Preventing Illegal Peer-to-Peer (P2P)

Transcription

Preventing Illegal Peer-to-Peer (P2P)
Preventing Illegal Peer-to-Peer (P2P) Traffic
Using SafeMedia’s Clouseau®
A WHITE PAPER
Perambur Neelakanta, PhD., C.Eng.,
Fellow IEE
Mahesh Neelakanta, M.S.
Abstract: The global presence of Peer-to-Peer (P2P) networks
is explicit in today’s corporate, residential and academic
arenas. The plethora of traffic in such networks consists of a
menacing transfer of pirated software, pornographic materials
as well as illegal copies of video and music files. The legal
implications and the ethical and moral aspects of such traffic on
networks have become topics of concern for CIOs and IT
managers of the corporate sector and parents on the homefront.
The ability to detect and stop P2P traffic at the premises of the
endpoints (desktops and laptops) is key to stopping the
proliferation of such illicit activities. The scope of this White
Paper is to provide a critical evaluation and appraisal of the
Clouseau® appliance-based solution from SafeMedia to block
the illegal P2P traffic.
About the Authors: (Independent Consultants
retained by SafeMedia Corporation). Perambur
Neelakanta is Professor of Electrical Engineering
and Mahesh Neelakanta is Director of Technical
Services both in the College of Engineering &
Computer Science, Florida Atlantic University,
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Table of Contents
Table of Contents........................................................................................................................................ 1
Table of Contents........................................................................................................................................ 2
List of Figures ............................................................................................................................................. 2
Executive Summary .................................................................................................................................... 3
Introduction................................................................................................................................................. 3
Clouseau® Technological Overview ........................................................................................................... 5
The Testing Procedure and Methods (Phase I) ........................................................................................... 6
Areas of Analysis (Phase I)......................................................................................................................... 6
P2P Clients.............................................................................................................................................. 6
Fail-Safe Test Results ............................................................................................................................. 7
Power-On, Reset/Reboot, Return-To-Service Results............................................................................ 7
Sample Network Topologies for Deployment ............................................................................................ 8
Conclusion ................................................................................................................................................ 11
Appendix A – P2P Clients Tested* .......................................................................................................... 12
List of Figures
Figure 1 : Residential Home DSL/Cable Modem....................................................................................... 8
Figure 2 : Small Business ........................................................................................................................... 9
Figure 3 : Medium Business ....................................................................................................................... 9
Figure 4 : University Campus with Multiple Clouseau Units................................................................... 10
Figure 5 : University Campus with Centralized Clouseau in HA Mode .................................................. 10
This White Paper is written as Clouseau® product (of SafeMedia Corporation) evaluation report
and is provided “as-is” with no Warranties whatsoever. All the third-party brands, trademarks
and/or names indicated in the White Paper are the property of their respective owners.
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Executive Summary
This White Paper examines the general problems faced as a result of P2P related informational piracy. It
shows how SafeMedia’s Clouseau® product line offers a manageable and cost-effective solution
designed to meet the challenges posed by the P2P based illegal transfer of digital information over the
Internet. Further addressed in this White Paper are facts concerning the simplicity of integrating
Clouseau® in the subnet part of any network of peers. The underlying network topologies for
deployment of the product are outlined so as to indicate the business value to the customers of the
product.
Introduction
A lucid way of peer-to-peer (P2P) file-sharing became reality thanks to prolific Internet penetration and
sprouting of related business efforts. P2P has facilitated a seamless interlinking of computer systems that
enhanced the scope to exchange unlimited information between PCs. Concurrent to P2P, a networking
effort that was conceived with a gamut of technologies led to implementing alternative strategies (of
P2P) toward sharing a galaxy of digital content between peers.
Christened as the Darknet, it seeded the first generation P2P network realization with an application
and protocol layer riding on existing networks. It paved the path for P2P file-sharing. Unfortunately, the
underlying scheme also allowed the scam of illegal exchange and sharing of copyrighted materials such
as the CDs and DVDs via e-mails and newsgroups.
