1 / 65

Dr. Tony White Chief Scientist

Dr. Tony White Chief Scientist. Peer-to-Peer Technology. Dimensions of Peer-to-Peer technology Definition Segmentation and Assessment Requirements Information Sharing Motivations Requirements Architectures Solution The Future of Sharing Summary. What is it?.

armando-osborn
Download Presentation

Dr. Tony White Chief Scientist

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dr. Tony White Chief Scientist

  2. Peer-to-Peer Technology • Dimensions of Peer-to-Peer technology • Definition • Segmentation and Assessment • Requirements • Information Sharing • Motivations • Requirements • Architectures • Solution • The Future of Sharing • Summary

  3. What is it? • Peer to Peer Architecture: Peers have the same responsibility and basic capabilities; they are both client and server at the same time (a servent) - i.e. there is symmetric communication between peers • c.f. Client-server Architecture: Servers are more powerful and responsible for managing the network. Clients are PCs or workstations which run applications and rely on servers for resources. • Peer-to-peer computing is the location and sharing of computer resources and services by direct exchange between servents

  4. P2P Industry Outline “There’s no peer-to-peer market any more than there’s a client/server market” – Anne Manes, Sun Microsystems • Peer-to-peer encompasses a wide range of technologies centered around decentralizing computing • Business and revenue models are currently unclear • There are clear opportunities and lots of excitement

  5. Distribution of P2P Companies (From “P2P 101: An Overview of the P2P Landscape” by Larry Cheng)

  6. Major Features of P2P Industry (From “P2P 101: An Overview of the P2P Landscape” by Larry Cheng) • Lack of experienced, quality management teams • Lack of detailed business models • Skeptical investors • 150+ active companies • Estimated 95% failure rate “The elephant in the room is the fact that most companies here are not commercially viable.”- Heard from a speaker at O’Reilly

  7. Current P2P Business Models • Sell P2P products to end-users • No current revenue-generating business model • Sometimes coupled with content-sale models • Sell content through P2P • Subscription-based – I buy content from you • Sponsor-based – Someone pays you to give me content • Ad-based – You give me content and sell ads

  8. Current P2P Business Models (cont.) • Sell something which lets others profit from P2P • Solve a critical problem for decentralized applications • Offer support and enhanced services for free tools • Specialized packages for particular industries • Tools and libraries for P2P infrastructure “The people most likely to make money during a Gold Rush are the ones selling pickaxes and shovels.” – Andy Oram, The O’Reilly Network

  9. Assessment of P2P Industry • Significant investments, no business • No one is making money – yet • Attitude is “P2P will change the world,” but no one knows how • To get investment, you need cool technology or a smart business plan • If you have both, you’re ahead of the game • At the moment, hype rules. But where’s the product?

  10. Information Sharing, Search and Collaboration… Search Selective Sharing

  11. Motivations for P2P Information Sharing • Large quantities of unstructured data resides on the desktop at the edge of the network • Data cannot be seen by others in the network, it’s not easy to share • Individuals cannot find up to date information – rely on erroneous information on servers • Duplication of data … keeping a local copy to avoid security

  12. The Cost to the Enterprise • Being unable to share from the edge costs the enterprise because: • It takes a long time to find information • Communication of location is via word of mouth • Erroneous, out-of-date information is used instead of information from the source • Real-time collaboration is impossible • Costly workflow process required for publishing content from the edge … publishing is hard

  13. Publishing from the Edge • Requires: • Information must be modelled • Data remains on the edge • Information can be selectively shared • Access should be audited • Answer: the Entity • Represents the information, but is separate from it • Facilitates search: meta data • Provides security: policy-based • Responds to events, which are mediated

  14. Peer-to-Peer Architectures 1 2 3 Connect Search Retrieve • Pure Peer-to-Peer search: • Server-mediated Peer-to-Peer search:

  15. Current P2P File Sharing implementations • Napster, Scour-Exchange: • server-mediated P2P • *.mp3 file-sharing only (Napster), most multimedia (SX) • Napster has (had) of the order of 30 million users • Freenet: • pure P2P • any file types • data mirroring based on popularity • data migration towards areas of higher demand • order of several thousand users • Gnutella…(and clones)

  16. Napster • Server-mediated P2P • No security • No protection of intellectual property • Problems • Scalability • Legal

  17. Gnutella • Clients and servers interchangeable (pure P2P) • Servents are able to nominate any files they will share with others • Gnutella protocol allows insecure file-swapping • Searches & queries are propagated through the network from servent to servent, depending on time-to-live (TTL – the ‘search horizon’)

  18. Gnutella Search (cont.) 1 1: Client asks network - does file exist? 2: Every servent replies with YES or NO 2 3 3: Host then connects directly to client and retrieves files

  19. Problems with Gnutella • No security involved – once shared your files are out of your control • Vulnerable to: • search query flooding: flooding the network with false messages and thus generating a denial-of-service attack • virus attack: no guarantee host you connect to will not reply with a virus • spoofing: man-in-the middle attack and impersonating someone else • Completely ‘flat’ structure • no way to grow communities with shared interests • Inefficient bandwidth usage (too many Pings!)

  20. Problems with Gnutella (cont.) • Network in constant flux: • Will servent be there next time? • How do I find related info? • Is info beyond my horizon? • How about tomorrow? • Security issues: • Can I trust other users? • Are they who they say they are? • Could this data be intercepted?

