Statement of John Hale

Assistant Professor of Computer Science and

Director, Center for Information Security,

The University of Tulsa

Before the Subcommittee on

Courts, the Internet and Intellectual Property

Committee on the Judiciary

U.S. House of Representatives

Oversight Hearing on Peer-to-Peer Piracy on University Campuses

February 26, 2003

Mr. Chairman, Ranking Member Berman, and Members of the Subcommittee, I would like to thank you for the opportunity to come before you today and speak on an issue that is of extreme importance to American institutions of higher education and, of course, to copyright owners world-wide.

As an Assistant Professor of Computer Science at the University of Tulsa and as an information security researcher, I have seen media piracy on college campuses pace the evolution and growth of the Internet, and now experience a true revolution with the advent of peer-to-peer (P2P) networking. Broadband Internet access in dormitories and campus apartments has extended the perimeter of the university learning environment to beyond the traditional classroom and laboratory settings. Coupled with P2P technology, it has also created new opportunities for abuse.

In particular, the high bandwidth available to college students and ready supply of music, movies, software and games courtesy of the most popular peer to peer networks have fostered an environment where piracy on a large-scale is not only possible, but commonplace. It is ironic that Internet2 institutions like the University of Tulsa could see a significant fraction of this new bandwidth, which was put in place to foster academic research and collaboration, used for illegal file sharing.

College students are early and aggressive adopters of new technology. Unfortunately, many have an overly casual attitude about file sharing on peer-to-peer networks. Some do not even seem to see any real moral, ethical or even legal dilemma with media piracy over the Internet, and most do not fully appreciate the security implications of exposing a computer to a wide-open P2P network.

Like other universities, The University of Tulsa is trying to cope with these problems without sacrificing student liberties. We have responded to complaints of copyright infringement and worked to prevent the continued violations of known infringers. We also have developed the capability to block certain types of peer-to-peer network traffic, while allowing students to use and enjoy a broad spectrum of Internet services.

Moreover, and most unfortunately, our university may have to soon cap (or throttle) bandwidth in the residential halls at the request of our upstream Internet Service Provider, who provides Internet access to most of the four-year colleges in Oklahoma. This technique reduces the flood of network traffic to an acceptable level, along the way inhibiting (to some extent) mass file sharing, but also impeding any legitimate use of a network that might require substantial bandwidth resources. However, alternative traffic-shaping strategies exist that can pinpoint and mold peer-to-peer network flows with greater precision. The challenge here is in keeping up with new networks and technologies, and in staying on top of the constant game of cat-and-mouse played between P2P developers and enterprise network security architects.

The Center for Information Security within the University of Tulsa is also doing its part to combat Internet piracy and to raise awareness of unsafe computer use practices. Many of our information assurance classes directly address ethics and media piracy, and educate students on security issues and operational risks of running untrusted network applications. Changing the mindset of students is perhaps the biggest challenge, but it is by definition, our job as educators.

Aside from piracy, another major concern is how P2P networking clients installed on university and student-owned computers can result in increased security vulnerabilities in a university network. All software has flaws, and some flaws create exposures that can be exploited to violate the security of a system. Several factors conspire to make the risks induced by security exposures in P2P software much more serious.

The first factor is that P2P clients connect systems to massive ad hoc networks that are beyond the administrative control of any one enterprise. This extreme level of connectivity radically expands the security perimeter of a network. As a result, security vulnerabilities in P2P clients are accessible to every user on that P2P network, regardless of their location. In short, P2P clients dramatically amplify exposures to external threats.

In an effort to maintain a larger network population, P2P client developers have implemented deceptive strategies in their clients to conceal file sharing activity from users and system administrators. Most of the more popular P2P clients do not totally shut down on an exit command from a user. Rather, they fade into the background, continuing to export shared folder contents. It is only when and if a user notices the small client icon in the system task bar that they have an opportunity to leave the file trading network. The goal is obvious: Less sophisticated users will exit the main interface, but not notice they are still connected to the trading network. Another risk confronts less sophisticated users. Haphazard configuration of a P2P client could result in sharing a folder containing sensitive data (instead of music), perhaps even unintentionally sharing the contents of an entire hard drive.

