Lapsy Garg

1
Distributed P2P Networks Security

• Lapsy Garg

2
Overview

• P2P Networks
• Gnutella Protocol
• Topological Scan Worms
• Passive Scan Worms
• Solutions

3
P2P Networks

• Resource Sharing
• P2P Nodes act both as servers and clients
• Resilient to single node failure
• Almost Infinite Storage Capacity
• Examples
• Gnutella
• Kazza
• Bit Torrent

4
P2P Worms

• Do not waste time probing unused IP addresses.
• Do not generate high rate of failed connections
• Ability to merge malicious traffic into P2P
  traffic
• Detection systems based on analysis of worm scans
  cannot differentiate between the normal p2p
  activity of a client from a worm. Hence,
  difficult to detect

5
Gnutella Protocol

• Distributed p2p protocol
• Defines the way in which peers communicate over
  the network
• Highly fault tolerant
• Some popular Gnutella Clients
• LimeWire
• BearShare
• Gtk-Gnutella

6
How Gnutella Works

• Each Servant has a self selected servant_id
• A Gnutella Node is typically connected to 2-12
  nodes
• Time to Live(TTL)
• Further limits the horizon of Nodes
• When a message is passed through a node its TTL
  is reduced by 1
• If TTL0, then the message is not forwarded
  further
• File exchange involved two phases
• Search
• Download

7
File Exchange over Gnutella

• Search
• To search for a file a node, say n, sends a
  search Query message to its neighbor nodes.
• On receiving a search Query, nodes look for a
  match in their local data set
• If a match is found a Hit message is generated
  which is sent back over the same path through
  which Query message came to the node
• Query message is forwarded further if TTL is not
  zero
• Download
• On receiving Hit messages node n selects a node
  to download the file
• The Downloads happen via a HTTP connection

8
Search and Download
Peer B
(2)Query
Peer C
(5) Hit
(3)Query
(1)Query
(4) Hit
(6) Hit
(7) Download
Peer D
Peer A
9
(No Transcript)
10
Topological Worm Attack
11
Topological Worm Attack
12
Topological Scan Worms

• Do not waste time probing unavailable IP address
• Can use information available with infected p2p
  node to search for vulnerable nodes
• Most of the worm detection systems based on
  analysis of worm scans rendered useless
• Vulnerability in the Application
• No case of such worms has been reported yet

13
Problems with Gnutella Protocol

• Gnutella assumes nodes are trustworthy, which is
  not always the case
• There is no way to determine the authenticity of
  the files being advertised by a peer
• The decision to download a file is more or less
  based on filename or file size

14
Passive P2P Worms

• Vulnerability in the protocol
• Wait for the vulnerable targets to contact them
• Case 1
• Worm can create infected copies of itself with
  attractive filenames and place them in the share
  folder of the p2p client or will replace the
  files present in the shared folder with itself
• e.g. VBS.Gnutella, Benjamin Worm etc.
• Case 2
• Answers positively to a proportion of search
  queries by changing the name of the corrupted
  file to match the search query
• e.g. Gnuman
• Case 3 Middle Man Attack
• The infected node can forward the search query
  and collect good responses to the given query and
  reply with same to gain better trust of the user
• No case of this kind of worm has been reported

15
Solutions to Passive Worms

• Most of the solutions proposed to solve the
  problem of Passive Worms are based on building
  trust between the peers
• Some of the popular approaches are
• EigenTrust
• Credence
• XRep
• These approaches do slow down the worm
  propagation but they do not do anything to detect
  the worms

16
EigenTrust

• Generates the global reputation of the peers
  without the presence of any central authority
• Files from the highly reputed peers are given
  higher preference
• Assumes that files downloaded from the highly
  reputed peers are much less likely to be infected
  or junk
• This approach would not work if a highly reputed
  peer starts sharing an infected file

17
Credence

• Each peer generates a trust graph i.e. how much
  it trusts other peers based on its experience
  with other nodes
• Before a file download, it will collect the votes
  from other peers about the file
• The weight of each vote will depend on the
  reputation of the voter
• The files will then get sorted in decreasing
  order of reputation, which is calculated based on
  the votes for the file

18
Refrences

• 1 Worm List, http//www.viruslist.com/en/viruses
  described?chapter153311928.
• 2 Gnutella, http//www9.limewire.com/developer/g
  nutella_protocol_0.4.pdf.
• 3 LimeWire, http//www.limewire.com.
• 4 N. Curtis, R. Safavi-Naini, and W. Susilo.
  X2rep Enhanced trust semantics for the xrep
  protocol. In Applied Cryptography and Network
  Security, Yellow Mountain, China, June, 2004.
• 5 E. Damiani, S. D. C. di Vimercati, S.
  Paraboschi, P. Samarati, and F. Violante. A
  reputationbased approach for choosing reliable
  resources in peer-to-peer networks. In ACM
  Conference on Computers and Communications
  Security, Washington, DC, October 2002.
• 6 E. Damiani, S. De Capitani di Vimercati, S.
  Paraboschi, and P. Samarati. Managing and sharing
  servents reputations in p2p systems. IEEE
  Transactions on Knowledge and Data Engineering,
  vol. 15, n.4, pp. 840-854, July/August 2003.
• 7 M Engle and JI Khan. Vulnerabilities of p2p
  systems and a critical look at their solutions.
  Medianet Lab Technical Report, Department of
  Computer Science, Kent State University, 2006.
• 8 S. D. Kamvar, M. T. Schlosser, and H.
  Garcia-Molina. The eigentrust algorithm for
  reputation management in p2p networks. , In
  Proceedings of the Twelfth International World
  Wide Web Conference, 2003.
• 9 Nassima Khiat, Yannick Carlinet, and Nazim
  Agoulmine. The emerging threat of peer-topeer
  worms. MonAM 2006 Workshop, 2006.
• 10 Kevin Walsh and Emin Gün Sirer. Experience
  with a distributed object reputation system for
  peer-to-peer filesharing. In Proceedings of the
  Symposium on Networked System Design and
  Implementation (NSDI), San Jose, California, May
  2006.
• 11 Lidong Zhou., Lintao Zhang., Frank
  McSherry., Nicole Immorlica, Manuel Costa, and
  Steve Chien. A first look at peer-to-peer worms
  Threats and defenses. In Proceedings of the
  IPTPS, 2005.