翻译以原文和在同一文件中前

近些年，P2P网络在文件共享应用领域的受欢迎程度飙升，伴随而来的则是其安全 中，我们研究了大多数P2P网络建立所基于的框架；从中分析1 简（FP（既是一个客户又是一个服务器。这种类型的网络被叫做P2P网络。更技术层面的解释是，P2P网络是一种特殊的电脑网络形式。它现实自组织、同步链路容量通常被分散在对等之中；进一步造成控制也被分散。这样，P2P网络模型直接处于传统的主从式网络模型的对立面。然而主从式网络需要服务器具有丰富的能力以满足客户，P2PP2P网络的2 P2P网络的背关于P2P网络的概念首先是在RFC1中于1969年被，RFC暗示了一种“主机对主机”的，任意的客户端-服务器的分类，以提供在电传打字机终端所需享P2P网络式样，互相根据需求传输信息而不需要一个中心。二十世纪九十年代以来，P2P网络应用急速上升，主要在用于多文件交换的文件应用领域。一些著名的和知名度高的文件共享协议包括net，Napster，DirectConnect,GnulaeDonkey2000,andBitTorrent.据估计，在互联网中文件共享比其共享系统的知名度。下面表格是这些P2P协议中最有一些的发展年表。有趣的是，早期的文件共享应用程序，NapsterP2P系统的是服务。然而，Napster公司开辟了道路，以更先进的方法，以文件共享，如看见与后续的应用，如Gnula的，，而且，目前最流行的，BitTorrent的。虽引在服务器上的集中式，节点查询这个服务器的，以找到所需的资源，然后与NapsterBitTorrent也采用了集中式服务器，调用它进行。请注意，虽然资源查找仍然是客户机-服务器模式，但实际

图2.2集 另一种节点发现的方法是查询泛滥，他被应用于新的应用例如Gnula。该方法中节点会直接发布查询到网络中而不是依赖一个服务器上，并可以和任何包含所点在其中分配索引组。在变化的散列函数中，总的想法是在对等查找，以尽量减少查所需的资源节点37发现：2.32222373DHT中式，查询泛滥，或DHT。遗憾的是，可用于破坏或禁用P2P网络的已经被3 对P2P网络的在传统的客户端-服务器模式下，内部数据不被给客户端，但随着P2P的应用，一些内部必须分配工作量的名称会被其他节点接触到。可以利用此来妥协P2P网络。在服务的传统（DoS）中，服务器通常是大量的连接的目标，渲染服务器无法操作。这方面的一个典型的例子是一个TCPSYN洪水，其中客户端向服务器SYNSYN-ACK消息进行响应，并且服务器等待来自客户的情况下，很简单：只需发送的查询数量庞大的，以及由此产生广播风暴将导最近，可以利用P2P网络作为来其他的一些目标，如。从本质害人具有巨大的带宽使用。这种的一个例子浮现于2007年在直连网络使用DC++图3.1通过的同伴DDoS的影响（虚线转移的记录3.2的网对P2P网络的另法是将无用的数据（毒）注入到系统中。由于P2P网络必须以某种方式实现一个查找服务，无论是集中式或双氢睾酮，者可以注入大量无用的查找键-值对进入指数。在指数虚项目可能会减慢查询时间，或者更糟糕，产量无效的查询结果。甚至DHT方法也不能幸免于这种，但由于DHT方法有O（logn）的查找时间，需要大量的。事实上，P2P网络已经了大型机构试图通过的FastTrackP2P网络，以减少盗版的潜在损失在互联网由表。在指数，假记录插入到索引指向一个目标IP和端。当一个节点去搜索资源时，它会从指数收位置信息，无论是从或从其他对等体。建立TCP连接的DDoS生效。在路由表毒，利用了一个事实，即几乎所有的P2P客户端需要保持某种与它连接在电流的路由状态。特别是在DHT系统，每个节点的路由表中包含其为O（logn）的给定网络中的n个节点的邻居。者愚弄同告消息指向的目标。其结果是，在目标接收到洪水的连接请求，并且目标将可能P2P网络中也存在隐私和的问题。在尊重隐私，对等的数据流可以通过节点VoIPSkype，这将流量路由在P2P的方式。虽然该数据流被加密，对等现在携带流具有直接数据包，这将不会P2P许多同龄人被发现在不知不觉中他们的财务，电子邮件和Web缓存数据。由于易P2P网络中的可疑分配的资源，缺乏一位不愿透露的问题变得很明显。例如，BitTorrent文件共享系统直接的IP地址给对方一个群。这将允许在一窝蜂知道谁正在某些资源，例如其他同龄人的。一旦对方的被，进一步的，无论是自然人或法人，可以继续在那个特定的目标定向。配过程。然而，由于在系统中，没有真正的管理员没有，有时免费白吃白喝了其他。在文件共享社区，这通常称为榨取，是令人难以接受，并视为。而P2PIRC（互联网中继聊天）网络非常普遍，榨取已经有所在新的P2PBitTorrent的，一个阻风门系统到位节流带宽，谁不上传了相当该机制在P2P网络中的一个重要问题是和扼杀P2P流量。根据2007年互联网BitTorrent的（从上面的数字，BitTorrent50％的德国的互有的P2P流量。P2PP2P网络，以抵消上述某些。4 P2P网络的保P2P流量和的4.1加密P2PP2P流量更难，可以加密页眉和有效载荷。只用60-80位的，目的不是为了保护数据，而是简单地流足以使其无法检测，而不会产生太大的性能损失。尽管它仍然能够检测加密BitTorrent的流使用基于流量模式和定时复杂的方法，在实践中，它是更难现在来过滤加密流。P2P流量的加密似乎是捡了，按照目前的约20％的BitTorrent流量是加密的。由化节点，P2P网络可以保护网络上的节点和用户的，一些加密不仅不能保证。而真正的不能真正在网络上存在，一个的P2P提供了足够的使得它很难找到一个数据流的源或目标。它通过使所有的在网络上通用的发送者和接此操作。这是不可能单纯依靠的P2P隐藏文件共享应用程序的使用，而无需使用加密。然而，使用加密与的P2P会产生可能是可用的最安全的P2P的使用体验今5 小的隐私和使用安全问题在P2P网络可以是地址。为了打击P2P网络的直接，精心的设计和实施方案的要求对P2P的设计师。因此，P2P将继续成为一个重要的问题，因为无疑将变得越来越复杂和设计师反驳与聪明的P2P协议。6 [Risson04]J.Risson,T.Moors."SurveyofResearchTowardsRobustPeer-to-PeerNetworks:SearchMethods."