《第讲PP安全探讨》由会员分享,可在线阅读,更多相关《第讲PP安全探讨(97页珍藏版)》请在金锄头文库上搜索。
1、P2P安全探讨1章节内容l6.1匿名l6.2声誉和信任l6.3文件污染l6.4路由安全l6.5安全前沿研究26.1匿名l“匿名”的根源可以追溯到“安全散列函数”,包括发送者匿名、接收者匿名、文件标识匿名、关系匿名等lP2P系统天然可用于匿名3AnonymitylAuthor anonymity: Author anonymity: 分享资源的作者的身份不能够被有心分享资源的作者的身份不能够被有心人知道,即身份和分享的资源不能够有关连性。人知道,即身份和分享的资源不能够有关连性。lPublisher anonymity: PublisherPublisher anonymity: Publish
2、er的身份不能够和提供的的身份不能够和提供的资源有所关连性。资源有所关连性。lReader (Requester) anonymity: Reader (Requester) anonymity: 同个网络中的资源任何同个网络中的资源任何人都可以读取,但读取者的信息不能够被公开或得知。人都可以读取,但读取者的信息不能够被公开或得知。lServer anonymity: Server anonymity: 服务器的信息不能够和提供的资源有服务器的信息不能够和提供的资源有任何的关连性。任何的关连性。lDocument anonymity: Document anonymity: 服务器也不知道储存
3、的内容。服务器也不知道储存的内容。lQuery anonymity: Query anonymity: 服务器知道请求资源的服务器知道请求资源的IDID,但是不能,但是不能够有第三者去确认此够有第三者去确认此IDID的正确性。的正确性。 4匿名的方法l匿名代理:用户通过匿名代理发送消息,但匿名代理安全性以及本身是系统瓶颈,易受攻击l混合中继网mix-net:用户通过一组“混合中继”mixrelays结点连接到服务器,核心中继结点是安全隐患(Tor)l随机中继:Freenet,Tarzan(理论上完备细致,但实现极其困难)等5混合中继网onionroutingl常用的匿名传输代理服务器Tor是基
4、于洋葱路由(Onion Routing)l用户在本机运行一个洋葱代理服务器(onion proxy),这个代理周期性地与其他Tor交流,从而在Tor网络中构成虚拟环路(virtual circuit)。同时对于客户端,洋葱代理服务器又作为SOCKS接口。一些应用程序就可以将Tor作为代理服务器,网络通讯就可以通过Tor的虚拟环路来进行。lTor是在7层协议栈中的应用层进行加密(也就是按照onion的模式)而它之所以被称为onion是因为它的结构就跟洋葱相同,你只能看出它的外表而想要看到核心就必须把它层层的剥开。l每个router间的传输都经过symmetric key来加密,形成有层次的结构。
5、它中间所经过的各节点,都好像洋葱的一层皮,把客户端包在里面,算是保护信息来源的一种方式,这样在洋葱路由器之间可以保持通讯安全。6洋葱路由Onionrouting(Areal-timeMIXnetwork)l一个通用可用于如Internet开放式网络上的匿名通信体系generalpurposeinfrastructureforanonymouscommunicationsoverapublicnetwork(e.g.,Internet)l通过适当的代理支持多类应用如:HTTP,FTP,SMTPsupportsseveraltypesofapplications(HTTP,FTP,SMTP,rlo
6、gin,telnet,)throughtheuseofapplicationspecificproxiesl应用数据通过动态建立的匿名连接传输anonymousconnectionsthroughonionroutersarebuiltdynamicallytocarryapplicationdatal具有分布式、容错、安全等特性distributed,faulttolerant,andsecure7洋葱路由网络设置和操作l在邻居路由器间保持长期的socket连接(links)long-termsocketconnectionsbetween“neighboring”onionroutersa
7、reestablishedlinksl一个连接link上的两邻居采用两个DES加密key,每个方向一个确保通信安全neighborsonalinksetuptwoDESkeysusingtheStation-to-Stationprotocol(onekeyineachdirection)l多个匿名连接可以复用在一个连接link上,这时每个匿名连接分配一个ACI标识(局部性的标识)。l消息类似ACM传输,分成48bytes定长信元。信元用DES加密。传输中来自不同连接的信元mix复用,但保持连接有序。6543214321mixing65432143218Overviewofarchitectu
8、reapplication(initiator)application(responder)onionrouterentryfunnel-multiplexesconnectionsfromonionproxiesexitfunnel-demultiplexesconnectionsfromtheORnetwork-opensconnectiontoresponderapplicationandreportsaonebytestatusmsgbacktotheapplicationproxylong-termsocketconnectionsapplicationproxy-preparest
