1 / 20

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System. Aameek Singh, Ling Liu College of Computing, Georgia Tech International Conference on Peer-to-Peer Computing ( P2P’03 ) Presenter: Jianming Zhou. Introduction.

tammy
Download Presentation

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International Conference on Peer-to-Peer Computing (P2P’03) Presenter: Jianming Zhou

  2. Introduction • Open and anonymous nature of P2P invites malicious behavior • Sharing harmful content, viruses, etc. • Need decentralized mechanism to tack • Trust Management • Trust based reputation metrics • Measure the trustworthiness of a peer • Transaction-based v.s. user-based rating • Dynamically assign a trust value based on peer reviews • Issues • Trust Model : What reputation metrics to use • Access Protocol : How to access and secure their use

  3. Secure Access Protocol • Questions: • Where should the trust value of a peer be stored? • How to securely access other peers’ trust value? • Desired Feature • Security: protect trust hosting peer from attacks • Reliability: Queries get true value • Accountability: able to identify malicious peer

  4. Problems of existing protocols • Poll-based (Cornelli, et al[4]) • Every peer before interacting with another peer broadcasts a trust query for that peer • All peers that have interacted with that peer send their votes which are combined locally • Public Key Cryptography used to secure • Problems: • No persistence: incomplete review counting due to peer offline; vulnerable to malicious group cooperation • No anonymity: identify disclosure in query message; peers giving poor trust value subject to revenge/threat such as DoS attacks. • Tedious decision-making: Peer needs to contact all voters to confirm.

  5. Problem of existing protocols • DHT-based (Eigenrep[8]) • Mother peers (Hash from peer ID) hold trust value • Peer hash ID and query trust value from mother peers • Peer decides trust value by majority rule • Shortcomings: • Insecure communication: vulnerable to MIB. • DHT threats: routing tampering, malicious lookup.. • No anonymity: mother peers disclosure • Group threats: malicious group hold value for each other

  6. TrustMe Protocal • Terms: • THA peer: peer hold trust value for a particular peer • Pi: peer i’s private key • Bi: peer i’s public key • SPi: peer i’s special private key • SBi: peer i’s special public key • TV: trust value • TS: time stamp • |: concatenate • BS: bootstrap server • ID: peer identifier • BID: special peer identifier assigned by BS • K(M): Encryption of message M by key K • Offering peer: peer offering resource • Querying peer: peer querying for trust value

  7. TrustMe: infrastructure • Bootstrap Server (BS) • Entry point for peers to enter the network • Acts as a kind of certification authority • Possess a private-public key pair <PBS, BBS> • BBS is publicly available to all peers • Each Peer • Possess two pair of private-public keys <Pi, Bi> and <P’i, B’i> • BS assigned ID : BIDi=PBS(“Valid Node”|B’i) • BS maintains a list of active peers

  8. TrustMe: Protocal • General idea • Peer A broadcasts to query trust value of Peer B • THA peers for B reply with trust value • Peer A decides to interact with B based on trust value • Peer A reports new trust value of Peer B • THA peers for B update • Leverage smart public-key cryptography • Stages: • Peer Join, Trust Query, Trust Reply, Peer Interaction, Trust Report, Peer leave

  9. Bootstrap server: <PBS,BBS> Generate: <SPi,SBi> BIDi = PBS(“Valid node”|Bi’ ) Peer i: <Pi,Bi> <Pi’,Bi’> 2 Bi, Bi’ 3 Assign THA Peer <IDi, Bi, SPi, SBi> 1 Join Peer j: <Pj,Bj> <Pj’,Bj’> 6 Collecting Proof-of-interaction Px(TS|Bi|IDi) 5 Pi(TS|Bx|IDx) Reply with Peer I’s trust value: IDi|Bi|SBi|SPi(TV|TS|BIDj|P’j(TS)) Trust Query of peer I : IDi 4 Report Peer X’s trust value for peer I: IDi|SBi(“Report”|V| Bx |Px (Pi(TS|Bx|IDx))) 7 Peer x: <Px,Bx> <Px’,Bx’>