With the genesis of P2P setup as above, the associated networking was initially centralized, but later
modifications led to decentralized configurations via distributed networking where a desktop user is
made as a part of the network so as to perform server tasks of indexing, searching locally available
resources and route/relay the queries between peers. Relevant query protocol enables each peer to be
connected to a set of others; thus, an endless chattering of digital traffic could then take place across the
peers in search of requests and responses for digital data exchange. In this unhampered and humongous
volume of traffic, the up- and down-stream digital transmissions may largely include illegal transfer and
sharing of copyrighted materials creating a legacy of Internet piracy.
Blocking the copyrighted digital content – such as videos, movies and music is an effort widely
sought after so as to stamp out the Internet piracy. Such avenues would protect the businesses from the
P2P related losses; and, reduction of such losses equates to a boost in return-of-investment (RoI).
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Ideally, a simple portable appliance/product, when placed in the premises of PC-to-Internet access and
curtails the illegal P2P flow has the versatility to combat the Internet piracy at large. Conceived thereof
is Clouseau®, a product of SafeMedia Corporation that has the magnificent potential to barricade the
subnets and hamper them from the menace of illegal P2P digital traffics and transactions.
The underlying strategy of the SafeMedia product is that it simply tracks and kills the pirated
information being attempted and negotiated for sharing between peers. All that is required is to place the
product (Clouseau®) in the subnet of a peer end entity (such as a Desktop). The associated core
technology, then detects, tracks and arrests the illegal P2P content transfers across networks and
between the subnets. Thus, it eradicates the illicit and unbridled proliferation of copyrighted digital
information materials. The presence of Clouseau® is transparent to the PC user, while its implementation
is just a plug and play technology. No changes to existing network topology are necessary in order to
deploy Clouseau®.
In summary, in today’s environment, the P2P technology via the Internet protocol has effectively
promoted massive illegal commercial potentials of sharing copyrighted digital information among peers.
P2P users typically linked through a distributed web of ad hoc servers can share content files of illicit
nature. Predominantly such transferred files contain copyrighted items such as CDs and DVDs –that is
unscrupulous P2P digital transfers have seen unsaddled paths of P2P networking and subnets. Such
transfers are destructive to businesses facing concurrent losses and reduced RoI of an enormous extent.
Therefore the SafeMedia Corporation has stepped in and has released its product, the Clouseau®,
which in a very simple way stops the P2P illegal transfers when installed at the premises of the users.
Such installation could be at homes or at a more extensive level such as in campus networking. The said
technology is simple, easy-to-use, remains transparent to the user and effectively forbids the Internet
piracy. It guarantees wiping out and the eradication of illegal P2P information transfers across the peer
network.
The Clouseau® is portable and cost-effective. Its efficient operation and performance considerations
are elucidated in terms of test details outlined in the following sections of this White Paper.
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Clouseau® Technological Overview
SafeMedia has developed an appliance (Clouseau®) based system that utilizes a variety of methods to
track and eradicate P2P-based illegal transfer of digital information. The methods are listed and
discussed below:
•
Adaptive Finger Printing and DNA Markers – SafeMedia’s filtering system utilizes
proprietary finger printing techniques to identify specific P2P clients/protocols. By using these
DNA markers, Clouseau® is able to uniquely identify whether a packet is part of a P2P
transaction or a regular Internet traffic. By studying the details in-depth, SafeMedia is able to
avoid false-positives. In a series of tests conducted by us, Clouseau® did not block any normal
packets including web HTTP(S) and VPN (ipSec and PPTP).
•
Adaptive Network Patterns – Not all protocols can easily be identified with a single set of
packets. As such, Clouseau® is set to monitor packet flows and adapt its filtering technique on
the basis of what it has already seen and what it sees now. This extensible system utilizes a
technique called experience libraries that are described next.