9、hedatastreamfortransfer-sanitizesappl.data-processesstatusmsgsentbytheexitfunnelonionproxy-openstheanonymousconnectionviatheORnetwork-encrypts/decryptsdata9Onions消息包lonion是多层数据结构,它encapsulate了OR网络中的匿名连接itencapsulatestherouteoftheanonymousconnectionwithintheORnetworkl每层包括:backwardcryptofunction(DES-O
10、FB,RC4)后向加密函数forwardcryptofunction(DES-OFB,RC4)前向加密函数IPaddressandportnumberofthenextonionrouter下一跳路由expirationtime过期时间keyseedmaterial用于前向和后向加密函数的密钥lusedtogeneratethekeysforthebackwardandforwardcryptofunctionsl同时每一层都用相应的洋葱路由器的公钥加密eachlayerisencryptedwiththepublickeyoftheonionrouterforwhichdatainthatl
11、ayerisintendedbwdfn|fwdfn|next=0|keysbwdfn|fwdfn|next=green|keysbwdfn|fwdfn|next=blue|keys10Anonymousconnectionsetupillustratedapplication(responder)onionproxyonion11Anonymousconnectionsetupillustratedapplication(responder)onionproxyonionbwd:entryfunnel,cryptofnsandkeysfwd:blue,ACI=12,cryptofnsandke
12、ys12Anonymousconnectionsetupillustratedapplication(responder)onionproxyonionACI=1213Anonymousconnectionsetupillustratedapplication(responder)onionproxyonionbwd:magenta,ACI=12,cryptofnsandkeysfwd:green,ACI=8,cryptofnsandkeys14Anonymousconnectionsetupillustratedapplication(responder)onionproxyonionACI
13、=815Anonymousconnectionsetupillustratedapplication(responder)onionproxyonionbwd:blue,ACI=8,cryptofnsandkeysfwd:exitfunnel16Anonymousconnectionsetupillustratedapplication(responder)onionproxybwd:entryfunnel,cryptofnsandkeysfwd:blue,ACI=12,cryptofnsandkeysbwd:magenta(紫红),ACI=12,cryptofnsandkeysfwd:gre
14、en,ACI=8,cryptofnsandkeysbwd:blue,ACI=8,cryptofnsandkeysfwd:exitfunnelstandardstructurestatusopensocket17Tarzan-P2P匿名网络层lTarzan在英文中的意思为“泰山”lTarzan是一个P2P的匿名IP网络覆盖,它通过数据多层加密和消息多跳路由来实现匿名性。lTarzan将mix-net的匿名方法扩展到P2P环境中,结点之间通过中继结点序列(这一序列结点构成一条隧道)来通信。l实现:发送者匿名、接收者匿名、关系匿名(一对结点之间相互通信的关系不会被其他结点发现)lTarzan:APe
15、er-to-PeerAnonymizingNetworkLayerACMCCS2002http:/pdos.lcs.mit.edu/tarzan/18lParticipantcancommunicateanonymouslywithnon-participantlUsercantalktoCNN.comUser ?NobodyknowswhouserisAnonymity19TheVisionforAnonymizationlThousandsofnodesparticipatelBouncetrafficoffoneanotherMechanismtoorganizenodes:peer-t
