The following essay will examine the process of peer to peer attack methods, including exploitation. It will define and explain peer to peer computing. Additionally, it will discuss multiple tactics that can be used to attack a peer to peer network. Due to the length of this essay, only several will be examined. Finally, the paper will discuss countermeasures and security trends in peer to peer networking.
The evolution of computing continues to lead to greater decentralization. Mainframes gave way to local area networks (LANS), which provided greater economies of scale. The Internet has allowed for even greater distribution capability; peer to peer computing has grown as a result. Examples of peer to peer networks include the popular Kazaa and Napster file sharing services. These types of networks allow for significant transfers of data, yet they are vulnerable to attack from multiple sources.
Peer relationship exploitation can be defined in several ways. First, it can be the exploitation of transitive trust relationships created by peer-networking so as to expand privileges to the transitive closure of peer trust. [1] It can also be defined in less technical terms. Exploitation can be when an insider uses the security access of colleagues to gain access to unauthorized information. [2] This can include physical access or information access. This essay will focus on the first type of attack.
Examining attacks/exploitation requires a basic understanding of peer to peer computing. Peer to peer is a paradigm for distributed computing on a Wide Area Network (WAN) in which single user applications are connected to a shared network as "peers". [4] This can allow the individual peers to have similar capabilities and responsibilities. Peers can have four simultaneous roles: client, server, router, and cache. [4] As a result, no central index exists within the peer to peer (P2P) network topology; each node in the network builds and maintains its own index. [5] This type of computing is distinct in two ways; it is decentralized and morphs based on the users.
The distributive power of this technology is immense; because of the Internet these networks can span the world with high reliability. [6] Peer to peer networking pings nodes within the network and connects to those that respond. [5] Because of this, nodes on the network communicate in a bi-directional and symmetrical manner. [6] Most large peer to peer networks like those mentioned previously operate using the IP-layer as the transport medium. [6] The IP-layer does not tell a terminal how and where to find information or other peers; these networks are completely self-organized. As we will see there are various ways to attack and exploit a P2P network.
It is no longer a question of if P2P networking is a target. Recently, SANS (System Administration, Networking, and Security) announced that P2P file sharing made their top ten for vulnerability to attacks. [10]
Due to the decentralized nature of the P2P architecture, the network and users can be susceptible to worms, a form of virus, capable of spreading without using host files. [7] We will use Kazaa as an example. The worm will locate a Kazaa client shared folder and replicate under a popular name, like a song title. [9] When other peers on the network search for files under that name, they download the infected file and the worm. The worm will then replicate on that computer and the cycle continues. [9] Using the Kazza example, worms like Slapper can be potentially troublesome. This worm (a.k.a. Linux.Slapper.a) attacked Linux servers running Apache by exploiting a known vulnerability in the Secure Sockets Layer (SSL). [11] Infected computers scanned the Internet for other systems to infect, thus self replicating and building its own private network. [11] The real danger of worms, like the famous Morris Worm of the late 1980's, is the secretive properties that make detection and protection difficult. While Morris contends the impacts of his worm virus were unintentional, the impact was immeasurable. The worm replicated itself much faster than anticipated and damaged overloaded systems. [12]
Denial of Service (DoS) attacks can be used on a P2P network. An attack can overload a system's bandwidth or processing ability. [7] This can cause the loss of service and/or connectivity on the P2P network. While the distributive nature of the architecture can minimize the impact of this type of attack, it poses a threat none the less. Additionally attackers can exploit the protocols of the network in a variety of fashions. These include providing corrupted or low-quality data, not fulfilling pre-determined promises to store data, causing down-time when the system is needed, and falsely claiming other peers have abused the system. [7] As always, spam and email flooding pose a threat to P2P networks by utilizing large amounts of bandwidth and resources, thus limiting the abilities of other peers. [8]
Remote host exploitation is yet another method attack. Once a remote host is located, the attack can be either passive or active. A passive attack does not touch the network directly, so it becomes easier to break off. [2] An active attack does touch the network and creates a trail that can be followed. Essentially, this attack allows remote users to execute arbitrary commands with super-user privileges. [3] Systems Administrators must be concerned with the ease of remotely exploitable misconfigurations in P2P software and the distribution of malicious code. [10]
Protecting a P2P network from exploitation and abuse can be daunting. Mirroring provides one simple strategy for maintaining data availability and minimizing malicious corruption. [8] This method ensures that data is hosted in several areas, and allows for continued distribution in case of single point failure. Yet another simple strategy is called caching. In this process commonly used files are stored in a location closer to the peer, like a web browser. [8] Active caching and mirroring may provide greater protection. The Freenet system offers an example of active caching in a P2P network. In their system, data is requested from a peer, and that peer is in contact with other peers. The requested information is cached on every server in the chain, helping ensure the data. It is important to note that this method is still susceptible to the impacts of a worm attack.
