Privacy, Security and Anoymity in P2P networks for Multimedia Distribution: Challenges and Solutions - Research Paper Example

Privacy, Security and Anonymity in P2P networks for Multimedia Distribution: Challenges and Solutions Abstract Recent decades have witnessed a swift development in the P2P networks and increased utilization of the technology especially in the multimedia distribution. The popularity of these networks has elicited the need of examining the security consequences of the system to the users, networks and institutions. Various scholars have examined the challenges characterizing these networks from diverse viewpoints, proposing strategic solutions. This paper conducts a literature survey of the various pertinent studies on the subject with the intention of describing the challenges and solutions that are associated with the P2P networks. Particularly, the study focuses on the technology in the aspect of the security, privacy and anonymity. 1. Introduction The P2P networks are becoming popular with the development of efficient network connectivity. Presently, diverse data from various sources is archived and transmitted through these systems. However, besides the increased adoption of the P2P networks, the technology is associated with various concerns (Sharma & Bhadana, 2010). Security, privacy and anonymity in P2P networks are aspects that need critical attention. Studies acknowledge that attacks of P2P’s internal networks have affected the efficiency of the system considerably. According to Dewan & Dasgupta (2010), developers need to indentify the gaps in security when using the P2P tools in order to design secure systems. Essentially, one needs to examine the security of the system in respect to connection control, operation and access control, and the mechanisms for protecting the stored data (Singh, Gedik, & Liu, 2006). According to Feldman (2005), the connection and operation mechanisms should assume the first priority because they determine the overall security of P2P systems. From another perspective, anonymity and privacy are vital trait of the P2P networks because they have the potential of discouraging some insecure actions (Chen & Lian, 2011). However, Traynor (2005) argues that some privacy promoting strategies may provide an enabling environment for conducting insecure attacks. Examining the privacy, security and anonymity of P2P networks is essential in identifying strategic solutions that could enhance the efficiency of the technology. 2. Challenges in building secure P2P systems The intricate nature of the P2P networks discourages efforts for developing secure P2P schemes. According to Balfe, Lakhani & Peterson (2012) and Wasef, & Shen (2010), the main challenge in creating secure P2P system emanates with the perceived need of providing anonymity for users of the system and the growing need of offering robust access control, confidentiality and data integrity. Illegitimate attacks in which malevolent parties are able to assume multiple identities undermine the efficiency of the P2P networks, and characterize a fundamental security threat (Piscitello, 2002). This is because formulating essential security services is challenging in the absence of stable and verifiable identities (Ren, et al, 2011). Furthermore, Xiaosong & Kai (2009) and Brinkmeier et al. (2009) studies highlight that the security state for P2P networks is worse because of the absence of centralized authority that can vouch for security parameters. According to Fan et al (2012), the diverse nature of the multimedia material presents a severe challenge to the establishment of effective strategies that would foster secure systems. This is because security strategies best suited for one distribution route may fail to be effective for another (Sun, Zhang, Zhang & Fang, 2011). Furthermore, creating universal system protection procedures is strenuous because of the need of accounting for diverse aspects (Pagallo & Durante, 2009). P2P networking renders multimedia distributions channels vulnerable to various external forms of attacks, malicious mischief and espionage (Lipinski & MacAlpine, 2012). For example, Brehm & Jorge (2005) notes that the P2P network can allow individuals to access, and use copyrighted material in a manner that defies intellectual property regulations. The technology further provides users with convenient ways of sharing files in a way that infringes firm’s security policies (Thomas, 2006). Barhoush & Atwood (2010) asserts that P2P networking evades enterprise security policies by offering decentralized security control and shared data storage. Furthermore, these networks are able to circumvent sensitive protections such as firewalls and NAT gadgets (Pagallo, 