Fully
distributed peer-to-peer systems do not present the single points of failure that
led to the demise of central MP3 servers and Napster. It is natural to ask how
robust these systems are and what form potential attacks could take. We observe
the following weaknesses in Gnutella-like systems:
·
Free riding
·
Lack of anonymity
Free Riding
Peer-to-peer
systems are often thought of as fully decentralized networks with copies of
objects uniformly distributed among the hosts. While this is possible in
principle, in practice, it is not the case. Recent measurements of libraries
shared by gnutella peers indicate that the majority of content is provided by a
tiny fraction of the hosts. In effect, although gnutella appears to be a peer-to-peer network of
cooperating hosts, in actual fact it has evolved to effectively be another
largely centralized system – see Fig. 2. Free
riding (i.e. downloading objects without sharing them) by many gnutella
users appears to be main cause of this development. Widespread free riding
removes much of the power of network dynamics and may reduce a peer-to-peer
network into a simple unidirectional distribution system from a small number of
sources to a large number of destinations. Of course, if this is the case, then
the vulnerabilities that we observed in centralized systems (e.g. FTP-servers)
are present again. Free riding and the emergence of super-peers have several
causes:
Peer-to-peer
file sharing assumes that a significant fraction of users adhere to the
somewhat post-capitalist idea of sacrificing their own resources for the “common
good” of the network. Most free-riders do not seem to adopt this idea. For
example, with 56 kbps modems still being the network connection for most users,
allowing uploads constitutes a tangible bandwidth sacrifice. One approach is to
make collaboration mandatory. For example, Freenet clients are required to contribute some disk space. However, enforcing such
requirements without a central infrastructure is difficult.
Existing
infrastructure is another reason for the existence of super-peers. There are
vast differences in the resources available to different types of hosts. For
example, a T3 connection provides the combined bandwidth of about one thousand
56 kbps telephone connections.
Lack of Anonymity
Users of gnutella
who share objects they have stored are not anonymous. Current peer-to-peer
networks permit the server endpoints to be determined, and if a peer-client can
determine the IP address and affiliation of a peer, then so can a lawyer or
government agency. This means that users who share copyrighted objects face
some threat of legal action. This appears to be yet another explanation for
free riding.
There are some
possible technological workarounds to the absence of endpoint anonymity. We could imagine anonymizing routers,
overseas routers, object fragmentation, or some other means to complicate the
effort required by law-enforcement to determine the original source of the
copyrighted bits. For example, Freenet tries to hide the identity of the hosts
storing any given object by means of a variety of heuristics, including routing
the object through intermediate hosts and providing mechanisms for easy
migration of objects to other hosts. Similarly, Mnemosyne tries
to organize object storage, such that individual hosts may not know what
objects are stored on them. It is conjectured in that
this may amount to common-carrier status for the host. A detailed analysis of
the legal or technical robustness of these systems is beyond the scope of this
paper.
Attacks
In light of
these weaknesses, attacks on gnutella-style darknets focus on their object
storage and search infrastructures. Because of the prevalence of super-peers,
the gnutella darknet depends on a relatively small set of powerful hosts, and
these hosts are promising targets for attackers.
Darknet hosts
owned by corporations are typically easily removed. Often, these hosts are set
up by individual employees without the knowledge of corporate management.
Generally corporations respect intellectual property laws. This together with
their reluctance to become targets of lawsuits, and their centralized network
of hierarchical management makes it relatively easy to remove darknet hosts in
the corporate domain.
While the
structures at universities are typically less hierarchical and strict than
those of corporations, ultimately, similar rules apply. If the .com and .edu T1
and T3 lines were pulled from under a darknet, the usefulness of the network
would suffer drastically.
This would leave
DSL, ISDN, and cable-modem users as the high-bandwidth servers of objects. We
believe limiting hosts to this class would present a far less effective piracy
network today from the perspective of acquisition because of the relative
rarity of high-bandwidth consumer connections, and hence users would abandon
this darknet. However, consumer
broadband is becoming more popular, so in the long run it is probable that
there will be adequate consumer bandwidth to support an effective consumer
darknet.
The obvious
next legal escalation is to bring direct or indirect (through the affiliation)
challenges against users who share large libraries of copyrighted
material. This is already happening and
the legal threats or actions appear to be successful. This
requires the collaboration of ISPs in identifying their customers, which
appears to be forthcoming due to requirements that the carrier must take to
avoid liability and, in some cases, because of corporate ties between ISPs and content
providers. Once again, free riding makes this attack strategy far more
tractable.
