1 risks in anonymous distributed computing systems michael j. ciaraldi david finkel craig e. wills...
TRANSCRIPT
![Page 1: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/1.jpg)
1
Risks in Anonymous Distributed
Computing Systems
Michael J. CiaraldiDavid FinkelCraig E. Wills
Worcester Polytechnic InstituteWorcester, MA 01609 USA
Presented atInternational Network Conference 2000
Plymouth, EnglandCopyright 2000
Michael J. Ciaraldi, David Finkel, and Craig E. Wills
![Page 2: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/2.jpg)
2
Overview
Anonymous Distributed Computing Systems What are they?
What are the risks? Most are well-known ADCSs face some unique challenges.
Which risks can be addressed, and how?
![Page 3: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/3.jpg)
3
Anonymous Distributed Computing Systems
![Page 4: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/4.jpg)
4
DistributedComputing Systems
Traditional vs.Anonymous
![Page 5: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/5.jpg)
5
TraditionalDistributed Systems
Autonomous systems Standalone machines Explicit Services with explicit
authorizationtelnet, ftp
Distributed operating systems Appear as a single virtual machine Single administrative domain
Network file systems Shared resources Single administrative domain
![Page 6: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/6.jpg)
6
Anonymous Distributed Computing Systems
Types of NodesCharacteristicsApproaches
![Page 7: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/7.jpg)
7
Types of Nodes in ADCS
Distributor nodes Distribute pieces of a
calculation.
Client nodes Execute pieces and
report back to distributor.
Portal nodes Direct clients to
distributors.
The Internet
Client Distributor Portal
![Page 8: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/8.jpg)
8
Characteristics of ADCSPotentially millions of nodes.Client nodes vary in power and architecture.Clients controlled by different administrative
domains.Clients may be unaware of each other.Clients not always available for ADCS.Internet communications unreliable and at
various speeds.Clients may crash or withdraw at any time.A client may be in several ADCSs.Clients may volunteer or be paid
(micropayments).
![Page 9: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/9.jpg)
9
Approaches in ADCSOne-Time Download:
Just once, client downloads an executable program from a portal.
To participate, client program contacts portal.
Examples:SETI@home, distributed.net
Each-Time Download: Client downloads Java applets or ActiveX
controls each time. Examples:
POPCORN, Charlotte, distriblets
![Page 10: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/10.jpg)
10
Risks
![Page 11: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/11.jpg)
11
Risks
Where are they?What are they?Can they be reduced or eliminated?
By technology? By human diligence?
![Page 12: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/12.jpg)
12
Types of Risks andWhere They Occur
Internet Communication Inherently unreliable Passes through others’ machines
Can be intercepted and/or altered.
AnonymousWhat is the sender’s true IP address?Who is the sender, anyway?
![Page 13: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/13.jpg)
13
Types of Risks andWhere They Occur IIKnowing identity of distributor
Recommended by others Confidence that software is not harmful
To clientTo others, e.g. DoS, cracking.
AccountabilityKnowing identity of client
Confidentiality Payment Invalid results
![Page 14: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/14.jpg)
14
Dealing With Risks
![Page 15: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/15.jpg)
15
Dealing With Risks
Communication problemsMalicious client code
Attacks the client or another machine.Counterfeit client code
![Page 16: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/16.jpg)
16
Accidental Communication Problems
Checksums guard against corruption.Timestamps guard against stale
data.
![Page 17: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/17.jpg)
17
Deliberate Communication Problems
IPSec Provides encryption and authentication
end-to-end. Guards against interception and/or
modification en route. Is only a protocol.
![Page 18: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/18.jpg)
18
IPSec Is Not Enough
ADCSs must use asymmetric (public key) encryption.
This requires knowing the public key of the other party. Or whoever the other party
claims to be.To confirm the key, use a
digital certificate from a Certification Authority (CA).
![Page 19: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/19.jpg)
19
Problems withCertification Authorities
Can the CA be trusted? Could be run by an unethical
organization. Employees could be corrupt.
Can the CA guarantee the identity of the entity?
![Page 20: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/20.jpg)
20
Problems withCertification Authorities II
Can the entity be trusted to be non-malicious and competent? Can all its members?
Certificates expire and are revoked But not instantaneously.
These are primarily human problems, not technological.
![Page 21: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/21.jpg)
21
Malicious Client CodeMechanism:
Screen savers and ActiveX controls vs. Java applets
Examining source code
![Page 22: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/22.jpg)
22
Screen Savers and ActiveX ControlsCould be
One-time download (screen saver) Each-time download (ActiveX)
Privileges Essentially unlimited in MS-Windows. Can be limited by careful installation in
Unix.
![Page 23: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/23.jpg)
23
Java AppletsExecute in a “sandbox” with limited
privileges.Can still:
Open windows Send email with your return address Consume system resources.
Can only open a network connection back to the download server. Cannot directly participate in distributed
attack. Limits parallelism.
![Page 24: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/24.jpg)
24
Examining Source Code
Who is competent to examine it?You have to send the source code.
Confidentiality? How to guard against counterfeit code?
![Page 25: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/25.jpg)
25
Counterfeit Client Code: Why?
MaliciousnessCompetitionDenial of servicePayment for services not rendered.
![Page 26: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/26.jpg)
26
Counterfeit Client Code:Possible Defenses
Possibilities suggested by Popcorn: Send the same computation to several
independent clients.Widely applicable, but expensive.
Check the answers.Less expensive, but not as applicable.
Are the resources spent on checking greater than those gained by parallelism?
![Page 27: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/27.jpg)
27
Counterfeit Client Code:Other Possible Defenses
Challenge-response authentication. Is it possible? Reverse engineering? Could a Trojan Horse later corrupt or
replace the client code?Nonces
Cause authentication to expire.
![Page 28: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/28.jpg)
28
Risks Facing Portals
Connecting through a well-known central portal is no guarantee of safety. Computations still come from third parties. Portal operators can identify computation
sources, but not their safety. Portal operators cannot determine what all
their clients will consider ethical. Portal operators must exercise due
diligence, but this may not protect them from liability.
![Page 29: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/29.jpg)
29
In Conclusion
![Page 30: 1 Risks in Anonymous Distributed Computing Systems Michael J. Ciaraldi David Finkel Craig E. Wills Worcester Polytechnic Institute Worcester, MA 01609](https://reader035.vdocuments.mx/reader035/viewer/2022062712/56649ca35503460f94963d9e/html5/thumbnails/30.jpg)
30
Summary
ADCSs are attractive.They present many risks, some unique.Some of these risks:
Have technological solutions. May have human solutions. Have no currently-known solution.
So, keep thinking!The ultimate test: will users be
deterred?