BITS PilaniHyderabad Campus
Peer-to-Peer Network Security
Chittaranjan HotaDept. of Computer Sc. & Information Systems
1st March 2013Symposium on Privacy & Security 2013, IIT, Kanpur
BITS, Pilani Hyderabad Campus, Hyderabad
Growth of the Internet
Source: Cisco VNI Global Forecast, 2011-2016Source: Internet World Stats
BITS, Pilani Hyderabad Campus, Hyderabad
Internet bandwidth usage estimation report, 2011
Leading Applications
Source: Sandvine Global Internet Phenomena Report, 2012
BITS, Pilani Hyderabad Campus, Hyderabad
Pirate Bay
May 2012
Indian ISPs Unblock Torrent Sites After Madras High Court OrderConsortium of internet providers win fight to access legitimate content on the P2P file-sharing sites. Finally its a sigh of relief from millions of BitTorrent users across India as the Madras High Court has ruled that Indian ISPs should not block the entire website for preventing a single content to be shared online. July 2012
BITS, Pilani Hyderabad Campus, Hyderabad
Source: Traffic and Market data report Ericsson, June 2012
Mobile world
By 2020 Each Person Will Own 7+ Connected Devices
BITS, Pilani Hyderabad Campus, Hyderabad
Have you ever wondered?
•966 million P2P searches every day.
•800,000 of which include terms like credit cards, tax returns, bank accounts, medical insurance, and passwords.
•966 million P2P searches every day.
•800,000 of which include terms like credit cards, tax returns, bank accounts, medical insurance, and passwords.
Source: www.idtheftcenter.org
BITS, Pilani Hyderabad Campus, Hyderabad
Blueprints of Marine One helicopter leaked, SC Magazine, March 2009
WikiLeaks mined popular P2P applications for data in the past, Tiversa Inc, 2011
Some news…
Federal Trade Commission (FTC) notifies close to 100 US organizations about P2P security breach, Feb 2010
Skype used by hackers to attack Windows PC, Times of India, Oct 2012
"lol is this your new profile pic?"
BITS, Pilani Hyderabad Campus, Hyderabad
Cyber security threats reported to CERT-in
Others
Website Intrusion and Malware propagationSpam
Virus/Malicious codeNetwork scanning/Probing
Phishing
2004 2005 2006 2007 2008 2009 2010 2011
Source: Institute for Defense Studies and Analyses task force report, March 2012
0
2000
4000
6000
8000
10000
12000
14000
• Threat alert: Indian Internet systems under attack, Feb 24, 2013 (Bamital trojan)
BITS, Pilani Hyderabad Campus, Hyderabad
What is a P2P Network?
A
D
E F
G
H
FH
GA
EC
C
B
P2P overlay layer
Native IP layer
D
B
AS1
AS2
AS3
AS4
AS5
AS6
BITS, Pilani Hyderabad Campus, Hyderabad
Generic P2P Architecture
Capability &Configuration
Peer Role Selection
Operating System
NAT/ Firewall Traversal
Routing and Forwarding Neighbor Discovery Join/Leave Bootstrap
Overlay Messaging API
Content Storage
Search API
BITS, Pilani Hyderabad Campus, Hyderabad
Examples of P2P Networks
BITS, Pilani Hyderabad Campus, Hyderabad
DC++
BITS, Pilani Hyderabad Campus, Hyderabad
P2P Traffic Control
BITS, Pilani Hyderabad Campus, Hyderabad
Security Gap in P2P
Internet
Peer APeer B
Malicious Peer C
Protected Network
Peer XFirewall
A TCP Port
BITS, Pilani Hyderabad Campus, Hyderabad
Effect of NATing on P2P
Private IP Addresses Public IP Addresses
Server
P2P Application
Internet
NAT
BITS, Pilani Hyderabad Campus, Hyderabad
NAT Traversal
Private IP Addresses Public IP Addresses
Internet
Private IP Addresses
Application Relay
BITS, Pilani Hyderabad Campus, Hyderabad
Security threats: File Pollution
pollution company
polluted content
original content
BITS, Pilani Hyderabad Campus, Hyderabad
pollution company
File sharing network
pollution server
pollution server
pollution server
pollution server
File Pollution
BITS, Pilani Hyderabad Campus, Hyderabad
