Safe and Private Peer to Peer Data Sharing

1
Safe and Private Peer to Peer Data Sharing

• Bogdan C. Popescu
• Bruno Crispo
• Andrew S. Tanenbaum

2
Overview

• Peer to peer file sharing
• Threat model defenses
• Our solution
• Conclusion

3
Peer to peer file sharing

• Started around 1999 with Napster
• mostly exchange of musicvideo
• highly popular
• from very beginning very controversial
• Third generation P2P systems Kazaa, LimeWire
• Sparkled interest in P2P paradigm

4
Should we work on this?

Non-commercial file sharing - not a crime in EU

protect EU citizens against legal harassment
abroad

In P2P networks information cannot be censored

safe private data sharing would aid free speech

P2P keeps in check de-facto monopolies!

perceived as major threat by entertainment
industry

subject to various types of attacks
5
Types of Attacks on P2P

• Attack the company offering the service
• move to de-centralized solutions - 100 success
• Attack the software provider
• move off-shore or underground - 100 success
• Attack the content
• content tracing and rating - partial success
• Attack individual users
• BIG PROBLEM!!

6
Attacking Users

• Most content is provided by small fraction of
  users
• RIAAs Crush the Connectors strategy
• Identify users sharing large number of files
• Retrieve incriminating content
• Take them to court
• Exchanging content with strangers becomes
  dangerous

7
Threat Model

• Fraction of all P2P nodes controlled by enemy
• Need to prevent exposing good nodes
• exchanging data w. enemy nodes
• passive logging attacks
• Less concerned about
• traffic analysis
• anonymity

8
Anonymous File Sharing (1)

• Such systems currently being designed (Freenet)
• make impossible to identify source destination
• based on earlier work - mix nets, Crowds and
  Onion Routing
• In theory RIAA has nobody to sue
• In practice endpoints are always exposed

9
Anonymous File Sharing (2)
3.
5.
Source
1.
4.
6.
2.
Endpoints are always exposed!
10
Solution - Turtle

• Create the P2P overlay based on social links
• Communication between links is encrypted
• Friend nodes agree on keys out-of-band
• Both queries and results go hop-by-hop

Data exchanged only between trusted parties!
11
Turtle
?
?
?
?
?
?
?
!
!
!
?
?
!
?
?
?
?
!
?
?
?
!
!
!
?
?
!
?
?
!
?
!
!
!
!
!
12
Query/Hit Protocol
1
1
1
A
B
C
QID 764 Channel 4
QID 764 Channel 3
QID 764 Channel -
HID 444 Channel 2
HID 444 Channel -
HID 444 Channel 2 Dist 1 BW 10
2
2
4
3
3
2
13
Anonymous query/hit protocol

• Query/hit protocol is not anonymous
• TTL in query packet can reveal identity of
  initiator
• Dist. Count in hit packet reveals identity of
  respoder
• identities only disclosed to small group of
  friends!
• Anonymous protocol also possible
• replace TTL with probability of forwarding
• no more Dist. Count in query hit
• drawbacks less flexible result selection

14
Security properties

• Node compromise causes localized damage
• Immune to Sybil and Eclipse attack
• Good protection against attacks on content
• Good protection against DoS attacks

15
Nice Technical Properties

• Content locality- likely that friends have common
  interests
• Caching of relayed data helps future searches
• Easy to add micro-payments - distributed PayPal
• charge for supplyingrelaying content
• charges passed hop-by-hop to initiator
• balance is settled out of band

16
How will this work?

• How connected is the friendship graph?
• Social networking - Orkut, Friendster
• In 3 months Orkut has grown to 200000 members
• Through 14 friends I reach 90 of Orkut members
• Are people on-line long enough?
• ADSL cable modem becoming widespread
• Turtle adds extra motivation
• Can connectors cope with relaying demands?
• ????

17
Conclusion

• Turtle is the first P2P architecture that can
  guarantee private and safe data sharing
• Currently being implemented
• Feedback, please!