  10. TrustMe: Query/Reply • Query: pj query trust value of pi1,pi2,pi3…,pn • Q(j,{i1,i2,i3,…,in}) = IDi1|IDi2|IDi3|…|IDin • Broadcast query message + P2P forwarding mechanism guarantee privacy • Reply: THA px holding trust value of pi • R(x,i)=IDi|Bi|SBi|SPi(TV|TS|BIDx|P’x(TS)) • IDi: trust value for Pi • Bi: for future communication with pi • SBi: decrypt SPi(M) • SPi: Guarantee reply from THA peer • BIDx: ensure valid replying is from px(Given B’x), + malicious THA peers can be blacklisted by their BID • TS/ P’x(TS): prevent reply attack

  11. TrustMe: Anti-attack 1 • Manipulating Reply Message: R(x,i)=IDi|Bi|SBi|SPi(TV|TS|BIDx|P’x(TS)) • Malicious THA Peer • Send wrong value (solution:▼) • multiple THA Peers + Majority rule • Punishment (BIDx blacklist)+ random THA peer assignment to reduce possibility of malicious cooperation • Send wrong value using other BID (▼) • Use P’x(TS) • Malicious non-THA Peer • Replay a genuine message (▼) • TS: old messages are discarded • Fake <SPi, SBi> keys (▼) • Multiple THA Peers=> Content Conflict=>Identify

  12. TrustMe: Interact/Anti Attack 2 • Collecting Proof-of-Interaction (pi pj) • Exchage Pi(TS|Bj|IDj) of each other. • Prevents replay (TS) • Cannot be generated in a fake manner • Bjand IDjare used for protection against using a message from Peer i’s interaction with some other peer • Manipulating Proof-of-Interaction Messages: • Replay message (▼) • TS : Timestamp • Fake (Pj, Bj) (▼) • Impossible for offering peer because THA Peer send Bj to Pi in reply message. • To prevent query peer fake: offering peer requests its public key from its THA peer

  13. TrustMe: Report/Anti-attack 3 • Report: update trust value to THA Peers • Pj files a report for Pi IDi|SBi(“Report”|V|Bj|Pj(Pi(TS|Bj|IDj))) • Only THA Peer can read (SPi) • THA Peer need Pj’s ID which can be obtained by decrypting with Bj and Bi • Bj and Pj to prevent unlikely scenario that malicious peers get Pi(TS|Bj|IDj)

  14. TrustMe: Peer Join/Leave • Peer Join • Peer posses two pair of Keys ( <Pi, Bi>,<P’i, B’i> ) • Why use two pairs <Pi,Bi> and <P’i,B’i> • <P’i,B’i> used only while acting as a THA peer • Prevents mapping of public key to identifier after prolonged monitoring of the network Bootstrap server needs to assign a THA peer (Peer x) • Create a new private-public key pair <SPi, SBi> • Only the THA peer will have the knowledge of SPi • Used for secure transmission of trust values for the reply and the report phase • Securely transmits <IDi,Bi,SPi,SBi> to Peer x • Broadcast a message: BIDx|PBS(BIDx|B’x(IDi|Bi|SPi|SBi)) • Only BS can generate and only Peer x can read

  15. TrustMe: Peer Leave • Peer Leave • Create a new THA peer for peers it was responsible for • Its trust information is dumped after it is not accessed for some time • Not discuss how to handle unexpected leaving!

  16. TrustMe: Benefits • Persistence: • All reviews are counted and stored distributed • No Central Trusted Authority • BS is just a form of certification authority • All trust mechanism within the network • Small decision time • Only one reply message needed for decision • Ease of contribution • Easy to contribute its trust value for another peer • Just sending one reply message

  17. Analysis: Experiments • Effect of persistence • Non-persistent systems can report highly misleading values • Having as little as 10 malicious peers acting together can rate the peer being untrustworthy, even when it is not

  18. Analysis: • Cost: • TrustMe costs more because of more broadcasts • Cost varies little with increase in number of THA peers

  19. Analysis: • Response Time • Caching improves response times • Increase in number of THA peers also improves response time

  20. Conclusion • Anonymous trust management possible • TrustMe provides secure and reliable access to trust values in a decentralized P2P system • Compatible with existing Gnutella style systems

More Related