16、o-peerAllapplicationscanuse:IPlayer20Alternative1:ProxyApproachlIntermediatenodetoproxytrafficlCompletelytrusttheproxyAUserProxy21ThreatmodelCorruptproxy(s)Adversaryrunsproxy(s)Adversarytargetsproxy(s)andcompromises,possiblyadaptivelyNetworklinksobservedLimited,localizednetworksniffingWide-spread(ev
17、englobal)eavesdroppinge.g.,Carnivore,Chinesefirewall,ISPsearchwarrants22FailuresofProxyApproachUserProxyTrafficanalysisiseasyProxyrevealsidentityProxy23ProxyFailuresofProxyApproachUserXXlCNNblocksconnectionsfromproxyTrafficanalysisiseasyAdversaryblocksaccesstoproxy(DoS)Proxyrevealsidentity24Alternat
18、ive2:CentralizedMixnetUserRelayRelayRelaylMIXencodingcreatesencryptedtunnelofrelaysIndividualmaliciousrelayscannotrevealidentitylPacketforwardingthroughtunnelOnionRouting,FreedomSmall-scale,staticnetworkRelay25FailuresofCentralizedMixnetCNNblockscoreroutersXRelayRelayRelayRelayUser26RelayFailuresofC
19、entralizedMixnetCNNblockscoreroutersAdversarytargetscoreroutersRelayRelayRelayRelayRelayRelayUser27CNNblockscoreroutersAdversarytargetscoreroutersSo,addcovertrafficbetweenrelaysHidesdatatrafficamongcoverAlternative2:CentralizedMixnetRelayRelayRelayRelayUserRelay28FailuresofCentralizedMixnetCNNblocks
20、coreroutersAdversarytargetscoreroutersRelayRelayRelayRelayRelayRelayUser29FailuresofCentralizedMixnetCNNblockscoreroutersAdversarytargetscoreroutersStillallowsnetwork-edgeanalysisRelayRelayRelayRelayRelayRelayUserRelayRelay30FailuresofCentralizedMixnetInternalcovertrafficdoesnotprotectedgesExternalc
21、overtrafficprohibitivelyexpensive?n2communicationcomplexityRelayRelayRelayRelayRelayRelayUserRelayRelayRelayRelay31Tarzan:MeRelay,YouRelayThousandsofnodesparticipateCNNcannotblockeverybodyAdversarycannottargeteverybody32Tarzan:MeRelay,YouRelayThousandsofnodesparticipateCovertrafficprotectsallnodesGl
22、obaleavesdroppinggainslittleinfo33 BenefitsofPeer-to-PeerDesign?ThousandsofnodesparticipateCovertrafficprotectsallnodesAllnodesalsoactasrelaysNonetworkedgetoanalyzeFirsthopdoesnotknowhesfirst341.Contactsknownpeerstolearnneighborlists2.ValidateseachpeerbydirectlypingingTarzan:JoiningtheSystemUser35Ta
23、rzan:GeneratingCoverTrafficNodesbeginpassingcovertrafficwithmimics:NodessendatsometrafficratepertimeperiodTrafficrateindependentofactualdemandAllpacketsaresamelengthandlinkencryptedUser36Tarzan:SelectingtunnelnodesUserTobuildtunnel:Iterativelyselectspeersandbuildstunnelfromamonglast-hopsmimicsPNAT37
