Peer-to-Peer Network Security

BITS PilaniHyderabad Campus

Peer-to-Peer Network Security

Chittaranjan HotaDept. of Computer Sc. & Information Systems

[email protected]

1st March 2013Symposium on Privacy & Security 2013, IIT, Kanpur

BITS, Pilani Hyderabad Campus, Hyderabad

Growth of the Internet

Source: Cisco VNI Global Forecast, 2011-2016Source: Internet World Stats


Internet bandwidth usage estimation report, 2011

Leading Applications

Source: Sandvine Global Internet Phenomena Report, 2012


Pirate Bay

May 2012

Indian ISPs Unblock Torrent Sites After Madras High Court OrderConsortium of internet providers win fight to access legitimate content on the P2P file-sharing sites. Finally its a sigh of relief from millions of BitTorrent users across India as the Madras High Court has ruled that Indian ISPs should not block the entire website for preventing a single content to be shared online. July 2012


Source: Traffic and Market data report Ericsson, June 2012

Mobile world

By 2020 Each Person Will Own 7+ Connected Devices


Have you ever wondered?

•966 million P2P searches every day.

•800,000 of which include terms like credit cards, tax returns, bank accounts, medical insurance, and passwords.

•966 million P2P searches every day.

•800,000 of which include terms like credit cards, tax returns, bank accounts, medical insurance, and passwords.

Source: www.idtheftcenter.org


Blueprints of Marine One helicopter leaked, SC Magazine, March 2009

WikiLeaks mined popular P2P applications for data in the past, Tiversa Inc, 2011

Some news…

Federal Trade Commission (FTC) notifies close to 100 US organizations about P2P security breach, Feb 2010

Skype used by hackers to attack Windows PC, Times of India, Oct 2012

"lol is this your new profile pic?"


Cyber security threats reported to CERT-in

Others

Website Intrusion and Malware propagationSpam

Virus/Malicious codeNetwork scanning/Probing

Phishing

2004 2005 2006 2007 2008 2009 2010 2011

Source: Institute for Defense Studies and Analyses task force report, March 2012

0

2000

4000

6000

8000

10000

12000

14000

• Threat alert: Indian Internet systems under attack, Feb 24, 2013 (Bamital trojan)


What is a P2P Network?

A

D

E F

G

H

FH

GA

EC

C

B

P2P overlay layer

Native IP layer

D

B

AS1

AS2

AS3

AS4

AS5

AS6


Generic P2P Architecture

Capability &Configuration

Peer Role Selection

Operating System

NAT/ Firewall Traversal

Routing and Forwarding Neighbor Discovery Join/Leave Bootstrap

Overlay Messaging API

Content Storage

Search API


Examples of P2P Networks


DC++


P2P Traffic Control


Security Gap in P2P

Internet

Peer APeer B

Malicious Peer C

Protected Network

Peer XFirewall

A TCP Port


Effect of NATing on P2P

Private IP Addresses Public IP Addresses

Server

P2P Application

Internet

NAT


NAT Traversal

Private IP Addresses Public IP Addresses

Internet

Private IP Addresses

Application Relay


Security threats: File Pollution

pollution company

polluted content

original content


pollution company

File sharing network

pollution server

pollution server

pollution server

pollution server

File Pollution


File sharing network

Unsuspecting usersspread pollution ! Alice

Bob

File Pollution


Index Poisoning

indextitle locationfile1 120.18.89.100file2 46.100.80.23file3 234.8.98.20

file sharing network

120.18.89.100

46.100.80.23

234.8.98.20


Index Poisoning

indextitle locationfile1 120.18.89.100file2 46.100.80.23file3 234.8.98.20file4 111.22.22.22

