Peer-to-Peer Computing >> Meeting the P2P Challenge

• By Matt Villano
• 01/31/05

Every semester brings new technological challenges to the staff at the University of Florida, and September 2003 was no different from the norm. Students flocked to campus after a summer of freedom, wielding the peer-to-peer (P2P) applications Kazaa, Cheetah, Grokster, and a variety of others. Building on the technology behind the infamous (and moribund) Napster file-sharing application, these alternatives allowed students to share music files, movies, and other digitized content with their compatriots both on campus and off. To do so, they only had to set up their computers to download lists of files, rev up their programs, and head out to class while their machines handled the dirty work.

At the time, UF officials admitted that nearly 90 percent of the school’s outbound bandwidth was being used for P2P. Adding insult to injury, the same officials received 40 notices of copyright violations each month, and reported that in any average 24-hour period, 3,500 of the 7,500 students in residence halls were using P2P services. To put these figures into more straightforward terms, although the campus network had been designed to enhance the educational process, in the end it was serving mostly as a conduit for the latest Modest Mouse songs and Paris Hilton videos. Looking back, Robert Bird, coordinator of Network Services for the school’s Department of Housing, says that peer-to-peer technology basically ground network performance to a standstill.

“To say the problem was rampant would have been the understatement of the century,” he quips. “Even after Napster, we were up to our eyeballs in P2P, and no matter what we did to try to minimize the problems, they just wouldn’t go away.”

UF is not the only school to fall victim to P2P; across the country, at academic institutions large and small, technologists are grappling with ways to fight the evolving challenges of peer-to-peer. While many of these file-sharing applications crimp network bandwidth, they also present huge problems for copyright evangelists at organizations such as the Recording Industry Association of America (RIAA; www.riaa.com), who complain that sharing files without paying for them is illegal. These problems certainly aren’t confined to academia. A recent survey by the Internet research firm IT Innovations & Concepts (ITIC; www.itic.ca) indicates that 81 million Internet users worldwide engage in some form of P2P file sharing. Furthermore, says the study, in 2003, the US downloaded more digital songs (4.4 billion) than any other nation on the planet—an ignominious distinction, to say the least.

Help, however, is on the way. New technologies from a variety of network management vendors have enabled schools to take a proactive approach toward shaping network traffic and restricting the amount of it available for file sharing at any given time. At UF, where P2P once crippled the network daily, technologists have refused to restrict Internet use, but have built a system that monitors illicit P2P activity and responds accordingly (details on this in “Clipping their Wings,” below). And at Pennsylvania State University, IT officials are spearheading an open source movement to create the mother of all P2P networks, a new approach that combines decentralized file sharing with identity management, in a strategy that could completely revolutionize computing.

“The tides are turning in our battle against P2P abuses,” says Michael Halm, senior strategist for Teaching and Learning Technologies in the Information Technology Services department on Penn State’s main campus at University Park. “Academics like me used to be powerless against this stuff. Now, finally, we’re gaining the capacity to fight back.”

Clipping Their Wings

At UF, the key to overcoming the morass of P2P file-trading was innovation. After the school’s network performance first plummeted in 2003, Bird and campus programmer Will Saxon decided to develop a solution. The duo already had been working on technology to limit P2P usage; a few months later, with two grants from the university, they devised Integrated Computer Application for Recognizing User Services, or ICARUS. The system, which considers P2P capability a privilege, declines to restrict file-swapping completely but instead attempts to educate students about exchanging files in a manner that is both legal and unobtrusive to network performance overall. So far, it appears to be working: Usage of legitimate systems such as iTunes and Napster is now through the roof, and the average number of nightly illicit P2P users has dropped from 3,500 to 300, a decline of more than 90 percent.

The thinking behind the system is simple—essentially, it is a generic strategy to automate identity management and network compliance. When a student first registers on the campus network, he is required to read about peer-to-peer networks and certify that while he can share academic files, he will not share copyrighted ones. ICARUS then scans the student’s computer, and detects any worms, viruses, or programs that act as servers, such as Kazaa, Cheetah, and Grokster. If the system finds one of these offending programs, it gives the student instructions on how to disable it. After this, if the student logs on and tries to share files, ICARUS automatically sends him an e-mail and a pop-up window warning, then disconnects him from the network.