24、But,AdversariesCanJoinSystemUserPNAT38But,AdversariesCanJoinSystemUserAdversarycanjoinmorethanoncebyspoofingaddressesoutsideitscontrolContactpeersdirectlytovalidateIPaddrandlearnPKPNAT39But,AdversariesCanJoinSystemUserAdversarycanjoinmorethanoncebyrunningmanynodesoneachmachineitcontrolsRandomlyselec
25、tbysubnet“domain”(/16prefix,notIP)PNAT40But,AdversariesCanJoinSystemUserAdversarycanjoinmorethanoncebyrunningmanynodesoneachmachineitcontrolsRandomlyselectbysubnet“domain”(/16prefix,notIP)PNAT41Tarzan网络安全模型l考虑到一个路由器上可能有多个IP地址,从而虚拟地操纵多个Tarzan结点,因此定义了域domain概念,以此标识被某个恶意节点控制的子网。l如图,恶意的路由器控制了整个域(子网),而一般
26、的恶意结点则不能控制整个域,但它能监听域内其它结点的通信。l域的划分粒度通常为当前ip/16,当前ip/2442Tarzan体系架构436.2声誉和信任l匿名隐藏网络行为,而“声誉”与匿名相反,它对“好”的网络行为的鼓励l“信任”往往是基于“声誉”的,很多时候二者不做区分lBittorrent的阻塞算法实质就是采用声誉机制。目前对匿名、信任等的研究得到较大的关注。44设计P2P声誉、信任系统涉及的问题l此系统必须是自管辖的(self-policing),系统本身为其用户定义了共有的行为准则和声誉/信任衡量,即使在没有集中式认证或权威第三方的情况下,系统用户也能总体上遵循并加强这些准则l此系统必
27、须是匿名的,一个用户的声誉应该同一个不透明的ID相关联l不应该给予新来者任何额外的利益,用户的声誉必须通过多次事务中的表现来衡量l应该尽量最小化声誉/信任机制带来的额外开销l应该对恶意结点有较强的容错性45lCCS02Damianiet.al.,2002:提出了一种基于声誉的,在P2P网络中选择可靠资源的方法。每个Peer在下载资源前,通过分布式的投票算法(pollingalgorithm)来评价资源的可靠性,从而限制恶意资源在P2P网络中的传播。lACMConferenceonElectronicCommerceXiongandLiu.03设计了一个服务于P2P电子商务社群的、基于声誉的信任
28、模型PeerTrust。此模型基于事务回馈(transactionfeedback)来量化和比较Peer的可信任性(trustworthiness)。lBitTorren的阻塞算法是隐匿的声誉方法,但只基于本次下载而不考虑历史行为。46EigenTrust算法完备的P2P声誉管理lEigenTrust特征信任,www2003Kamvaretal.2003StandfordUniversitylEigenTrust使用用户间满意度矩阵的特征向量来计算信任值l信任值基础:每次事务后,用户要互相评价。如用户i从用户j那里下载一个文件后(也可能下载失败),用户i会以一个信任值tr(i,j)来评价这次事
29、务。1为成功,-1为不成功(下载失败或非想要的)。一个用户i对j历史性的评价(称为满意度s),记为sij47EigenTrust收集、计算信任值的方法l传递信任值(friendsoffriends):用户i信任那些给他提供正确下载的用户,所以也信任这些用户所提供的信任值。满意度的规范化(normalize):规范化可以有效地避免恶意结点给予其他结点太高或太低的评价。规范后的信任值记为cij,有cij=148TheMathAsk your friends jWhat they think of peer k.And weight each friends opinion by how much
30、you trust him.1.5 0 0 0.20 .2 0 .3 0 .5 .1 0 0 0.1.3.2.3.1.1.2i对k的信任通过朋友对k的信任传递lC为矩阵cij,CT表示矩阵的转置,ci表示包含cij的向量49l问你的朋友:t=CTci.l问朋友的朋友:t=(CT)2ci.l重复n次问:t=(CT)nci.,步数n越大,得到的评价越广泛从而越准确。l可以证明,当n很大时,每个用户i的信任值向量ti都将趋向于矩阵C的“左主特征向量”(leftprincipaleigenvector)el也就是说,在EigenTrust模型中t是一个全局特征向量,它的每个元素ti代表了整个系统赋予用
31、户j的信任值。l因此,每个peer并不需要存储或者计算它自己的信任向量。因为这是一个全局特征量,统一的。Therefore,eachpeerdoesnthavetostoreandcomputeitsowntrustvector.Thewholenetworkcancooperatetostoreandcomputet.50简单的、非分布式算法lInitialize:lRepeatuntilconvergence:51Simplealgorithmpseudocode52DistributedAlgorithm.1.5 0 0 0.20 .2 0 .3 0 .5 .1 0 0 0.1.3.2.