[Crocker69]S.Crocker."HostSoftware."RFC1.[Sundsted01]T.Sundsted."ThePracticeofPeer-to-PeerComputing:IntroductionandHistory."IBMdeveleoperWorks.[Usenet07]"Usenet."Wikipedia.2007.[Kurose05]J.Kurose,K.Ross.ComputerNetworking:ATop-DownApproachFeaturingthe[Bala03]M.Balakrishna,M.Kaashoek,D.Karger,R.Morris,I.Stoica."LookingUpDatainP2PSystems."CommunicationsoftheACM.[Schoder05]D.Schoder,K.Fischbach."CoreConceptsinPeer-to-Peer(P2P) [Naoumov06]N.Naoumov,K.Ross."ExploitingP2PSystemsforDDoSAttacks."InternationalWorkshopon[DDoS07]"P2PNetworksHijackedforDDoSAttacks."Netcraft. [Liang06]J.Liang,N.Naoumov,K.Ross."TheIndexPoisoningAttackonP2PFile-Sharing [Suvanto05]M.Suvanto."PrivacyInPeer-to-PeerNetworks."HelsinkiUniversityofTechnology.2005.[P2P04]"P2PorPeer-to-PeerSafety,PrivacyandSecurity."FederalTradeCommission. [Internet07]"InternetStudy2007."ipoqueGmbH.2007. [Comcast07]"ComcastContinuestoBlockPeertoPeerTraffic."Slashdot.2007.[Ohio07]"OhioUniversityBlocksP2PFileSharing."Slashdot.[PE07]"BitTorrentProtocolEncryption."Wikipedia."AnonymousP2P."Wikipedia.P2P7

ACK-TCPDDoS-分布式服DoS-服务的DHT-分布式哈希表FTP-文件传输协议HTTP超文本传输协议IRC-互联网中继聊天ISP互联网服务提供商P2P-对等的对等RFC-SYN-在TCP连接第一条消息SYN-ACKTCP连接第二个消息TCP-传输控制协议TTY网 -互联网语音协ASurveyofPeer-to-PeerNetworkSecurityJamesInrecentyears,peer-to-peer(P2P)networkshavesoaredinpopularityintheformoffilesharingapplications.Withthispopularitycomessecurityimplicationsandvulnerabilities.Inthispaper,weexaminingtheframeworkonwhichmostP2Pnetworksarebuilt,andfromthis,weexaminehowattacksonP2Pnetworksleveragetheveryessenceofthenetworksitself:decentralizationofresourcesandofcontrol.Additionally,welookattheprivacyandusageattacksthatariseinP2Pnetworksaswellasapproachesthatcanbeusedaddresssomeoftheseissues.TableofDefinitionofBackgroundofP2PApplicationsofP2PCentralizedQueryDistributedHashAttacksonP2PPoisoningthePrivacyandFairnessinBlockingofP2PSecuringP2PEncryptingP2PAnonymousListofInatraditionalcomputernetwork,oneormorecentralserverstypicallyprovidealloftheservicesavailableonthenetwork.AnexampleofthisisthenumerousFTP(FileTransferProtocol)andHTTP(HyperTextTransferProtocol)serversontheInternetthatprovidefileresourcesfordownloadfrom sseekingtheseservices.Incontrasttothis -servermodelofanetwork,anotherapproachistodistributethebruntofprovidingservicesamongthenodes,orpeers,suchthateachnodeisbotha