Enterprise strength security on a JXTA P2P network

摘要

Summary form only given. When one begins to think about security and P2P networks, and in particular, ad-hoc P2P networks with no real centralization, there are potentially billions of peer nodes, all possibly vulnerable to attack in a multitude of ways: Impersonation attacks and thus identity theft by unauthorized or falsely authorized parties; Invasion of privacy and all that that carries with it; Loss of data integrity; We imagine the equivalent of antimatter, a complete negation of the fundamental principles of security, or the antisecure net. Those among us with a strong interest in the secure net, and making P2P not only an accepted but preferred way of both doing business in the enterprise as well as protecting the personal privacy of the innocent users of P2P software require a toolbox with sockets, and a socket wrench that is capable of applying the torque that is appropriate to each scenario we wish to secure. It is easy enough for each peer node to be its own certificate authority, create its own root and service certificates, distribute the root certificate out-of-band or in some cases inband, different sockets for different scenarios, and then use transport layer security to insure two way authorization and privacy. Another socket that can be used by small communities of peers to assure that the public keys that they distribute can be trusted with some degree of certainty based on the reputation of the signers. Finally, without actually using a recognized CA, one can apply even more torque to tighten the security on a P2P network. Select one or more well protected and trusted systems, and give to them certificate-granting authority. These systems are unlike standard CAs in the sense that they are peers in the P2P Network. To acquire a certificate the peer must be authorized perhaps by using an LDAP directory with a recognized protected password. Here, the CA can also use a secure connection to a corporate LDAP service to authorize requesting peers. In the end, each of the above scenarios, each socket in our mythical toolbox, is a not so mythical. This is how Project JXTA approaches security, and what we will discuss in this keynote presentation.