Peer-to-Peer Computing >> Meeting the P2P Challenge
Every semester brings new technological challenges to the staff at the University
of Florida, and September 2003 was no different from the norm. Students flocked
to campus after a summer of freedom, wielding the peer-to-peer (P2P) applications
Kazaa, Cheetah, Grokster, and a variety of others. Building on the technology
behind the infamous (and moribund) Napster file-sharing application, these alternatives
allowed students to share music files, movies, and other digitized content with
their compatriots both on campus and off. To do so, they only had to set up
their computers to download lists of files, rev up their programs, and head
out to class while their machines handled the dirty work.
At the time, UF officials admitted that nearly 90 percent of the school’s
outbound bandwidth was being used for P2P. Adding insult to injury, the same
officials received 40 notices of copyright violations each month, and reported
that in any average 24-hour period, 3,500 of the 7,500 students in residence
halls were using P2P services. To put these figures into more straightforward
terms, although the campus network had been designed to enhance the educational
process, in the end it was serving mostly as a conduit for the latest Modest
Mouse songs and Paris Hilton videos. Looking back, Robert Bird, coordinator
of Network Services for the school’s Department of Housing, says that
peer-to-peer technology basically ground network performance to a standstill.
“To say the problem was rampant would have been the understatement of
the century,” he quips. “Even after Napster, we were up to our eyeballs
in P2P, and no matter what we did to try to minimize the problems, they just
wouldn’t go away.”
UF is not the only school to fall victim to P2P; across the country, at academic
institutions large and small, technologists are grappling with ways to fight
the evolving challenges of peer-to-peer. While many of these file-sharing applications
crimp network bandwidth, they also present huge problems for copyright evangelists
at organizations such as the Recording Industry Association of America (RIAA;
www.riaa.com), who complain
that sharing files without paying for them is illegal. These problems certainly
aren’t confined to academia. A recent survey by the Internet research
firm IT Innovations & Concepts (ITIC; www.itic.ca)
indicates that 81 million Internet users worldwide engage in some form of P2P
file sharing. Furthermore, says the study, in 2003, the US downloaded more digital
songs (4.4 billion) than any other nation on the planet—an ignominious
distinction, to say the least.
Help, however, is on the way. New technologies from a variety of network management
vendors have enabled schools to take a proactive approach toward shaping network
traffic and restricting the amount of it available for file sharing at any given
time. At UF, where P2P once crippled the network daily, technologists have refused
to restrict Internet use, but have built a system that monitors illicit P2P
activity and responds accordingly (details on this in “Clipping their
Wings,” below). And at Pennsylvania State University,
IT officials are spearheading an open source movement to create the mother of
all P2P networks, a new approach that combines decentralized file sharing with
identity management, in a strategy that could completely revolutionize computing.
“The tides are turning in our battle against P2P abuses,” says
Michael Halm, senior strategist for Teaching and Learning Technologies in the
Information Technology Services department on Penn State’s main campus
at University Park. “Academics like me used to be powerless against this
stuff. Now, finally, we’re gaining the capacity to fight back.”
Clipping Their Wings
At UF, the key to overcoming the morass of P2P file-trading was innovation.
After the school’s network performance first plummeted in 2003, Bird and
campus programmer Will Saxon decided to develop a solution. The duo already
had been working on technology to limit P2P usage; a few months later, with
two grants from the university, they devised Integrated Computer Application
for Recognizing User Services, or ICARUS. The system, which considers P2P capability
a privilege, declines to restrict file-swapping completely but instead attempts
to educate students about exchanging files in a manner that is both legal and
unobtrusive to network performance overall. So far, it appears to be working:
Usage of legitimate systems such as iTunes and Napster is now through the roof,
and the average number of nightly illicit P2P users has dropped from 3,500 to
300, a decline of more than 90 percent.
The thinking behind the system is simple—essentially, it is a generic
strategy to automate identity management and network compliance. When a student
first registers on the campus network, he is required to read about peer-to-peer
networks and certify that while he can share academic files, he will not share
copyrighted ones. ICARUS then scans the student’s computer, and detects
any worms, viruses, or programs that act as servers, such as Kazaa, Cheetah,
and Grokster. If the system finds one of these offending programs, it gives
the student instructions on how to disable it. After this, if the student logs
on and tries to share files, ICARUS automatically sends him an e-mail and a
pop-up window warning, then disconnects him from the network.
What is P2P?
Peer-to-peer technology, aka P2P, is, essentially, a computing session that
takes place directly from one user to another. The technology’s very
name implies that either side can initiate a session and has equal responsibility.
As such, a P2P network is a communications environment that allows all desktop
and laptop computers in the network to act as servers and share their files
with all other users on the network. On a larger scale, peer-to-peer computing
is the process of sharing CPU resources across a network so that all machines
function as one large supercomputer.
