Peer-to-Peer Security

Allan Friedman and L. Jean Camp, Harvard University

Introduction

About Peer-to-Peer Systems

What Is Peer-to-Peer?

A Sample Architecture: Gnutella

Peer-to-Peer and Security

Implementing Secure Peer-to-Peer Systems

Anonymous Transport: Tarzan

Efficient Robust Routing: Secure Overlays

Censorship-Resistant Anonymous Publishing: Freenet and Free Haven

Secure Groupware: Groove

Secure Distributed Storage

Reputation and Accountability

Conclusion

Glossary

Cross References

References

INTRODUCTION

Peer-to-peer systems (P2P) have grown in importance over the past 5 years as an attractive way to mobilize the resources of Internet users. As more and more users have powerful processors, large storage spaces, and fast network connections, more actors seek to coordinate these resources for common goals. Because of their unique decentralized nature, security in these systems is both critical and an interesting problem. How do you secure a dynamic system without central coordination? Good security on P2P systems must reflect the design goals of the system itself. In this chapter, we introduce some basic concepts for P2P systems and their security demands and then discuss several case studies to highlight issues of robustness, privacy, and trust. We analyze systems that offer secure distributed routing, privacy-enhancing and censorship-resistance publishing, shared storage, and decentralized collaborative work spaces. We conclude by examining how accountability and trust mechanisms ...