Peer-to-Peer Peer-to-Peer Networks & Networks & Music File Music File
SharingSharingTim CaserzaTim CaserzaCOEN 150COEN 150HollidayHolliday6-2-046-2-04
OutlineOutline
What is peer-to-peer?What is peer-to-peer? History of peer-to-peerHistory of peer-to-peer Peer-to-Peer network designsPeer-to-Peer network designs The RIAA, the law, and music file The RIAA, the law, and music file
sharingsharing Peer-to-peer network security Peer-to-peer network security
concernsconcerns ConclusionConclusion
What is Peer-to-Peer?What is Peer-to-Peer? Two main structures of network applicationsTwo main structures of network applications
Client/ServerClient/Server Peer-to-Peer (P2P)Peer-to-Peer (P2P)
Very simple example of client/server model: Very simple example of client/server model: web serversweb servers User’s web browser (client) requests a page from a User’s web browser (client) requests a page from a
web server. The web server processes the request web server. The web server processes the request and returns the appropriate content, displayed in and returns the appropriate content, displayed in user’s browser.user’s browser.
Server never requests a page from clientServer never requests a page from client Client disconnects from server once response is Client disconnects from server once response is
receivedreceived One-way transferOne-way transfer
What is Peer-to-Peer? What is Peer-to-Peer? (continued)(continued)
Another example of client/server Another example of client/server model: File Transfer Protocol (FTP)model: File Transfer Protocol (FTP) User (client) connects to FTP server. User (client) connects to FTP server.
Client can browse files on server as well Client can browse files on server as well as upload and download files.as upload and download files.
Server cannot request files from client.Server cannot request files from client. Only one file transfer at a time, multiple Only one file transfer at a time, multiple
requests get queued.requests get queued. Client disconnects when he is finished.Client disconnects when he is finished.
That’s great and all, but That’s great and all, but you still haven’t told us you still haven’t told us
what P2P iswhat P2P is P2PP2P
Everyone is both a client and a server (node)Everyone is both a client and a server (node) If you want a file from another user, you If you want a file from another user, you
download it (client). If another user wants a file download it (client). If another user wants a file from you, they download it from you/you upload from you, they download it from you/you upload it to them (server).it to them (server).
Multi-threaded: you can send and receive Multi-threaded: you can send and receive multiple files simultaneously.multiple files simultaneously.
Nodes connected to each other through a Nodes connected to each other through a networknetwork
Clients disconnect when they are finishedClients disconnect when they are finished
History and Explanation of History and Explanation of Peer-to-Peer NetworksPeer-to-Peer Networks
UsenetUsenet NapsterNapster GnutellaGnutella GiaGia
UsenetUsenet Originally designed to allow a UNIX computer Originally designed to allow a UNIX computer
to dial into another computer, exchange files to dial into another computer, exchange files and disconnectand disconnect
Has grown into an enormous news network Has grown into an enormous news network which uses the Network News Transport which uses the Network News Transport Protocol to enable a computer to efficiently Protocol to enable a computer to efficiently find newsgroups and read and post messagesfind newsgroups and read and post messages
Decentralized network– no one central Decentralized network– no one central authority, only thousands of individual nodes authority, only thousands of individual nodes that allow users to search through that allow users to search through newsgroupsnewsgroups
Paved the way for modern P2P networksPaved the way for modern P2P networks
NapsterNapster Before Napster, music mainly shared through FTP Before Napster, music mainly shared through FTP
serversservers Developed by Shawn Fanning in 1999 as a means for Developed by Shawn Fanning in 1999 as a means for
people around the world to download music files and people around the world to download music files and share their own collections with other users on its share their own collections with other users on its networknetwork
Users connected to a centralized Napster server and Users connected to a centralized Napster server and the names of their shared files were sent and stored the names of their shared files were sent and stored on the central server on the central server
To search, a request was sent to the Napster server, To search, a request was sent to the Napster server, which searched its database for the requested song which searched its database for the requested song and replied with the locations of users on the network and replied with the locations of users on the network with the song available for download with the song available for download
Centralized server was the cause for the downfall of Centralized server was the cause for the downfall of NapsterNapster
GnutellaGnutella The answer to centralized server problemsThe answer to centralized server problems Developed in 2000 by Justin Frankel and Tom Developed in 2000 by Justin Frankel and Tom
Pepper Pepper Uses decentralized serversUses decentralized servers
If one server is shut down the network is still thereIf one server is shut down the network is still there Many servers are in other countries with different lawsMany servers are in other countries with different laws Nearly impossible to shut down an entire networkNearly impossible to shut down an entire network
Searching uses “flooding”Searching uses “flooding” A search sends a request to all its neighbor nodes, A search sends a request to all its neighbor nodes,
