skip to main content
10.1145/1593105.1593178acmotherconferencesArticle/Chapter ViewAbstractPublication Pagesacm-seConference Proceedingsconference-collections
research-article

Gnutella: integrating performance and security in fully decentralized P2P models

Published: 28 March 2008 Publication History

Abstract

Peer-To-Peer (P2P) systems have made an enormous impact on the Internet, directly affecting its performance and security. The litigation against P2P file sharing has led some designers to opt for purely decentralized P2P models. The latter have quickly become attractive to Internet users, who often consider pure P2P as more "secure" than hybrid systems (i.e. with some central entity).
In this paper, we concentrate on some relevant security threats and performance inefficiencies in the Gnutella P2P network, which is worldwide the most popular fully decentralized system. We present the results we obtain from the analysis of spurious content circulating in the network. We observe a significant propagation of unwanted and unrelated query replies, systematically taking place. This leads to the transfer of junk or unsafe files, potentially resulting in hosts' security violations and Denial of Service attacks. The analysis of IP addresses shows that peers responsible for spreading these files are recurrent over time and over specific network segments. They also share a specific pattern of common features, clearly suggesting the use of modified versions of Gnutella applications. Typically these peers run as super-nodes (ultrapeers), which represent the highest level of control of the Gnutella system.
In spite of many different solutions proposed in the past to integrate security mechanisms into Gnutella, none of them have been adopted in practice. We discuss the necessary trade-offs of these proposed solutions and we also analyze the (unofficial) hypothesis that some entities, having commercial convenience in polluting the Gnutella network, may be involved. We propose solutions that help mitigating some of the problems, while still preserving the basic structure of the Gnutella protocol.

References

[1]
http://www.limewire.org/forum/showthread.php?t=93.
[2]
http://research.sunbelt-software.com/threatdisplay.aspx?threatid=55129.
[3]
http://www.limewire.org/forum/showthread.php?t=1071.
[4]
http://insecure.org/nmap.
[5]
http://www.honeynet.org/papers/bots.
[6]
http://www.limewire.org/forum/showthread.php?t=1168.
[7]
http://forums.phoenixlabs.org/showthread.php?t=8938.
[8]
Anonymously launching a ddos attack via the gnutella network. http://www.auscert.org.au/render.html?it=2404.
[9]
Choosing reputable servents in a p2p network. http://seclab.dti.unimi.it/Papers/www02.ps.
[10]
Exploiting the security weaknesses of the gnutella protocol. http://www.cs.ucr.edu/csyiazti/courses/cs260-2/project/gnutella.pdf.
[11]
Gnutella viruses weaker than email bugs, experts say. http://news.com.com/2100-1023_3-241440.html.
[12]
http://forums.whirlpool.net.au/forum-replies-archive.cfm/533720.html.
[13]
P2p: Is big brother watching you? http://www1.cs.ucr.edu/store/techreports/UCR-CS-2006-06201.pdf.
[14]
Quantitative analysis of the gnutella network traffic. http://www1.cs.ucr.edu/store/techreports/UCR-CS-2004-04089.pdf.
[15]
Query-flood dos attacks in gnutella. http://infolab.stanford.edu/daswani/papers/p115-daswani.pdf.
[16]
Security problems in p2p networks: A case study on the gnutella network. http://wwwcsif.cs.ucdavis.edu/andrei/ECS235/ecs235_report.pdf.
[17]
F. Cornelli, E. Damiani, S. D. Capitani, S. Paraboschi, and P. Samarati. Implementing a Reputation-Aware Gnutella Servent, volume 2376. Lecture Notes In Computer Science, Springer-Verlag, London, UK, 2002.
[18]
D. Ferguson. Trends and Statistics in Peer-to-Peer. VP Engineering CacheLogic, 2006.
[19]
S. H. Kwok, K. Y. Chan, and Y. M. Cheung. A server-mediated peer-to-peer system. ACM SIGecom Exchanges, pages 38--47, 2005.
[20]
S. M. Lui, K. R. Lang, and S. H. Kwok. Participation incentive mechanisms in peer-to-peer subscription systems. HICSS 2002, pages 3925--3931, 2002.
[21]
L. Sroura, A. Kayssia, and A. Chehab. Reputation-based algorithm for managing trust in file sharing networks. Securecomm and Workshops, pages 1--10, 2006.
[22]
D. Stutzbach and R. Rejaie. Capturing accurate snapshots of the Gnutella network, volume 4. INFOCOM 2005, Proc. IEEE, 2005.

Cited By

View all
  • (2014)Development of Collaborative Video Streaming for Mobile NetworksProceedings of the 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom)10.1109/UIC-ATC-ScalCom.2014.87(372-377)Online publication date: 9-Dec-2014

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ACMSE '08: Proceedings of the 46th annual ACM Southeast Conference
March 2008
548 pages
ISBN:9781605581057
DOI:10.1145/1593105
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Gnutella
  2. P2P
  3. security

Qualifiers

  • Research-article

Conference

ACM SE08
ACM SE08: ACM Southeast Regional Conference
March 28 - 29, 2008
Alabama, Auburn

Acceptance Rates

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2014)Development of Collaborative Video Streaming for Mobile NetworksProceedings of the 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom)10.1109/UIC-ATC-ScalCom.2014.87(372-377)Online publication date: 9-Dec-2014

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media