{keleher-02-p2p}
\cite{ng02predicting}
+\subsection{Fault-tolerance and robustness}
+
\subsection{Fast and usable search}
\cite{yang02improvingsearch}
\cite{kronfol02fasdsearch}
@@ -1377,127 +1550,7 @@
-solution: need a way to control creation of node IDs (ID =
SHA-1(ip-address), challange node verify its ID)
-\scriptsize
-\begin{longtable}{|l|l|l|l|}
-
-\hline
-\multicolumn{1}{|c|}{\textbf{Problem}} &
-\multicolumn{1}{c|}{\textbf{Problem description}} &
-\multicolumn{1}{c|}{\textbf{Solutions}} &
-\multicolumn{1}{c|}{\textbf{Comments/Status}}
-\\ \hline
-\endfirsthead
-
-\multicolumn{4}{c}%
-{{\tablename\ \thetable{} -- continued from previous page}} \\
-\hline \multicolumn{1}{|c|}{\textbf{Problem}} &
-\multicolumn{1}{c|}{\textbf{Problem description}} &
-\multicolumn{1}{c|}{\textbf{Solutions}} &
-\multicolumn{1}{c|}{\textbf{Comments/Status}}
-\\ \hline
-\endhead
-
-\endfoot
-
-
-
-\parbox{90pt}{Query routing \cite{sit02securitycons},
\cite{aspnes02faultrouting}, \cite{castro02securerouting},
\cite{ratnasamy02routing}, \cite{gavoille01routing},
\cite{lynch02atomicdataaccess}} &
-\parbox{110pt}{Incorrect forwarding (hostile), incorrect routing (hostile)} &
-\parbox{110pt}{Query monitoring, cross check routing tables, verify routing
tables, create routing table invariants} &
-\parbox{110pt}{Increases system complexity}
-\\ \hline
-
-
-\parbox{90pt}{DoS attack \cite{sit02securitycons},
\cite{saia02dynamicfaultcontentnetwork}, \cite{datar02butterflies},
\cite{daswani02queryflooddos}, \cite{juels99clientpuzzles}} &
-\parbox{110pt}{Distributed, controlled burden againts specific computer(s)} &
-\parbox{110pt}{Client puzzles, load balancing, traffic measurements, traffic
models, replication} &
-\parbox{110pt}{Only partial solutions, traffic models most effective}
-\\ \hline
-
-
-\parbox{90pt}{Sybil attack \cite{douceur02sybil},
\cite{castro02securerouting}} &
-\parbox{110pt}{Single hostile entity present multiple entities} &
-\parbox{110pt}{Identify all nodes simultaneously across the system, collect
pool of nodes which are validated, distributed node ID creation} &
-\parbox{110pt}{Not practically realizable, research focused on persistence,
not on identity distinction}
-\\ \hline
-
-
-\parbox{90pt}{Spam attack \cite{naor03simpledht}} &
-\parbox{110pt}{Hostile entity creates false versions of data} &
-\parbox{110pt}{Do not trust to single entity, get information from multiple
entities, trust on majority's opinion} &
-\parbox{110pt}{Easy to implement, creates more network traffic}
-\\ \hline
-
-
-\parbox{90pt}{Resource spoofing} &
-\parbox{110pt}{Hostile entity gives wrong information about the data which
entity is responsible for/knows about} &
-\parbox{110pt}{Do not trust to single entity, get information from multiple
entities, trust on majority's opinion} &
-\parbox{110pt}{Easy to implement, creates more network traffic}
-\\ \hline
-
-
-\parbox{90pt}{Entity identification \cite{ajmani02conchord}} &
-\parbox{110pt}{Identify participating entities reliably and efficiently
} &
-\parbox{110pt}{Digital signatures, key infrastructure} &
-\parbox{110pt}{Not practically realizable}
-\\ \hline
-
-
-\parbox{90pt}{Data integrity/authenticity \cite{dabek01widearea}} &
-\parbox{110pt}{Integrity/originality of data is unknown} &
-\parbox{110pt}{Cryptographic content hashes, key architectures} &
-\parbox{110pt}{For data integrity, there are working solutions, but for data
authenticity, some of the solutions are partial, which may be practically
realizable}
-\\ \hline
-
-
-\parbox{90pt}{Anonymity \cite{reiter98crowds}, \cite{tarzan:ccs9},
\cite{pub00}, \cite{clarke00freenet}, \cite{reiter98crowds},
