Why File Sharing is Dangerous?
Nov 29, 2014
Slides for Decentralized System assignment. Explaining about why file sharing is dangerous.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
P2P Application
• 1st generation P2P application – find the file, and download from node that has the file – FastTrack network – KaZaA – Gnutella network – Frostwire – eDonkey - eMule
• Common characteristics: users need to share a specific files/folders
Why do we analyze these?
• Lots of users & traffic – doubled between ‘03 to ‘07 • Wide adoption
Exposed Sensitive Information
• Sounds impossible, but it does happen!
– Misplaced file
– Confusing UI
– Incentives to share large number of files
– Lazy users
– Dumb wizard
– Share and forget
– Poor organizational habit
Exposed Sensitive Information
• Searching-file experiment
– Birth Certificate – 45 Results
– Passport – 42 Results
– Tax Return – 208 Results
– Free Application for Federal Student Aid – 114 Results
The trend?
• Growing usage -> More leaks
• Set and forget -> Increases loses
• Global loses
• Digital wind spreads files
• Existence of malware
Honeypot experiment
• To illustrate the threat in P2P network
• Honeypot – deliberately expose things to observe the attack
• In this case…
– Email contains active VISA card and phonecard
– Three mock business documents
Email with VISA card..
• Email showing 25 USD VISA prepaid card
• 210-minute-calling card
Email with VISA card..
• File quickly taken and re-taken
Email with VISA card..
• Within a week, no
money left!
• No minute left!
• File distribution ->
Business Documents…
• Within a week…
– Documents taken 12 times
– Secondary disclosures do happen!
Observation
• Successfully illustrate risk of disclosure
• Identity theft!
• Persons with intention to use and hide documents do exist! (and they always search!!!)
Conclusion
• Suggested counter-measures
– Improve UI design
– User education
– File naming and organization
Discussion…
• Privacy issue, why? Agree, disagree?
• Malware distribution, how to counter-measure?
• How about BitTorrent? Security concern?
• This paper is about “Passive” attack, how about “Active” attack? Give example
– Active attack : communications are disrupted by the deletion, modification or insertion of data.
Related Documents
