I recently heard a talk given on Peer to Peer networks and there are a few issues that I haven't seen addressed in any of the literature. I should note that I only really encounter security and privacy related stuff, but I think this ducktails with forensics as well. The first issue is a decent security system for a Peer to Peer network that cleanly adds and removes trust groups and members of those trust groups. How do you authenticate over a distributed environment? Once you are authenticating, whos authentication will you trust, and to what level? Now comes the forensics part: :-) Peer to peer is kinda scary because of the flat playing feild and the naturally distributed nature of it. There is no one point of entry, but there is also no one point of failure. It's a classic tradeoff. The bigger questions is, assume you can distribute authentication in a secure manner, and in such a way that you don't cripple a processor or a network like with traffic. What is logging in this envrionment going to be like? How do you collect information about an inherintly amorpheous object and still avoid a "server-client" model? How do you log discretely but effectivly? Can you log a node, but protect the identity of that node? I'm sure there is some work in this already, but I haven't seen any very clean elegant solutions. I saw one for hiding user identity, but it used an "ecryption-wrapper" approach which just didn't scale. On a completely unrelated topic, it might be nice to have distributed monitors to locate and stop DDoS attacks and note their source. This is an internet wide topic, but who knows, such things end up in the IERF before you know it. :-) Just a few ideas on what I think might be nice to capture in terms of information. You can imagine all the privacy issues that this might raise. Just look at Carnivour. Hope this helps! Sam On Sun, 17 Mar 2002, mstevenson wrote: > Hello, > > I know that most of you are practitioners in this field (as I am), but I decided to give it a shot anyway. > > I'm starting a Ph.D. in CS and I want to research on computer forensics. However, my advisor knows very little about forensics, and I'm having a difficult time trying to find a suitable research topic. > > Does anybody here have a suggestion? Perhaps some crazy idea you had but you thought, "Oh, only in grad school I'd have the time to try it"? > > Thanks for your input, > > -- > Matthew K Stevenson > mstevensonat_private > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 07:30:53 PST