Security | Distributed Denial of Service Attacks | Moral Issues, Societal Factors

Security

Although distributed computing looks to provide an efficient means of conducting extraordinarily large scale computations, there are numerous privacy and security issues that must be taken into consideration by developers of distributed computing systems.  As society has seen over time with the increasingly wide spread favor of the Internet, networked computers allow a malicious individual to penetrate the linked machines at the most poorly protected location and attack all other computers in the network.  In order to prevent this, individuals who use the Internet or and other network should have virus protection software installed on their computer to prevent the spread of malicious virii.  Similarly with a distributed computing system, security precautions must be taken in order to protect the client computers, the host server, and the data in transmission.

One of the main concerns for almost all distributed systems is hackers.  Individuals sometimes successfully through one of the networked computers, break into the otherwise protected system.  Once inside the system, hackers can maliciously attack the system manipulating data and destroying results.  According to Amit Garg, a research intern at Stanford University’s Genome@Home distributed computing project, their system has been hacked into in the past, yet thankfully no damage was done to the system.  Even though no damage was done to research being carried out, the threat is still real, and information can easily be jeopardized if the correct precautions are not taken.

In addition to the problem of hackers attempting and succeeding in enter in the systems, data can be intercepted in transport between the server and the client.  At the Genome@Home project, data is encrypted during transmission and decoded and processed by the client machines.  This two-way communication encryption method is used to prevent a third party from “listening” to and stealing the transmission.  Such security prevents any aforementioned third party from stealing the intellectual property of the research group.

Also, clients should be wary of Trojan horses or remote network administration tools such as Back Orifice.  If distributed software is downloaded from an untrustworthy site, clients are at the risk of opening up their machines to outside individuals who desire to attack clients.

Trojan horses (as illustrated below) are malicious programs that are accepted by the user of a given computer and then upon execution attack the internals and possibly report all private and useful information about the individual to a host server (such information might include personal information such as a social security number if stored on the machine or work information for the user’s job).  In downloading and executing the client software for a distributed computing initiative, it is important that the individual recognize that they are putting themselves at risk.  Conceivably, if the software comes from an untrustworthy site (some group or organization impersonating a worthwhile distributed computing initiative), the executable program might contain some form of Trojan horse which once inside the computer has been designed to attack and destroy the machine.

Trojan Horse

An image depicting the thoughts of a Trojan horse inside a user’s computer. Taken from: New Threats: Paranoia Becoming Reality

Back Orifice and other remote network administration tools pose a threat to client machines similar to the one posed by Trojan horses.  Back Orifice was developed by a hacker group base in Northern California calling themselves The Cult of The Dead Cow.  Back Orifice, once running cannot be detected by the user working on the machine and allows the individual remotely controlling the machine complete power over the inner workings of the computer.  Taken from the web site of The Cult of The Dead Cow, Back Orifice is described as:

“Back Orifice is a remote administration system which allows a user to control a computer across a TCP/IP connection using a simple console or GUI application. On a local LAN or across the internet, BO gives its user more control of the remote Windows machine than the person at the keyboard of the remote machine has.”

In addition, once running, Back Orifice is not visible in the task list or the close-program list.  Thus the individual remotely acting as an administrator can act maliciously completely unbeknownst to the user working on the machine.  Further details on and software for Back Orifice can be obtained on the internet from The Cult of The Dead Cow.

In addition to security problems that are seemingly fairly unique to distributed computing, individuals must also consider that there a large number of virii currently circulating the internet against which any networked computing system must protect itself.  In order to prevent such malicious attacks from destroying much of the research completed by distributed systems, servers, like Genome@Home and SETI@Home backup data on a regular basis (for Genome@Home, this period is every twenty-four hours).  In addition stored data is removed from the network as client machines do not report back to the supercomputer that will analyze and store reported results.  Instead, individual client machines send their data back to a receiving machine which then internally filters all possible malicious content and forwards data to the storing machine.