andaserver.Thistypeofnetworkiscalledapeer-to-peer(P2P)network.DefinitionofMoretechnically,aP2Pnetworkisaspecialtypeofcomputernetworkthatexhibitsself-organization,symmetriccommunication,anddistributedcontrol[Risson04].Thenetworkisself-organizinginthatthereistypicallynocentralizationofresources.Asaresult,linkcapacityistypicallydistributedthroughoutpeersinthenetwork,andasaresultcontrolisdistributed,aswell.Assuch,theP2Pnetworkmodelstandsindirectcontrasttothetraditional-servernetworkingmodel.Whereasa-servernetworkrequiresthattheserverhascopiouslinkcapacitytofeeds,aP2Pnetworkpoolstheresourcesofeachpeerforthecommongood.However,duetothedecentralizedandpeer-relyingnatureofP2Pnetworks,theyarealsosusceptibletoattacks,whichwewillexploreinthispaper.First,wepresentsomebackgroundonP2Pnetworks,includingitsinception,riseinpopularityasanapplication,and1of 1/9/200812:32queryingstructure.Next,weexaminedifferentwaysthatP2Pnetworksareoftenattacked,includingdenyingservices,contaminatingthenetwork,andcompromisingalinformationofthepeers.Finally,welookatsomesolutionstotheattacksandsecurityissues.BacktoTableofBackgroundofP2PThenotionofP2Pwasfirstestablishedin1969,inthefirstRequestforComments,RFC1.TheRFCimpliesa"host-to-host"connection,indiscriminateofa-servercategorization,whichprovidesresponsesinthefashionofetype(TTY)terminals[Peer07][Crocker69].However,thefirsttrueimplementationofaP2PnetworkwasUsenet,developedin1979[Sundsted01].InUsenet,whileend-usersstillaccessresourcesthroughservers,serversthemselvespeerwitheachotherinthefashionofaP2Pnetwork,sendingmessagestoeachotherondemandwithoutacentralauthority[Usenet07].ApplicationsofP2PSincethelate1990s,therehasbeenasurgeofpopularityinP2Pnetworkapplications,mainlyintheformoffilesharingapplicationsusedtoexchangemultimediafiles.Someofthemostpopularandhigh-profilefilesharingprotocolsincludenet,Napster,DirectConnect,Gnula,eDonkey2000,andBitTorrent.Bysomeestimates,filesharingaccountsformoretrafficthananyotherapplicationontheInternet[Kurose05].Byfar,therecentriseinresearchinterestgeneratedintheP2Pfieldhascomefromthepopularityoffilesharingsystems.BelowisatableofthetimelineofdevelopmentofthemostinfluentialoftheseP2Pprotocols[Peer07]:FirstP2PJulySeptemberNovemberDirectMarchSeptemberAprilTable1:timelineoffirstreleasedatesofpopularP2PInterestingly,theearlyfilesharingapplication,Napster,wasreallymoreofadirectoryservicethanapureP2Psystem.Nonetheless,Napsteropenedthewaytomoreadvancedapproachestofilesharing,asseenwiththesubsequentofapplicationssuchasGnula,eDonkey,and,currentlythemostpopular,BitTorrent.WhiletheseapplicationsareallconsideredP2Papplications,peerandresourcediscoveryisadistinguishingfeatureofdifferentP2Pnetworks,asexinedCentralizedOnemajorissuewithanyP2Psystemisthediscoveryofpeersandresourcesinthenetwork.Sincetherearenofixedservers,peersmustrelyonsomemethodtolocatefellowpeers.Themostbasicapproachisacentralizeddirectorywhereresourcesareindexedonacentralserver,andpeersquerythisserverforalookuptofindthepeerwiththedesiredresource,thenmakeaconnectiontothepeer[Kurose05].ThisapproachwastakenbyNapster,forexample.BitTorrentalsousesacentralizeddirectoryserver,callingitthetracker.Notethatwhileresourcelookupisstill-server,theactualresourcetransmission,whichaccountsforthebulkofthenetworkcapacityusage,isstillP2P.Belowisadiagramofthebasiclayoutofthistypeof2of 1/9/200812:32Query