File sharing network
Unsuspecting usersspread pollution ! Alice
Bob
File Pollution
BITS, Pilani Hyderabad Campus, Hyderabad
Index Poisoning
indextitle locationfile1 120.18.89.100file2 46.100.80.23file3 234.8.98.20
file sharing network
120.18.89.100
46.100.80.23
234.8.98.20
BITS, Pilani Hyderabad Campus, Hyderabad
Index Poisoning
indextitle locationfile1 120.18.89.100file2 46.100.80.23file3 234.8.98.20file4 111.22.22.22
file sharing network
120.18.89.100
46.100.80.23
234.8.98.20
111.22.22.22
BITS, Pilani Hyderabad Campus, Hyderabad
Fake Block Attack
Attacker
Genuine Blocks
2. F
ake
BitM
ap
4. F
ake
Blo
ck
3. B
lock
Req
uest
Victim Peer
5. Hash Fail
Genuine Blocks
Genuine Blocks
1. T
CP
Con
nect
ion
BITS, Pilani Hyderabad Campus, Hyderabad
Distributed Denial of Service
BITS, Pilani Hyderabad Campus, Hyderabad
Node Insertion attack
A node insertion
Victim peer
BITS, Pilani Hyderabad Campus, Hyderabad
Continued…
BITS, Pilani Hyderabad Campus, Hyderabad
Continued…
BITS, Pilani Hyderabad Campus, Hyderabad
Trust Management
Peers
Fully Decentralized P2P
Super-peers
OrdinaryPeers
Hybrid P2P architecture
Peers
Centralized Peers
BITS, Pilani Hyderabad Campus, Hyderabad
Testbed Implementation
BITS, Pilani Hyderabad Campus, Hyderabad
Dataset
Application Date Time Packets Bytes
DC++ 21/9/2012 12:00 pm 18.4497M 20G
MUTE 23/11/2012 10:00 am 1.385705M 1.6G
HTTP (S) 21/9/2012 14:00 pm 2.655489M 1.93G
SMTP/POP3 21/9/2012 15:00 pm 0.055403M 40M
BITS, Pilani Hyderabad Campus, Hyderabad
Portscan using Metasploit
BITS, Pilani Hyderabad Campus, Hyderabad
Snort detecting P2P traffic
P2P apps P2P apps running on running on
campus campus detected…detected…
Snort rulesSnort rules
BITS, Pilani Hyderabad Campus, Hyderabad
Anonymization
172.16.90.25 is mapped to 1.0.0.1 and172.16.2.163 is mapped to 1.0.0.2 all through
Anontool in execution
BITS, Pilani Hyderabad Campus, Hyderabad
Privacy preserving P2P classifier
Approaches for Measuring P2P Classification Efficiency for Intrusion Detection and Prevention Systems, Jagan Mohan Reddy, Abhishek Thakur, and Chittaranjan Hota, National Conference on Cyber Security, NCCS 2012, Defense Institute of Advanced Technology (DU), Pune, India, 2012.
Protocol, Flags, Payload length
BITS, Pilani Hyderabad Campus, Hyderabad
Flow based P2P classification
Feature calculation
BITS, Pilani Hyderabad Campus, Hyderabad
User based feature statistics
BITS, Pilani Hyderabad Campus, Hyderabad
Multipath Routing
Sybil Group2
A.E1
A.E2
A.E3
1
2
4
7
10
3
V13
S
12S
14
S
11
S
9
S
5
V
8
S
6S
..
3-1-2-5-6-7-4-13-12
3-1-8-6-7-4-13-12
3-1-8-6-7-4-13-14-12
.
3-4-13-123-4-13-14-123-7-4-13-123-7-4-13-14-12
3
1
Sybil Group1
Honest Group
Safeguarding against Sybil attacks via Social Networks and Multipath Routing, Chittaranjan Hota, Antti Ylä-Jääski, Janne Lindqvist and Kristine Karvonen, International Conference on Communications and Networking in China, Shanghai, China, 2007.
BITS, Pilani Hyderabad Campus, Hyderabad
Replication
Sybil Node
Common Storage
Honest NodeFile Owner
file1
file1
file2file2
file3
Detecting Sybils in Peer-to-Peer File Replication Systems, K. Haribabu, Chittaranjan Hota, and Saravana S, International Conference on Information Security and Digital Forensics, London, UK, 2009.
Psychometric Analysis
BITS Pilani, Hyderabad Campus
Detecting Sybils in P2P Overlays using Psychometric Analysis Methods, K Haribabu, Arindam Pal, Chittaranjan Hota, IEEE International Conference on Advanced Information Networking and Applications (AINA), Singapore, 2011.
GAUR: A method to detect Sybil groups in Peer-to-Peer overlays, Haribabu K, Chittaranjan Hota, and A Paul, Int. J. Grid and Utility Computing, IJGUC, Vol. 3, Nos. 2/3, Inderscience, 2012.
