Project Webpage

 

ECS 235 – Computer Security, Fall 2005

 

The project report

 

 

 

Project topic:   Security Issues in Peer-to-Peer Systems

 

Team:   Wei Wang, Dragos Andrei and Huan Song

 

Project description:

 

A first project challenge we want to explore is to understand the exact functionality of P2P systems, such as Gnutella, Morpheus, Napster or Kazza,  and to find different design vulnerabilities. For example, in Gnutella, some possible attacks are: 1). Distributed Denial of Service Attack through Spamming; 2). The Pong attacks; 3) IP harvesting 4). The Query-Flood DoS Attacks.

We want to find some new types of attacks, based on our understanding of P2P systems, or find a way to improve the robustness of a P2P network.

 

Tentative timeline:

-Week 1 – Read all the references, write summaries and find some new vulnerabilities

-Week 2  - Try to repeat the existing attacks to further understand the functionality of existing systems.

-Week 3, 4, 5 – Try to design and implement our own attacks, or improve the already existing systems.

-Week 6, 7      - Debug our implementations/modifications.

–Writing of the report which will contain our results, along with a broad summary of the related work.

 

References:

1.                  Steven M. Bellovin, "Security Aspects of Napster and Gnutella", 9th Usenix Security Symposium Presentation, Denver, Colorado, August 2000.

2.                  D. Zeinalipour-Yazti - “Exploiting the Security Weakness of the Gnutella Protocol”.

3.                  N. Daswani, Hector Garcia-Molina - “Query-Flood DoS Attacks in Gnutella”.

4.                  Security Applications of Peer-to-Peer Networks -Vasileios Vlachos, Stephanos Androutsellis-Theotokis, Diomidis Spinellis

5.                  Peer-to-Peer Security in Mobile Devices: a User Perspective – Stefano Campadello

 

Midterm Report:

 

Introduction:

Our practical attack implementations and simulations will be focused on the Gnutella protocol.

Until now, we read some papers about the functionality of Gnutella and about the various attacks that we can simulate.

Practical Implementations:

 

So far, we tried different approaches of attacking Gnutella/Simulators.

Initially we installed and run some real Gnutella clients (like LimeWire), just to see how they behave. We already found the (Java) source codes for them.

But, since they have a lot of options (plus GUI), and as they are pretty recent (2005) (the LimeWire Gnutella implementation for instance is currently used), the code is too complicated for us to modify.

Another challenge for us is the way we should simulate the attacks. Since we cannot use the Internet to simulate the attacks (because of scalability and maybe even legal issues), we will try to limit ourselves in our practical implementations on a small number of computers (2 or maximum 3), on which we run independently some different Gnutella clients and servers).

We also found a simplified Java implementation of Gnutella protocol, called Jtella, which is pretty easy to extend so that we use its functionality as Gnutella client, Gnutella server etc.

 

Because of the problems of running Gnutella by itself, we also oriented towards Gnutella simulators. We found a good Gnutella simulator (http://www.cc.gatech.edu/computing/compass/gnutella/), which runs on top of the well-known simulator NS2. So, we have to install NS2, and then run some patches for Gnutella. We are currently installing them (under Linux) (now we have some problems with the installations but hope to overcome them).

 

Short description of the possible attacks:

 

Here is the idea of possible attacks over Gnutella (DoD and others)

The basic idea is to exploit the weakness in the simple protocol of Gnutella to initiate distributed denial of service attack. Gnutella uses a simple 6-step handshaking protocol to search and download the file.

Basically if a user wants to join the Gnutella network, it first sends a "ping" message to its neighbors. The users who are already in the Gnutella network reply with a "pong" message. Then the new user send "query" message to ask the existing users if they know where to download the file it needs. The user who receives the "query" will reply with "queryhit" if he knows where to download the file (e.g., he happens to have the file, or he knows some of its neighbors who have the file). Then the new user will go to download the file.

A malicious user can pretend that he knows all the files his neighbors queries. It can be achieved by replying with "queryhit" whenever he receives a "query". But in "queryhit", it will indicate that the file is on a particular IP address. This particular IP address is the IP you want to initiate the DDoS attack.

 

The plan for the rest of the project:

 

The next step is to implement the attacks on the Gnutella simulator or on the simplified real client, or both. We also plan on thinking and implementing possible new attacks on Gnutella.

Also, in the limits of time, we want to be more familiar with (or even implement/simulate) attacks typical for other P2P systems, like Morpheus, Kazza or BitTorrent.