2010). For example, all the network controller server-based security schemes are presented on the window in cases where users can install and setup their own P2P clients (Bohm et al., 2010). Interestingly, Vassiliadis, & Fotopoulos (2007) describes the risks associated with the technology by noting that most P2P programs allow sharing of files that create heavy traffic, resulting to clogging of the institutions networks while exposing the system to virus attacks. According to Jawad (2011), P2P systems provide valuable services, but there are limited guarantees when distributing sensitive data. Further studies highlight that such systems are hostile because they allow everyone including potentially destructive peers to access the data (Koegel, Yu & Lua, 2009). Bailes & Templeton (2004) observes that P2P networks offer users a chance of configuring their applications to expose confidential data for personal gain. This may infringe the privacy and security procedures because the administrator may lack authority of controlling the shared information. Balfe, Lakhani &Paterson (2012) acknowledges that P2P networks are characterized with numerous privacy and identity concerns because fellow peers may alter the information. For example, studies indicate that in situations of VoIP applications, a peer that conducts the stream has access to the data packets although the stream is encrypted (Li, 2007). Anonymity is an important factor to account for in the P2P networks. Li (2007) argues that the issue of anonymity becomes relevant especially when considering the P2P networks that transmit resources of doubtful legality. Grodzinsky & Tavani (2005) confirms the absence of anonymity in P2P schemes by noting that the user reveals his or her details to a network node that provides the services when downloading files. Furthermore, Walkowiak, & Przewoźniczek (2011) and Wang, Nakao, Vasilakos, & Ma (2011) highlights that much information regarding the user preferences can be collected in video distribution by tracking the user activities at the provider side. Furthermore, P2P networks are essentially associated with various privacy concerns. According to Gheorghe, Cigno & Montresor (2009), the P2P networks are not sensitive to privacy issues because the user leaves tracks after using the system. For example, users must review information such as the Port number and IP address before using some application for internet technology. Furthermore, the using computer networks make the user review some data to other parties. Suvanto (2012) also questions P2P networks in term of security by noting that applications such as VoIP enable users to communicate with other through VoIP software where data is distribute through internet without following the normal telephone network infrastructure. 3. Solutions to the challenges characterizing the P2P networks Studies with the intention of proposing effective strategies for ensuring secure P2P networks have devised mechanisms for tracing individuals accountable for unauthorized redistribution of multimedia (Gritzalis, 2006). An important strategy includes the use of content fingerprints to identify copyright defiance on user-created content websites (Lian, Kanellopoulos & Ruffo, 2009). This device is capable of tracing robust and distinctive elements of multimedia content that may be utilized in identifying the multimedia component. This is because system managers can incorporate collusion-resistant fingerprints in the multimedia and use them later in identifying the malevolent users (Varna, 2011). Furthermore, Adar et al. (2003) asserts that an effective strategy of avoiding loss of privacy includes designing systems that could enable the user to operate in anonymous mode by providing them with the option of requesting for information without providing their details. Amin, Schwartz & Shankar (2013) observe that in P2P system, the request and the information flow from the origin to the target node by navigating through various participants of the network. In this respect, Yu et al. (2011) and Sokolova et al. (2012) studies direct that ensuring that users are maintaining anonymity by utilizing cryptography is essential in avoiding loss of privacy. For example, studies highlight that, models such as GhostSharing can attain anonymity by utilizing a probabilistic connection mechanism (Nandan, Pau & Salomoni, 2004). Other effective techniques include the use of PriMod security system that provides the data owners with the option of specifying their privacy preferences in security policies while relating them with their data (Zhang & Ren, 2009). Furthermore, strategists have developed the PriServ privacy model that is situated on top of DHT-based P2P structures, which utilize the PriMod to check data privacy violations (Jawad, 2011). Lastly, Velastin & Lian (2010) asserts that the media content distribution system based on both watermarking and media index strategies would foster security in P2P system. 