DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

More documents

Recommendations

Info

Peer 2 peerP2PIm@gesResearch Staff : Frédéric Cuppens, Nor a Cuppens-Boulahia, Fabien AutrelKeywords : Peer to Peer, Access and Usage Controls, Digital Rights Management (DRM), File SharingApplications : Video on Demand, Video Live, IPTV, games.Partners & Funding : Thomson R&D France, Thomson Broadcast & Multimedia, Mitsubishi Electric,Devoteam, France Telecom, Marsouin, IRISA, IPdiva, TMG. It is funded by the DGEIntroductionPeer-to-peer refers to a class of systems andapplications that employ distributed resourcesto perform a function in a decentralizedmanner. The resources encompass inparticular computing power, data, networkbandwidth and computers. The critical functioncan be distributed computing, data/contentsharing, communication and collaboration, orplatform services.The objective of the P2Pim@ges projectrelates to the definition and the developmentof a legal delivery system of music and videocontents by using techniques of peer to peer(P2P). Even if the concept of P2P becameincreasingly popular these last years (In 2004,in a tier-1 ISP, P2P file sharing accounted formore than 60% of traffic in the USA and morethan 80% of the traffic in Asia), it remainedconfined to a more or less legal use ofdownloading files. The objective ofP2Pim@age project is to study this technologyin order to make of it a new electronic deliverysystem of contents.RealizationSERES brings to the project its expertise in thefield of the security of systems and networks,in particular its work related to the expressionand the deployment of security policies incollaborative networks such as peer to peer,and its knowledge of expression andinterpretation digital rights languages andmanagement of super distribution.A first step towards securing P2Pim@gesystem was to perform a risk assessment. Wehave specified the different actors ofP2Pim@ges system. We classified P2P-specificattacks according to their intent, target andgravity (see Fig.1). Illicit Modification ofContent by a Peer, Reverse Engineering andCloning for Intellectual Property Theft, Obtainthe Private Key of the Certification Server,Attacks on Data Related to Legal Issues,Intrusion and Takeover of the ManagementServer are The Top 5 of attacks that we haveto mitigate.Fig.1: P2Pim@ges actors and relevant attacksHowever, P2P systems are exposed to anunusually broad range of attacks because oftheir lack of central control or administration.So, besides the need to be robust againstfaults and sudden departure of nodes, as theyare currently being designed, P2P systems alsoneed to be robust against security threats.SERES coordinates and contributes to thesecurity tasks of P2Pim@age to bring togethera broad range of techniques, none whollyoriginal, that can help to resist on attacks onP2Pim@ge system, identify synergies amongthem, and specify how they can beimplemented.Some security requirements have also beenspecified. They rest on P2Pim@ge client,content and network, privacy and legalaspects, DRM usage and agnosticity.We shall use risk analysis and securityrequirements results as inputs to the other58 Pracom’s Annual Report 2008
security tasks (authentication and identitymanagement, intrusion detection, superdistributionand legacy) that they have kickedoffrecently.Future Work and ConclusionWe will use Data Rights Management (DRM) toaddress security issues of P2Pim@ge project.Our Federated Rights Expression Model(FORM) [1], allows a content provider todecide to trust external rendering rights andexternal identities. We then go furtherintroducing identity providers, actionsproviders as we consider content providers.Thus, all kind of providers can define licensesspecifying what can be done with the contentthey provide. FORM defines a new licensemodel and interpretation mechanism takinginto account all licenses issued by a federationof content providers.We will also make use of our new superdistributionmodel called Onion PolicyAdministration Model (OPA) [2]. OPA providesa complete