“You’d be amazed how many students stopped illegally sharing files just because they know ICARUS is always watching and they’ll get caught,” says Bird, doing his best to channel Orwellian ideals. “We didn’t try to break down the doors, so to speak, we just wanted to say, ‘Hey, we’ve got law enforcement here and we’ll detect you speeding.’”

Still, it’s not just the specter of getting fingered that has students t'eing the line; UF programmers built a number of responses into ICARUS targeted specifically toward policy enforcement. A first violation of campus P2P policy disables a student’s network access for 30 minutes; the second cuts off access for a full five days (a lifetime, in teen years). Third-time offenders are subject to the school’s hearing-based judicial process, and their network access is restricted to campus-only access for seven to 30 days, depending on the severity of the infraction. While the system’s ability to detect violations almost instantaneously deters many students from abusing P2P privileges, Bird says it’s the consequence for three offenses that scares users the most—life without Internet use on campus today is like music without an MP3 player; possible, but practically unbearable, no matter what the circumstances.

Actually, this “no file servers” policy has been in place at UF for several years, and dates back to the mid-1990s, when the campus put it into place to curb the use of free university network bandwidth by students using it to run their own commercial Web sites. ICARUS isn’t designed to prevent all forms of file sharing, though—just illegal usage. With this in mind, Bruce Block, senior VP of Technology at the RIAA, says his organization deems it an admirable program, and adds that other colleges could learn a lot from ICARUS. If all schools enacted similar systems, he points out, higher education might be able to reduce the estimated $34 billion in pirated music copyright fees lost to P2P last year alone, and even keep some of those dollars on campuses.

At Penn State, a group of open source programmers have created LionShare, a new P2P architecture.

“What the University of Florida has done in its combination of policy, student education, and technology is an excellent example of what can be done in the university system [to combat illegal file sharing],” he opines.

Turning to Vendors

Still, not every college has the luxury of innovation. Other schools, pressed for programming resources and time, have opted instead for out-of-the-box solutions from a variety of network management vendors. At Juniata College (PA), for instance, technologists responded to P2P-fueled network bottlenecks with the PacketShaper software solution from Packeteer (www.packeteer.com), which enables network administrators to control bandwidth utilization and application performance by limiting all campus P2P applications to no more than 384 kilobytes of bandwidth. According to David Fusco, director of Technology Operations and an assistant professor in the school’s IT department, for an initial investment of about $12,000, and annual maintenance of roughly $1,000, the PacketShaper product has enabled him to “eliminate the activity by choking it.” What’s more, he adds, while P2P abuses still occur at the school’s Huntingdon campus, they no longer impact performance of the network overall.

Technologists have employed the very same solution at Cazenovia College (NY), where P2P abuse was so rampant that CTO James Van Dusen says he had to dispatch a network administrator every few hours to reboot campus routers. At Cazenovia, however, Van Dusen further secured the network against P2P by investing another $12,000 in a one-way firewall solution from Vernier Networks (www.verniernetworks.com).

Today, when students connect to the network, they broadcast one-to-one to the firewall, and other students have no ability to track down anyone’s machine but their own. Beyond this, each student is allowed 500MB of free space in a home file on a campus file server, where he or she can download files of any kind. Cazenovia scans the file server nightly for material that has been downloaded illegally.

“We’re not going into student machines, we’re just investigating the file server to keep ourselves out of trouble,” Van Dusen says. “While we don’t prohibit P2P, we watch it closely and limit our liability completely, solving the issue that groups like RIAA complain about.”

At DePauw University (IN), network administrators yanked the purse strings a bit harder, and took a more complicated, three-pronged approach to controlling P2P. First, they employed Packeteer’s PacketShaper to limit P2P bandwidth overall. Second, they implemented Quality of Service (QoS) measures on Cisco switches (www.cisco.com) to block certain traffic ports and divide the network into various segments, or Virtual Local Area Networks (VLANs). Finally, they are using endpoint compliance capabilities from Perfigo (purchased by Cisco in October 2004). Dennis Trickle, CIO and VP for Academic Affairs, says that the heart of this cumulative, $60,000 solution are the QoS capabilities, which ensure that users in academic buildings have priority over users in residence halls to use peer-to-peer technology of all kinds. Beyond that, for an additional $16,000 per year, Cisco keeps the routers up to date with all of the latest security patches, and the institution relies upon the very same technology to prevent the propagation of viruses and other threats, as well.