The phrase “peer-to-peer,” however, is a somewhat confusing term,
because it always is contrasted with a central system that initiates and controls
everything. In practice, with the exception of the decentralized Gnutella
P2P technology, two users on a peer-to-peer system often require data from
a third computer or third-party server. For example, the Napster file-sharing
service was always called a “peer-to-peer network,” but its use
of a central server to store the public directory made it both centralized
and peer-to-peer.
Today, programs such as Kazaa, Grokster, iMesh, and others operate on what
has become known as the FastTrack network. This decentralized approach utilizes
something called super-peers to create temporary indexing servers that would
allow the network to scale to unparalleled heights. Any client may become
a super-peer if the user’s computer and Internet connection are powerful
enough. While this approach raises certain security risks (how do you know
a user isn’t spreading spyware or other malicious programs?), programs
such as DietK can strip the official P2P clients of malware (viruses, worms,
spyware, and other forms of security threats), while adding functionality
across the board.
“You’d be amazed how many students stopped illegally sharing files
just because they know ICARUS is always watching and they’ll get caught,”
says Bird, doing his best to channel Orwellian ideals. “We didn’t
try to break down the doors, so to speak, we just wanted to say, ‘Hey,
we’ve got law enforcement here and we’ll detect you speeding.’”
Still, it’s not just the specter of getting fingered that has students
t'eing the line; UF programmers built a number of responses into ICARUS targeted
specifically toward policy enforcement. A first violation of campus P2P policy
disables a student’s network access for 30 minutes; the second cuts off
access for a full five days (a lifetime, in teen years). Third-time offenders
are subject to the school’s hearing-based judicial process, and their
network access is restricted to campus-only access for seven to 30 days, depending
on the severity of the infraction. While the system’s ability to detect
violations almost instantaneously deters many students from abusing P2P privileges,
Bird says it’s the consequence for three offenses that scares users the
most—life without Internet use on campus today is like music without an
MP3 player; possible, but practically unbearable, no matter what the circumstances.
Actually, this “no file servers” policy has been in place at UF
for several years, and dates back to the mid-1990s, when the campus put it into
place to curb the use of free university network bandwidth by students using
it to run their own commercial Web sites. ICARUS isn’t designed to prevent
all forms of file sharing, though—just illegal usage. With this in mind,
Bruce Block, senior VP of Technology at the RIAA, says his organization deems
it an admirable program, and adds that other colleges could learn a lot from
ICARUS. If all schools enacted similar systems, he points out, higher education
might be able to reduce the estimated $34 billion in pirated music copyright
fees lost to P2P last year alone, and even keep some of those dollars on campuses.
At Penn State, a group of open source programmers have created LionShare, a
new P2P architecture.
“What the University of Florida has done in its combination of policy,
student education, and technology is an excellent example of what can be done
in the university system [to combat illegal file sharing],” he opines.
Turning to Vendors
Still, not every college has the luxury of innovation. Other schools, pressed
for programming resources and time, have opted instead for out-of-the-box solutions
from a variety of network management vendors. At Juniata College
(PA), for instance, technologists responded to P2P-fueled network bottlenecks
with the PacketShaper software solution from Packeteer (www.packeteer.com),
which enables network administrators to control bandwidth utilization and application
performance by limiting all campus P2P applications to no more than 384 kilobytes
of bandwidth. According to David Fusco, director of Technology Operations and
an assistant professor in the school’s IT department, for an initial investment
of about $12,000, and annual maintenance of roughly $1,000, the PacketShaper
product has enabled him to “eliminate the activity by choking it.”
What’s more, he adds, while P2P abuses still occur at the school’s
Huntingdon campus, they no longer impact performance of the network overall.
Technologists have employed the very same solution at Cazenovia College
(NY), where P2P abuse was so rampant that CTO James Van Dusen says he had to
dispatch a network administrator every few hours to reboot campus routers. At
Cazenovia, however, Van Dusen further secured the network against P2P by investing
another $12,000 in a one-way firewall solution from Vernier Networks (www.verniernetworks.com).
Today, when students connect to the network, they broadcast one-to-one to the
firewall, and other students have no ability to track down anyone’s machine
but their own. Beyond this, each student is allowed 500MB of free space in a
home file on a campus file server, where he or she can download files of any
kind. Cazenovia scans the file server nightly for material that has been downloaded
illegally.
“We’re not going into student machines, we’re just investigating
the file server to keep ourselves out of trouble,” Van Dusen says. “While
we don’t prohibit P2P, we watch it closely and limit our liability completely,
solving the issue that groups like RIAA complain about.”
At DePauw University (IN), network administrators yanked the
purse strings a bit harder, and took a more complicated, three-pronged approach
to controlling P2P. First, they employed Packeteer’s PacketShaper to limit
P2P bandwidth overall. Second, they implemented Quality of Service (QoS) measures
on Cisco switches (www.cisco.com)
to block certain traffic ports and divide the network into various segments,
or Virtual Local Area Networks (VLANs). Finally, they are using endpoint compliance
capabilities from Perfigo (purchased by Cisco in October 2004). Dennis Trickle,
CIO and VP for Academic Affairs, says that the heart of this cumulative, $60,000
solution are the QoS capabilities, which ensure that users in academic buildings
have priority over users in residence halls to use peer-to-peer technology of
all kinds. Beyond that, for an additional $16,000 per year, Cisco keeps the
routers up to date with all of the latest security patches, and the institution
relies upon the very same technology to prevent the propagation of viruses and
other threats, as well.
