Embed Size (px)
DESCRIPTION
Usability and privacy: a study of Kazaa P2P file-sharing. Nathaniel S. Good Aaron Krekelberg. Abstract. P2P sharing is becoming very popular Intended for multimedia files, but applications like Kaaza allow for other files to be shared With this security concerns need to be addressed - PowerPoint PPT Presentation
Citation preview
Nathaniel S. GoodNathaniel S. Good
Aaron KrekelbergAaron Krekelberg
Usability and privacy: a study of Kazaa P2P file-
sharing
AbstractAbstract
P2P sharing is becoming very popular P2P sharing is becoming very popular Intended for multimedia files, but Intended for multimedia files, but
applications like Kaaza allow for other applications like Kaaza allow for other files to be sharedfiles to be shared
With this security concerns need to be With this security concerns need to be addressedaddressed
The applications that allow P2P file The applications that allow P2P file sharing make it easy to unintentionally sharing make it easy to unintentionally share private information share private information
IntroductionIntroduction
The most popular P2P system was The most popular P2P system was KazaaKazaa 85 million downloads done worldwide85 million downloads done worldwide Interface looks straightforward and easy Interface looks straightforward and easy
to useto use Good way to share files with others but Good way to share files with others but
no securityno security If sharing is set up incorrectly personal files If sharing is set up incorrectly personal files
can be sharedcan be shared Kazaa has no security measure to protect Kazaa has no security measure to protect
usersusers
IntroductionIntroduction
Look at how Kazaa is not a secure Look at how Kazaa is not a secure applicationapplication
Does Kazaa have responsibilities and Does Kazaa have responsibilities and obligations to users?obligations to users?
Help users protect personal filesHelp users protect personal files
Abuses on KaazaAbuses on Kaaza
Many unintentionally share private files Many unintentionally share private files with otherswith others
Email folders or credit card informationEmail folders or credit card information
Scripted searches to run for 12 hours Scripted searches to run for 12 hours Did not download any files just did queriesDid not download any files just did queries
Found 61% of all searches returned one Found 61% of all searches returned one or more hits for inbox.dbxor more hits for inbox.dbx 156 users with shared inboxes were found156 users with shared inboxes were found
Abuses on KaazaAbuses on Kaaza
Are users taking advantage of this?Are users taking advantage of this? Set up a dummy client to seeSet up a dummy client to see Created dummy files like Credit Created dummy files like Credit
Cards.xls and Outlook.pstCards.xls and Outlook.pst 4 different users downloaded the 4 different users downloaded the
Credit Cards.xlsCredit Cards.xls 2 different users downloaded the 2 different users downloaded the
inbox.dbxinbox.dbx
Usability GuidelinesUsability Guidelines P2P file sharing software is safe and P2P file sharing software is safe and
usable if users:usable if users: Are aware of the files that others can Are aware of the files that others can
download from your systemdownload from your system Can easily and successful start and stop file Can easily and successful start and stop file
sharingsharing Can not accidentally share private files that Can not accidentally share private files that
they don’t want to sharethey don’t want to share Users should be comfortable with what is Users should be comfortable with what is
being shared with others and the system is being shared with others and the system is handling the sharing correctlyhandling the sharing correctly
Summary of Cognitive WalkthroughSummary of Cognitive Walkthrough
New Kazaa is saferNew Kazaa is safer Default settings are changedDefault settings are changed Users able to change the default settingsUsers able to change the default settings Sharing is not turned on by defaultSharing is not turned on by default
Changing the Download file directoryChanging the Download file directory File can be changed under Options-> toolsFile can be changed under Options-> tools My Shared folder and all folders below it are My Shared folder and all folders below it are
sharedshared Download folder is also automatically sharedDownload folder is also automatically shared Users don’t understand file hierarchical Users don’t understand file hierarchical
systemssystems Leads to undesired folder sharingLeads to undesired folder sharing
Summary of Cognitive WalkthroughSummary of Cognitive Walkthrough
Sharing FilesSharing Files Kazaa has two ways to share foldersKazaa has two ways to share folders
Search Wizard Search Wizard Folder ListFolder List
Search Wizard will automatically Search Wizard will automatically discover files that can be shareddiscover files that can be shared
Has no criteria to discover filesHas no criteria to discover files Folder List allows the user to select files Folder List allows the user to select files
to shareto share User can select what files he or she would User can select what files he or she would
like to shared by selecting them from a like to shared by selecting them from a explorer type windowexplorer type window
Summary of Cognitive WalkthroughSummary of Cognitive Walkthrough
Adding Files to the My Media folderAdding Files to the My Media folder This will add files to shared or This will add files to shared or
downloaded folderdownloaded folder Files can be individually turned on and Files can be individually turned on and
offoff Only at file levelOnly at file level Not at the folder levelNot at the folder level
Summary of Cognitive WalkthroughSummary of Cognitive Walkthrough
Uploading FilesUploading Files Transfer File InterfaceTransfer File Interface Allows users to select individual files Allows users to select individual files
that can be uploaded by Kazaa usersthat can be uploaded by Kazaa users Has a scrollable list to select filesHas a scrollable list to select files Transfer list cleared every time Kazaa is Transfer list cleared every time Kazaa is
restartedrestarted
Summary of Cognitive WalkthroughSummary of Cognitive Walkthrough
Overview of Results from the Overview of Results from the Cognitive WalkthroughCognitive Walkthrough Users should know what files are able to Users should know what files are able to
be downloadedbe downloaded Users should know how to share and Users should know how to share and
stop sharing filesstop sharing files Users should not be able to accidentally Users should not be able to accidentally
share filesshare files Users need to know what they are Users need to know what they are
sharing and be comfortable with itsharing and be comfortable with it
Overview of Results from the Overview of Results from the Cognitive WalkthroughCognitive Walkthrough
