[p2p-hackers] P2P Authentication
Paul Boehm
paul at soniq.net
Tue Oct 25 16:18:51 UTC 2005
Frank Moore wrote:
> I want a client to join a P2P network after authenticating itself to a
> streaming server.
> The server needs to authenticate that the client is not a rogue who will
> subvert the stream.
> Once the client has authenticated and can join the network it will be
> allowed to stream to other
> peers below it in the network hierarchy.
Frank,
I'm not sure if there are any viable strategies for ensuring that a
client hasn't been tampered with. Just like with classical copy
protection schemes, all known countermeasures are easily bypassed, and
all known obfuscation schemes don't render reverse-engineering
significantly more difficult.
Your best bet probably is to design the security measures into the
protocol, e.g. by authenticating the transmitted data, or by asking
other peers to connect to random other streaming peers to verify they
are not tampering with the data. What measures are neccessary or most
effective of course depends on your application, and what attacker model
you are dealing with in the first place. But the common theme is to let
the network do the job, not the local clients of would-be attackers.
Paul
More information about the P2p-hackers
mailing list