Information Technology Reference
In-Depth Information
signatures based on tokens obtained from the original content source from
which the contents are purchased. These tokens are time-stamped and have a
short valid time periods. Legitimate clients can periodically refresh the tokens
to continue the sharing, while pirates cannot do the same. Upon receiving
downloading requests, legitimate clients verify the identities of the requesting
peers. If the requesting peers are also legitimate, the digital signatures match
those associated with the shared file chunks. On the other hand, pirates are
detected because the signatures do not match.
Once a pirate's downloading request is detected, legitimate clients send
poisoned chunks to the pirate. Consequently, pirates obtain some poisoned
chunks, which will further affect other colluded pirates. The ultimate result is
that the download time for a complete file will be too long to be tolerated by
the pirates.
7.9 Case Study: PPLive
In many practical P2P systems, sophisticated security measures including
chunk encryption, peer authentication, hashes or chunk signatures, etc. are
largely not implemented. For instance, in PPLive, peers are essentially unpro-
tected from easy attacks such as pollution attacks, making the user machines
highly vulnerable to malicious assaults (e.g., malware spreading). Yet it is
very di
cult to implement secure and trustworthy data transfer in live video
streaming due to practical problems like key distribution and management.
7.10 Summary
P2P security subsumes Internet security. Yet due to its remarkable prolif-
eration, a P2P system's security problems have far more serious adverse con-
sequences. Indeed, one can easily conceive a “nightmare” scenario—a large
P2P network is compromised by content poisoning where file contents have
malicious codes embedded inside, and then the large number of peers are
controlled so as to launch a DDoS attack, at unprecedented scale, to some
well-known commercial servers (e.g., eBay). In this scenario, each of the secu-
rity problems we discussed in this chapter plays a role. Thus, as is always said,
P2P security is a system issue so that it is only as strong as its weakest link.
Unless we can tackle all the problems satisfactorily, the envisioned nightmare
might happen at any time.
Search WWH ::
Custom Search