1 / 38

A Trust Based Assess Control Framework for P2P File-Sharing System

A Trust Based Assess Control Framework for P2P File-Sharing System. Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15. Outline. Introduction Access Control Framework Search techniques Conclusion Reference. Introduction. P2P Concept

Download Presentation

A Trust Based Assess Control Framework for P2P File-Sharing System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Trust Based Assess Control Framework for P2P File-Sharing System Speaker:Jia-Hui Huang Adviser : Kai-Wei Ke Date :2004 / 3 / 15

  2. Outline • Introduction • Access Control Framework • Search techniques • Conclusion • Reference

  3. Introduction • P2P Concept • P2P file sharing allows users on the edge of network to directly access files from on another’s drives. • Why P2P so attractive ? • Provide a flexible and universal model for the exchange of information. • Success of P2P file sharing network (i.e. Gnutella, Napster.....) • But most P2P file sharing no provide access control.

  4. Outline • Introduction • Access Control Framework • Search techniques • Conclusion • Reference

  5. Requirement • Access control model requirements • No centralized control or support • Peer classification • Encourage sharing files • Limit spreading of malicious and harmful digital content

  6. Basic idea of Framework • An access control framework based on the discretionary access control. • Each file being assigned two threshold which capture two access aspects. • Two threshold values • Trust • Contribution

  7. Overall Architecture • RD:Resource Discovery • FT:File Transfer • AC:Access Control

  8. Authentication • In this framework, a peer is equipped with a 128-bit GUID number and a pair of public/private keys. • Authentication procedure • Client sends authentication request. • Host checks in its database. • Host carries out authentication protocol. • Authentication protocol based on SSL.

  9. Scoring system • Host peer needs to classify its client peers. • Client peer is required to supply its rating certificates for the host. • Access values are evaluated via four types of scores • Direct trust • Indirect trust • Direct contribution • Indirect contribution

  10. Direct trust • The host’s belief on the client’s capacities, honesty and reliability based on the host’s direct experiences. • In this model, use Bethetal’s formula denotes the trust value that peer i has in peer j

  11. Direct trust ( Cont. ) n is the number of peer i’s satisfied transactionswith peer j. is the learning rate – a real number in the interval [0,1] must chose high enough.

  12. Indirect trust • Host peer often encounters a client peer that it has never met. • The host’s belief on the client’s capacities, honesty and reliability based on recommendations from other peers.

  13. Indirect trust ( Cont. ) • The indirect trust calculated as denotes the indirect trust of peer i in peer j k is a number fixed by the host. will be range 0 to 1 and less than or

  14. Indirect trust ( Cont. ) • Indirect trust calculate example assume k = 1

  15. Indirect trust ( Cont. ) • The two main reasons why divide by k ? • Avoid the client submit only one highest recommendation. • Allowing the host to specify a required number of recommending peers.

  16. Direct contribution • The contribution of the client to the host in term of information download/upload between them. • The direct contribution calculated as is the direct contribution of peer j to peer I denotes the amount information i download from j denotes the amount information j download from i

  17. Indirect contribution • The contribution of the client to the network in term of information volume exchange. denotes the indirect contribution of peer j from peer i’s point of view.

  18. Granting access ( Cont. ) • The client’s overall trust and contribution values calculated as • value depending on host’s control policy.

  19. Granting access • Before making a file available for sharing, a host peer defines two thresholds value for the file. • Any client peer who has equal to or greater than the corresponding thresholds can access the file

  20. Trust and contribution management • After completing a download operation, client peer has to issue the host peer a rating certificate. • Rating certificate contains the direct trust and direct contribution value based on the transaction’s satisfaction level.

  21. Rating certificate • Rating certificate format

  22. Satisfaction level • Evaluate satisfaction level based on the download speeds and file quality. • Five levels of satisfaction • Good • Fair T unchanged • Poor • Corrupted • Unknown • Harmful or malicious add to the black list

  23. Local file system • In local storage it stores follow • Received certificates in which the peer itself is the recommended peer. • Certificates which the peer issued to other peers. • A black list of peers who it believes to have committed malicious acts.

  24. Framework interaction procedure

  25. Outline • Introduction • Access Control Framework • Search techniques • Conclusion • Reference

  26. Metrics • Some metrics for evaluate the effectiveness of search technique. • Cost • Bandwidth consumed over every edge in the network on behalf of each query. • Processing cost processing power consumed at every node on behalf of each query.

  27. Metrics • Quality of results • Satisfaction of query user specify a value Z, if the number of result is equal or more than Z, the query is satisfied. • Time to satisfaction the time of result arrive.

  28. Search techniques • Inefficiency search • blind search (BFS) • Three efficient search techniques: • Iterative deepening • Directed BFS • Local indices

  29. Blind search • Node forward to all their neighbors • Find max number of results • But inefficiency

  30. Iterative deepening • Satisfaction is the metric of chose. • Multiple breadth-fist searches are initiated with successively larger depth limits until query is satisfied or max depth reached. • Time cost smaller than blind search

  31. Iterative deepening • ex. if policy is • Source node initiates a BFS of depth a. • When depth reach, if query not satisfied then continue to depth b and c

  32. Directed BFS • Minimizing response time. • DBFS technique send query messages to just a subset of its neighbors. • In order to intelligently select neighbors, node will maintain statistic on its neighbors.

  33. Directed BFS • Some heuristic can help us to select the best neighbors • Highest number of results for previous query. • Response messages taken the lowest average hop. • Has forwarded the largest number of messages. • Shortest message queue.

  34. Local indices • Maintaining a high satisfaction rate and number of results while keeping low costs. • Node maintains an index over the data of each node within r hops of itself. • Parameter r is adjustable and independent of total size of network. • It must notify when host joint network • Node index the leaving node’s collective will remove after a timeout.

  35. Local indices ex. if policy is • Query source will send the query message out to all its neighbors at depth 1. • All node at depth will process and forward to depth 2. • Depth not in list, it forward directly. • Process continue to depth 5

  36. Outline • Introduction • Access Control Framework • Search techniques • Conclusion • Reference

  37. Conclusion The framework satisfies the requirements of access control for P2P file-sharing system by trust and contribution model, and the implemented contribution work effectively as a payment scheme that giving incentive for users to share their resource. The disadvantage is some overheads in validity of signatures in the rating certificate.

  38. Reference • B. Yang and H. Carcia-Molina. Efficient Search in peer-to-peer Networks, ICDCS 2002, Jul 2002 • Thomas Beth and Malte Borcherding and Birgit klein Valuation of trust in open network

More Related