\cite{352607},\cite{502002}} &
-\parbox{110pt}{Anonymity cannot be provided in all cases} &
-\parbox{110pt}{Remailers, pre-routing} &
-\parbox{110pt}{Total anonymity cannot be provided yet}
-\\ \hline
-
-
-\parbox{90pt}{Malicious nodes \cite{sit02securitycons},
\cite{castro02securerouting}} &
-\parbox{110pt}{How to identify malicious nodes in the system} &
-\parbox{110pt}{Create invariants for node behaviour, verify invariants,
self-certifying data} &
-\parbox{110pt}{Partial solutions, self-certifying data most realiable}
-\\ \hline
-
-
-\parbox{90pt}{Access Control \cite{nejdl03accesscontrol},
\cite{daswani03openproblems}} &
-\parbox{110pt}{Can we define access control levels in Peer-to-Peer network ?} &
-\parbox{110pt}{Schema-based rules} &
-\parbox{110pt}{Some initial experiences, need more research}
-\\ \hline
-
-
-\parbox{90pt}{Inconsistent behaviour \cite{sit02securitycons}} &
-\parbox{110pt}{Hostile node could act correctly with its neighbors, but
incorrectly with others} &
-\parbox{110pt}{Public keys, digital signatures} &
-\parbox{110pt}{Not practical approach/working proposal created yet}
-\\ \hline
-
-
-\parbox{90pt}{Hostile groups \cite{castro02securerouting}} &
-\parbox{110pt}{Joining node may join parallel network, formed a group of
hostile nodes, hostile node(s) controls the construction of the network} &
-\parbox{110pt}{Use trusted nodes, based on history information, Cryptography,
key infrastructure} &
-\parbox{110pt}{Not 100\% sure if Centreal Authority (CA) is missing, not
practical approach/working proposal created yet}
-\\ \hline
-
-
-\parbox{90pt}{External security threats} &
-\parbox{110pt}{Viruses, trojans, sniffers} &
-\parbox{110pt}{Data integrity/authenticity, distributed antivirus software} &
-\parbox{110pt}{Not much research has been done on this}
-\\ \hline
-
-\caption{Security problems in Peer-to-Peer.}
-\label{table_security_problems_Peer-to-Peer}
-
-
-\end{longtable}
-\normalsize
-
+
\scriptsize
Index: gzz/Documentation/misc/hemppah-progradu/progradu.bib
diff -u gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.91
gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.92
--- gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.91 Mon Mar 3
06:55:33 2003
+++ gzz/Documentation/misc/hemppah-progradu/progradu.bib Mon Mar 3
10:01:47 2003
@@ -1820,7 +1820,7 @@
%Schema based access control
@misc{nejdl03accesscontrol,
- author = {Wolfgang Nejdl and Wolf Siberski and Martin Wolpers and
Alexander L?ser},
+ author = {Wolfgang Nejdl and Wolf Siberski and Martin Wolpers and
Alexander Löser},
title = {Information Integration in Schema-Based Peer-To-Peer Networks},
booktitle = {Submitted at the 15th Conference On Advanced Information
Systems Engineering(CAiSE)},
year = {2003},
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/03
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/03
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/03
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/03
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/03
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...,
Hermanni Hyytiälä <=
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/04
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/04
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/04
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/04
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/04
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/04
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/05
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/05
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert..., Hermanni Hyytiälä, 2003/03/05