which search their shared folders and forward the which search their shared folders and forward the search to all their neighbors, and so on until the entire search to all their neighbors, and so on until the entire network is searchednetwork is searched
Nodes are repeatedly searched many timesNodes are repeatedly searched many times Very inefficient, poor scalabilityVery inefficient, poor scalability
Problem With Napster and Problem With Napster and Gnutella NetworksGnutella Networks
Developed by one or two programmers, Developed by one or two programmers, rather than a team or group of programmersrather than a team or group of programmers
Did not have efficiency and scalability in Did not have efficiency and scalability in mindmind
Popularity of file sharing has caused Popularity of file sharing has caused researchers to take interest in the future of researchers to take interest in the future of P2P networksP2P networks
Researchers and engineers working to Researchers and engineers working to techniques to increase efficiency and techniques to increase efficiency and scalabilityscalability
GiaGia
Still in developmentStill in development Search uses a random walk rather than Search uses a random walk rather than
floodingflooding Each node asks a “random” neighbor, who Each node asks a “random” neighbor, who
asks a “random” neighborasks a “random” neighbor Every node is “smart”Every node is “smart”
Aware of the connection speed and the number Aware of the connection speed and the number of shares on its neighbors of shares on its neighbors
Random walks are biased towards nodes Random walks are biased towards nodes more capable of handling many requests more capable of handling many requests
Still Not There YetStill Not There Yet
Gia is much more efficient and Gia is much more efficient and scalable than Gnutella, but still not scalable than Gnutella, but still not even close to the ideal solutioneven close to the ideal solution
Random walks are still very Random walks are still very inefficient, but they greatly reduce inefficient, but they greatly reduce duplicate queries of the same node duplicate queries of the same node in the same search in the same search
Doesn’t flood the networkDoesn’t flood the network
The Recording Industry The Recording Industry Association of America Association of America
(RIAA)(RIAA) A trade group that represents the recording A trade group that represents the recording
industry and is responsible for recording and industry and is responsible for recording and distributing 90% of the music in the U.S. distributing 90% of the music in the U.S.
Biggest opponent to using peer-to-peer file Biggest opponent to using peer-to-peer file sharing for the purpose of sharing copyrighted sharing for the purpose of sharing copyrighted files illegally files illegally
Before Napster, the RIAA mainly dealt with Before Napster, the RIAA mainly dealt with tracking down illegal CD manufacturing facilitiestracking down illegal CD manufacturing facilities
Sued Napster for aiding its users in illegally Sued Napster for aiding its users in illegally distributing copyrighted music by providing a distributing copyrighted music by providing a central server for anyone to connect to and central server for anyone to connect to and distribute copyrighted music distribute copyrighted music
P2P Music Sharing’s Effect P2P Music Sharing’s Effect on the RIAAon the RIAA
The RIAA Takes ActionThe RIAA Takes Action January 2003 – RIAA begins filing January 2003 – RIAA begins filing
subpoenas to ISPs to release the identities subpoenas to ISPs to release the identities of the users that they had identified as of the users that they had identified as illegally sharing large amounts of musicillegally sharing large amounts of music
September 2003 – RIAA files 261 September 2003 – RIAA files 261 copyright lawsuits against individuals copyright lawsuits against individuals Offered amnesty to any of the 261 who Offered amnesty to any of the 261 who
promised to stop illegally downloading and promised to stop illegally downloading and sharing music filessharing music files
One and only warning to people illegally One and only warning to people illegally sharing musicsharing music
RIAA Lawsuit StatisticsRIAA Lawsuit Statistics
As of the end of March 2004:As of the end of March 2004: 1977 people have been sued1977 people have been sued Thousands of small-scale sharers have Thousands of small-scale sharers have
received warningsreceived warnings Roughly one-fifth of those sued by the Roughly one-fifth of those sued by the
RIAA have settled out of court with the RIAA have settled out of court with the RIAA RIAA
Average settlement: $3000 fineAverage settlement: $3000 fine No lawsuits have been brought to trial No lawsuits have been brought to trial
yet yet
How They Track How They Track Illegal File-SharersIllegal File-Sharers
Have programs to search the network for specific Have programs to search the network for specific files that are being shared illegallyfiles that are being shared illegally IP addresses of any responses are recordedIP addresses of any responses are recorded
RIAA determines the ISP hosting the IP address RIAA determines the ISP hosting the IP address linked to illegally sharing fileslinked to illegally sharing files Contacts the ISPContacts the ISP Informs them of the illegal activity Informs them of the illegal activity Lets them know they will be sued if the offending Lets them know they will be sued if the offending
material is not removed material is not removed ISP determines who was using the IP address at ISP determines who was using the IP address at
the time of the infraction the time of the infraction Shuts off their internet accessShuts off their internet access Contacts them and inform them of the situation Contacts them and inform them of the situation
Problems With the Problems With the ProcessProcess
