220 likes | 222 Views
Cope with selfish and malicious nodes. Jinyang Li. P2P requires cooperation. Cooperation means nodes obey design However, P2P users control the nodes Modify the given software Shut down application Delete app files Rate limit application etc. P2P users are mostly selfish
E N D
Cope with selfish and malicious nodes Jinyang Li
P2P requires cooperation • Cooperation means nodes obey design • However, P2P users control the nodes • Modify the given software • Shut down application • Delete app files • Rate limit application etc. • P2P users are mostly selfish • Avoid contributing resources as much as possible • P2P nodes could be malicious • Adversary can enroll (arbitrarily) many nodes P2P nodes speak the “right” protocol, but might not do the “right” things.
Design space for combating misbehaving nodes • Enforce nodes to run desired software • Obfuscate protocol/software • Rely on hardware support to authenticate a running piece of software (Trusted computing)
Design space for combating misbehaving nodes 2. Encourage nodes not to be selfish • Design protocols so it is in a node’s best interest to contribute 3. Choose trustworthy nodes for interaction • If only a few trusted nodes turn out to be bad, it is okay since data/service is replicated
#2 Encourage non-selfish behavior • What do selfish users do in file-sharing? • Download from others, but refuse to upload • Why is it bad? • If everybody behaves like this, system is useless
Global optimal: Requires both to cooperate Nash equilibrium both defect, worst global outcome A layman’s view of game theory • Prisoner’s dilemma (PD) C D C D
Tit-for-tat • What if boy and dog play the game over many iterations? • Tit-for-tat: • Cooperate in the 1st round, mirror what your opponent did in the last round • Tit-for-tat with forgiveness: • Occasionally cooperate to end a streak of retaliation and counter-retaliation
Tit-for-tat for file sharing • Exchanging data between peers is like an iterated PD game • Break data exchange in multiple rounds. • If remote peer does not upload fast enough (defect), choke his download (play defect).
Bittorrent • Group all peers interested in the same file into a swarm • Each node has sth. the other wants • A big file is broken into pieces • Each node downloads pieces in random order • Every 10 seconds, calculate a remote peer’s upload rate, if no good, choke it • Tit-for-tat • Periodically chooses one random peer to unchoke • …with forgiveness
How tit-for-tat helps BT • Tit-for-tat in BT ensures fair exchange(?) • Tit-for-tat prevents selfish behavior(?) • All selfish behaviors are non-profitable(?)
Cautions in applying tit-for-tat in other scenarios • The game must be played over many rounds • Each peer must have “goods” valued equally by the other • What’s at stake?
# Combating malicious nodes • Malicious (Byzantine) nodes • Their goal is to bring max harm to you • May also behave randomly and unpredictably • Basic strategy • replicate data/functionalities • Obtain data or votes of results from multiple replicas • The impossibility results: • No availability when all nodes are Byzantine. • No correct agreement when >1/3 nodes are Byzantine.
What’s at stake? • What does the system vote on? • launch a nuclear missile • Buyer or seller’s reputation (eBay) • Importance of a webpage (Google) • Interesting news (digg) • Authenticity of a shared file (Credence)
Who can vote? • eBay, digg: any registered users • Can an adversary register millions of users? • Must ensure votes come from independent parties • Restrict voters to humans • Restrict one identity per human • Credence: • Central authority issues public key to nodes • Limit how fast keys are issued to each node
Binds a vote to its file Binds a vote to a user What to vote on? • Votes could be on subjective or objective matters • (Digg) Interesting vs. boring news • Credence insight: • Make votes objective, honest users similar votes • Example votes: • <abf3: britney name, mp3 = type>K • <ba9f: britney name, mp3 type>K • <35e4: name = >K
How to cast votes? • U1 downloads files abf3,ba9f,35e4 with search term “britney mp3” • <abf3: britney name, mp3 = type>K • <ba9f: britney name, mp3 type>K • <35e4: name = >K
How to use votes? • U2 obtains hashabf3,ba9f,35e4 from search “britney mp3” • Goal: Rank hashes according to votes • Collect a list of votes for each hash from peers • Weight peers using voting history correlation • Compute weighted aggregate votes on each hash • Sort
4 votes on same files; 2 positive agreements P=.5 2 positive votes from me, 3 positive votes from U1 a=.5, b=.75 Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = 1.36 Weight peers based on vote correlation My votes U1’s votes abf3 britney name b234 britney name 4567 madonna name ff45 nina name 1234 britney name abcd britney name, b234 spears name, 4567 madonna name ff45 nina name 1234 britney name
Weight peers based on vote correlation My votes U2’s votes abf3 britney name b234 britney name 4567 madonna name ff45 nina name 1234 britney name abcd britney name, b234 spears name, 4567 madonna name ff45 nina name 1234 britney name 4 votes on same files; 1 positive agreements P=0.25 2 positive votes from me, 3 positive votes from U1 a=.5, b=.75 Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = -0.57
What if there are no overlapping files? • Use transitive correlation • If A has high correlation with B, B has high correlation with C, then A has high correlation with C
Summary on DHT and P2P • What did you learn?