Peer 2 peerP2PIm@gesResearch Staff : Frédéric Cuppens, Nor a Cuppens-Boulahia, Fabien AutrelKeywords : Peer to Peer, Access and Usage Controls, Digital Rights Management (DRM), File SharingApplications : Video on Demand, Video Live, IPTV, games.Partners & Funding : Thomson R&D France, Thomson Broadcast & Multimedia, Mitsubishi Electric,Devoteam, France Telecom, Marsouin, IRISA, IPdiva, TMG. It is funded by the DGEIntroductionPeer-to-peer refers to a class of systems andapplications that employ distributed resourcesto perform a function in a decentralizedmanner. The resources encompass inparticular computing power, data, n<strong>et</strong>workbandwidth and computers. The critical functioncan be distributed computing, data/contentsharing, communication and collaboration, orplatform services.The objective of the P2Pim@ges projectrelates to the definition and the developmentof a legal delivery system of music and videocontents by using techniques of peer to peer(P2P). Even if the concept of P2P becameincreasingly popular these last years (In 2004,in a tier-1 ISP, P2P file sharing accounted formore than 60% of traffic in the USA and mor<strong>et</strong>han 80% of the traffic in Asia), it remainedconfined to a more or less legal use ofdownloading files. The objective ofP2Pim@age project is to study this technologyin order to make of it a new electronic deliverysystem of contents.RealizationSERES brings to the project its expertise in thefield of the security of systems and n<strong>et</strong>works,in particular its work related to the expressionand the deployment of security policies incollaborative n<strong>et</strong>works such as peer to peer,and its knowledge of expression andinterpr<strong>et</strong>ation digital rights languages andmanagement of super distribution.A first step towards securing P2Pim@gesystem was to perform a risk assessment. Wehave specified the different actors ofP2Pim@ges system. We classified P2P-specificattacks according to their intent, targ<strong>et</strong> andgravity (see Fig.1). Illicit Modification ofContent by a Peer, Reverse Engineering andCloning for Intellectual Property Theft, Obtainthe Private Key of the Certification Server,Attacks on Data Related to Legal Issues,Intrusion and Takeover of the ManagementServer are The Top 5 of attacks that we hav<strong>et</strong>o mitigate.Fig.1: P2Pim@ges actors and relevant attacksHowever, P2P systems are exposed to anunusually broad range of attacks because oftheir lack of central control or administration.So, besides the need to be robust againstfaults and sudden departure of nodes, as theyare currently being designed, P2P systems alsoneed to be robust against security threats.SERES coordinates and contributes to thesecurity tasks of P2Pim@age to bring tog<strong>et</strong>hera broad range of techniques, none whollyoriginal, that can help to resist on attacks onP2Pim@ge system, identify synergies amongthem, and specify how they can beimplemented.Some security requirements have also beenspecified. They rest on P2Pim@ge client,content and n<strong>et</strong>work, privacy and legalaspects, DRM usage and agnosticity.We shall use risk analysis and securityrequirements results as inputs to the other58 Pracom’s Annual Report <strong>2008</strong>
security tasks (authentication and identitymanagement, intrusion d<strong>et</strong>ection, superdistributionand legacy) that they have kickedoffrecently.Future Work and ConclusionWe will use Data Rights Management (DRM) toaddress security issues of P2Pim@ge project.Our Federated Rights Expression Model(FORM) [1], allows a content provider todecide to trust external rendering rights andexternal identities. We then go furtherintroducing identity providers, actionsproviders as we consider content providers.Thus, all kind of providers can define licensesspecifying what can be done with the contentthey provide. FORM defines a new licensemodel and interpr<strong>et</strong>ation mechanism takinginto account all licenses issued by a federationof content providers.We will also make use of our new superdistributionmodel called Onion PolicyAdministration Model (OPA) [2]. OPA providesa compl<strong>et</strong>e traceability of the contentdistribution. The content must keep track of allthird-parties it crosses in the distribution chain.In this case, everyone can distribute thecontent and define a new license without anyrestriction. This administration model is easierto grasp than other super-distributionmechanisms especially when many distributorsare involved in the super-distribution chain ofgiven information content as it is the case in aP2P system. OPA is an adequate administrationmodel upon FORM as it can be extended tohandle data, m<strong>et</strong>hods and user profiles aswell.The protocols associated to FORM and OPA willbe specified, customized to P2Pim@ageplatform and implemented.The authentication of P2Pim@ge actors andthe federation of identity of pairs are keyproblems in the projects. We intend to use ourresearch works on interoperability of securitypolicies, and developments performed in ourplatform Protekto (see the next she<strong>et</strong>) toleverage P2Pim@ge tasks related to theseaspects.References[1] Thierry Sans, Frédéric Cuppens and NoraCuppens-Boulahia. FORM: A Federated RightsExpression Model for Open DRM Frameworks.ASIAN'06. 11th Annual Asian ComputingScience Conference, focusing on SecureSoftware and Related Issues. Tokyo, Japan.December 2006.[2] Thierry Sans, Frédéric Cuppens and NoraCuppens-Boulahia. OPA: Onion PolicyAdministration Model - Another approach tomanage rights in DRM. IFIP/SEC 2007, 21stIFIP TC-11 International Information SecurityConference. Sandton, South Africa. May 2007.Pracom’s Annual Report <strong>2008</strong> 59