Security in P2P Networks: Survey and Research Directions

  • Esther Palomar
  • Juan M. Estevez-Tapiador
  • Julio C. Hernandez-Castro
  • Arturo Ribagorda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4097)


A fundamental feature of Peer-to-Peer (P2P) networks is the honest collaboration among an heterogeneous community of participants. After Napster success –the first P2P file sharing application massively used–, advances in this area have been intense, with the proposal of many new architectures and applications for content and computing sharing, and collaborative working environments. However, the inherent differences between the P2P model and the classic client-server paradigm cause that many security solutions developed for the latter are not applicable or, in the best case, have to be carefully adapted. In this paper, we present a survey on security issues in P2P networks, providing a comparative analysis of existing solutions and identifying directions for future research.


Overlay Network Security Property Reputation System Sybil Attack Access Control List 


  1. 1.
    Balfe, S., Lakhani, A., Paterson, K.: Trusted computing: Providing security for peer-to-peer networks. In: Proc. 5th IEEE Int. Conf. Peer-to-Peer Computing, Konstanz, Germany, pp. 117–124. IEEE Press, Los Alamitos (2005)Google Scholar
  2. 2.
    Levine, B.N., Shields, C.: Hordes: A protocol for anonymous communication over the internet. Computer Security 10, 213–240 (2002)Google Scholar
  3. 3.
    Douceur, J.: The sybil attack. In: Proc. 1st Int. Workshop on Peer-to-Peer Systems, Cambridge, USA, pp. 251–260 (2002)Google Scholar
  4. 4.
    Sakaryan, G., Unger, H., Lechner, U.: About the value of virtual communities in p2p networks. In: Proc. 3rd Int. School and Symposium, Mexico, pp. 170–185 (2004)Google Scholar
  5. 5.
    Cuenca-Acuna, F., Peery, C., Martin, R., Nguyen, T.: Planetp: Using gossiping to build content addressable peer-to-peer information sharing communities. In: Proc. 12th IEEE Int. Symp. High Performance Distributed Computing, pp. 236–246. IEEE Press, Washington, USA (2003)CrossRefGoogle Scholar
  6. 6.
    Lee, F.Y., Shieh, S.: Defending against spoofed ddos attacks with path fingerprint. Computers & Security 24, 571–586 (2005)CrossRefGoogle Scholar
  7. 7.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1, 66–92 (1998)CrossRefGoogle Scholar
  8. 8.
    Freedman, M., Morris, R.: Tarzan: a peer-to-peer anonymizing network layer. In: Proc. 9th ACM Conf. Comp. and Comm. Sec., Washington, pp. 193–206 (2002)Google Scholar
  9. 9.
    Dingledine, R., Mathewson, N., Syverson, P.: The free haven project: Reputation in p2p anonymity systems. In: Proc. Int. Workshop Design Issues in Anonymity and Unobservability, Berkeley, USA (2003)Google Scholar
  10. 10.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
  11. 11.
    Feldman, M., Chuang, J.: Overcoming free-riding behavior in peer-to-peer systems. ACM Sigecom Exchanges 6, 41–50 (2005)CrossRefGoogle Scholar
  12. 12.
    Pathak, V., Iftode, L.: Byzantine fault tolerant public key authentication in peer-to-peer systems. Computer Networks 50, 579–596 (2006)MATHCrossRefGoogle Scholar
  13. 13.
    Edwards, W.: Using speakeasy for ad hoc peer-to-peer collaboration. In: Proc. ACM Conf. Computer Supported Cooperative Work, New Orleans, pp. 256–265 (2002)Google Scholar
  14. 14.
    Maniatis, P., Giuli, T., Roussopoulos, M., Rosenthal, D., Baker, M.: Impeding attrition attacks in p2p systems. In: Proc. 11th ACM SIGOPS European Workshop, Leuven, Belgium, ACM, New York (2004)Google Scholar
  15. 15.
    Ratnasamy, S.: A scalable content-addressable network. Technical report, Berkeley (2002)Google Scholar
  16. 16.
    Stoica, I., Morris, R., Karger, D., Kaashoek, M., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. In: Proc. ACM SIGCOMM Conference, San Diego, USA, pp. 149–160 (2001)Google Scholar
  17. 17.
    Rowstron, A., Druschel, P.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: Proc. IFIP/ACM Int. Conf. Distributed Systems Platforms (Middleware), Heidelberg, Germany, pp. 329–350 (2001)Google Scholar
  18. 18.
    Zhao, B., Kubiatowicz, J., Joseph, A.: Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical report (2001)Google Scholar
  19. 19.
    Kim, Y., Lau, W., Chuah, M., Chao, J.: Packetscore: Statistical-based overload control against distributed denial-of-service attacks. In: INFOCOMM 2004, Hong Kong, China, IEEE Press, Los Alamitos (2004)Google Scholar
  20. 20.
    Defigueiredo, D., Garcia, A., Kramer, B.: Analysis of peer-to-peer network security using gnutella. Technical report (2002)Google Scholar
  21. 21.
    Anderson, D., Cobb, J., Korpela, E., Lebofsky, M., Werthimer, D.: Seti@home: An experiment in public-resource computing. Comms. of the ACM 45, 56–61 (2002)CrossRefGoogle Scholar
  22. 22.
    Zhou, F., Zhuang, L., Zhao, B., Huang, L., Joseph, A.: Approximate object location and spam filtering on peer-to-peer systems. In: Proc. ACM Int. Middleware Conf., Rio de Janeiro, Brazil, pp. 1–20. ACM, New York (2003)Google Scholar
  23. 23.
    Juels, A., Brainard, J.: Client puzzles: A cryptographic defense against connection depletion attacks. In: Proc. NDSS 1999, California, pp. 151–165 (1999)Google Scholar
  24. 24.
    Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. ACM Transactions on Internet Technology 5, 299–327 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Esther Palomar
    • 1
  • Juan M. Estevez-Tapiador
    • 1
  • Julio C. Hernandez-Castro
    • 1
  • Arturo Ribagorda
    • 1
  1. 1.Computer Science Department – Carlos III University of MadridMadrid

Personalised recommendations