P2P Taxonomy and

Security Concerns

Ryan LackeyCTO, HavenCo, Ltd.ryan@havenco.com

RSA Conference 2002 San Jose0900 20-02-2002

Introduction

• Variety of P2P systems• P2P is not a new thing

Types of Systems

• “Traditional” p2p File Sharing• Email• Proxies• Chat systems• Infrastructure systems

Major File Systems

NapsterGnutellaKaZaA/Fasttrack/MorpheusFreenetMojonation

Traditional Email

• SMTP is peer to peer• Deployed with “supernodes” with

smtp/pop3 and inter-realm communication via supernodes

Cypherpunks-style remailers

• 35 or so nodes• “Onion routing”

Chat Systems

• IRC isn’t really p2p• AIM/ICQ with centralized presence• Gale, Jabber, IMPP proposals

Infrastructure Protocols

• DNS• NTP• PKI Certification Authorities

Design Comparison

• Target applications• Transport• Interactivity• Degree of centralization• Design/compile-time organization or

install/configuration or runtime/evolving• Security: traffic encryption, DoS

protection, • Replication for reliability

Implementation Comparison

• “Official” vs. covert adoption• Importance of “network effects”

for minimal utility• Legal issues (content, copyright

controls)• Administrative control – what

functionality is possible, who exercises it?

Security Issues

• Users provided an incentive to violate security model

• System not designed to be compatible with non-P2P restrictions

• Modifies underlying assumptions about connectivity

Observations

• “Old” p2p systems (email, etc.) seem to be designed into security models, so newer systems can emulate

• Power ultimately wins over security

• Systems can be re-deployed internally for security

Summary

Since P2P applications have been popular, and continue to be popular, security practices must take them into account

Deployment choices are as important as implementation choices; even unsafe technologies can be wrapped in a security model

Q&A