Peer-to-Peer Networks & File Sharing

Download Report

Transcript Peer-to-Peer Networks & File Sharing

Peer-to-Peer Networks
& Music File Sharing
Tim Caserza
COEN 150
Holliday
6-2-04
Outline






What is peer-to-peer?
History of peer-to-peer
Peer-to-Peer network designs
The RIAA, the law, and music file sharing
Peer-to-peer network security concerns
Conclusion
What is Peer-to-Peer?

Two main structures of network applications



Client/Server
Peer-to-Peer (P2P)
Very simple example of client/server model: web
servers




User’s web browser (client) requests a page from a web
server. The web server processes the request and returns the
appropriate content, displayed in user’s browser.
Server never requests a page from client
Client disconnects from server once response is received
One-way transfer
What is Peer-to-Peer? (continued)

Another example of client/server model: File
Transfer Protocol (FTP)
User (client) connects to FTP server. Client can
browse files on server as well as upload and
download files.
 Server cannot request files from client.
 Only one file transfer at a time, multiple requests get
queued.
 Client disconnects when he is finished.

That’s great and all, but you still
haven’t told us what P2P is

P2P
Everyone is both a client and a server (node)
 If you want a file from another user, you download it
(client). If another user wants a file from you, they
download it from you/you upload it to them (server).
 Multi-threaded: you can send and receive multiple
files simultaneously.
 Nodes connected to each other through a network
 Clients disconnect when they are finished

History and Explanation of
Peer-to-Peer Networks




Usenet
Napster
Gnutella
Gia
Usenet




Originally designed to allow a UNIX computer to dial
into another computer, exchange files and disconnect
Has grown into an enormous news network which uses
the Network News Transport Protocol to enable a
computer to efficiently find newsgroups and read and
post messages
Decentralized network– no one central authority, only
thousands of individual nodes that allow users to
search through newsgroups
Paved the way for modern P2P networks
Napster





Before Napster, music mainly shared through FTP servers
Developed by Shawn Fanning in 1999 as a means for people
around the world to download music files and share their own
collections with other users on its network
Users connected to a centralized Napster server and the names
of their shared files were sent and stored on the central server
To search, a request was sent to the Napster server, which
searched its database for the requested song and replied with the
locations of users on the network with the song available for
download
Centralized server was the cause for the downfall of Napster
Gnutella



The answer to centralized server problems
Developed in 2000 by Justin Frankel and Tom Pepper
Uses decentralized servers




If one server is shut down the network is still there
Many servers are in other countries with different laws
Nearly impossible to shut down an entire network
Searching uses “flooding”



A search sends a request to all its neighbor nodes, which
search their shared folders and forward the search to all their
neighbors, and so on until the entire network is searched
Nodes are repeatedly searched many times
Very inefficient, poor scalability
Problem With Napster and
Gnutella Networks




Developed by one or two programmers, rather
than a team or group of programmers
Did not have efficiency and scalability in mind
Popularity of file sharing has caused researchers
to take interest in the future of P2P networks
Researchers and engineers working to
techniques to increase efficiency and scalability
Gia


Still in development
Search uses a random walk rather than flooding
Each node asks a “random” neighbor, who asks a
“random” neighbor
 Every node is “smart”



Aware of the connection speed and the number of shares
on its neighbors
Random walks are biased towards nodes more
capable of handling many requests
Still Not There Yet



Gia is much more efficient and scalable than
Gnutella, but still not even close to the ideal
solution
Random walks are still very inefficient, but they
greatly reduce duplicate queries of the same
node in the same search
Doesn’t flood the network
The Recording Industry
Association of America (RIAA)




A trade group that represents the recording industry
and is responsible for recording and distributing 90%
of the music in the U.S.
Biggest opponent to using peer-to-peer file sharing for
the purpose of sharing copyrighted files illegally
Before Napster, the RIAA mainly dealt with tracking
down illegal CD manufacturing facilities
Sued Napster for aiding its users in illegally distributing
copyrighted music by providing a central server for
anyone to connect to and distribute copyrighted music
P2P Music Sharing’s Effect
on the RIAA
The RIAA Takes Action