Finally, there’s the Health Science Center at Texas Tech University, where Security Systems Analyst Lane Timmons says he has successfully fought peer-to-peer problems via a completely different approach. The Timmons plan d'esn’t block P2P file sharing internally; instead, the Health Science Center blocks it from the Internet. To facilitate this, Timmons spent $140,000 to combine a UnityOne-2000 Intrusion Prevention System (IPS) from TippingPoint (www.tippingpoint.com), with a traffic redirection tool, QRadar from Q1Labs (www.q1labs.com). At the network perimeter, Timmons has programmed the TippingPoint box to drop all packets involved with file sharing. In the event that these packets somehow make it through the gateway, the QRadar technology kicks in, redirecting users into a “quarantine” VLAN that instructs them to curtail all peer-to-peer activity with the outside world.

“We’d like to think that when it comes to P2P, we take a kinder, gentler approach,” he says. “Inside our secure campus network, students can do what they want. As long as none of the P2P files make it to the Internet (or vice versa), we feel we’re doing our job well.”

Looking Ahead

Similarly laissez faire approaches to file sharing inside a campus network may be on the horizon elsewhere, too. At Penn State, where Halm works his magic, a similarly enterprising effort is underway to combine the talents of a variety of open source programmers into an entirely new kind of P2P architecture. The effort, part peer-to-peer and part identity management, is LionShare, and it offers an authenticated environment in which users are known both to their institution and to each other. Under this system, users will be able to share personal and community collections with efficiency and without the threat of unauthorized access or undesired content. What’s more, because LionShare simply d'es not permit the transmission of content that cannot be linked to its original copyright holder, officials at the RIAA and other copyright industry organizations are quite literally jumping for joy, hailing the technology as a great way to eradicate many of the previous concerns about P2P all together.

Version 1.0 of LionShare is expected to be released in late September 2005. When it g'es live, Lionshare users will log on with digital identities they receive from their home institutions. At any time, users will be able to see who is sharing what—a form of openness designed to deter illicit activity from the get-go. Users will upload information to the LionShare PeerServer, and will be able to utilize Access Control Lists to designate which other individual users are allowed access to the data. Theoretically, anyone will be able to search for information, but only those users who previously have been authorized to download data off a user’s peer server will be allowed to go ahead and take it. The system also will let users designate file-sharing capabilities for finite periods, enabling institutions to control copyrighted material in much the same manner they would offline.

“What sets LionShare apart from pretty much every other approach to date is the fact that there’s a real sense of accountability here,” says Halm, adding that LionShare servers provide a persistent mirror for content, to ensure that designated files can be available for sharing when a personal peer (such as an instructor’s laptop) is disconnected. “We’re trying to teach responsibility without relying on heavy-handed types of technology.”

As Halm explains, the LionShare effort developed out of PSU’s Visual Image User Study (www.libraries.psu.edu/vius), a 26-month project funded by the Andrew W. Mellon Foundation, and tasked to assess how academic communities use digital images for teaching research and service. The study, conducted between 2001 and 2003, determined that a new application would need to provide more flexible, user-controlled tools, and expanded capabilities for the discovery, management, and sharing of multimedia files. To bring these goals to life, LionShare partner organizations (including Internet2, Canada’s Simon Fraser University, and Massachusetts Institute of Technology) decided to base their code on the Limewire 4.0 Open Source Project’s implementation of the widely utilized Gnutella P2P protocol. Because the LionShare application needs to perform many tasks beyond basic file search and retrieval, however, programmers are developing additional capabilities on top of the Gnutella protocol, to support the overall goals of the project.

Some of these additional capabilities will eventually facilitate interoperability between LionShare and other collaborative academic efforts such as Shibboleth (for more on Shibboleth, see “The Power of Who” in January Campus Technology; www.campus-technology.com/authentication). LionShare features international interoperability protocols that provide access to a growing mass of content stored in networks of institutional repositories at individual schools around the world (see “Book ’Em,” page 36). As Halm explains, LionShare 1.0 also will allow publishers to describe their resources using a relevant metadata schema, and will encourage searchers to query against these high-level classifications. This, he says, ultimately could enable a sharing of institutional knowledge that truly enhances the educational process across the board.

“If I’m a department head in entomology, who’s to say that I can’t create a departmental repository of all faculty publications for students to access and use as a resource?” he asks rhetorically. “When we finally use peer-to-peer technology the way it was designed to be used, the possibilities for improving the way we approach education today really are without boundaries.”