Since its inception, the Internet has thrived on a myriad of innovative concepts and technologies [4]. Recently, the peer-to-peer (P2P) architecture has evolved to empower masses of users to share a variety of file types, usually within a narrow niche (such as music). In 1996, drawing on the success of several open precursors, such as Mirabilis' ICQ and AOL's instant-messaging programs, P2P computing was adopted by users worldwide at an incredible rate. P2P applications such as Napster, KaZaA, and LimeWire allowed for the ubiquitous exchange of a variety of file types, including music, documents, pictures, and software. The launch of these applications marked the unprecedented threat to open systems connectivity issues such as security, privacy, copyright protection, and information quality [5]. These risks came about quickly, easily, and with little deliberation over its consequences. In the future, P2P is expected to have a larger role in e-commerce [2].
There are many different applications of P2P, including file sharing, distributed computing, and real-time communication. In the P2P configuration, a computer becomes a node in a file-sharing network for users with common P2P applications. Using this scheme, a computer becomes a `peer' with simultaneous client and server roles. P2P protocols reduce the barriers to assigning a public network address to a peer, thus effectively creating a server within a client's name space. Each P2P network is defined by its client-side software, which uses its own unique set of protocols. P2P applications are designed to bypass the traditional Domain Name System (DNS) by retrofitting peers into the DNS model. No matter what method of bypassing those controls is used, each participating client is given server-like functionality allowing for the exchange of files with other users of the protocol. By downloading from the Internet, tens of millions of non-DNS accessible addresses have been created by these applications. The user base for P2P applications is still growing faster than the DNS system and at no cost to the user. A closer look at P2P helps to understand why it is the subject of security and privacy concerns and what can be done to alleviate the risks.
The human factor should always be a consideration when security is at issue. The prevalence and preference of this technology has been motivated by the ease of installation and use, low cost (free in most cases), and its intrinsic rewards. Most P2P applications include a familiar browser-like interface with embedded search features. Novice users have little difficulty searching for personal and business documents that other users intentionally or accidentally shared on the P2P network. Unfortunately, many of these users are novices and do not understand the consequences of their inaction with regard to security. Configuration is only nominally supported during setup and ongoing use in P2P applications. That is a core problem with P2P deployment on even the most secure networks—the technology risk relies heavily upon the user's level of technical knowledge and skills.
Simply closing the application does not prevent access from peer machines because many of these programs remain operational in the background. This allows for an ongoing open connection to the peer network in addition to access to the application user's files and folders designated for sharing. Leaving a P2P application running unnoticed over a weekend can compromise an entire network: a malicious user with intermediate hacking skills can take advantage of such vulnerabilities on a large scale. Compromised systems or networks provide effective staging grounds for attacks on participating systems. Remarkably, millions of P2P peers are left unattended and vulnerable at any given time during the day.
The protocol is constantly updated to enable better messaging and file sharing while removing networking constraints, such as arbitrary limits on file size and garbled message headers. It is easy for a user to overlook the range of implications of P2P because it so enabling yet simple to set up and operate.
As IT departments are rewarded for their ability to preserve stability, P2P disrupts the traditional networking model and risks causing networking instability. With networks without servers being administered by unskilled users, many organizations are trying to keep this technology under control. The fact is, P2P adoption has outgrown the managerial scope of most IT and security departments. There are two primary reasons P2P poses substantial hazards in the management of IT resources.
First, P2P embodies extreme decentralization of control from the IS manager to the user. It supports the fulfillment of Internet technology by allowing peers to connect to any other peer at any time and place. Security concerns involve permissions, allocated bandwidth, file information content, authorization, and centralization and are therefore too complex for the majority of users. Firewalls, Network Address Translation, and Dynamic IPs provide some protection, but are not always adequate barriers to prevent unauthorized communications when P2P is an element of IT architecture. Given the rapid adaptations to legal challenges made in the industry, it is perceived by many to be a policy-free use zone, whereby traditional constraints of government regulation and taxation and use policies are not enforceable.