4. Conclusion The survey confirms that P2P networks face serious challenges in terms of security, privacy and anonymity. It is apparent that privacy, security and anonymity in P2P networks need critical attention in order to improve the efficiency of these systems. Effort in addressing these concerns is still unsuccessful because of the intricacy characterizing the management of the multimedia content. Furthermore, the highlighted key aspects that include the privacy, anonymity and security are interconnected and they affect each other. Often, exertion for addressing one of these factors may increases the severity of the other. For example, the review has indicated that strategies with the intention of enhancing privacy and anonymity in P2P systems are often characterized with serious security concerns. Consequently, strategic solutions for addressing security issues in P2P networks should be sensitive to ideas of privacy and anonymity. This is essential in designing flexible and customized procedures that could address security problems in P2P networks comprehensively. 5. References Adar, E. et al. (2003). Shock: Aggregating information while preserving privacy. Information Systems Frontiers, 5(1), 15-15. Retrieved from http://search.proquest.com/docview/232042759?accountid=45049 Amin, S., Schwartz, G. A., & Shankar, S. S. (2013). Security of interdependent and identical networked control systems. Automatica, 49 (1), 186-192. doi:10.1016/j.automatica.2012.09.007 Bailes, J. E., & Templeton, G. F. (2004). Managing P2P Security. Communications Of The ACM, 47(9), 95-98. Balfe, S., Lakhani A. &Paterson K. (2012). Trusted Computing: Providing security for peer-to peer networks. United kingdom, UK University of Landon. Barhoush, M., & Atwood, J. W. (2010). Requirements for enforcing digital rights management in multicast content distribution. Telecommunication Systems, 45(1), 3-20. doi:http://dx.doi.org/10.1007/s11235-009-9231-4 Böhm, K., et al. (2010). A flexible architecture for privacy-aware trust management. Journal of Theoretical and Applied Electronic Commerce Research, 5(2), 77-96. Retrieved from http://search.proquest.com/docview/752003071?accountid=45049 Brehm, N., & Jorge, M. G. (2005). Secure web service-based resource sharing in ERP networks. Journal of Information Privacy & Security, 1(2), 29-48. Retrieved from http://search.proquest.com/docview/203669217?accountid=45049 Brinkmeier, M. M. et al. (2009). Methods for Improving Resilience in Communication Networks and P2P Overlays. PIK - Praxis Der Informationsverarbeitung Und Kommunikation, 32(1), 64-78. doi:10.1515/piko.2009.0013 Chen, X., & Lian, S. (2011). Service and P2P based secure media sharing in mobile commerce environments. Electronic Commerce Research, 11(1), 91-101. doi:http://dx.doi.org/10.1007/s10660-010-9069-6 Defa, H., Juanjuan, L., & Yan, F. (2011). Copyright Protection in P2P Networks Using Digital Fingerprinting. International Review On Computers & Software, 6(3), 366-370. Dewan, P., & Dasgupta, P. (2010). P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains. IEEE Transactions On Knowledge & Data Engineering, 22(7), 1000-1013. doi:10.1109/TKDE.2009.45 Fan, X., et al. (2012). Behavior-based reputation management in P2P file-sharing networks. Journal of Computer & System Sciences, 78(6), 1737-1750. doi:10.1016/j.jcss.2011.10.021 Feldman, M. (2005). Incentives for cooperation in peer-to-peer systems. University of California, Berkeley). ProQuest Dissertations and Theses, 205-205 p. Retrieved from http://search.proquest.com/docview/305032134?accountid=4504 Gheorghe G., Cigno R. & Montresor A. (2009). Security and Privacy Issues in P2P streaming systems: A survey. Springer Science and Business Media. DOI 10.1007/s12083-010-0070-6 Gritzalis, S. (2006). Privacy and anonymity in the digital era. Bradford, England: Emerald Group Pub. Grodzinsky, F. S., & Tavani, H. T. (2005). P2P networks and the verizon v. RIAA case: Implications for personal privacy and intellectual property. Ethics and Information Technology, 7(4), 243-243. doi:http://dx.doi.org/10.1007/s10676-006-0012-4 Jawad, M. (2011). Data Privacy in P2P systems. Universite De Nantes. Koegel, B. J. F., Yu, H. H., & Lua, E. K. (2009). P2P networking and applications. Amsterdam: Elsevier/Morgan Kaufmann. Li, J. (2007). A survey of peer-to-peer network security issues. Retrieved from http://www.cse.wustl.edu/~jain/cse571-07/ftp/p2p/index.html Lian, S., Kanellopoulos, D., Ruffo, G. (2009). Recent advances in multimedia