Gnutella

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Gnutella: integrating performance and security in fully decentralized P2P models

Full text

Pdf (2.85 MB)

Source

ACM Southeast Regional Conference archive
Proceedings of the 46th Annual Southeast Regional Conference on XX table of contents

Auburn, Alabama

SESSION: Software and system security table of contents

Pages 272-277

Year of Publication: 2008

ISBN:978-1-60558-105-7

Authors

Rossana Motta	Florida State University, Tallahassee, FL
Wickus Nienaber	Florida State University, Tallahassee, FL
Jon Jenkins	Florida State University, Tallahassee, FL

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 26, Downloads (12 Months): 39, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1593105.1593178 What is a DOI?

ABSTRACT

Peer-To-Peer (P2P) systems have made an enormous impact on the Internet, directly affecting its performance and security. The litigation against P2P file sharing has led some designers to opt for purely decentralized P2P models. The latter have quickly become attractive to Internet users, who often consider pure P2P as more "secure" than hybrid systems (i.e. with some central entity).

In this paper, we concentrate on some relevant security threats and performance inefficiencies in the Gnutella P2P network, which is worldwide the most popular fully decentralized system. We present the results we obtain from the analysis of spurious content circulating in the network. We observe a significant propagation of unwanted and unrelated query replies, systematically taking place. This leads to the transfer of junk or unsafe files, potentially resulting in hosts' security violations and Denial of Service attacks. The analysis of IP addresses shows that peers responsible for spreading these files are recurrent over time and over specific network segments. They also share a specific pattern of common features, clearly suggesting the use of modified versions of Gnutella applications. Typically these peers run as super-nodes (ultrapeers), which represent the highest level of control of the Gnutella system.

In spite of many different solutions proposed in the past to integrate security mechanisms into Gnutella, none of them have been adopted in practice. We discuss the necessary trade-offs of these proposed solutions and we also analyze the (unofficial) hypothesis that some entities, having commercial convenience in polluting the Gnutella network, may be involved. We propose solutions that help mitigating some of the problems, while still preserving the basic structure of the Gnutella protocol.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	http://www.limewire.org/forum/showthread.php?t=93.
	2	http://research.sunbelt-software.com/threatdisplay.aspx?threatid=55129.
	3	http://www.limewire.org/forum/showthread.php?t=1071.
	4	http://insecure.org/nmap.
	5	http://www.honeynet.org/papers/bots.
	6	http://www.limewire.org/forum/showthread.php?t=1168.
	7	http://forums.phoenixlabs.org/showthread.php?t=8938.
	8	Anonymously launching a ddos attack via the gnutella network. http://www.auscert.org.au/render.html?it=2404.
	9	Choosing reputable servents in a p2p network. http://seclab.dti.unimi.it/Papers/www02.ps.
	10	Exploiting the security weaknesses of the gnutella protocol. http://www.cs.ucr.edu/csyiazti/courses/cs260-2/project/gnutella.pdf.
	11	Gnutella viruses weaker than email bugs, experts say. http://news.com.com/2100-1023_3-241440.html.
	12	http://forums.whirlpool.net.au/forum-replies-archive.cfm/533720.html.
	13	P2p: Is big brother watching you? http://www1.cs.ucr.edu/store/techreports/UCR-CS-2006-06201.pdf.
	14	Quantitative analysis of the gnutella network traffic. http://www1.cs.ucr.edu/store/techreports/UCR-CS-2004-04089.pdf.
	15	Query-flood dos attacks in gnutella. http://infolab.stanford.edu/daswani/papers/p115-daswani.pdf.
	16	Security problems in p2p networks: A case study on the gnutella network. http://wwwcsif.cs.ucdavis.edu/andrei/ECS235/ecs235_report.pdf.
	17	F. Cornelli, E. Damiani, S. D. Capitani, S. Paraboschi, and P. Samarati. Implementing a Reputation-Aware Gnutella Servent, volume 2376. Lecture Notes In Computer Science, Springer-Verlag, London, UK, 2002.
	18	D. Ferguson. Trends and Statistics in Peer-to-Peer. VP Engineering CacheLogic, 2006.
	19	S. H. Kwok , K. Y. Chan , Y. M. Cheung, A server-mediated peer-to-peer system, ACM SIGecom Exchanges, v.5 n.3, p.38-47, April 2005 [doi>10.1145/1120680.1120686]
	20	S. Lui , K. Lang , S. Kwok, Participation Incentive Mechanisms in Peer-to-Peer Subscription Systems, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.302.2, January 07-10, 2002
	21	L. Sroura, A. Kayssia, and A. Chehab. Reputation-based algorithm for managing trust in file sharing networks. Securecomm and Workshops, pages 1--10, 2006.
	22	D. Stutzbach and R. Rejaie. Capturing accurate snapshots of the Gnutella network, volume 4. INFOCOM 2005, Proc. IEEE, 2005.