* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Peer-to-Peer Networks & File Sharing
Piggybacking (Internet access) wikipedia , lookup
Wireless security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Distributed firewall wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Peer-to-Peer Networks & Music File Sharing Tim Caserza COEN 150 Holliday 6-2-04 Outline What is peer-to-peer? History of peer-to-peer Peer-to-Peer network designs The RIAA, the law, and music file sharing Peer-to-peer network security concerns Conclusion What is Peer-to-Peer? Two main structures of network applications Client/Server Peer-to-Peer (P2P) Very simple example of client/server model: web servers User’s web browser (client) requests a page from a web server. The web server processes the request and returns the appropriate content, displayed in user’s browser. Server never requests a page from client Client disconnects from server once response is received One-way transfer What is Peer-to-Peer? (continued) Another example of client/server model: File Transfer Protocol (FTP) User (client) connects to FTP server. Client can browse files on server as well as upload and download files. Server cannot request files from client. Only one file transfer at a time, multiple requests get queued. Client disconnects when he is finished. That’s great and all, but you still haven’t told us what P2P is P2P Everyone is both a client and a server (node) If you want a file from another user, you download it (client). If another user wants a file from you, they download it from you/you upload it to them (server). Multi-threaded: you can send and receive multiple files simultaneously. Nodes connected to each other through a network Clients disconnect when they are finished History and Explanation of Peer-to-Peer Networks Usenet Napster Gnutella Gia Usenet Originally designed to allow a UNIX computer to dial into another computer, exchange files and disconnect Has grown into an enormous news network which uses the Network News Transport Protocol to enable a computer to efficiently find newsgroups and read and post messages Decentralized network– no one central authority, only thousands of individual nodes that allow users to search through newsgroups Paved the way for modern P2P networks Napster Before Napster, music mainly shared through FTP servers Developed by Shawn Fanning in 1999 as a means for people around the world to download music files and share their own collections with other users on its network Users connected to a centralized Napster server and the names of their shared files were sent and stored on the central server To search, a request was sent to the Napster server, which searched its database for the requested song and replied with the locations of users on the network with the song available for download Centralized server was the cause for the downfall of Napster Gnutella The answer to centralized server problems Developed in 2000 by Justin Frankel and Tom Pepper Uses decentralized servers If one server is shut down the network is still there Many servers are in other countries with different laws Nearly impossible to shut down an entire network Searching uses “flooding” A search sends a request to all its neighbor nodes, which search their shared folders and forward the search to all their neighbors, and so on until the entire network is searched Nodes are repeatedly searched many times Very inefficient, poor scalability Problem With Napster and Gnutella Networks Developed by one or two programmers, rather than a team or group of programmers Did not have efficiency and scalability in mind Popularity of file sharing has caused researchers to take interest in the future of P2P networks Researchers and engineers working to techniques to increase efficiency and scalability Gia Still in development Search uses a random walk rather than flooding Each node asks a “random” neighbor, who asks a “random” neighbor Every node is “smart” Aware of the connection speed and the number of shares on its neighbors Random walks are biased towards nodes more capable of handling many requests Still Not There Yet Gia is much more efficient and scalable than Gnutella, but still not even close to the ideal solution Random walks are still very inefficient, but they greatly reduce duplicate queries of the same node in the same search Doesn’t flood the network The Recording Industry Association of America (RIAA) A trade group that represents the recording industry and is responsible for recording and distributing 90% of the music in the U.S. Biggest opponent to using peer-to-peer file sharing for the purpose of sharing copyrighted files illegally Before Napster, the RIAA mainly dealt with tracking down illegal CD manufacturing facilities Sued Napster for aiding its users in illegally distributing copyrighted music by providing a central server for anyone to connect to and distribute copyrighted music P2P Music Sharing’s Effect on the RIAA The RIAA Takes Action January 2003 – RIAA begins filing subpoenas to ISPs to release the identities of the users that they had identified as illegally sharing large amounts of music September 2003 – RIAA files 261 copyright lawsuits against individuals Offered amnesty to any of the 261 who promised to stop illegally downloading and sharing music files One and only warning to people illegally sharing music RIAA Lawsuit Statistics As of the end of March 2004: 1977 people have been sued Thousands of small-scale sharers have received warnings Roughly one-fifth of those sued by the RIAA have settled out of court with the RIAA Average settlement: $3000 fine No lawsuits have been brought to trial yet How They Track Illegal File-Sharers Have programs to search the network for specific files that are being shared illegally RIAA determines the ISP hosting the IP address linked to illegally sharing files IP addresses of any responses are recorded Contacts the ISP Informs them of the illegal activity Lets them know they will be sued if the offending material is not removed ISP determines who was using the IP address at the time of the infraction Shuts off their internet access Contacts them and inform them of the situation Problems With the Process RIAA might record wrong IP address ISP might connect wrong person with IP address “Sue first and ask questions later” attitude IP spoofing utilities available Connections through proxies Open-source P2P applications Patriot Act allows subpoena of information of anyone suspected of illegal file-sharing Lawsuit can be filed once they have the information Electronic Frontier Foundation (EFF) angered by the process and abuse of Patriot Act, defends those who have evidence to prove their innocence in court “Oops!” The RIAA Makes Some Mistakes Ross Plank Accused of sharing hundreds of Latin American music files on Kazaa Does not listen to Latin American music Has never used Kazaa His records show he was not using the IP address that the RIAA linked the address to the illegal file sharing at the time they linked it Being defended by EFF “Oops!” They Did it Again… Sarah Ward 65-year-old teacher Accused of sharing hundreds of music files illegally on Kazaa Uses a Mac, which is unable to run Kazaa Only evidence: 3 screen shots Case dropped by RIAA weeks later Study on the Security of P2P Networks Conducted by the U.S. House of Representatives Committee on Government reform in 20022003 Findings: Great deal of personal/confidential data being shared Many viruses, worms, Trojan horses found propagating through network Spyware and adware come with most P2P applications Personal/Confidential Information Shared On searches conducted by the committee using Kazaa, the following were found freely available: Completed tax returns with social security numbers, income and investment info Medical records of military personnel and military medical supply records Confidential legal documents such as attorney-client communications regarding divorce proceedings and living wills Personal correspondence, including entire e-mail inboxes of individuals Business files, including contracts and personnel evaluations Campaign and political records and private correspondence with constituents Resumes with personal addresses, contact information, job histories, salary requirements, and references Default setting when Kazaa is installed is to have Kazaa find files on your computer to share May find files you didn’t indend to share Viruses, Worms, Trojan Horses in P2P Networks Easily spread by users who are not educated on malicious programs, and not cautions when downloading programs Report done by ZDNet found eight worms infected P2P networks between May and September 2002 Benjamin worm: Created and shared new Kazaa folders Masked itself as popular music and other multimedia files Spyware and Adware Come with many P2P applications like Kazaa Spyware: Adware: Tracks surfing habits, purchases, etc. and reports info back to creators Could be used to collect credit card information and other private information Causes annoying pop-up ads to appear even when not surfing the internet Is not outlawed because accepting the EULA gives the application permission to install the spyware and adware Conclusion Security issues need to be addressed in future P2P applications Users of P2P networks need to be educated on how to properly use their P2P application Avoid sharing personal/confidential information Avoid spreading viruses, worms and Trojan Horses Learn how to remove spyware and adware Lawmakers need to be educated on P2P and constantly updated on it so the law stays up to date with the technology