•
Experience Libraries – P2P clients and protocols are modified and improved on a continuous
basis. The process of adapting to this change and constantly being updated with the latest
knowledge of such clients/protocols is the responsibility of the experience libraries indicated
above. SafeMedia’s experience library is a knowledge base created from the actual operations of
the clients and includes specific fingerprints/DNA makers in addition to the adaptive network
patterns.
•
Update – No P2P filtering appliance will function without constant updates. P2P clients and
protocols get changed every day. The process of adapting to this change and constantly being
updated with the latest knowledge of such clients/protocols is the responsibility of the remote
update subsystem. All of the methods adopted in the Clouseau® product described above are
constantly evolving.
In addition to the above, Clouseau® also provides some unique improvements to the appliance model:
•
Lights-Out Management – Clouseau® has been designed as a zero-maintenance appliance from
the perspective of the customer. All updates are done automatically and do not require
operator/administrative intervention.
•
Network Invisibility – Clouseau® operates in a stealth mode when performing P2P filtering.
This allows the appliance to be completely invisible to attacks that may be launched on the
device.
•
Resilient and Self-healing – If any attacks are attempted on Clouseau® (say by someone who
may have physical access to the device), the internal self-protection measures are in place so as
to protect the device from undesirable changes affecting the functionality of the appliance.
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
The Testing Procedure and Methods (Phase I)
In conducting the tests on Clouseau® the following hardware and software tools were utilized:
•
HP dv6000 Laptops running Windows XP+SP2 (for P2P client testing)
In addition, a Bellsouth Business DSL (6 Mbps downstream, 512 Kbps upstream) access loop was used
without any inbound firewall to test the P2P Clients.
A list of all the P2P clients that were tested is provided in Appendix A.
Areas of Analysis (Phase I)
The following aspects of Clouseau® were addressed in the tests performed:
•
•
•
•
Testing P2P clients that are publicly available for download on the Internet through Clouseau® in
order to verify whether the protocols used by those clients are truly blocked in real-time
Testing the failure modes (as described and indicated by SafeMedia) of Clouseau® including
self-defense and self-healing features
Testing the fault-tolerance/fail-safe and resiliency of Clouseau® under different situations such as
power-failure, network cable disruption, high bandwidth and mal-formed packets
Testing the reset/reboot time of Clouseau®
Each of the above areas of analysis is now described in the following sections:
P2P Clients
A list of the P2P clients that were tested is furnished in Appendix A. As can be seen from the list, a wide
range of clients were tested and in each case, Clouseau® was able to consistently block the associated
protocols and functionality. In most cases, the client would simply keep trying to reach other peers or
SuperNodes ad infinitum.
In a three cases during testing (Zapr, Azureus and eSnips), a new release of a client was observed which
revealed a new protocol or change in protocol. In both cases, a fix was issued within hours of showing
the client to the Clouseau® team. The clients/protocols were identified and updated signatures/templates
were pushed to the production servers. The ability of Clouseau® to adapt to such new threats and
changes reveals the flexibility of the product.
As mentioned earlier, P2P clients and protocols are constantly evolving. The list on Appendix A covered
a high percentage of the known popular clients as of the period of testing (1st Quarter, 2007). As new
clients are released, the SafeMedia will deploy updates to the signatures/templates to the units in
production.
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Fail-Safe Test Results
With the permission of SafeMedia’s developers, we (the consultants) were granted access into the
Clouseau® operating environment. With this access, we proceeded to corrupt certain areas of the
operating environment. This involved removing or corrupting key components of Clouseau®. During
and after such changes, the Clouseau® still continued to operate in a resilient manner. In fact, Clouseau
contains self-healing processes and watchdog methods which look for such changes and is able to
dynamically restore the missing components without requiring a reboot or shutdown. After verifying
these, we proceeded to reboot the system and the built-in fail-safes within Clouseau® were able to
restore the operating environment completely to an added level of protection.