Finally SETI@Home and other large distributed computing projects face a fairly unique security issue.  In order to lure individuals to donate their computing resources, SETI@Home posts the progress and ranks individuals based on their contribution to the project and the amount of data that they have processed.  However, in doing so, SETI@Home provokes the competitive nature of many individuals who simply want to be at the top of the rankings list.  As a result hackers take it upon themselves to “improve” the output of their machines and release these patched or hacked versions of the SETI client software on the internet.  Although this software does speed up the analysis process of each machine (this would seeming be a positive step towards improving the required number of computing hours for the SETI project), most frequently these patched programs implement algorithms incorrectly.  Thus SETI@Home faces the problem of filtering out all reported results that were calculated using the incorrect algorithm and patched software (such as Olli or that developed by Microsoft).  The filtering is completed in a seemingly inefficient manner, all calculations are completed by more than one machine.  These multiple machines completing the same calculation act as a voting bloc that then reports the correct answer - simple majority wins.

Distributed Denial of Service (DDoS) Attacks

Unlike traditional hacking, this attempt at bringing down a website doesn’t involve a hacker trying to interact with the server from a single location or source.  Rather, distributed denial of service attacks, the first of which hit the University of Minnesota in mid-August of 1999, involve a hacker or hackers infiltrating an array of succeptable machines, and coordinating them in a large-scale, distributed attack on a server or website, such as Yahoo! or Amazon.com.  By having such a large, spread out attack, the hacker masks his/her identity, and makes the onslaught that much more intensive.

DDoS attacks continue to grow in frequency, and by some estimates have reached over 4,000 per week.  This problem, some experts say, could get much worse in the near future, as Windows XP appears to have a vulnerability (...err, feature) built in that could make DDoS attacks even more straightforward to execute.  The operating system apparently contains support for “raw sockets” which lets users write and send raw IP-address packets to any host they like.  Sending a deluge of packets is a common way that DDoS attacks are carried out, now facilitated by XP.  Also, Windows XP will allegedly include an easy way to fake the originating IP address, making tracing the perpetrator even more difficult.  This wasn’t possible in previous versions of Windows, although Microsoft disputes that, saying with plug-ins it was also possible in Windows 9x. 

Several companies, including Astra Networks, and Mazu Networks, have recently released software designed to fight DDoS attacks, but there is very little they can do to prevent them.  Detection and automation of notification processes are the main roles of the software.  As the antidote develops, unfortunately so does the problem. 

Lately, hackers have added such attacks as the “pulsing zombie,” which sends out various waves of artificial traffic, rather than a continuous stream of requests.  Another is an attack that isn’t quite as intense, for example not using up 100% of the server resources, so that it avoids detection and setting off the alarms.  A third is reflector attacks, which bounce the requests off multiple servers, masking the originating computer and hence eluding detection even further.  There’s even a growing supplying of DDoS tools and scripts on the Internet available to potential hackers, so orchestrating an attack is always getting easier.  Distributed computing obviously has the power to be used for mischief as well as good.

Picture

An image demonstrating a typical, coordinated, DDoS attack. Taken from: No Longer in Denial

Moral Issues, Societal Factors

In addition to hacking and DDoS, other problems can arise from the nature of the operation itself, even when everything is going as planned.  One major issue is that we may be able to accomplish tasks using such tremendous computing power that some say we aren’t meant to pursue.  The Human Genome Project, for example, and all sorts of related bioinformatics projects are very controversial topics, particularly in the wake of the recent stem cell controversy.  If there is a God, is it only His domain to know about the secret of life and be experimenting with its finer details?  Is it wrong to try to improve our own lives at the genetic level?  There may be as many different opinions on this issue as there are sets of genes in the world, but at any rate, any tool that expedites and eases difficulties associated with such genetic research is likely to be questioned in terms of whether or not we ought to take advantage of it, and all the consequences that go along with the research in the long run.

Though it’s not currently an issue of much discussion, the socioeconomic groups that tend to have the computers and speed of Internet connections conducive to distributed computing tends to be a very financially secure group.  Right now, those who have access to distributed computing are merely able to flex their values-muscle in the online world with the research analysis software they’ve downloaded, but with companies beginning to pay to use idle CPU time, and the potential for more benefits in future given to those with fast connections, such as access to Microsoft’s .Net initiative, or the power to distribute your own computing tasks distributed computing may turn out to be yet another procedure that privileges the privileged.

[Home] [What Is It?] [History] [Future] [Concerns] [Efficiency] [Curr. Projects] [Resources]