  21. What is needed? • Interoperability (common protocols & standards): • A communication protocol • Representation of identity • Semantic content (meta-data) • Secure information exchange: • Must be able to guarantee trust within a network • Prevent unauthorised access to network • Policy-based control of information exchange • Ubiquity • Buy-in from large groups of users

  22. Authentication and Authorization Authentication answers the question: “Is Bob who he says he is?” Authorization answers the question: “Can X perform some action (a) to Y” a X Y

  23. Authorization using Policies • Authorization questions form a sentence containing: • A subject (noun) • An action (verb) • An object (noun) • Modelling of nouns using: entities • Meta data for search • Policy for authorization … and more

  24. The Texar Solution

  25. Texar and P2P • Developed security-aware P2P applications: • PKI-based identity • Encryption between peers • Digital signing of queries • Policy-based sharing • Two solutions: • s-Peer • SecureRealms Peer

  26. Information Appliance S-peer S-peer Information network bus SecureRealms peer

  27. Architecture • s-Peer is based upon a service-oriented architecture: • I-network bus: topology management and information routing • Basic Services: identity, entity (and policy) • Personality Services: file sharing, instant messaging, private chat Personality Services Basic Services I-network bus

  28. JXTA Usage

  29. The solution: Texar’s iProtocol • Provides a security and communication framework which allows: • Mutual authentication (identity verification) between s-peers • Information Clustering: Growth of secure Virtual Private Communities (VPCs) with shared interests • Mediation and control of resource sharing with high granularity using SecureRealms™ technology • Secure, encrypted connectivity • VPCs can extend search beyond TTL horizon • Users can improve search efficiency by targeting VPCs

  30. Peer-to-Peer Now… Flat, no concept Of Community

  31. The “Super Peer”

  32. The Texar Solution: VPCs & the iProtocol Music VPC Pop Music VPC Rock Music VPC

  33. iProtocol: The Virtual Private Community • Virtual Private Communities are formed by: – Creating secure data channels between members carrying messages only members can decipher • Restricting searches, queries and resource sharing to stay within the VPC’s boundaries • Allowing anyone to create a VPC with a particular interest, and recruit members into it • Providing mechanisms for finding, applying to join, joining, querying, sharing resources within, and retiring from, VPCs

  34. iProtocol Benefits • Enables the information network bus • Universal, secure (via SecureRealms™ technology) resource sharing between ad-hoc, dynamically-created, virtual communities • Knowledge-clustering can take place as Virtual Centers of Excellence develop (more targeted search capability as information accretes) • Improved distributed data storage (inexpensive desktop storage vs. expensive server storage) • Semantic searching and routing using entity meta-data

  35. iProtocol: The Essentials • Introduce community identity • concept of membership, functions restricted to VPC • Represent VPC with smaller subset containing most powerful peers • forms a Dynamic Backbone with a load-balancing effect • Authenticate membership of VPC and mediate flow of information via the SecureRealms peer • Allow VPCs to grow organically based on interests of members. Conclusion: VPCs act as ‘Virtual Super-servents’

  36. iProtocol: Finding VPCs Backbone Nodes VPC-level, Query Routing • Texar • Rock Music • Music • Rock Texar Which VPCs do you know about? • Music Rock Connect to Texar

  37. iProtocol: Joining a VPC • Broadcast query for knowledge of VPCs available within TTL • Choose target VPC from responses • Connect directly to target VPC backbone • Mutually authenticate (incl. Capability and Identity exchange) • Establish secure communication channels within the VPC (e.g. use PKI)

  38. iProtocol: Intelligent Information Routing • Join VPC • Download files Yeah, I might have some info for you! search I know of another VPC which is related to this search query… Let me pass this on to this other VPC…

  39. S-peer

  40. Connection Management

  41. Identity

  42. Instant Messaging

  43. Policies

  44. Sharing

  45. File Sharing

  46. SecureRealms Peer Functionality • SecureRealms peer extended with the I-protocol provides: • Query services, “Find X!” • Authorization services: • “Can Bob see X?” • “Can Bob get X?” • Authentication services, “Is Bob authenticated? • Authorization is policy-based using our programmable policy technology • Policy evaluation can be used to generate dynamic content • Perform database queries • Query the Web • SecureRealms peer is extensible with: • Idyllic modules • Other services

  47. iProtocol and the SecureRealms peer This… File Systems …or this SecureRealms peer SecureRealms peer • The SecureRealms peer acts as an information router enabling policy-based resource-sharing between peers The SecureRealms peer is just another peer with policy mediation functions

  48. SecureRealms Architecture Policy DB Audit Log Authorization Authentication Security Policy Administration Web Servers App Servers File Servers Legacy Data Directories/ Database Business Policy SecureRealms SDK Authentication System(s) Risk Mngt Local Client Policy Engine Policy Engine URL Filter UNP Tokens PKI Biometrics Authen. Interface Remote Client Workflow Policy Policy Engine VPN / Internet / FTP / Extranet / LAN / Other Policy Engine Policy Builder Data Abstraction Layer Mngt. API Web Client Privacy Policy Mngt Console (Texar or 3rd party) State Mngt Persistent Data Store Notification Systems

  49. Control, Monitor, React Control External Data Source LDAP SecureRealms SDK Monitor Policy Engine Policy Engine “State” Authen. Interface Policy Engine Policy Engine Custom AuditLog Data Abstraction Layer Mngt. API E-mailNotification TextMessaging/Page React

  50. Policy Creation and Management • Policy Builder • Best of Breed GUI • Fully Programmable • Dynamic Change Control • Benefits • Programming ease • Management of complex business rules • Write once, repeated use

More Related