Users should be made aware of what Users should be made aware of what files can be downloaded by othersfiles can be downloaded by others Did not provide information on what Did not provide information on what
kind of file that was intended for sharingkind of file that was intended for sharing Did not provide a way to indicate if they Did not provide a way to indicate if they
want all files and folders beneath to be want all files and folders beneath to be sharedshared
No safeguard is built in so responsibility No safeguard is built in so responsibility falls on usersfalls on users
Overview of Results from the Overview of Results from the Cognitive WalkthroughCognitive Walkthrough
Users should be able to stop and start file Users should be able to stop and start file sharing easily and successfullysharing easily and successfully Deselecting files to be shared from My Media Deselecting files to be shared from My Media
Folder was shown through the tips pageFolder was shown through the tips page Must read it first and then have to remember the Must read it first and then have to remember the
information laterinformation later Has multiple ways to share files and foldersHas multiple ways to share files and folders Has only one hard to find way to stop sharingHas only one hard to find way to stop sharing
Overview of Results from the Overview of Results from the Cognitive WalkthroughCognitive Walkthrough
Users should not be able to Users should not be able to accidentally share private filesaccidentally share private files Files and folders shared through the Files and folders shared through the
download folder were not indicated by download folder were not indicated by the Share Folders Boxthe Share Folders Box
Since there is no coupling of views Since there is no coupling of views there is no distinction between shared there is no distinction between shared folders and download foldersfolders and download folders
Overview of Results from the Overview of Results from the Cognitive WalkthroughCognitive Walkthrough
Users should be comfortable with Users should be comfortable with what is being shared with otherswhat is being shared with others Does not provide a tool to manage types Does not provide a tool to manage types
of files and extensions being sharedof files and extensions being shared Relies to much on users understanding Relies to much on users understanding
the assumptions the program has madethe assumptions the program has made
User StudyUser Study
Wanted to see if users would be confused Wanted to see if users would be confused with the processwith the process
Wanted to see if users could determine Wanted to see if users could determine what is being sharedwhat is being shared
See if users could determine which if any See if users could determine which if any folders were being shared by Kaaza with folders were being shared by Kaaza with othersothers
10 out of 12 had used some type of file 10 out of 12 had used some type of file sharing applicationsharing application
All used a computer over 1o hours a weekAll used a computer over 1o hours a week
User StudyUser Study
All users started from the Kaaza home All users started from the Kaaza home page and were only allowed to use this UIpage and were only allowed to use this UI
The users were given a tutorial on file The users were given a tutorial on file sharing sharing
All users were given as much time as they All users were given as much time as they neededneeded
Users had to answer precise questions Users had to answer precise questions regarding the searchingregarding the searching If answered correctly were asked to stop If answered correctly were asked to stop
searching and to share only My Shared Folderssearching and to share only My Shared Folders
Survey ResultsSurvey Results
2 users indicated all files could be 2 users indicated all files could be sharedshared
9 out of 10 users believed only 9 out of 10 users believed only multimedia files and software could multimedia files and software could be sharedbe shared
1 out of 10 said possible to share 1 out of 10 said possible to share email folders, office documents, and email folders, office documents, and source code filessource code files
Task ResultsTask Results 2 of 12 were able to determine which files and 2 of 12 were able to determine which files and
folders were being sharedfolders were being shared Both could turn off file sharing, but could not apply it to Both could turn off file sharing, but could not apply it to
individual foldersindividual folders 5 of 12 thought only My Shared Folder was shared5 of 12 thought only My Shared Folder was shared 2 of 12 used search for shared folders2 of 12 used search for shared folders
None were checked so believed they weren’t sharing None were checked so believed they weren’t sharing foldersfolders
2 of 12 browsed help to determine incorrectly that 2 of 12 browsed help to determine incorrectly that My Shared Folder was only thing that could be My Shared Folder was only thing that could be sharedshared
1 of 12 could not determine which folder was 1 of 12 could not determine which folder was being shared no matter what approach they tookbeing shared no matter what approach they took
SuggestionsSuggestions
Prohibit sharing of files that aren’t Prohibit sharing of files that aren’t multimedia filesmultimedia files
Limit file sharing to types users Limit file sharing to types users expect to be sharedexpect to be shared
Also, allow for advanced users to Also, allow for advanced users to permit additional file sharing if permit additional file sharing if desireddesired
ConclusionConclusion File sharing is problematic because of the UIFile sharing is problematic because of the UI Design of applications make to many Design of applications make to many
assumptionsassumptions Many are not aware of what and how much Many are not aware of what and how much
they are sharingthey are sharing The My Media interfaces causes more The My Media interfaces causes more
confusion than helpconfusion than help File sharing applications should design File sharing applications should design
applications according to security applications according to security applicationsapplications
Questions ?
![Transport Layer Identification of P2P Trafficthe Overnet and eMule [10] networks), Fasttrack which is supported by the Kazaa client, BitTorrent [4], OpenNap and WinMx [32], Gnutella,](https://img.pdfslide.us/doc/110x75/60276768bc7846252e6a4e79/transport-layer-identiication-of-p2p-trafic-the-overnet-and-emule-10-networks.jpg)
![IEEE TRANSACTIONS ON PARALLEL AND …...This paper focuses on decentralized unstructured P2P systems, such as Gnutella [3] and KaZaA [5]. File placement is random in these systems,](https://img.pdfslide.us/doc/110x75/5fce0ed5b3bd71772725b677/ieee-transactions-on-parallel-and-this-paper-focuses-on-decentralized-unstructured.jpg)
