[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[P2PSIP] 回复 : P2PSIP and Security [Was P2PSIP Digest, Vol 19]

To: Eric Rescorla <ekr at networkresonance.com>
Subject: [P2PSIP] 回复 : P2PSIP and Security [Was P2PSIP Digest, Vol 19]
From: jiangxingfeng 36340 <jiang.x.f at huawei.com>
Date: Wed, 02 Jul 2008 09:48:27 +0800
Cc: "xianghan.zheng" <xianghan.zheng at uia.no>, p2psip at ietf.org
Delivered-to: ietfarch-p2psip-web-archive at core3.amsl.com
Delivered-to: p2psip at core3.amsl.com
In-reply-to: <20080701212630.C1F9131D2F3@kilo.rtfm.com>
List-archive: <http://www.ietf.org/pipermail/p2psip>
List-help: <mailto:p2psip-request@ietf.org?subject=help>
List-id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-post: <mailto:p2psip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
Priority: normal
References: <mailman.29.1214938805.23348.p2psip@ietf.org> <486A9187.20304@uia.no> <20080701212630.C1F9131D2F3@kilo.rtfm.com>
Sender: p2psip-bounces at ietf.org

Hi,all:

The authors of RELOAD-4 have done a great work to address security issues in P2P system. But I don't think it addresses all security issues. Especially the malicious behaviors of authenticated peer are not well dealt with, for example, misroute the packet, discard the packet silently,etc. 

The draft draft-song-p2psip-security-eval-00(P2PSIP Security Analysis and Evaluation) tries to summarize and analyze the impact from the malicious behaviors. You could access the draft at http://tools.ietf.org/id/draft-song-p2psip-security-eval-00.txt; A new version will be work out before IETF72. 


Regards!
JiangXingFeng

> I've changed the subject to be more meaningful.
> 
> As Brian indicated in his message, the current specs aren't set in 
> stone, so if there's some important security feature to be added,
> the WG can certainly add it. That said, I'm not sure I understand
> the security issues you're concerned with.
> 
> 
> xianghan.zheng wrote:
> > Several internet draft propose a certificate-based security 
> solution. It 
> > does solved some problems. However, it is not enough for 
> protecting 
> > privacy. In the decentralized system, one malicious peer may 
> become 
> > malicious when it receives the certificate and joins the overlay.
> 
> Sure. We anticipate that some fraction of the nodes in the overlay 
> will be malicious.
> 
> 
> > That 
> > means he can act as an intermediate peer that read the incoming 
> P2PSIP 
> > request and record a profile of the source and destination 
> privacy. 
> 
> Well, it's a little more complicated than this.
> 
> 1. Because of the structure of the overlay, any given node only
>   has a modest fraction of being in the path between two other
>   nodes. Specifically, if source (S) and destination (D) are 
>   randomly chosen, then the probability that an arbitrary node
>   A will be on the path between S and D is on the order of
>   (1-log(N)/N)^log(N) [for Chord]. In some overlay algorithms,
>   attackers can affect the topology, thus increasing the 
>   number of paths they are on. There are of course countermeasures
>   for this as well.
> 
> 2. Even if a node is on the path between two other nodes, they
>   learn only a limited amount of information, mostly who is
>   talking to who and what they are asking for. If nodes wish
>   to hide this information, they can use CONNECT to set up
>   a connection between themselves and then perform transactions
>   over that direct connection. This isn't perfect since the
>   information that they set up a connection between themselves,
>   but it's not clear that that information is itself sensitive.
>   Note that we could in principle add an encryption feature
>   to RELOAD to remove the CONNECT overhead, but that's just
>   a optimization.
> 
> 3. The destination/via list features allow nodes to act as
>   anonymization proxies, though of course that will need
>   the explicit support of that node.
> 
> 
> 
> > Later, he can do many malicious things, e.g. send the SPAM, DoS 
> attack, 
> > etc. So, in the decentralized system, currently, there is no 
> solution to 
> > protect the privacy.
> 
> 1. SPAM, DoS, etc. aren't really privacy issues.
> 2. I'm not convinced that being able to snoop messages in the overlay
>   makes SPAM and DoS much easier. Can you explain why you think this
>   is the case.
> 3. To a great extent, any open network has SPAM and DoS issues. 
>   Because RELOAD provides positive authentication of participants,
>   it arguably is substantially better in this regard.
> 
> 
> > And in order to protect privacy, which is the basic servie 
> P2PSIP system 
> > should do, we may need to consider to revise a little bit in 
> revising 
> > the protocol, ..... and so on. That is why i thought the 
> internet drafts 
> > are not enough and powerful currently.
> 
> I'd certainly be interested in hearing about any new security features
> you think would be useful here.
> 
> 
> > Most of the engineers consider the accessibiliy and availability 
> too 
> > much so that some times they did not think of the security, 
> privacy, and 
> > some basic things. I did when i was working in the network 
> application 
> > field, but now i work more in the system security.
> 
> Actually, we did think about security pretty extensively during the
> design of RELOAD.
> 
> -Ekr
> 
> _______________________________________________
> P2PSIP mailing list
> P2PSIP at ietf.org
> https://www.ietf.org/mailman/listinfo/p2psip
> 
_______________________________________________
P2PSIP mailing list
P2PSIP at ietf.org
https://www.ietf.org/mailman/listinfo/p2psip

Follow-Ups:
- Re: [P2PSIP] 回复: P2PSIP and Security [Was P2PSIP Digest, Vol 19]
  - From: Eric Rescorla

References:
- Re: [P2PSIP] P2PSIP Digest, Vol 19, Issue 1
  - From: xianghan.zheng
- [P2PSIP] P2PSIP and Security [Was P2PSIP Digest, Vol 19]
  - From: Eric Rescorla

Prev by Date: [P2PSIP] P2PSIP and Security [Was P2PSIP Digest, Vol 19]
Next by Date: Re: [P2PSIP] 回复: P2PSIP and Security [Was P2PSIP Digest, Vol 19]
Previous by thread: [P2PSIP] P2PSIP and Security [Was P2PSIP Digest, Vol 19]
Next by thread: Re: [P2PSIP] 回复: P2PSIP and Security [Was P2PSIP Digest, Vol 19]
Index(es):
- Date
- Thread