1 / 20

Privacy, Security and Trust in P2P environments: A Perspective

Privacy, Security and Trust in P2P environments: A Perspective. ANIRBAN MONDAL University of Tokyo, JAPAN Contact Email address: anirban@tkl.iis.u-tokyo.ac.jp. INTRODUCTION. Dramatically growing popularity of the P2P paradigm Huge amounts of global-scale data sharing in P2P networks

merrill
Download Presentation

Privacy, Security and Trust in P2P environments: A Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy, Security and Trust in P2P environments: A Perspective ANIRBAN MONDAL University of Tokyo, JAPAN Contact Email address: anirban@tkl.iis.u-tokyo.ac.jp

  2. INTRODUCTION • Dramatically growing popularity of the P2P paradigm • Huge amounts of global-scale data sharing in P2P networks • Advantages of P2P • Scalability • No single point of failure • Efficient harnessing of the power of a large number of geographically distributed peers • Downside of P2P • No accountability  Privacy, security and trust issues

  3. P2P environments • Two kinds of environments for P2P 1. Alarge number of distributively-owned peers • Peers do not know each other • Accountability is essentially non-existent • Examples: Kazaa, Morpheus 2. Peers owned by the same organization • Accountability and organization controls usually exist We focus on Case 1

  4. The role of accountability Privacy Security Accountability Trust

  5. A Catch-22 situation What we have … What we want … Freedom Privacy Non-accountability Security Trust Anonymity

  6. A Catch-22 situation What we have … What we want … Freedom Privacy Non-accountability Security Trust Anonymity Some compromises would be necessary

  7. THE CHALLENGES • Scale • Geographically distributed peers • Can there be enforceable laws across countries? • Distributive ownership • Lack of centralized control • Lots of unknowns • Are the other peers trust-worthy? • Are there collusions between peers? • Lack of accountability

  8. The Context of Trust • Trust should depend on context • Quantifying a single trust measure for a peer is incomplete and does not reflect the diverse range of P2P interactions. • Assign multiple trust values to a peer based on context • How reliable are other peers in assigning trust values to a peer? • 1. Does expertise differ across users for a given context? • 2. How to objectively assign weights to user opinions? • 3. How to differentiate perception of trust across users? • Further exacerbating factors • A peer posing as another peer • Colluding peers • Significant changes in behavioural patterns of peers

  9. The Context of Trust • Trust should depend on context • Quantifying a single trust measure for a peer is incomplete and does not reflect the diverse range of P2P interactions. • Assign multiple trust values to a peer based on context • How reliable are other peers in assigning trust values to a peer? • 1. Does expertise differ across users for a given context? • 2. How to objectively assign weights to user opinions? • 3. How to differentiate perception of trust across users? • Further exacerbating factors • A peer posing as another peer • Colluding peers • Significant changes in behavioural patterns of peers Quantifying trust in P2P environments is challenging

  10. Accountability and Trust • Challenges in identifying a malicious peer • Scale • Peers posing as other peers • Dynamism • Monitoring peers infringes upon freedom • Example: How to trace a peer which put a virus-infected file in the network?

  11. Accountability and Trust • Challenges in identifying a malicious peer • Scale • Peers posing as other peers • Dynamism • Monitoring peers infringes upon freedom • Example: How to trace a peer which put a virus-infected file in the network? Locating the origin of malicious behaviour is a problem in itself

  12. The Law and P2P • Even if a malicious peer is identified, what is the legal recourse? • Difficulty in enforcing laws across countries • P2P-specific laws are relatively few • Lack of legal precedents • Laws books were not written with P2P in mind • Law consolidation across orthogonal disciplines • Fast pace of growth for P2P • Ingenuity of P2P system designers

  13. The Law and P2P • Even if a malicious peer is identified, what is the legal recourse? • Difficulty in enforcing laws across countries • P2P-specific laws are relatively few • Lack of legal precedents • Laws books were not written with P2P in mind • Law consolidation across orthogonal disciplines • Fast pace of growth for P2P • Ingenuity of P2P system designers Do we really need P2P-specific laws which are almost impossible to enforce?

  14. P2P for advanced applications? • Will users trust P2P systems for advanced data sharing applications? • 1. How many users would be willing to trust a system-generated trust value of a peer they have otherwise no idea about? • 2. To what extent can the past trust-related behaviour of a peer be extrapolated to the future? • Evolution of trust • Banks and trust • User perception of P2P-related risk (subjective)

  15. P2P for advanced applications? (Cont.) • Users should free to decide what they want to share  no system-imposed restrictions • User expectation of P2P systems • No great expectations because it is free • Multiple download of same data possible • We recommend • Do not incorporate accountability pro-actively • Educate users about possible risks • Let the user decide what risk is acceptable to him

  16. Towards advanced P2P applications • Currently, P2P systems are primarily used for sharing music and video files. • Should a powerful computing paradigm such as P2P be limited to just file-sharing applications? • Towards advanced P2P applications • Applications for static P2P systems • Applications for Mobile P2P systems

  17. Static P2P applications • Real estate applications • Different users with buying/renting experience • Users could exploit a considerably large pool of experiences • Such information may also be available from websites • These websites are provided by real-estate agents who wish to sell. • Comments in P2P systems are from real experience of buyers • Events management • international conferences • Medical • Discussing medical treatment options P2P interactions for complementing services (not substituting)

  18. User Anonymity and Data Quality concerns • Is user anonymity a real concern? • Users should not mention any personally identifiable information in that file. • Determining the source of any given file in a P2P system is difficult • Aggressive replication of hot files in P2P systems • Data quality concern • Some users may provide inaccurate information. • This concern also arises for the Internet, but websites do provide the ‘big picture’ reasonably well. • The same would most likely also be applicable to P2P

  19. Mobile P2P applications • Proliferation of mobile devices (e.g., laptops, PDAs, mobile phones) • Ever-increasing popularity of the P2P paradigm Mobile-P2P network applications • Which is the cheapest available`Levis’ jeans in a shopping mall? • What is the cheapest price of steak across different restaurants? • Museum visitors • Share images/video-clips of different rooms of the museum • Share songs and historical data about the museum. • Request museum’s path information (virtual reality) • Zoological applications • Disaster-recovery applications

  20. CONCLUSION 1. Future applications on P2P systems are more likely to depend upon user perception of risk 2. Evolution of trust is likely to improve popularity of advanced P2P applications 3. Effective trust models can facilitate in improving user trust in P2P applications. 4. Altruistic behaviour definitely exists in P2P environments  not too-strict policies to scare away users 5. Trust, security and privacy issues should be researched extensively for P2P networks, while considering future P2P applications 6. Trade-offs involving the importance of user freedom and the need for addressing trust, security and privacy issues should be considered meticulously We believe that P2P applications should be able to go well beyond the traditional file-sharing applications as trust evolves.

More Related