RIAA might record wrong IP addressRIAA might record wrong IP address IP spoofing utilities availableIP spoofing utilities available Connections through proxiesConnections through proxies Open-source P2P applicationsOpen-source P2P applications
ISP might connect wrong person with IP ISP might connect wrong person with IP addressaddress
““Sue first and ask questions later” attitudeSue first and ask questions later” attitude Patriot Act allows subpoena of information of Patriot Act allows subpoena of information of
anyone suspected of illegal file-sharinganyone suspected of illegal file-sharing Lawsuit can be filed once they have the informationLawsuit can be filed once they have the information
Electronic Frontier Foundation (EFF) angered Electronic Frontier Foundation (EFF) angered by the process and abuse of Patriot Act, by the process and abuse of Patriot Act, defends those who have evidence to prove defends those who have evidence to prove their innocence in courttheir innocence in court
““Oops!” Oops!” The RIAA Makes Some The RIAA Makes Some
MistakesMistakes Ross PlankRoss Plank
Accused of sharing hundreds of Latin Accused of sharing hundreds of Latin American music files on KazaaAmerican music files on Kazaa
Does not listen to Latin American musicDoes not listen to Latin American music Has never used KazaaHas never used Kazaa His records show he was not using the IP His records show he was not using the IP
address that the RIAA linked the address address that the RIAA linked the address to the illegal file sharing at the time they to the illegal file sharing at the time they linked itlinked it
Being defended by EFFBeing defended by EFF
““Oops!” Oops!” They Did it Again…They Did it Again…
Sarah WardSarah Ward 65-year-old teacher65-year-old teacher Accused of sharing hundreds of music Accused of sharing hundreds of music
files illegally on Kazaafiles illegally on Kazaa Uses a Mac, which is unable to run Uses a Mac, which is unable to run
KazaaKazaa Only evidence: 3 screen shotsOnly evidence: 3 screen shots Case dropped by RIAA weeks laterCase dropped by RIAA weeks later
Study on the Security Study on the Security of P2P Networksof P2P Networks
Conducted by the U.S. House of Conducted by the U.S. House of Representatives Committee on Representatives Committee on Government reform in 2002-2003Government reform in 2002-2003
Findings:Findings: Great deal of personal/confidential data Great deal of personal/confidential data
being sharedbeing shared Many viruses, worms, Trojan horses Many viruses, worms, Trojan horses
found propagating through networkfound propagating through network Spyware and adware come with most Spyware and adware come with most
P2P applicationsP2P applications
Personal/Confidential Personal/Confidential Information SharedInformation Shared
On searches conducted by the committee using On searches conducted by the committee using Kazaa, the following were found freely available:Kazaa, the following were found freely available: Completed tax returns with social security numbers, income
and investment info Medical records of military personnel and military medical
supply records Confidential legal documents such as attorney-client
communications regarding divorce proceedings and living wills
Personal correspondence, including entire e-mail inboxes of individuals
Business files, including contracts and personnel evaluations Campaign and political records and private correspondence
with constituents Resumes with personal addresses, contact information, job
histories, salary requirements, and references Default setting when Kazaa is installed is to have Default setting when Kazaa is installed is to have
Kazaa find files on your computer to shareKazaa find files on your computer to share May find files you didn’t indend to shareMay find files you didn’t indend to share
Viruses, Worms, Trojan Viruses, Worms, Trojan Horses Horses
in P2P Networksin P2P Networks Easily spread by users who are not Easily spread by users who are not
educated on malicious programs, and not educated on malicious programs, and not cautions when downloading programscautions when downloading programs
Report done by ZDNet found Report done by ZDNet found eight worms infected P2P networks between May and September 2002
Benjamin worm: Created and shared new Kazaa folders Masked itself as popular music and other
multimedia files
Spyware and AdwareSpyware and Adware Come with many P2P applications like Come with many P2P applications like
KazaaKazaa Spyware:Spyware:
Tracks surfing habits, purchases, etc. and Tracks surfing habits, purchases, etc. and reports info back to creatorsreports info back to creators
Could be used to collect credit card information Could be used to collect credit card information and other private information and other private information
Adware:Adware: Causes annoying pop-up ads to appear even Causes annoying pop-up ads to appear even
when not surfing the internetwhen not surfing the internet Is not outlawed because accepting the Is not outlawed because accepting the
EULA gives the application permission to EULA gives the application permission to install the spyware and adwareinstall the spyware and adware
ConclusionConclusion Security issues need to be addressed in Security issues need to be addressed in
future P2P applicationsfuture P2P applications Users of P2P networks need to be educated Users of P2P networks need to be educated
on how to properly use their P2P applicationon how to properly use their P2P application Avoid sharing personal/confidential informationAvoid sharing personal/confidential information Avoid spreading viruses, worms and Trojan HorsesAvoid spreading viruses, worms and Trojan Horses Learn how to remove spyware and adwareLearn how to remove spyware and adware
Lawmakers need to be educated on P2P and Lawmakers need to be educated on P2P and constantly updated on it so the law stays up constantly updated on it so the law stays up to date with the technologyto date with the technology