It is hard to predict further legal escalation, but we
note that the DMCA (digital millennium copyright act) is a far-reaching
(although not fully tested) example of a law that is potentially quite
powerful. We believe it probable that
there will be a few more rounds of technical innovations to sidestep existing
laws, followed by new laws, or new interpretations of old laws, in the next few
years.
Conclusions
Small Worlds Networks
Revisited
Conclusions
All attacks we
have identified exploit the lack of endpoint anonymity and are aided by the effects
of free riding. We have seen effective legal measures on all peer-to-peer
technologies that are used to provide effectively global access to copyrighted
material. Centralized web servers were effectively closed down. Napster was
effectively closed down. Gnutella and Kazaa are under threat because of free
rider weaknesses and lack of endpoint anonymity.
Lack of
endpoint anonymity is a direct result of the globally accessible global object
database, and it is the existence of the global database that most distinguishes
the newer darknets from the earlier small worlds. At this point, it is hard to
judge whether the darknet will be able to retain this global database in the
long term, but it seems seems clear that legal setbacks to global-index
peer-to-peer will continue to be severe.
However, should
Gnutella-style systems become unviable as darknets, systems, such as Freenet or
Mnemosyne might take their place. Peer-to-peer networking and file sharing does
seem to be entering into the mainstream – both for illegal and legal uses. If we couple this with the rapid build-out of
consumer broadband, the dropping price of storage, and the fact that personal
computers are effectively establishing themselves as centers of
home-entertainment, we suspect that peer-to-peer functionality will remain
popular and become more widespread.
Small Worlds Networks
Revisited
In this section
we try to predict the evolution of the darknet should global peer-to-peer
networks be effectively stopped by legal means. The globally accessible global
database is the only infrastructure component of the darknet that can be
disabled in this way. The other enabling technologies of the darknet
(injection, distribution networks, rendering devices, storage) will not only
remain available, but rapidly increase in power, based on general technological
advances and the possible incorporation of cryptography. We stress that the
networks described in this section (in most cases) provide poorer services than
global network, and would only arise in the absence of a global database.
In the absence
of a global database, small-worlds networks could again become the prevalent
form of the darknet. However, these small-worlds will be more powerful than
they were in the past. With the widespread availability of cheap CD and DVD
readers and writers as well as large hard disks, the bandwidth of the sneaker
net has increased dramatically, the cost of object storage has become
negligible and object injection tools have become ubiquitous. Furthermore, the
internet is available as a distribution mechanism that is adequate for audio
for most users, and is becoming increasingly adequate for video and computer
programs. In light of strong cryptography, it is hard to imagine how sharing could
be observed and prosecuted as long as users do not share with strangers.
In concrete
terms, students in dorms will establish darknets to share content in their
social group. These darknets may be based on simple file sharing, DVD-copying,
or may use special application programs or servers: for example, a chat or
instant-messenger client enhanced to share content with members of your
buddy-list. Each student will be a
member of other darknets: for example, their family, various special interest
groups, friends from high-school, and colleagues in part-time jobs (Fig.
3). If there are a few active
super-peers - users that locate and share objects with zeal - then we can
anticipate that content will rapidly diffuse between darknets, and relatively
small darknets arranged around social groups will approach the aggregate
libraries that are provided by the global darknets of today. Since the legal
exposure of such sharing is quite limited, we believe that sharing amongst
socially oriented groups will increase unabated.
Small-worlds
networks suffer somewhat from the lack of a global database; each user can only
see the objects stored by his small world neighbors. This raises a number of
interesting questions about the network structure and object flow:
·
What graph structure will the
network have? For example, will it be connected? What will be the average
distance between two nodes?
·
Given a graph structure, how
will objects propagate through the graph? In particular, what fraction of
objects will be available at a given node? How long does it take for objects to
propagate (diffuse) through the network?
Questions of
this type have been studied in different contexts in a variety of fields
(mathematics, computer science, economics, and physics). A number of empirical
studies seek to establish structural properties of different types of small
world networks, such as social networks and
the world-wide web. These
works conclude that the diameter of the examined networks is small, and observe
further structural properties, such as a power law of the degree distribution, A
number of authors seek to model these networks by means of random graphs, in
order to perform more detailed mathematical analysis on the models and,
in particular, study the possibility of efficient search under different random
graph distributions. We will present a quantitative study of the
structure and dynamics of small-worlds networks in an upcoming paper, but to summarize, small-worlds
darknets can be extremely efficient for popular titles: very few peers are
needed to satisfy requests for top-20 books, songs, movies or computer
programs. If darknets are interconnected,
we expect the effective introduction rate to be large. Finally, if darknet clients are enhanced to
actively seek out new popular content, as opposed to the user-demand based
schemes of today, small-worlds darknets will be very efficient.
0 komentar:
Posting Komentar