Finally, there’s the Health Science Center at Texas Tech University,
where Security Systems Analyst Lane Timmons says he has successfully fought
peer-to-peer problems via a completely different approach. The Timmons plan
d'esn’t block P2P file sharing internally; instead, the Health Science
Center blocks it from the Internet. To facilitate this, Timmons spent $140,000
to combine a UnityOne-2000 Intrusion Prevention System (IPS) from TippingPoint
(www.tippingpoint.com),
with a traffic redirection tool, QRadar from Q1Labs (www.q1labs.com).
At the network perimeter, Timmons has programmed the TippingPoint box to drop
all packets involved with file sharing. In the event that these packets somehow
make it through the gateway, the QRadar technology kicks in, redirecting users
into a “quarantine” VLAN that instructs them to curtail all peer-to-peer
activity with the outside world.
“We’d like to think that when it comes to P2P, we take a kinder,
gentler approach,” he says. “Inside our secure campus network, students
can do what they want. As long as none of the P2P files make it to the Internet
(or vice versa), we feel we’re doing our job well.”
Looking Ahead
Similarly laissez faire approaches to file sharing inside a campus network may
be on the horizon elsewhere, too. At Penn State, where Halm works his magic,
a similarly enterprising effort is underway to combine the talents of a variety
of open source programmers into an entirely new kind of P2P architecture. The
effort, part peer-to-peer and part identity management, is LionShare, and it
offers an authenticated environment in which users are known both to their institution
and to each other. Under this system, users will be able to share personal and
community collections with efficiency and without the threat of unauthorized
access or undesired content. What’s more, because LionShare simply d'es
not permit the transmission of content that cannot be linked to its original
copyright holder, officials at the RIAA and other copyright industry organizations
are quite literally jumping for joy, hailing the technology as a great way to
eradicate many of the previous concerns about P2P all together.
Version 1.0 of LionShare is expected to be released in late September 2005.
When it g'es live, Lionshare users will log on with digital identities they
receive from their home institutions. At any time, users will be able to see
who is sharing what—a form of openness designed to deter illicit activity
from the get-go. Users will upload information to the LionShare PeerServer,
and will be able to utilize Access Control Lists to designate which other individual
users are allowed access to the data. Theoretically, anyone will be able to
search for information, but only those users who previously have been authorized
to download data off a user’s peer server will be allowed to go ahead
and take it. The system also will let users designate file-sharing capabilities
for finite periods, enabling institutions to control copyrighted material in
much the same manner they would offline.
“What sets LionShare apart from pretty much every other approach to date
is the fact that there’s a real sense of accountability here,” says
Halm, adding that LionShare servers provide a persistent mirror for content,
to ensure that designated files can be available for sharing when a personal
peer (such as an instructor’s laptop) is disconnected. “We’re
trying to teach responsibility without relying on heavy-handed types of technology.”
As Halm explains, the LionShare effort developed out of PSU’s Visual
Image User Study (www.libraries.psu.edu/vius),
a 26-month project funded by the Andrew W. Mellon Foundation, and tasked to
assess how academic communities use digital images for teaching research and
service. The study, conducted between 2001 and 2003, determined that a new application
would need to provide more flexible, user-controlled tools, and expanded capabilities
for the discovery, management, and sharing of multimedia files. To bring these
goals to life, LionShare partner organizations (including Internet2, Canada’s
Simon Fraser University, and Massachusetts Institute
of Technology) decided to base their code on the Limewire 4.0 Open
Source Project’s implementation of the widely utilized Gnutella P2P protocol.
Because the LionShare application needs to perform many tasks beyond basic file
search and retrieval, however, programmers are developing additional capabilities
on top of the Gnutella protocol, to support the overall goals of the project.
Some of these additional capabilities will eventually facilitate interoperability
between LionShare and other collaborative academic efforts such as Shibboleth
(for more on Shibboleth, see “The Power of Who” in January Campus
Technology; www.campus-technology.com/authentication).
LionShare features international interoperability protocols that provide access
to a growing mass of content stored in networks of institutional repositories
at individual schools around the world (see “Book ’Em,” page
36). As Halm explains, LionShare 1.0 also will allow publishers to describe
their resources using a relevant metadata schema, and will encourage searchers
to query against these high-level classifications. This, he says, ultimately
could enable a sharing of institutional knowledge that truly enhances the educational
process across the board.
“If I’m a department head in entomology, who’s to say that
I can’t create a departmental repository of all faculty publications for
students to access and use as a resource?” he asks rhetorically. “When
we finally use peer-to-peer technology the way it was designed to be used, the
possibilities for improving the way we approach education today really are without
boundaries.”