trustme anonymous management of trust relationships in decentralized p2p system n.
Skip this Video
Download Presentation
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System

Loading in 2 Seconds...

play fullscreen
1 / 20

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System - PowerPoint PPT Presentation

  • Uploaded on

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System. Aameek Singh, Ling Liu College of Computing, Georgia Tech International Conference on Peer-to-Peer Computing ( P2P’03 ) Presenter: Jianming Zhou. Introduction.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System' - tammy

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
trustme anonymous management of trust relationships in decentralized p2p system

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System

Aameek Singh, Ling Liu

College of Computing, Georgia Tech

International Conference on Peer-to-Peer Computing (P2P’03)

Presenter: Jianming Zhou

  • Open and anonymous nature of P2P invites malicious behavior
    • Sharing harmful content, viruses, etc.
  • Need decentralized mechanism to tack
    • Trust Management
      • Trust based reputation metrics
        • Measure the trustworthiness of a peer
          • Transaction-based v.s. user-based rating
        • Dynamically assign a trust value based on peer reviews
  • Issues
    • Trust Model : What reputation metrics to use
    • Access Protocol : How to access and secure their use
secure access protocol
Secure Access Protocol
  • Questions:
    • Where should the trust value of a peer be stored?
    • How to securely access other peers’ trust value?
  • Desired Feature
    • Security: protect trust hosting peer from attacks
    • Reliability: Queries get true value
    • Accountability: able to identify malicious peer
problems of existing protocols
Problems of existing protocols
  • Poll-based (Cornelli, et al[4])
    • Every peer before interacting with another peer broadcasts a trust query for that peer
    • All peers that have interacted with that peer send their votes which are combined locally
    • Public Key Cryptography used to secure
  • Problems:
    • No persistence: incomplete review counting due to peer offline; vulnerable to malicious group cooperation
    • No anonymity: identify disclosure in query message; peers giving poor trust value subject to revenge/threat such as DoS attacks.
    • Tedious decision-making: Peer needs to contact all voters to confirm.
problem of existing protocols
Problem of existing protocols
  • DHT-based (Eigenrep[8])
    • Mother peers (Hash from peer ID) hold trust value
    • Peer hash ID and query trust value from mother peers
    • Peer decides trust value by majority rule
  • Shortcomings:
    • Insecure communication: vulnerable to MIB.
    • DHT threats: routing tampering, malicious lookup..
    • No anonymity: mother peers disclosure
    • Group threats: malicious group hold value for each other
trustme protocal
TrustMe Protocal
  • Terms:
    • THA peer: peer hold trust value for a particular peer
    • Pi: peer i’s private key
    • Bi: peer i’s public key
    • SPi: peer i’s special private key
    • SBi: peer i’s special public key
    • TV: trust value
    • TS: time stamp
    • |: concatenate
    • BS: bootstrap server
    • ID: peer identifier
    • BID: special peer identifier assigned by BS
    • K(M): Encryption of message M by key K
    • Offering peer: peer offering resource
    • Querying peer: peer querying for trust value
trustme infrastructure
TrustMe: infrastructure
  • Bootstrap Server (BS)
    • Entry point for peers to enter the network
    • Acts as a kind of certification authority
    • Possess a private-public key pair <PBS, BBS>
    • BBS is publicly available to all peers
  • Each Peer
    • Possess two pair of private-public keys <Pi, Bi> and <P’i, B’i>
    • BS assigned ID : BIDi=PBS(“Valid Node”|B’i)
  • BS maintains a list of active peers
trustme protocal1
TrustMe: Protocal
  • General idea
    • Peer A broadcasts to query trust value of Peer B
    • THA peers for B reply with trust value
    • Peer A decides to interact with B based on trust value
    • Peer A reports new trust value of Peer B
    • THA peers for B update
  • Leverage smart public-key cryptography
  • Stages:
    • Peer Join, Trust Query, Trust Reply, Peer Interaction, Trust Report, Peer leave

Bootstrap server:


Generate: <SPi,SBi>

BIDi = PBS(“Valid node”|Bi’ )

Peer i:




Bi, Bi’


Assign THA Peer

<IDi, Bi, SPi, SBi>



Peer j:




Collecting Proof-of-interaction




Reply with Peer I’s trust value:


Trust Query of peer I : IDi


Report Peer X’s trust value for peer I:

IDi|SBi(“Report”|V| Bx |Px (Pi(TS|Bx|IDx)))


