Call Today 716.688.4675

Security in P2P Video Streaming

P2P (Peer to Peer) networks are ideal for attackers who wish to spread malicious content. They are based on an open and anonymous concept with widespread and unrestricted growth which may cause a number of security issues. For a P2P video streaming system, these issues are more difficult to resolve than for other P2P systems. Video streaming systems are more sensitive to QoS fluctuations, such as delay and jitter. Even minor quality variations may cause the viewing experience to loose appeal and the user to drop the service.

A traditional way to protect the system is restricting access to unauthorized users. However, for P2P streaming systems, honest and cooperative behavior are key factors to the workability of the system. There is no central authority that can act against the malicious peers, so honest peers have to protect themselves.

One approach to increase the security and robustness of the system is trust management. Each peer in the system needs to somehow assess information received from other peers. It has to evaluate the information and the sender trustworthiness. The peer may rely on direct experiences or reputation information from other peers.

There are a number of common methods of attack on P2P networks such as Denial of Service, Free-riding and Pollution attacks.

Denial of Service Attacks

Denial of Service attacks decrease or stop the network activity. The attack exhausts key target resources, diminishing the target’s capacity to provide or receive service. Video streaming requires high bandwidth. The attack could be done by inserting a malicious node that continuously issues queries or duplicate packets intended for their peers, generating huge amounts of network traffic, soaking up network bandwidth and making the network unusable. When the network bandwidth is all used, the service rejects new peers.

One way to counter Denial of Service attacks is to organize network overlays according to a credit-constrained peer selection mechanism. The peers share credit information with each other. Peers with high trustworthiness are kept in the central part of the overlay structure. Peers with low reliability are pushed to the peripheral of the network. The higher the credit, the closer a peer can be to the data source. The credit value of each peer is measured based on its behavior.

Free-riding Attacks

Free-riding attacks are based on forcing the system to accommodate new free-riding nodes. These nodes consume services offered by other nodes but do not contribute services to the P2P network, i.e. free-rider peers download data but upload little or no data in return.

One solution is to apply a reciprocity-based approach by adjusting a peer’s download speed according to its upload speed. Reciprocity-based approaches face several implementation issues such as fake services published by peers.

Another solution is to apply Block and Drop and Block and Wait policies. Per the Block and Drop policy, free-riders that would like to join the streaming session are blocked if the free upload capacity in the overlay is less than the streaming rate. According the Block and Wait policy, free-riders are blocked if the overlay does not have enough available upload capacity.

A third solution is a payment-based incentive mechanism. A peer earns points by forwarding data to others. The data streaming is divided into fixed length periods, during which peers compete with each other for a good parent in the next period. The winners get the best parents according their amount of points.

Pollution Attacks

Pollution attacks are based on the introduction of corrupted video blocks. An attacker joins a video channel and creates partnerships with other peers watching the channel. The attacker announces to its partners that it has a large number of blocks for the current video stream. When the neighbors request advertised blocks, the attacker sends bogus polluted blocks instead of real ones.

One solution is for each decoding node to detect corrupted blocks by checking if the decoding result matches a checksum which is based on the format of the video stream.

More Information

VOCAL Technologies, Ltd.
520 Lee Entrance, Suite 202
Amherst New York 14228
Phone: +1-716-688-4675
Fax: +1-716-639-0713