P2P Security.

Known attacks include:

1. 'Network Poisoning' by 'Malicious Nodes'.

Malicious Node on the Application Layer might give incorrect responses to requests & behave not according to protocol. This might mean much if money is transferred, for example. Peer-to-Peer Network Poisoning is about providing inaccurate data to other clients (peers in role of a client) and/or Process Coordinator (if there's any), to manipulate whole Network or just do harm to the Infrastructure or to Trust of the System.

2. Attacks on individual network nodes.

Software Modifications & Attempt for Unauthorized Network Join might result in 'planting' a malicious node(s) in the system.

Organizations should be wary of the software distribution, whom they give source or binary program code and/or keys - software and/or hardware keys, i think.

Hacking might result in taking over, modification and/or reconfiguration of existing network nodes in the system.

3. Exploiting software issues (assuming that software does it's job correctly, and is not malicious):

- Vulnerability to buffer overflows & similar hacking methods,
- Authentication & Authorization Issues - keeping passwords & keys secure, keeping ciphers unbroken, keeping certificates valid,
- Message Confidentiality, Message Integrity & Message Nonrepudation Issues - we wish to know who sent us message, if he sent, be sure if it wasn't tampered with in process, or captured & examined,
- Attacks on Ciphers & Cryptographic Attacks on Messages, for example in preparation for Man-in-the-Middle Attacks,
- User Privacy Attacks - attempts to gain unauthorized information from Network Peers - this can be used in preparation for more damaging attacks, for example,
- Trust & Cerficiation Issues - for example not all users agree to use the same Certification Authority (CA) or combinations of such,
- Accountability Issues (Users should know that they are & be responisble for resources used, including accountability for costs of using system resources),

4. Attacks on whole network.

- If node(s) behave not according to protocol, whole system might fail due to Security Issues. There's risk for Damaged Trust, for system Failing somehow, for Financial Loss, for Data being stolen, in preparation for more damaging attacks.

5. Social Engineering Attacks.

- Psychological Manipulation, including Artful Symbols Use in the Internet, with goal of making an employee open 'a message attachment' that runs trojan horses or other malicious software,
- Terrorism, Seduction & other Attacks on Personnel.
- Phone Calls,
- Stealing passwords.

6. Viruses, of all kinds.

7. Exploiting other software components vulnerabilities.

8. Attacks on Network & Infrastructure.

- Denial of Service,
- Physical Hardware Security.

9. Perhaps more (there are many pages to read, with example systems & their vulnerabilities, might take a while).

See also: [7], [8], [14], [17], [26], [37], [38], One time codes, ciphers and online security., Cryptographic Attacks., Weakest Link., perhaps more.

No comments:

Post a Comment