32、3.1.1.2以下算法暂时忽略lie/dishonestForeachpeeri-First,askpeerswhoknowyoufortheiropinionsofyou.-Repeatuntilconvergence-Computecurrenttrustvalue:ti(k+1)=c1jt1(k)+cnjtn(k)-Sendyouropinioncijandtrustvalueti(k+1)toyouracquaintances.-Waitforthepeerswhoknowyoutosendyoutheirtrustvaluesandopinions.详细算法及分析请自行参考论文kam
33、varetal.,200353计分安全的EigenTrust算法546.3文件污染l文件污染,是指P2P文件共享网络中的恶意用户,可称之为“污染者”,将虚假甚至含有恶意内容的文件贴上某些热门内容的标签进行发布,诱骗其他用户下载,并利用P2P网络的自由共享功能进行更广泛散播的现象。l案例:Overpeer公司于2003年成功地使当时最受欢迎的Kazaa/FastTrack网络上被污染的文件占到总文件数量的一半以上。http:/ companypolluted contentoriginal content6060FilePollutionpollution companypollution se
34、rverpollution serverpollution serverpollution serverfile sharingnetwork6161FilePollutionUnsuspecting usersspread pollution !62AliceBob62FilePollutionUnsuspecting usersspread pollution !Yuck6363IndexPoisoning:Infocom06index titlelocation bigparty123.12.7.98smallfun23.123.78.6heyhey234.8.89.20file sha
35、ringnetwork123.12.7.9823.123.78.6234.8.89.206464IndexPoisoningindex titlelocation bigparty123.12.7.98smallfun23.123.78.6heyhey234.8.89.20123.12.7.9823.123.78.6234.8.89.20index titlelocation bigparty123.12.7.98smallfun23.123.78.6heyhey234.8.89.20bighit111.22.22.22111.22.22.226565FastTrack/KazaaOverla
36、yEach SN maintains a local indexON =ordinary nodeSN = super nodeSNONONON6666FastTrackQueryON =ordinary nodeSN = super nodeSNONONON67Alice67FastTrackDownloadON =ordinary nodeSN = super nodeSNONONONHTTP requestfor hash value68Bob68FastTrackDownloadON =ordinary nodeSN = super nodeSNONONONP2P file trans
37、fer6969IndexPoisoninginFastTrackandOvernetlFastTrack/KazaaAdvertisetosupernodes(target_song,bogus_IP)lformanybogusIPs,manyversionsoftarget_songlOvernet/E-donkeyAdvertiserecord:(hash_target_keyword,bogus_version_id)7070Attacks:HowEffective?lForagiventitle,whatfractionofthe“displayedcopies”areClean?Po
38、isoned?Polluted?lBrute-forceapproach:attemptdownloadallversionsversionsthatdontdownloadarepoisonedforthoseversionsthatdownload,listen/watcheachonelHowdowedeterminepollutionlevelswithoutdownloading?7171Solution:lHarvestversionidsandcopylocationsFastTrack:CrawlOvernet:Insertnode,receivepublishmsgslHeu
39、risticforclassifyingversionsintopoisoned,polluted,cleanversions72CopiesatUsersFastTrackOvernetFor certain titles, a tiny fraction of users advertise the majority of the copies73736.4路由安全lJohnR.Douceur.TheSybilAttack.InProceedingsoftheIPTPS02Workshop,Cambridge,MA(USA),March2002.AtulSingh,MiguelCastro
40、,PeterDruschel,andAntonyRowstron.DefendingAgainstEclipseAttacksonOverlayNetworks.InProceedingsoftheEuropeanSIGOPSWorkshop,Leuven,Belgium,September2004.MiguelCastro,PeterDruschel,AyalvadiGanesh,AntonyRowstronandDanS.Wallach.Secureroutingforstructuredpeer-to-peeroverlaynetworks.OSDI2002.OSDI (even yea