Figure2:acentralizeddirectoryserverAnotherapproachtowardspeerdiscoveryisqueryflooding,whichisusedbynewerapplicationssuchasGnula.Thepremisehereisthatinsteadofrelyingonacentraldirectoryserver,apeerwoulddirectlybroadcastaquerytothenetwork,andwhomeverhasthedesiredresourcewouldrespond.Notably,inthisapproach,thereisnocentralpointoffailure.However,floodingthenetworkhasbandwidthusageconsiderationsthatcouldaswellleadtoanunintendedselfdistributeddenial-of-service(DDoS)attackonthenetwork(anetworkstorm).Avariantofthequeryfloodingapproachistoselectcertain,high-availabilityandhigh-capacitynodes,assupernodes.Thesesupernodesaregiventhetaskofindexingpeerswithinitsownandansweringandcreatingqueriesfromandtoothersupernodes.Thisapproachreducesbandwidthusagesbyalargemargin,butitdoesnotreallyremovetheinherentproblemswithqueryflooding[Kurose05].DistributedHashDistributedhashtables(DHT)havebeenintroducedaround2001viatheprojectsChord,Kademlia,Pastry,andTapestry.ADHTisessentiallyahashtable,possessingkey-valuelookupfunctionality,withtheindexdistributedamongpeersinagroup.Therearevariationsinthehashfunction,butthegeneralideaistominimizethenumberofpeerlookupsuponqueryingforaresource.Typically,O(logn)lookupsgivennnodesareneededforaquery[Bala03].DHTsystemsessentiallydistributethecentralizeddirectoryapproach,eliminatingasinglepointoffailure.MostofthenewerP2Pprotocols,includingtrackerlessBitTorrent,havebeenupdatedtosupportDHTlookups.Below,wehaveasamplelookupoperationoriginatingfromnode2untilthedesiredresourceisfoundonnode37:Figure2:aDHTqueryfromnode2to22to23toDespitethesedifferentmethodsofquerying,theactualtransmissionofresourcesisstilldoneinP2Pfashion,whetherusingcentralizeddirectory,queryflooding,orDHT.Unfortunay,attackshavebeenfoundthatcanbeusedtodisruptordisabletheP2Pnetwork.3of 1/9/200812:32BacktoTableofAttacksonP2PSinceP2Psystemsinherentlyrelyonthedependenceofpeerswitheachother,securityimplicationsarisefromabusingthetrustbetweenpeers.Inatraditional-servermodel,internaldataneednotbeexposedtothe,butwithP2P,someinternalsmustbeexposedtofellowpeersinthenameofdistributingtheworkload[Schoder05].AttackerscanleveragethisincompromisingP2Pnetworks.DistributedDenial-of-Inatraditionaldenial-of-service(DoS)attack,aserverisusuallythetargetofmassiveconnections,renderingtheserverinoperable.AclassicexampleofthisisaTCPSYNfloodattack[Naoumov06],inwhichthesendstheserveraSYNmessage,theserverrespondswithaSYN-ACKmessage,andtheserverawaitsanACKmessagefromthe.However,theattackingsimplydoesnotreplywithanACKmessage,hencetyingupserverresources(memory)asitfutilelywaits.Meanwhile,thecancontinuetoopenmanymorenewnon-ACK'edconnections,bringtheserverultimaytoitsknees,andhenceadenial-of-servicetootherlegitimates.InaP2Pnetwork,attackerscanmakeuseofthequeryingnatureofP2Pnetworkstooverloadthenetwork.InthecaseofthequeryfloodingP2Pnetwork,theattackisstraightforward:simplysendamassivenumberofqueriestopeers,andtheresultingbroadcaststormwillrenderportionsofthenetworkMorerecently,attackscanharnesstheP2Pnetworkasanagenttoattacksomeothertarget,suchaswebsites.Essentially,peersinthenetworkaresubverted,asexinedinthenextsection,torequestfilesfromatarget,overwhelmingthevictimwithenormousbandwidthusage.Anexampleofthiskindofattacksurfacedin2007intheDirectConnectnetworkwithusersusingtheDC++filesharingapplication[DDoS07].BelowisafigureofaDDoSattackofthiskind:Figure3:aDDoSattackineffectviapoisoningthepeers(dottedlinesaretransferredpoisonedPoisoningtheAnotherapproachtowardsattackingaP2Pnetworkistoinjectuselessdata(poison)intothesystem.SinceP2Pnetworksmustimplementalookupserviceinsomeway,whetheritbeacentralizeddirectoryoraDHT,anattackercaninjectlargeamountsofuselesslookupkey-valuepairsintotheindex.Bogusitemsintheindexcouldslowdownquerytimesor,worse,yieldinvalidqueriesresults.EvenDHTsarenotimmunetothisattack,butsinceDHTshaveO(logn)lookuptime,alargeamountofpoisonisrequired.Infact,poisoningaP2PnetworkhasalreadybeenwitnessedontheInternetaslargepublishingorganizationsattempttolessenthepotentiallossesofpiratedmediabyattackingtheFastTrackP2Pnetwork[Liang06].PoisoningcanalsobeusedasfodderforDDoSattacks.Thiscanbe plishedintwoways,byindexpoisoningorroutetablepoisoning.Inindexpoisoning,fakerecordsareinsertedintotheindexpointingtoatargetIPandportnumber.When4of 1/9/200812:32peergoestosearchforaresource,itwouldreceiveboguslocationinformationfromapoisonedindex,eitherfromacentraldirectoryorfromanotherpeer.Therequestingpeerthenmakesaconnectiontothetarget,perhapsconfusionthetargetor,ifthetargetacceptstheconnection,aTCP-connectionDDoScomesintoeffect.Inroutetablepoisoning,theattackleveragesthefactthatalmostallP2Psneedtomaintainsomekindofroutingstateofthecurrentpeerswithwhichitisconnected.ParticularlyinaDHTsystem,theroutetableofeachpeercontainsitsO(logn)neighborsgivennnodesinthenetwork.Theattackerdupespeersintoaddingbogusneighborsintoeachpeer'sroutetable,andinsomecases,thisassimpleasmakinganannouncemessagepointingtothetarget.Theresultisthatthetargetreceivesafloodofconnectionrequests,andthetargetwilllikelyrejectthem.Typically,P2Pprotocolshaveamechanismtoremovestalepeersfromtheroutingtable,updatingitconstantly.Thus,aftertheburstoftraffictothetarget,thetargetisremovedfromtheroutetablesofconnectingpeers[Naoumov06].PrivacyandP2Pnetworksalsopresentprivacyandidentityissues.Inrespecttoprivacy,apeer'sdatastreammaybecompromisedbyfellowpeerswhoassistintransmittingthedata.AdirectexampleisthatofVoIPapplications,suchasSkype,whichroutetrafficinaP2Pfashion.Thoughthedatastreamisencrypted,apeerwhichcarriesthestreamnowhasdirectaccesstothedatapackets,whichwouldnotbethecaseintraditionalrouting.Furthermore,Skype'sencryptionschemeisproprietary,sotherecanbenoverificationthatthemethodiscompleysecure[Suvanto05].Also,inherentinthenatureofP2Papplicationsistheopensharingofprivatefiles.Inasurveyofusers,averysmallminoritywereactuallyawareofthespecificfilesthattheuserwassharing.InanotherstudyontheKazaanetwork,manypeerswerefoundtobeunknowinglysharingtheirfinancial,,andwebcachedata[P2P04].Duetotheease-of-useoftypicalfilesharingapplications,manyusersmayverywellnotbesavvyenoughtorealizetheprivacyimplicationsofusingaP2Papplication,makingthejoboftheattackerveryeasy.InP2Pnetworkswhichdistributeresourcesofdubiouslegality,theissueoflackofanonymity esapparent.Forexample,theBitTorrentfilesharingsystemdirectlyexposestheIPaddressofpeerstoeachotherinaswarm.Thiswouldallowpeersintheswarmtoknowtheidentityofotherpeerswhoaredownloadingcertainresources,forexample.Oncethepeer'sidentityiscompromised,furtherattacks,whetherphysicalorlegal,cancontinuetobedirectedatthatspecifictarget.FairnessinSinceP2Pnetworksdependonthecooperationofitspeers,anassumptionismadethatallpeerstoshouldcontributetotheresourcedistributionprocess.However,sincethereisnoauthorityinthesystem,norealadministrator,peersaresometimestoloadoffotherpeers.Inthefilesharingcommunity,thisistypicallycalledleechingandisfrowneduponandconsideredcheating.WhileextremelyprevalentinolderP2Pnetworks,includingtheIRC(InternetRelayChat)network,leechinghasbeensomewhatmitigatedinnewerP2Papplications.Forexample,inBitTorrent,achokesystemisincetothrottlebandwidthtopeerswhodonotuploadafairamount.Thus,leechersareabletodosoforashortamountoftimebeforeotherpeerslearnofitspresenceandsubsequentlyrefusetocooperatewithit,sharingwithitatanincreasinglyslowerBlockingofP2PAnimportantissuethatloomsoverP2PnetworksisblockingandthrottlingofP2Ptraffic.Accordingtoa2007Internetstudy,69%ofInternettrafficinGermanyisP2P,withHTTPwaybehindat10%.WithinP2Ptraffic,BitTorrentaccountsfor67%,withthenexthighestbeingeDonkeyat29%[Internet07].GiventhestaggeringproportionofInternettrafficaccountedforbyP2Papplications,especiallyBitTorrent(fromthenumbersabove,BitTorrentaloneaccountsfornearly50%oftheGermany'sInternettraffic),itisnotsurprisingthatISPsarestartingtoblockportsonwhichwell-knownfilesharingapplicationsrun.Forexample,ComcastrecentlystartedtothrottleanddroppacketsofBitTorrenttraffic,effectivelyblockingitscustomersfromrunningthesoftware[Comcast07].Goingevenfurther,OhioUniversityrecentlystartedtoblockallP2Ptrafficonitscampus[Ohio07].WhilesecurityissueswithP2Pare ingincreasinglyrampant,recenteffortshaveattemptedtonullifysomeoftheabovevulnerabilitiesbysecuringP2Pnetworks.BacktoTableofSecuringP2P5of 1/9/200812:32GiventhesecurityissueswithP2Pnetworksdescribedabove,therearetwostraightforwardapproachestosecuringP2Pnetworks:encryptingP2Ptrafficandanonymizingthepeers.EncryptingP2PByencryptingP2Ptraffic,thehopeisthatnotonlywillthedatabesafelyencrypted,butmoreimportantly,theP2Pdatastreamisencryptedandnoteasilydetectable.Withtheactualconnectionstreamcompleyencrypted,it esmuchharderfortheP2Ptraffictobedetected,and,thus,attacked,blocked,orthrottled.AverygoodexampleofdevelopmentinthisarenaisencryptedBitTorrent,whichcanencryptboththeheaderandthepayload.Usingonly60-80bitsforthecipher,theaimisnottoprotectthedatabutinsteadtosimplyobfuscatethestreamenoughsothatitisnotdetectablewithoutincurringmuchofaperformancehit.AlthoughitisstillpossibletodetectencryptedBitTorrentstreamsusingsophisticatedmethodsbasedonpatternandtimingofthetraffic,inpractice,itismuchhardertofilterencryptedstreamsnow[PE07].EncryptionofP2Ptrafficseemstobepickingup,ascurrentlyabout20%ofBitTorrenttrafficisencryptedAnonymousByanonymizingpeers,theP2Pnetworkcanprotecttheidentityofnodesandusersonthenetwork,somethingthatencryptiononlycannotensure.Whiletrueanonymitycannotreallyexistonanetwork,ananonymousP2Pprovidesenoughanonymitysuchthatitisextremelydifficulttofindthesourceordestinationofadatastream.Itdoesthisbymakingallpeersonthenetworkuniversalsendersanduniversalreceivers,thusmakingitpracticallyimpossibletodetermineifapeerisreceivingachunkofdataorsimplypassingitthrough.ItisnotpossibletorelysolelyonanonymousP2Ptohidethefilesharingapplication'susewithoutusingencryption[Anon07].However,usingencryptiontogetherwithanonymousP2PwouldyieldpossiblythemostsecureP2Pusageexperienceavailabletoday.BacktoTableofWehavegoneoversomeofthebasicsofP2PnetworkingandexaminedsomeattacksandissueswithP2Pnetworks.AkeyproblemforsecuringP2Pnetworksisthat,becauseofitsinherentdecentralizednature,therelacksthemeansforcentraladministration,andthuscontrol,requiredtocombatsecurityattacks[Friedman03].Nonetheless,bysecuringtheP2Pnetworkusingencryptionandanonymoussystems,someattacksandmostoftheprivacyandusageissuescanbeaddress.Tocombatthedirecta