290 likes | 336 Views
Trust Management in P2P systems. Presenter: Lintao Liu April 21th, 2003. Papers:. Managing Trust in a P2P information system Karl Aberer, et, Switzerland, 2001 Choosing Reputable Servents in a P2P network
E N D
Trust Management in P2P systems Presenter: Lintao Liu April 21th, 2003
Papers: • Managing Trust in a P2P information system • Karl Aberer, et, Switzerland, 2001 • Choosing Reputable Servents in a P2P network • A Reputation-Based Approach for Choosing Reliable Resources in P2P networks • Fabrizio Cornelli, et. Italy, 2002 • Cooperative Peer Groups in NICE • Seungjoon Lee, et. UMD, 2003 • And more…
Problems Definition • Peer-to-Peer is a fully distributed system: • With no central coordination • No central database • No global view of the system • Peers are autonomous, and may be anonymous • Peers are unreliable • Transactions are performed between Peers • How to make a transaction more likely to succeed (not cheated)? • Choose the node which is more reliable
Trust Management And Reputation • Trust Management: • any mechanism that allows to establish mutual trust. • Reputation: • a measure that is derived from direct or indirect knowledge on earlier transactions. • Reputation-based trust management: • one specific form of Trust Management.
More for anonymity • Reputations must be associated with self-appointed Identifiers rather than with externally obtained identities. • Peers are not required to keep a stable identifier (along with its reputation), but: • Good peers should benefit from a persistent ID • Malicious peers should not get much advantage by changing their ID to avoid bad reputation
Basic Elements in a Trust Management System • Global Trust Model: • How to describe whether an agent is trustworthy? Binary or Real or Discrete? • Local Algorithm to determine trust: • Computational procedure to determine the trust (Or determine the unreliability of a agent) • Data and Comm. Management: • How to store and exchange the data which is necessary for the local algorithm? (Earlier transaction data)
Paper 1: • Manage Trust in a P2P information system
Trust Model: • Binary trust • When a transaction fails, • The honest peer will file a complaint about the cheater. • The dishonest one can also file a complaint. • The reputation of an agent p could be: • T(p) = |{c(p,q)}| * |{c(q,p)}| (q is any peer) • But it requires global knowledge.
Data Management • P-Grid • Peers organized as a virtual binary search tree • (Scan and Chord can also perform this task) • Basic idea: • Given a node ID, one node can be located which is responsible to store some information about that node ID.(P-Grid mechanism) • A complaint can be inserted at any node, but it will be routed to one responsible node. And complaints can be retrieved with the same way. • So, this mechanism is fully distributed and it uses the underlying P-Grid to mange complaints
Local computation of Trust • Complaints can be retrieved using the data management mechanism. • But, the node (say, A) which provides the complaints can be malicious • Because of the same problem, you can verify whether A is malicious • Solution: • Making r replicas • If enough replicas say that p is trustworthy, it’s done. • Otherwise, continue to retrieve more data. • No clear decision is made, then give up.
Algorithm: • W = {(cri(q), cfi(q), ai, fi)|i=1, …w} • ai,…aw are witness of q • Cri(q) is the number of complaints sent from q to ai • cfi(q) is the number of complaints send from ai to q
Paper 2: • Choosing Reputable Servents in a P2P network
Basic Idea: • Designed for Gnutella • Using a polling protocol to decide the reputation • After get all queryhits, select some interesting results (nodes which have the query data), ask other peers to vote on those results. • Binary vote (but still can be other type) • Contact the node with highest reputation to retrieve the data
Basic Polling Protocol: (Ctd..) • Polling message: • Poll(T, PKpoll): polling message • PollReplay({(IP, port, Votes)}pkpool) • Verify vote: • TrueVote(Votesj) • TrueVoteReplay(response) • Challenge: • Challenge(r) • Response([r]sks, PKs)
Enhanced Polling Protocol: • Polling message: • Poll(T, PKpoll): polling message • PollReplay({[(IP, port, Votes, serv_id)]ski, pki)}pkpool) • Basically the vote peer includes PK and its own IP/Port info • So, the initiator can verify the voter • Verify vote: • AreYou(serv_id) • AreYouReply(response) • Challenge: the same
Data Structures • Experience_repository: • (serv_id, num_plus, num_minus) • Vote: Different criteria • Binary (1 or 0) • vote 1 only when num_minus = 0 • Credibility_repository • (serv_id, num_agree, num_disagree) • Used to check whether a node is malicious
Removing suspects from poll • IP-address clustering is not good • A lot of peers may use proxies from some ISP companies like AOL. • Compute an aggregation (arithmetic mean) of votes from a cluster of votes, where weights are inversely related to cluster size • Then, A random sample of voters are checked • If some voters are not found, increase the sample size • If no voters are found, abort the procedure
Security improvement • Distribution of Tampered with Information • David declares some files it doesn’t have and response with bad data • Prevent by the bad reputation he will get • Man in the Middle Attack: • Public/private keys are used to prevent such attack • Same for any communication
Paper 3: • A reputation-based Approach for Choosing Reliable Resources in P2P networks
Basic Idea: • Servents can have a reputation. Resources can also have a reputation. • Quite similar to the previous paper • Experience repositories: • Resource repository • (resource_id, value) (value is binary) • Resource Id is the digest of the content • Servent repository • (serv_id, num_plus, num_minus)
XREP protocol: • Binary vote • Phase 1: Resource searching • QueryHit includes both node and resource info • Phase 2: Resource selection & vote polling • Same with the previous paper • Vote Evaluation • Including check valid vote • Challenging and download data
Combinaing servent/resource based reputation: • Reputations’ life cycle: • New res from good nodes usually are good • Impact on peers anonymity: • Sev-based reputation prefers the ID to be persistent, while res-based doesn’t require that • Cold-start: • With res-based reputation, new nodes can participate in distribution of well known resources (for a good rep) • Performance bottlenecks • More serious in ser-based reputation • Res-based reputation can help to resolve that • Blacklisting: • Connect the bad resources with the initiator
Security Issues: • Attacks to P2P systems: • Self-replication • Answering requests with bad contents • Man in the Middle • Attacks to reputation-based systems • Pseudospoofing: using different ID to send bad data • Digesting can stop the propagation of bad content • ID Stealth: • ? Not very clear about that • Shilling: • One using several IDs (work as several malicious nodes) to cheat other nodes. • This will be found with valid vote checking
Paper 4: • Cooperative Peer Groups in NICE
Basic Idea: • After each transaction between A and B: • A sends B a cookie stating the quality of the transaction • B does the same thing to A • For later transaction between A and C: • A shows C the cookies that A has • C does the same things
More… • How/who to store those cookies? • How to get cookies? • Basic algorithm and refinement • How to assign values to cookies?