The distributed P2P architecture of mesh-pull
streaming systems makes them prone to various
security threats. A malicious peer in the system
may mix video stream with bogus chunks that
can significantly degrade the quality of the rendered media at the receivers. This peer can also
advertise a large number of non-existing peers
who are interested in the same channel; therefore, a legitimate peer may find it difficult to
identify other legitimate peers to download
video chunks. Due to the low distribution cost of
P2P streaming, we expect user-generated live
video content (emanating from Web cams and
wireless devices) to be distributed using P2P
mesh-pull architectures. The origin video server
from a user is usually a computer with limited
CPU power and network capacity. If malicious
peers connect to this server and occupy its bandwidth, without sharing the video chunks with
other peers, other peers are not able to enjoy
the video at all. A mesh-pull streaming system
potentially consists of hundreds of thousands of
peers. If malicious peers advertise that one victim host has abundant video chunks, other peers
may send chunk requests to this victim host, consuming the CPU power and network bandwidth
of this host. As a result, this victim host may
undergo denial-of-service (DoS) attacks.
Similar attacks have been studied heavily in
P2P file-sharing applications; nevertheless, few
attacks have been reported for mesh-pull IPTV
systems. Due to the real-time communication in
IPTV, the potential attacks on mesh-pull systems
can be devastating. In [10], a chunk pollution
attack is demonstrated to severely degrade the
performance of an IPTV application. In the experiment, before launching the attack, a particular
channel had about 3300-plus viewers before the
attack; during the attack the number of viewers
dropped to about 500 within 30 minutes. The
video quality became unacceptable for a large
majority of peers, and they eventually left the system. In defending this attack, chunk signing is an
effective mechanism. In chunk signing techniques,
the so-called authentication information, or signature, must be transmitted to the receivers along
with the chunks. This authentication information
can either be provided by the source (in which
case, the load on the source might be high) or
could be distributed through the P2P system itself,
in the form of a separate stream, or be piggybacked with video chunks. A peer receives each
chunk and its corresponding signature one by one,
verifies its integrity, and plays back (and forward)
only if the chunk is valid; otherwise it rejects the
chunk as being polluted. In facing the security
challenges in mesh-pull streaming systems,
researchers and developers should meet the realtime requirements for defense. They may benefit
from the lessons in combating the pollution, poisoning, and DoS attacks in P2P file sharing