BITS, Pilani Hyderabad Campus, Hyderabad
1. http://news.netcraft.com/archives/2007/05/23/p2p_networks_hijacked_for_ddos_attacks.htm
2. S Mcbride, and G A Flower, Estimate of Film-piracy cost soars: Hollywood loss is put at $6.1b a year, The Wall Street Journal Europe, may 4 th, 2006.
3. Thomas Karagiannis, Andre Broido, Michalis Faloutsos, Kc claffy, Transport Layer Identification of P2P Traffic, in Proc. 4th ACM SIGCOMM conference on Internet measurement, pp. 121-134, 2004.
4. Subhabrata Sen, Oliver Spatscheck, and Dongmei Wang, Accurate, Scalable InNetwork Identification of P2P Traffic Using Application Signatures, WWW 2004, May 2004.
5. S Sen, Jia Wang, Analyzing Peer-To-Peer Traffic Across Large Networks, IEEE/ACM Transactions on Networking, Vol. 12, No. 2, April 2004.
6. Thuy T T N, and G Armitage, A survey of Techniques for Internet Traffic Classification using Machine Learning, IEEE Communications Surveys & Tutorials, Vol. 10, No. 4, 2008.
7. Hassan Khan, S A Khayam, L Golubchik, M. Rajarajan, and Michael Orr, Wirespeed, Privacy-Preserving P2P Traffic Detection on Commodity Switches, Available Online at www.xflowresearch.com
8. Intrusion detection system: At: http://en.wikipedia.org/wiki/Intrusion_detection_system.
9. P. Garcia-Teodoroa, J. Diaz-Verdejo, G.Macia-Fernandeza, and E. Vazquezb, Anomaly-based network intrusion detection: Techniques, systems and challenges, Computers and Security, vol. 28, Issue: 1-2, pp. 18-28, 2009.
10. Gupta R, and Somani A K, Game theory as a tool to strategize as well as predict node’s behavior in peer-to-peer networks , International conf. on PDS, 2005, pp. 244-249.
11. Roberto G Cascella, 2nd ENISA Workshop on Authentication Interoperability Languages held at the ENISA/EEMA European eIdentity conference, Paris, France, June 12-13, 2007.
12. C Wang, Li Chen, H Chen, and K Zhou, Incentive Mechanism Based on Game Theory in P2P Networks, ITCS 2010, pp. 190-193.
13. Sarraute, C., et al., Simulation of Computer Network Attacks, CoreLabs, Core Security Technologies, 2010.
14. http://www.metasploit.com/
15. www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray
16. www.metasploit.com/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids
17. http://www.metasploit.com/modules/exploit/windows/smb/ms08_067_netapi
18. Quinlan, J. R, C4.5: Programs for Machine Learning, Morgan Kaufmann Publishers, 1993.
19. http://www.cs.waikato.ac.nz/ml/weka/
20. http://pytbull.sourceforge.net/
21. http://www.secdev.org/projects/scapy
22. Massicotte, F. and Labiche, Y, An analysis of signature overlaps in Intrusion Detection Systems, Dependable Systems & Networks (DSN) IEEE/IFIP 41st International Conference, pp. 109-120, 2011.
23. Cheng-Yuan Ho, Yuan-Cheng Lai, I-Wei Chen, Fu-Yu Wang, and Wei-Hsuan Tai, Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems, Communication Magazine, IEEE, pp.146-154, 2012.
24. Sardar Ali, Hassan Khan, and Syed Ali Khayam, What is the Impact of P2P Traffic on Anomaly Detection?, Proceeding of 13th International symposium, Recent Advances in Intrusion Detection (RAID) 2010, pp. 1-7, 2010.
25. Jeffrey Erman, et al. Identifying and Discriminating Between Web and Peer-to-Peer in the Network Core, WWW 2007, ACM, pp. 883-892.
26. Genevieve B, et al., Estimating P2P traffic volume at USC, Technical Report, USC, June 2007.
27. Alok Madhukar, Carey W, A Longitudinal Study of P2P Traffic Classification, IEEE International Symposium on Modeling, Analysis, and Simulation, CA, 2006, pp. 179-188.
28. Hongwei C, et al., A SVM method for P2P traffic identification based on multiple traffic mode, Journal of Networks, Nov 2010, pp. 1381-1388.
29. K Ilgun, et al, State transition analysis: A rule based intrusion detection approach, IEEE transactions on software engineering, Vol 21, 1995.
30. F Jemili, et al, A framework for an adaptive intrusion detection system using bayesian network, IEEE Intelligence and Security Informatics, May 2007, pp.66-70.
References
BITS, Pilani Hyderabad Campus, Hyderabad
Thank You!