January 2003 – RIAA begins filing subpoenas to
ISPs to release the identities of the users that
they had identified as illegally sharing large
amounts of music
September 2003 – RIAA files 261 copyright
lawsuits against individuals
Offered amnesty to any of the 261 who promised to
stop illegally downloading and sharing music files
 One and only warning to people illegally sharing
music

RIAA Lawsuit Statistics

As of the end of March 2004:
1977 people have been sued
 Thousands of small-scale sharers have received
warnings




Roughly one-fifth of those sued by the RIAA
have settled out of court with the RIAA
Average settlement: $3000 fine
No lawsuits have been brought to trial yet
How They Track
Illegal File-Sharers

Have programs to search the network for specific files that are
being shared illegally


RIAA determines the ISP hosting the IP address linked to
illegally sharing files




IP addresses of any responses are recorded
Contacts the ISP
Informs them of the illegal activity
Lets them know they will be sued if the offending material is not
removed
ISP determines who was using the IP address at the time of the
infraction


Shuts off their internet access
Contacts them and inform them of the situation
Problems With the Process

RIAA might record wrong IP address





ISP might connect wrong person with IP address
“Sue first and ask questions later” attitude



IP spoofing utilities available
Connections through proxies
Open-source P2P applications
Patriot Act allows subpoena of information of anyone
suspected of illegal file-sharing
Lawsuit can be filed once they have the information
Electronic Frontier Foundation (EFF) angered by the
process and abuse of Patriot Act, defends those who
have evidence to prove their innocence in court
“Oops!”
The RIAA Makes Some Mistakes

Ross Plank
Accused of sharing hundreds of Latin American
music files on Kazaa
 Does not listen to Latin American music
 Has never used Kazaa
 His records show he was not using the IP address
that the RIAA linked the address to the illegal file
sharing at the time they linked it
 Being defended by EFF

“Oops!”
They Did it Again…

Sarah Ward
65-year-old teacher
 Accused of sharing hundreds of music files illegally
on Kazaa
 Uses a Mac, which is unable to run Kazaa
 Only evidence: 3 screen shots
 Case dropped by RIAA weeks later

Study on the Security
of P2P Networks


Conducted by the U.S. House of Representatives
Committee on Government reform in 20022003
Findings:
Great deal of personal/confidential data being
shared
 Many viruses, worms, Trojan horses found
propagating through network
 Spyware and adware come with most P2P
applications

Personal/Confidential
Information Shared

On searches conducted by the committee using Kazaa, the
following were found freely available:








Completed tax returns with social security numbers, income and
investment info
Medical records of military personnel and military medical supply records
Confidential legal documents such as attorney-client communications
regarding divorce proceedings and living wills
Personal correspondence, including entire e-mail inboxes of individuals
Business files, including contracts and personnel evaluations
Campaign and political records and private correspondence with
constituents
Resumes with personal addresses, contact information, job histories, salary
requirements, and references
Default setting when Kazaa is installed is to have Kazaa find files
on your computer to share

May find files you didn’t indend to share
Viruses, Worms, Trojan Horses
in P2P Networks



Easily spread by users who are not educated on
malicious programs, and not cautions when
downloading programs
Report done by ZDNet found eight worms infected
P2P networks between May and September 2002
Benjamin worm:


Created and shared new Kazaa folders
Masked itself as popular music and other multimedia files
Spyware and Adware


Come with many P2P applications like Kazaa
Spyware:



Adware:


Tracks surfing habits, purchases, etc. and reports info back to
creators
Could be used to collect credit card information and other
private information
Causes annoying pop-up ads to appear even when not surfing
the internet
Is not outlawed because accepting the EULA gives the
application permission to install the spyware and
adware
Conclusion


Security issues need to be addressed in future P2P
applications
Users of P2P networks need to be educated on how to
properly use their P2P application




Avoid sharing personal/confidential information
Avoid spreading viruses, worms and Trojan Horses
Learn how to remove spyware and adware
Lawmakers need to be educated on P2P and constantly
updated on it so the law stays up to date with the
technology