file sharing network

120.18.89.100

46.100.80.23

234.8.98.20

111.22.22.22


Fake Block Attack

Attacker

Genuine Blocks

2. F

ake

BitM

ap

4. F

ake

Blo

ck

3. B

lock

Req

uest

Victim Peer

5. Hash Fail

Genuine Blocks

Genuine Blocks

1. T

CP

Con

nect

ion


Distributed Denial of Service


Node Insertion attack

A node insertion

Victim peer


Continued…


Continued…


Trust Management

Peers

Fully Decentralized P2P

Super-peers

OrdinaryPeers

Hybrid P2P architecture

Peers

Centralized Peers


Testbed Implementation


Dataset

Application Date Time Packets Bytes

DC++ 21/9/2012 12:00 pm 18.4497M 20G

MUTE 23/11/2012 10:00 am 1.385705M 1.6G

HTTP (S) 21/9/2012 14:00 pm 2.655489M 1.93G

SMTP/POP3 21/9/2012 15:00 pm 0.055403M 40M


Portscan using Metasploit


Snort detecting P2P traffic

P2P apps P2P apps running on running on

campus campus detected…detected…

Snort rulesSnort rules


Anonymization

172.16.90.25 is mapped to 1.0.0.1 and172.16.2.163 is mapped to 1.0.0.2 all through

Anontool in execution


Privacy preserving P2P classifier

Approaches for Measuring P2P Classification Efficiency for Intrusion Detection and Prevention Systems, Jagan Mohan Reddy, Abhishek Thakur, and Chittaranjan Hota, National Conference on Cyber Security, NCCS 2012, Defense Institute of Advanced Technology (DU), Pune, India, 2012.

Protocol, Flags, Payload length


Flow based P2P classification

Feature calculation


User based feature statistics


Multipath Routing

Sybil Group2

A.E1

A.E2

A.E3

1

2

4

7

10

3

V13

S

12S

14

S

11

S

9

S

5

V

8

S

6S

..

3-1-2-5-6-7-4-13-12

3-1-8-6-7-4-13-12

3-1-8-6-7-4-13-14-12

.

3-4-13-123-4-13-14-123-7-4-13-123-7-4-13-14-12

3

1

Sybil Group1

Honest Group

Safeguarding against Sybil attacks via Social Networks and Multipath Routing, Chittaranjan Hota, Antti Ylä-Jääski, Janne Lindqvist and Kristine Karvonen, International Conference on Communications and Networking in China, Shanghai, China, 2007.


Replication

Sybil Node

Common Storage

Honest NodeFile Owner

file1

file1

file2file2

file3

Detecting Sybils in Peer-to-Peer File Replication Systems, K. Haribabu, Chittaranjan Hota, and Saravana S, International Conference on Information Security and Digital Forensics, London, UK, 2009.

Psychometric Analysis

BITS Pilani, Hyderabad Campus

Detecting Sybils in P2P Overlays using Psychometric Analysis Methods, K Haribabu, Arindam Pal, Chittaranjan Hota, IEEE International Conference on Advanced Information Networking and Applications (AINA), Singapore, 2011.

GAUR: A method to detect Sybil groups in Peer-to-Peer overlays, Haribabu K, Chittaranjan Hota, and A Paul, Int. J. Grid and Utility Computing, IJGUC, Vol. 3, Nos. 2/3, Inderscience, 2012.


1. http://news.netcraft.com/archives/2007/05/23/p2p_networks_hijacked_for_ddos_attacks.htm

2. S Mcbride, and G A Flower, Estimate of Film-piracy cost soars: Hollywood loss is put at $6.1b a year, The Wall Street Journal Europe, may 4 th, 2006.

3. Thomas Karagiannis, Andre Broido, Michalis Faloutsos, Kc claffy, Transport Layer Identification of P2P Traffic, in Proc. 4th ACM SIGCOMM conference on Internet measurement, pp. 121-134, 2004.

4. Subhabrata Sen, Oliver Spatscheck, and Dongmei Wang, Accurate, Scalable InNetwork Identification of P2P Traffic Using Application Signatures, WWW 2004, May 2004.

