SECURITY MECHANISMS OF A LEGAL PEER-TO-PEER FILE SHARING SYSTEM
Author(s):
Sebastian Schinzel,
Martin Schmucker,
Peter Ebinger
Paper abstract: Contrary to Digital Rights Management systems (DRMS), CONFUOŠO [Schmucker, M. and Ebinger,
P., 2005] is a legal peer-to-peer file sharing application that controls content distribution as opposed to
content usage. A central entity called Trusted Third Party (TTP) validates whether users are allowed to
legally distribute a particular content and users within the CONFUOŠO system enable peer monitoring
to identify irregularities.
Several of the core features (such as inter-user observation) have not yet been tested or approved for use
on the Internet. This article demonstrates the iterative improvement of CONFUOŠOs security over
conventional DRM systems. A summary of the extensive security analysis performed to identify threats
and potential vulnerabilities resulting from the abuse of this new protocol is presented and led to the
discovery of a possible Denial-of-Service (DoS) threat. In this installment, several advances for
CONFUOŠOs architecture involving the introduction of public-key technology and user-based
accountability are presented, which significantly increase the overall security of the system.