Second, P2P networks have open and undefined membership with no common directory service. The file-sharing capabilities of P2P technology threaten the privacy and security of individuals and businesses through their disclosure of network IP and MAC addresses, the potential for virus distribution, and the potential for violations of Liabilities and Acceptable Use laws and policies. Empowering a user, especially a novice, to make choices regarding the accessibility of their files is a significant security risk. Because it is convenient and familiar, a P2P application like KaZaA may allow a user to unwittingly choose to share his or her My Documents folder or worse, the entire contents of the hard drive. Some applications recommend choosing the default settings as a security measure while leading the user to suboptimal security. These applications do not explain the rationale behind the default settings. The future of P2P is uncertain but its enormous base of users makes one thing clear; the application of this technology is desirable and deliverable.
Since the IP addresses of most P2P application users are disclosed in the exchanged message headers, identity theft by malicious users is permitted. By disguising themselves as valid users, hackers can perform anonymous and often illegal actions. This concern has been discussed by government agencies such as the FBI's National Infrastructure Protection Center, which advised that a medium-level vulnerability exists, no patch or workaround exists; and that the means of exploiting the vulnerability had been published [3]. The exploit is simple to execute for the most novice hacker. The FBI advised that to ensure a more secure P2P experience, users should disable file sharing with other members of the file-sharing network. That is, not to share files on a file-sharing network.
Developers and users should integrate adaptive and effective security measures to protect their data and systems as users strive to gain even more control over their computing with technologies such as P2P. Over the course of a pilot study, a sample of P2P file-sharing applications was tested for basic security performance. Inherent to most of these applications was the fact that the user was arbitrarily allowed to choose what files were shared and how they were shared. Users were provided with little or no information about how their choices would affect their privacy and security. However, most of these programs did recommend their default settings, which allowed for sharing only one folder within the program's installation folder. For most P2P applications, the End User License Agreements (EULAs) established the rules of conduct and who would be liable for what actions. P2P application providers are generally released of liability for user's security violations. Users must simply agree not do anything illegal, misrepresentative, or otherwise objectionable in order to use these P2P programs. If a user breaches the EULA, the user is solely responsible and the software developer can only be held accountable within the constructs of their own legal system.
Because of the number of applications and protocols that might be resident on a given network, it is very difficult to build and integrate supportive solutions for P2P. The policy-free implications of P2P make the technology very difficult to control by individuals and organizations alike. The best practices and recommendations for managing P2P are as follows.
For businesses
For individuals
Failure to implement practical security measures when using this technology can lead to accidental disclosure of sensitive data or worse. Historically, the legal system has not protected the owner of the disclosed information if they accidentally made it available or did not try to protect it. The damage can be devastating in P2P architecture, involving anything from identity theft to the theft of company secrets. The best security policies both inform and educate—some simple advice to P2P users:
Managing P2P security will remain an ongoing topic and as with many Internet-based technologies, the future of P2P will remain uncertain. Managers should be aware that since P2P is founded on openness, its potential to further disrupt the traditional view of computing will remain.
1. Agarwal, M. Security issues in P2P systems, 2002; www. ece.rutgers.edu/~parashar/Classes/01-02/ece579/slides/security.pdf.
2. Berghel, H. The Y2K e-commerce tumble. Commun. ACM 44, 8 (Aug. 2001).
3. National Infrastructure Protection Center. CyberNotes, Issue #2002-04 (Feb. 25, 2002); www.nipc.gov/cybernotes/2002/cyberissue2002-04.pdf.
4. Segaller, S. Nerds 2.0.1: A Brief History of the Internet. TV Books, 1999.
5. Singh, M.P., Yu, B. and Venkatraman, M. Community-based service location. Commun. ACM 44, 4 (Apr. 2001).
©2004 ACM 0001-0782/04/0900 $5.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2004 ACM, Inc.
No entries found