information system security. Informatica 33 3-24 Lipinski, B. & MacAlpine, P. (2012). A security review of anonymous peer-to-peer file transfer protocol. Retrieved from https://docs.google.com/viewer?a=v&q=cache:iwxwuV4p8tsJ:www.lix.polytechnique.fr/~tomc/P2P/Papers/Systems/AP3.pdf+&hl=en&pid=bl&srcid=ADGEESgeXdZe6-_I3vCYWiIVO5HG4Xgu4x42bSMePoPAi7qsIMtVagonNi86OS32QJpcC9Tdg85ldRP6RoEyTksmAWT3pCXlX09IcYul44HySu0Gy8qM2ioGWrw59KlHe_0JOcowfuRo&sig=AHIEtbSscxV_Gaid17Uj1QBHa-jOtV4eSA Nandan, A., Pau G. & Salomoni P. (2004). GhostShare-Reliable and Ananymous P2P Video Distribution. IEEE Communication Society. Retrieved from http://www.academia.edu/267551/GhostShare-Reliable_and_Anonymous_P2P_Video_Distribution Pagallo, U. (2010). Ethics among peers: File sharing on the internet between openness and precaution. Journal of Information, Communication & Ethics in Society, 8(2), 136-149. doi:http://dx.doi.org/10.1108/14779961011040550 Pagallo, U., & Durante, M. (2009). Three roads to P2P systems and their impact on business practices and ethics. Journal of Business Ethics, 90, 551-564. doi:http://dx.doi.org/10.1007/s10551-010-0606-y Piscitello, D. (2002). Security and peer-to-peer applications. Business Communications Review, 32(10), 45-51. Retrieved from http://search.proquest.com/docview/224982601?accountid=45049 Ren, Y., et al. (2011). A privacy policy conflict detection method for multi-owner privacy data protection. Electronic Commerce Research, 11(1), 103-121. doi:http://dx.doi.org/10.1007/s10660-010-9067-8 Sharma, P., & Bhadana, P. (2010). An Effective Approach for Providing Anonymity in Wireless sensor Network: Detecting Attacks and Security Measures. International Journal On Computer Science & Engineering, 1(5), 1830-1835. Singh, A., Gedik, B., & Liu, L. (2006). Agyaat: Mutual anonymity over structured P2P networks. Internet Research, 16(2), 189-212. Retrieved from http://search.proquest.com/docview/219855011?accountid=45049 Sokolova, M., et al. (2012). P2P Watch: Personal Health Information Detection in Peer-to-Peer File-Sharing Networks. Journal Of Medical Internet Research, 14(4), 18. doi:10.2196/jmir.1898 Sun, J., Zhang, C., Zhang, Y., & Fang, Y. (2011). SAT: A security architecture achieving anonymity and traceability in wireless mesh networks. IEEE Transactions on Dependable and Secure Computing, 8(2), 295-307. doi:http://dx.doi.org/10.1109/TDSC.2009.50 Suvanto, M. (2012). Privancy in Peer-to-Peer networks. Retrieved from https://docs.google.com/viewer?a=v&q=cache:zpUHMU-Xw8wJ:www.tml.tkk.fi/Publications/C/18/suvanto.pdf+&hl=en&pid=bl&srcid=ADGEESjLSMYQquwu_c_7WvreUVsMJn2GaW0JQc9N8pY1OT8N78Ofyqm7G43JcnP74P1McRLxIJIs1VTeOcGS-B5TTbE9Qz5vltWnoj0nzYmhdl0uxJS0c3_URrlvN419nBr&sig=AHIEtbT_LKOBHQvpkj2nFyK77WtizkSXdg Thomas, R. E. (2006). Vanquishing copyright pirates and patent trolls: The divergent evolution of copyright and patent laws. American Business Law Journal, 43(4), 689-739. Retrieved from http://search.proquest.com/docview/203410675?accountid=45049 Traynor, M. (2005). Anonymity and the internet. Computer and Internet Lawyer, 22(2), 1-16. Retrieved from http://search.proquest.com/docview/222875116?accountid=45049 Varna, A., L. (2011). Multimedia protection using content and embedded fingerprints. The Faculty of the Graduate School of the University of Maryland, College Park. Vassiliadis, B., & Fotopoulos, V. (2007). IPR protection for digital media distribution: Trends and solutions in the E-business domain. International Journal of E-Business Research, 3(4), 79-97. Retrieved from http://search.proquest.com/docview/222335371?accountid=45049 Velastin, S., & Lian, S. (2010). Special issue on multimedia analysis and security. Springer Science. 57, 1-4. Doi 10.1007/s11042-010-0595-y Walkowiak, K., & Przewoźniczek, M. (2011). Modeling and optimization of survivable P2P multicasting. Computer Communications, 34(12), 1410-1424. doi:10.1016/j.comcom.2010.12.011 Wang, Y., Nakao, A., Vasilakos, A. V., & Ma, J. (2011). P2P soft security: On evolutionary dynamics of P2P incentive mechanism. Computer Communications, 34(3), 241-249. doi:10.1016/j.comcom.2010.01.021 Wasef, A., & Shen, X. (2010). REP: Location privacy for VANETs using random encryption periods. Mobile Networks and Applications, 15(1), 172-185. doi:http://dx.doi.org/10.1007/s11036-009-0175-4 Xiaosong, L., & Kai, H. (2009). Collusive Piracy Prevention in P2P Content Delivery Networks. IEEE Transactions On Computers, 58(7), 970-983. doi:10.1109/TC.2009.26 Yu, J., et al. (2011). ID Repetition in Structured P2P Networks. Computer Journal, 54(6), 962-975. Zhang, Y., & Ren, K. (2009). On address privacy in mobile ad hoc networks. Mobile Networks and Applications, 14(2), 188-197. doi:http://dx.doi.org/10.1007/s11036-008-0142-5 Read More