Granted that the above tests do require physical access to the unit as well as a way to get into the
operating environment, it still show the measures taken by the developers to prevent malicious actions
against the appliance from shutting it down.
In the case of remote exploits, Clouseau® uses a variety of methods to try and cloak itself from intruders.
By acting as a bridge, it is a transparent device on the network. Network access via TCP/IP is only used
when updates or maintenance is necessary. During normal operations, the system itself is inaccessible
over the network.
In addition, as inherent part of SafeMedia’s update mechanisms, Clouseau® is able to perform periodic
updates throughout the day in order to maintain an up-to-date set of filters.
Thus using a combination of resilient operations, self-healing techniques and built-in fail-safes,
Clouseau® is able to protect itself from multiple types of attacks that may be imposed on it.
Power-On, Reset/Reboot, Return-To-Service Results
With any appliance that works as a bridge, it is vital that a power-cycle and a reset or a reboot should
cause as little disruption as possible to the underlying network. As such, we measured the return-toservice time window for Clouseau®. We defined “return-to-service” as starting with a device that is
completely powered off but fully connected to the network and then applying power to the point where
it is actively processing and filtering or passing packets to the network.
The average time that Clouseau-100® took to return to full functionality was 45 seconds.
In most environments where the Clouseau-100® appliance will be installed (residential and smallmedium businesses), this time is more than acceptable. In more crucial environments, the HighAvailability (HA) extensions to Clouseau® may provide Five 9’s uptime capability.
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Sample Network Topologies for Deployment
The following illustrations depict scenarios and are provided as examples of how to deploy Clouseau® in
common network environments.
Figure 1 : Residential Home DSL/Cable Modem Layout
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Figure 2 : Small Business Layout
Figure 3 : Medium Business Layout
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Figure 4 : A Layout of a University Campus with Multiple Clouseau® Units
Figure 5 : A layout of a University Campus with Centralized Clouseau® in HA Mode
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Conclusion
Suppressing illegal transfer of copyrighted digital information on P2P networks translates into a
hike in the RoI of concerned businesses. Clouseau® a product of SafeMedia now comes in handy as
a plug-and-play appliance at the user premises of the Desktops that so as to knock down the said
illegal information flow. This White Paper examines and evaluates the functionality of using
Clouseau® and portrays the efficacy of the product.
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.
Appendix A – P2P Clients Tested*
Addax
aimini
Amembo
ANts P2P
ApexDC++
Ares Galaxy
Ares Galaxy Professional
Edition
Ares Gold
Ares Premium P2P
Ares SE
Azureus
Beamfile
BearFlix
BearShare
Bearshare MP3
BearShare Premium
BearShare Premium P2P
BearShare Turbo
Bitcomet
Bitcomet Turbo
BitLord
BitSpirit
BitTorrent
BitTorrent PRO
Cabos
CitrixWire
DC++
DexterWire
Dijjer
eChanblardNext
eMulePlus
eSnips
FileCroc
Fireant
FrostWire
FurthurNet
Gimme P2P
Gnucleus
Hamachi
I2P
I2Phex
IfunPix
Imesh
Imesh MP3
Imesh Turbo
KCeasy
LimeWire Basic
lphant
Manolito
Marabunta
MLDonkey
Morpheus
Morpheus MP3
Morpheus Music
Morpheus PRO
MP3 Rocket
MurphsP2P
Mute
Myster
Nodezilla
Phex
PowerFolder
Proxyshare
Rodi
Rshare
Shareaza
Shareaza PRO
Soulseek
Syndie
Tor
Torpack
Trilix
TrustyFiles Pro
Twister
Vidalia
Warez
WinMX MP3
WinMX Music
Xcaramba
Xnap 3.0 pre
zapr
Zeus
Zultrax
* These Third Party brands, trademarks and/or names are the property of their respective
owners.
Copyright© 2007 SafeMedia Corporation. All Rights Reserved.