Peer x:



trustme query reply
TrustMe: Query/Reply
  • Query: pj query trust value of pi1,pi2,pi3…,pn
    • Q(j,{i1,i2,i3,…,in}) = IDi1|IDi2|IDi3|…|IDin
    • Broadcast query message + P2P forwarding mechanism guarantee privacy
  • Reply: THA px holding trust value of pi
    • R(x,i)=IDi|Bi|SBi|SPi(TV|TS|BIDx|P’x(TS))
      • IDi: trust value for Pi
      • Bi: for future communication with pi
      • SBi: decrypt SPi(M)
      • SPi: Guarantee reply from THA peer
      • BIDx: ensure valid replying is from px(Given B’x), + malicious THA peers can be blacklisted by their BID
      • TS/ P’x(TS): prevent reply attack
trustme anti attack 1
TrustMe: Anti-attack 1
  • Manipulating Reply Message:


    • Malicious THA Peer
      • Send wrong value (solution:▼)
        • multiple THA Peers + Majority rule
        • Punishment (BIDx blacklist)+ random THA peer assignment to reduce possibility of malicious cooperation
      • Send wrong value using other BID (▼)
        • Use P’x(TS)
    • Malicious non-THA Peer
      • Replay a genuine message (▼)
        • TS: old messages are discarded
      • Fake <SPi, SBi> keys (▼)
        • Multiple THA Peers=> Content Conflict=>Identify
trustme interact anti attack 2
TrustMe: Interact/Anti Attack 2
  • Collecting Proof-of-Interaction (pi pj)
    • Exchage Pi(TS|Bj|IDj) of each other.
      • Prevents replay (TS)
      • Cannot be generated in a fake manner
      • Bjand IDjare used for protection against using a message from Peer i’s interaction with some other peer
  • Manipulating Proof-of-Interaction Messages:
    • Replay message (▼)
      • TS : Timestamp
    • Fake (Pj, Bj) (▼)
      • Impossible for offering peer because THA Peer send Bj to Pi in reply message.
      • To prevent query peer fake: offering peer requests its public key from its THA peer
trustme report anti attack 3
TrustMe: Report/Anti-attack 3
  • Report: update trust value to THA Peers
    • Pj files a report for Pi


    • Only THA Peer can read (SPi)
    • THA Peer need Pj’s ID which can be obtained by decrypting with Bj and Bi
    • Bj and Pj to prevent unlikely scenario that malicious peers get Pi(TS|Bj|IDj)
trustme peer join leave
TrustMe: Peer Join/Leave
  • Peer Join
    • Peer posses two pair of Keys ( <Pi, Bi>,<P’i, B’i> )
      • Why use two pairs <Pi,Bi> and <P’i,B’i>
        • <P’i,B’i> used only while acting as a THA peer
        • Prevents mapping of public key to identifier after prolonged monitoring of the network Bootstrap server needs to assign a THA peer (Peer x)
    • Create a new private-public key pair <SPi, SBi>
      • Only the THA peer will have the knowledge of SPi
      • Used for secure transmission of trust values for the reply and the report phase
    • Securely transmits <IDi,Bi,SPi,SBi> to Peer x
      • Broadcast a message: BIDx|PBS(BIDx|B’x(IDi|Bi|SPi|SBi))
      • Only BS can generate and only Peer x can read
trustme peer leave
TrustMe: Peer Leave
  • Peer Leave
    • Create a new THA peer for peers it was responsible for
    • Its trust information is dumped after it is not accessed for some time
    • Not discuss how to handle unexpected leaving!
trustme benefits
TrustMe: Benefits
  • Persistence:
    • All reviews are counted and stored distributed
  • No Central Trusted Authority
    • BS is just a form of certification authority
    • All trust mechanism within the network
  • Small decision time
    • Only one reply message needed for decision
  • Ease of contribution
    • Easy to contribute its trust value for another peer
    • Just sending one reply message
analysis experiments
Analysis: Experiments
  • Effect of persistence
    • Non-persistent systems can report highly misleading values
    • Having as little as 10 malicious peers acting together can rate the peer being untrustworthy, even when it is not
  • Cost:
    • TrustMe costs more because of more broadcasts
    • Cost varies little with increase in number of THA peers
  • Response Time
    • Caching improves response times
    • Increase in number of THA peers also improves response time
  • Anonymous trust management possible
  • TrustMe provides secure and reliable access to trust values in a decentralized P2P system
  • Compatible with existing Gnutella style systems