P2P clients are also beginning to make more frequent use of ‘tunneling’ and ‘port hopping’ techniques to avoid detection by network firewalls and filters. Tunneling embeds P2P messages within another protocol so that they blend in with other traffic, and become more difficult for firewalls and filters to detect. An alternative strategy is for clients to vary the communication ports they use (port hop), once again making it more challenging for blocking software to recognize P2P traffic.

Another factor is the emergence of executable media content. Executable media content, such as is found in Microsoft’s Advanced Systems Format and is now possible under the MPEG-4 standard, enriches an entertainment experience by providing multimedia enhancements and greater interactivity. Of course, the expressive scripting and programming environments that support these technologies can also be abused. Email attachments became a popular mode of computer virus transmission only after the introduction of scripting content in word processing documents and web pages.

The weak ‘viruses’ that have been reported on some peer-to-peer networks barely hint at the real potential of self-replicating code in these environments. More suitable examples can be found in the Code Red, Nimda and Slammer worms that targeted Internet web servers. In the case of a true P2P worm, the damage could be even more widespread, it could penetrate deeper into enterprise networks, and due to the stealthy nature of the client software, detection and remediation would be more problematic. The recipe is simple: massive connectivity, exploitable software, and active content. It is probably only a matter of time before a high profile event occurs.

Yet another factor that affects the integrity of P2P clients, is the common industry practice of embedding spyware in them. P2P developers bundle spyware in their clients as a way to generate revenue. Spyware monitors user behavior and tracks user web browsing habits. The information collected by spyware is typically sold to direct-marketing companies. The problem here is the trustworthiness of the embedded software as it is routinely created by unknown third parties. Spyware is, by construction, difficult to detect and may be impossible to disable or remove from a client.

These threats call for increased technical controls on file trading activity in enterprise networks. Techniques for monitoring and filtering P2P traffic have been developed and do work. And some of these strategies may require no more intrusiveness than extracting the ‘to’ and ‘from’ addresses found in packet headers. Even the more sophisticated P2P signature detection schemes do not necessarily reveal who shares what on a network.

Unfortunately, filtering and blocking will become less effective over time as P2P developers integrate additional counter measures. Ultimately, end-to-end encryption of communication channels will make it virtually impossible for system administrators and Internet Service Providers to monitor network traffic. For this reason, researchers in the Center for Information Security at the University of Tulsa are developing and analyzing alternative strategies for protecting digital content in peer-to-peer networks. “P2P Fear and Loathing: Operational Hazards of File Trading Networks,” a white paper we prepared for this Subcommittee in a September 2002 hearing, presents some of our early investigations and is submitted as part of this written testimony. In particular, we are studying two techniques, interdiction and file spoofing, that have been put into practice by some digital rights management companies. These techniques seek to impede copyright infringement through direct participation in peer-to-peer networks.

Interdiction is a technique that swamps the download request queue of a copyright infringer so that other requests are starved out. This counter measure constitutes a high-level Denial of Service attack on a P2P client, but does not necessarily impair general system performance or the performance of the underlying network. One undesirable side effect of this approach is that all download requests to the would-be infringer are impacted, even those that would not constitute a copyright violation.

Like interdiction, file spoofing inhibits copyright infringement through direct participation in peer-to-peer networks. However, while interdiction attacks the download process, file spoofing targets the search process. In this approach, a collection of clients flood a peer-to-peer network with bogus search results linked to decoy media. File spoofing has one advantage in that legitimate queries can go unaffected, but more research needs to be done to evaluate how a network would respond to large scale deployment.

Peer-to-peer network technology is elegant, robust and has a bright future in computing. But it is experiencing some serious growing pains, and this is nowhere more evident than on our college campuses. It will take a combination of efforts on multiple fronts to help this promising technology survive its adolescence. Users must be made aware of the risks of installing and running P2P clients on personal and enterprise networks. Attitudes towards piracy must change. And the potential of novel anti-piracy technologies should be more closely examined. There is a lot at stake, and not just for copyright owners.