5. S Sen, Jia Wang, Analyzing Peer-To-Peer Traffic Across Large Networks, IEEE/ACM Transactions on Networking, Vol. 12, No. 2, April 2004.

6. Thuy T T N, and G Armitage, A survey of Techniques for Internet Traffic Classification using Machine Learning, IEEE Communications Surveys & Tutorials, Vol. 10, No. 4, 2008.

7. Hassan Khan, S A Khayam, L Golubchik, M. Rajarajan, and Michael Orr, Wirespeed, Privacy-Preserving P2P Traffic Detection on Commodity Switches, Available Online at www.xflowresearch.com

8. Intrusion detection system: At: http://en.wikipedia.org/wiki/Intrusion_detection_system.

9. P. Garcia-Teodoroa, J. Diaz-Verdejo, G.Macia-Fernandeza, and E. Vazquezb, Anomaly-based network intrusion detection: Techniques, systems and challenges, Computers and Security, vol. 28, Issue: 1-2, pp. 18-28, 2009.

10. Gupta R, and Somani A K, Game theory as a tool to strategize as well as predict node’s behavior in peer-to-peer networks , International conf. on PDS, 2005, pp. 244-249.

11. Roberto G Cascella, 2nd ENISA Workshop on Authentication Interoperability Languages held at the ENISA/EEMA European eIdentity conference, Paris, France, June 12-13, 2007.

12. C Wang, Li Chen, H Chen, and K Zhou, Incentive Mechanism Based on Game Theory in P2P Networks, ITCS 2010, pp. 190-193.

13. Sarraute, C., et al., Simulation of Computer Network Attacks, CoreLabs, Core Security Technologies, 2010.

14. http://www.metasploit.com/

15. www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray

16. www.metasploit.com/modules/auxiliary/dos/windows/rdp/ms12_020_maxchannelids

17. http://www.metasploit.com/modules/exploit/windows/smb/ms08_067_netapi

18. Quinlan, J. R, C4.5: Programs for Machine Learning, Morgan Kaufmann Publishers, 1993.

19. http://www.cs.waikato.ac.nz/ml/weka/

20. http://pytbull.sourceforge.net/

21. http://www.secdev.org/projects/scapy

22. Massicotte, F. and Labiche, Y, An analysis of signature overlaps in Intrusion Detection Systems, Dependable Systems & Networks (DSN) IEEE/IFIP 41st International Conference, pp. 109-120, 2011.

23. Cheng-Yuan Ho, Yuan-Cheng Lai, I-Wei Chen, Fu-Yu Wang, and Wei-Hsuan Tai, Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems, Communication Magazine, IEEE, pp.146-154, 2012.

24. Sardar Ali, Hassan Khan, and Syed Ali Khayam, What is the Impact of P2P Traffic on Anomaly Detection?, Proceeding of 13th International symposium, Recent Advances in Intrusion Detection (RAID) 2010, pp. 1-7, 2010.

25. Jeffrey Erman, et al. Identifying and Discriminating Between Web and Peer-to-Peer in the Network Core, WWW 2007, ACM, pp. 883-892.

26. Genevieve B, et al., Estimating P2P traffic volume at USC, Technical Report, USC, June 2007.

27. Alok Madhukar, Carey W, A Longitudinal Study of P2P Traffic Classification, IEEE International Symposium on Modeling, Analysis, and Simulation, CA, 2006, pp. 179-188.

28. Hongwei C, et al., A SVM method for P2P traffic identification based on multiple traffic mode, Journal of Networks, Nov 2010, pp. 1381-1388.

29. K Ilgun, et al, State transition analysis: A rule based intrusion detection approach, IEEE transactions on software engineering, Vol 21, 1995.

30. F Jemili, et al, A framework for an adaptive intrusion detection system using bayesian network, IEEE Intelligence and Security Informatics, May 2007, pp.66-70.

References


Thank You!

Documents

Peer-to-Peer Network Security