In order to minimize the possibility of exploitation or resource allocation attacks, P2P networks can restrict access using a method known as micro payments. [8] With this, the number of peers on the network is limited, as well as the data that can be up or down loaded. Additionally, establishing favored users based on reputation/and trustworthiness may help defend against attacks like worms. [8] Due to the separation from lower layers in the network architecture, no security, like IPSEC, is feasible. One possible solution could include the use of encryption, end to end using PGP protocols. [6]
Peer to Peer computing appears to be next wave of distributed computing. The flexibility and resources available to the users of such networks coupled with the economies of scale resulting from decentralization are substantial. However, the sheer size and scope of this type of network architecture provides challenges in terms of security. The methods used to attack and exploit these networks are not new, however they are amplified by the topology of the networks. Protection of these networks will require continued vigilance and innovation.
[1] Cohen, Fredric; "The All.net Security Database" http://all.net/CID/Attack/Attack85.html
[2] Richard Bartley. "Corporate Information Security
Strategy - how to avoid giving free information to attackers". Security
Focus. March, 2001 http://www.securityfocus.com/guest/5144#5_15_pr
[This paper explores techniques for exploitation of corporate information to attack an organization and focuses on what can be done to develop security strategy to minimize risk exposure]
[3] "How safe is Your Firewall, Remote Root Exploitation of
Default Solaris Settings" SecuriTeam.com. September 2003 http://www.securiteam.com/unixfocus/5HP0G1PB6K.html
[Article discusses particular type of attack on P2P network]
[4] "Peer to Peer Technology Implementation" Swedish
Institute of Science, September 01' http://www.sics.se/pepito/docs/fetgc-24.pdf
[White Paper research and analysis on P2P networks and implementation]
[5] Stanford University. "Class Notes" Computer Science
Class 276a www.stanford.edu/class/cs276a/handouts/lecture15.ppt
[Basic/Broad class notes from Computer Science class that provide Macro level view of P2P]
[6] Schollmeier, Rudiger, Gruber, Ingo, and Finkenzeller,
Michael. "Routing in Mobile Ad Hoc and Peer to Peer Networks: A comparison.
Siemens Technology Group and Technische Universtat Munchen. http://www.elet.polimi.it/upload/picco/ntw02-p2p/papers/1.pdf
[White Paper research on P2P networking, attacks, and countermeasures]
[7] Lyman, Jay. "Symantec: More Computer Attacks Use
Blended Tactics". ECT Security News, October 1, 2003 http://www.technewsworld.com/perl/story/31725.html
[Article discusses trend towards blended attacks on networks including P2P]
[8] Dingledine, Roger, Freedman, Michael and Molnar, David.
"Chapter 16: Accountability", Peer-to-Peer: Harnessing the Power of
Disruptive Technologies. http://www.freehaven.net/doc/oreilly/accountability-ch16.html
[Authors provide great detail on P2P networking, attacks, and defenses. They are academics from schools including MIT]
[9] "Virus Descriptions". F-Secure. July 2003 http://www.f-secure.com/v-descs/p2pworm.shtml
[Definition of Worm]
[10] Gross, Grant, "What are the worst Security Problems"
PC World, 10/09/03 http://www.pcworld.com/news/article/0,aid,112856,00.asp
[Article names P2P as Top 10 in terms of vulnerability to attack]
[11] Vemosi, Robert, "The rise of P2P worms--and how to
protect yourself" CNET Reviews. 9/18/02 http://reviews.cnet.com/4520-3513_7-5021265-1.html
[Vemosi is a senior editor, the article discusses the threats worms pose to P2P Networks]
[12] Boettger, Larry. "The Morris Worm: how it Affected
Computer Security and Lessons Learnd by it" 12/24/00 http://www.wbglinks.net/pages/reads/misc/morrisworm.html
[White Paper that discusses the Morris Virus and its impacts]