Hi,all: The authors of RELOAD-4 have done a great work to address security issues in P2P system. But I don't think it addresses all security issues. Especially the malicious behaviors of authenticated peer are not well dealt with, for example, misroute the packet, discard the packet silently,etc.
The draft draft-song-p2psip-security-eval-00(P2PSIP Security Analysis and Evaluation) tries to summarize and analyze the impact from the malicious behaviors. You could access the draft at http://tools.ietf.org/id/draft-song-p2psip-security-eval-00.txt; A new version will be work out before IETF72. Regards! JiangXingFeng > I've changed the subject to be more meaningful. > > As Brian indicated in his message, the current specs aren't set in > stone, so if there's some important security feature to be added, > the WG can certainly add it. That said, I'm not sure I understand > the security issues you're concerned with. > > > xianghan.zheng wrote: > > Several internet draft propose a certificate-based security > solution. It > > does solved some problems. However, it is not enough for > protecting > > privacy. In the decentralized system, one malicious peer may > become > > malicious when it receives the certificate and joins the overlay. > > Sure. We anticipate that some fraction of the nodes in the overlay > will be malicious. > > > > That > > means he can act as an intermediate peer that read the incoming > P2PSIP > > request and record a profile of the source and destination > privacy. > > Well, it's a little more complicated than this. > > 1. Because of the structure of the overlay, any given node only > has a modest fraction of being in the path between two other > nodes. Specifically, if source (S) and destination (D) are > randomly chosen, then the probability that an arbitrary node > A will be on the path between S and D is on the order of > (1-log(N)/N)^log(N) [for Chord]. In some overlay algorithms, > attackers can affect the topology, thus increasing the > number of paths they are on. There are of course countermeasures > for this as well. > > 2. Even if a node is on the path between two other nodes, they > learn only a limited amount of information, mostly who is > talking to who and what they are asking for. If nodes wish > to hide this information, they can use CONNECT to set up > a connection between themselves and then perform transactions > over that direct connection. This isn't perfect since the > information that they set up a connection between themselves, > but it's not clear that that information is itself sensitive. > Note that we could in principle add an encryption feature > to RELOAD to remove the CONNECT overhead, but that's just > a optimization. > > 3. The destination/via list features allow nodes to act as > anonymization proxies, though of course that will need > the explicit support of that node. > > > > > Later, he can do many malicious things, e.g. send the SPAM, DoS > attack, > > etc. So, in the decentralized system, currently, there is no > solution to > > protect the privacy. > > 1. SPAM, DoS, etc. aren't really privacy issues. > 2. I'm not convinced that being able to snoop messages in the overlay > makes SPAM and DoS much easier. Can you explain why you think this > is the case. > 3. To a great extent, any open network has SPAM and DoS issues. > Because RELOAD provides positive authentication of participants, > it arguably is substantially better in this regard. > > > > And in order to protect privacy, which is the basic servie > P2PSIP system > > should do, we may need to consider to revise a little bit in > revising > > the protocol, ..... and so on. That is why i thought the > internet drafts > > are not enough and powerful currently. > > I'd certainly be interested in hearing about any new security features > you think would be useful here. > > > > Most of the engineers consider the accessibiliy and availability > too > > much so that some times they did not think of the security, > privacy, and > > some basic things. I did when i was working in the network > application > > field, but now i work more in the system security. > > Actually, we did think about security pretty extensively during the > design of RELOAD. > > -Ekr > > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
