insecurity_in_p2p_networks by bubusam13


									A2 Case Study

Insecurity in Peer-to-Peer Networks                                                                     A Siemens Company

This paper considers the new and interesting security issues raised by the proliferation of peer-to-peer
file sharing applications e.g. Gnutella, KaZaA and WinMX.

The Peer-to-Peer Community                                  Security in the Hands of User Community
The arrival of the commercial Internet heralded much        Only the most naïve of users would open an unsolicited
speculation as to its “Killer Application” and what         E-mail and run an executable or script. However, due
services would make money. With the increase in             to the implied sense of community, peer-to-peer
technical literacy of the public and associated growth of   application users seem to be lulled into a false sense of
the user population came the realisation that the “Killer   security, ready to trust applications and files they
Application” of the Internet was the Internet. Users        download from fellow users. This makes peer-to-peer
were happy to pay for simple Web and E-mail access.         networks an especially attractive target for hackers.
Then came the birth of Napster and peer-to-peer file        The nature of peer-to-peer networks makes the
swapping applications and the World changed.                identification and removal of infected files difficult, as
                                                            there is no central point of control. As stated on the
Within a year, Napster was reported to be accounting        KaZaA web site, “We have no control over the content
for 30-50% of traffic on some University campus             that you can find with Kazaa Media Desktop; the
segments. Copyright issues killed Napster, but the          content is supplied by the users of the software.” It is
genie was out of the bottle and a huge number of            entirely in the hands of the user community to police
Internet users saw peer-to-peer services as the Internet    the network content.
application. Whatever the copyright issues, peer-to-peer
networking is a hugely powerful and popular technology. Downloading a file or application via a peer-to-peer
                                                         sharing application is no more risky than taking content
Insecurity in the Peer-to-Peer World                     from an un-trusted web site or opening unsolicited E-
Today, Gnutella, KaZaA and                                                    mail. However, it is no safer and the
WinMX all boast significant user                                              implied sense of trust can make this
communities. And in this concept                                              a dangerous proposition. Even if an
of “community” lies a security risk.                                          unsuspecting user is happy to
Users of these applications feel a                                            download content from the least
part of a worldwide user                                                      reputable of websites or open
community and the concept of                                                  untrustworthy mail, today’s anti-
community implies trust.                                                      virus and firewalling software will
                                                                              probably scan and neutralise all but
The shock-effect of the “I love you”,                                         the latest of threats. Due to the
“Melissa” and many other popular                                              nature of peer-to-peer applications,
and surprising viruses and worms                                              it is quite possible that they will
has caused users to wake up to the                                            circumvent such reasonable
risks of untrustworthy content.                                               precautions. It is therefore the
                                                         responsibility of the user to manually scan downloaded
                                                         content. Interestingly, KaZaA have recently
                                                         recommended Bullguard (
                                                         integrated firewalling/virus scanning for their product.
                                                         Users are already confused by the plethora of anti-virus
                                                         and firewall products from mainstream vendors, so the
                                                         promotion of such integration may have relatively little
                                                         impact, “Hey, I’ve already paid for anti-virus and firewall
                                                         software so why do I need this?”
Trojans                                                               Summary
Recent press reports have indicated that basic virus                  The growth in popularity and use of peer-to-peer
and worm infections are going out of fashion. The new                 networks will continue and the threats will multiply.
game for hackers is Trojans. The rapid increase in the                However, as previously stated, downloading a file from
number of broadband connected hosts makes Trojan                      a peer-to-peer network is no more risky than from any
programs a more entertaining prospect for hackers.                    other source, but it is important to remember that it is
Dial-up connection provides only intermittent                         no safer either. Users should ensure that anti-virus
connectivity, with very limited bandwidth. Whereas the                software is up to date and always scan any
‘always on’ nature and high connection speed provides                 downloaded content (whatever the claimed file type).
the opportunity for far more sophisticated, dangerous
and interesting Trojans. The new generation of Trojans    Permanent connection to the Internet increases the
allows a malicious use to take complete control of the    vulnerability of any machine. It is essential that any
subverted machine: creating and deleting files,           machine connected to an ‘always on’ service has an
introducing system faults and providing a launch pad      effective and well configured firewall. This is especially
for Denial of Service attacks. ‘Always on’ peer-to-peer   the case with machines running peer-to-peer networks,
networks provide the ideal environment for such activity  as these will make increasingly attractive hacking
to flourish.                                              targets – the very nature of peer-to-peer applications
                                                          means that they effectively open a hole in the firewall to
Tip of the Iceberg                                        allow communication with other machines in the
Recent reports have indicated hacker activity targeted network.
directly at peer-to-peer applications. As yet, there
appears to be a relatively low level of activity, but the
threat is growing. A recent example is the “Eightball”
skin circulated for the KaZaA media desktop; a
relatively simple Trojan, which deletes all mp3 files on
the user’s hard drive and causes a system crash. A
crude attack, but irritating and probably just the tip of
the iceberg when it comes to the next generation of
Trojan applications.

For further information                  Adrian Skidmore                                            Alan Burnett
                                         Tel: +44(0)1794 833594                                     Tel: +44(0)1794 833304
please contact
                                         Email:                          Email:

         Roke Manor Research Limited     © Roke Manor Research Limited 2003. All rights reserved.
         Roke Manor Romsey               This publication is issued to provide outline information only, which (unless agreed
         Hampshire SO51 0ZN UK           by the company in writing) may not be used, applied or reproduced for any purpose
         Telephone: +44 (0)1794 833000   or form part of any order or contract or be regarded as representation relating to the
         Fax: +44 (0)1794 833433         products or services concerned. The company reserves any right to alter without
         Web:             notice the specification, design, or conditions of supply of any product or service.     NBU/AS/0903/0345.1b

To top