41、r),SOSP (odd year)74SybilAttack75WhyUseSybilAttack?ldisruptionlfor-profitmotives:RIAA美国唱片业协会(RecordingIndustryAssociationofAmerica)disproportionateaccesstoresources(computation,storage)controlnetwork76EclipseAttacklOverlaynetworkDecentralizedgraphofnodesonedgeofnetworkEachnodemaintainsaneighborsetTy
42、picallylimitedcontrolovermembershiplEclipseAttackMaliciousnodesconspiretohijackanddominatetheneighborsetofcorrectnodes“Eclipse”correctnodesfromeachotherControldatatrafficthroughrouting77ExampleAHFCGBDEIBto*C&Fcontrolstraffic78日蚀79Secureroutingforstructuredpeer-to-peeroverlaynetworkslMiguelCastro,Pet
43、erDruschel,AyalvadiGanesh,AntonyRowstronandDanS.Wallach.lhttp:/ Peer-to-peer Anonymous Communication using Redundant Structured Topologies,CarmelaTroncosoandGeorgeDanezis84lIPTPS2010:Blindfold: A System to See No Evil in Content DiscoveryRyanS.Peterson,BernardWong,andEminGnSirer,CornellUniversityand
44、UnitedNetworks,L.L.C.lIPTPS2010:Strange Bedfellows: Community Identification in BitTorrentDavidChoffnes,JordiDuch,DeanMalmgren,RogerGuierm,FabinBustamante,andLusA.NunesAmaral,NorthwesternUniversity85lInfocom2010:Identifying Malicious Nodes in Network-Coding Based Peer-to-Peer Streaming NetworkslICCC
45、N 09A Systematic Study on Peer-to-Peer BotnetsPing Wang, Lei Wu, Baber Aslam, and Cliff C. Zou86P2PBotnetlIRClHTTPlP2PHTTP-FFSNIRC-P2P87BotnetArchitectureBotmasterBotBotRecruitingRecruitingRecruitingBot88BotnetsBotnet AdminBotSpammer89P2PBotnetlStorm(overnet)lNugachelWaleDac90lWhileIRCbotssimplyconn
46、ecttotheirIRCserver,P2PbotsmustfollowaseriesofstepstoconnectwiththeirP2PnetworklTheinitialP2PbotcodecontainsalistofpossiblepeersandcodethatattemptstoconnectthebotwiththeP2PnetworklAfterthebotjoinsthenetwork,thepeerlistisupdatedlThenthebotsearchesthenetworkanddownloadsthesecondaryinjectioncode(codeth
47、atinstructsthebottosendspamorperformothermaliciousactivities)P2PBotnets9191P2PBotnet:Storm9292EffectivenessofStorm93Smith0893HybridP2PBotnet94BotnetConstructionl路由信息的构建时机:Newinfecton;ReinfectionlNewInfection:A感染B时,把自己的peerlist交给B;判断B是servent?如果是就把B加入A的peerlist,A加入B的peerlistlReinfection:当A试图感染B(A,B都已
48、经是serventbot了)A和B都把对方加进自己的peerlist;l然后从自己的peerlist中随机抽取R个peer信息发给对方,同时从对方那里接受R个peer信息来充实自己的peerlist。如果peerlist满,就做替换。l叫做hockeycardalgorithm95进一步阅读与实践:l1、匿名通道Tor下载安装运行,理解onionrouting技术l2、阅读安全研究前沿的论文l3、IPTPS2010、INFOCOM2010的相关论文96学期论文idea之三:l匿名INFOCOM2009提出了一种文件检索系统的匿名模式,可考虑引申为优化的结构设计?MIX-Crowds,anAno
49、nymitySchemeforFileRetrievalSystemslWai Hung Tang (The University of Hong Kong, HK); H. W. Chan (The University of Hong Kong, HK);l信任EigenTrust提出了信任度计算算法,IPTPS09提出了EigenSpeed带宽的安全评估算法。如何将人与人之间交互的信任引入到算法中?IPTPS09EigenSpeed: Secure Peer-to-peer Bandwidth Evaluationl路由安全可否将经济模式引入到安全领域?INFOCOM2009lRoutingFairnessinChord:AnalysisandEnhancement97