traceability of the contentdistribution. The content must keep track of allthird-parties it crosses in the distribution chain.In this case, everyone can distribute thecontent and define a new license without anyrestriction. This administration model is easierto grasp than other super-distributionmechanisms especially when many distributorsare involved in the super-distribution chain ofgiven information content as it is the case in aP2P system. OPA is an adequate administrationmodel upon FORM as it can be extended tohandle data, methods and user profiles aswell.The protocols associated to FORM and OPA willbe specified, customized to P2Pim@ageplatform and implemented.The authentication of P2Pim@ge actors andthe federation of identity of pairs are keyproblems in the projects. We intend to use ourresearch works on interoperability of securitypolicies, and developments performed in ourplatform Protekto (see the next sheet) toleverage P2Pim@ge tasks related to theseaspects.References[1] Thierry Sans, Frédéric Cuppens and NoraCuppens-Boulahia. FORM: A Federated RightsExpression Model for Open DRM Frameworks.ASIAN'06. 11th Annual Asian ComputingScience Conference, focusing on SecureSoftware and Related Issues. Tokyo, Japan.December 2006.[2] Thierry Sans, Frédéric Cuppens and NoraCuppens-Boulahia. OPA: Onion PolicyAdministration Model - Another approach tomanage rights in DRM. IFIP/SEC 2007, 21stIFIP TC-11 International Information SecurityConference. Sandton, South Africa. May 2007.Pracom’s Annual Report 2008 59
Page 2 and 3:
Présentation générale...........
Page 4 and 5:
Activités d’enseignementLe dépa
Page 6 and 7:
Activités de rechercheLe départem
Page 8 and 9:
Notre implication dans les organism
Page 10 and 11:
le cadre du projet NextTV4all où l
Page 12 and 13:
cloisonnement par domaine tels qu
Page 14 and 15:
- le GIS ITS (Intelligent Transport
Page 16 and 17:
Twente aux Pays Bas, Université de
Page 18 and 19:
Liste des doctorants présents en 2
Page 20 and 21:
Annexe 2 : liste des publicationsAr
Page 22 and 23:
COMA-BREBEL Céline, CUPPENS Nora,
Page 24 and 25:
PHAN LE Cam Tu, CUPPENS Frédéric,
Page 26 and 27:
Annexe 3 : description détaillée
Page 28 and 29:
Access Control ....................
Page 30 and 31:
schemes specifically suitable for l
Page 32 and 33:
An easy-to-use solution for IPv6 co
Page 34 and 35: Loss Synchronization and Router Buf
Page 36 and 37: Sensor NetworksRandom Walk Techniqu
Page 38 and 39: Suppressing Neighbor Discovery in W
Page 40 and 41: Media and NetworksIP-based transmis
Page 42 and 43: One of the most difficult aspects o
Page 44 and 45: Another direction is the associatio
Page 46 and 47: classes. In our simple study case,
Page 48 and 49: Management of Multiple Access Netwo
Page 50 and 51: Adaptation of Multimedia Flows in a
Page 52 and 53: Optimized mobility management in he
Page 54 and 55: ecause it offers a generic framewor
Page 56 and 57: Future workOur next step is to fina
Page 58 and 59: Security Analysis and ValidationAna
Page 60 and 61: RealizationFigure 1 shows a classif
Page 62 and 63: Policy AdministrationResearch Staff
Page 64 and 65: execution in a distributed manner.
Page 66 and 67: Intrusion DetectionDetection and co
Page 68 and 69: eported alerts have to be managed b
Page 70 and 71: inside the corresponding detection
Page 72 and 73: function has a limitation that it d
Page 74 and 75: 1) Normal Node behavior simulation:
Page 76 and 77: negotiation. These strategies speci
Page 78 and 79: A Fast Adaptative Secure Technology
Page 80 and 81: estricted to the organization to wh
Page 82 and 83: ights and external identities, and
Page 86 and 87: Managing a Peer-to-Peer Storage Sys
Page 88 and 89: Applications of networks to transpo
Page 90 and 91: Adaptive Application Support in Mob
Page 92 and 93: Wireless Mesh NetworksResearch Staf
Page 94 and 95: TestbedsA showroom for practical IP
Page 96 and 97: egistrar and proxies, video streami
show all

DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

Create successful ePaper yourself

Delete template?

Save as template?