1120739 trust management
TRANSCRIPT
Trust Management
in P2P Network
Submitted By-
Saurabh Kumar Gupta
1120739
CO4
Content:
1. Introduction
2. Term to be used
3. Attack and Threads
4. What is Trust
5. Trust and Reputed System
6. Concepts
7. Problem
8. Conclusion
Introduction:
peer–to-peer network:
1. A decentralized network
2. All nodes in the network act as both clients and servers
3. Powered by the bandwidth of all peers
4. Ad hoc connections
Types of P2P Network:
1. File sharing e.g. Gnutella, Kazaa, Bit Torrent
2. Instant Messaging
3. Ecommerce
Existing Trust and Reputation systems:
EBay Feedback System
Terms to Use:
1. Trust- A peer’s trust in other peers based on his own past
experience.
2. Reputation- A peer’s trust in another peer based on the
experiences of other peers.
3. File Provider- A peer providing a file for download
4. Servant- A peer who is both client and server.
5. Free Rider- A peer who only downloads and does not share any
files.
6. Inauthentic files- viruses, corrupt, unreadable, wrong file type,
content not what it claimed to be.
Attack and Threads:
These threats provide the requirements for a trust and reputation
system.
1. Decoy files- A malicious peer will respond to any query with a copy
of the requested file, but will deliver a file that has been tampered
with or contains a virus at the point of download.
2. Malicious peer- A peer who either belongs to one of the groups
below or will provide an inauthentic file for every request.
3. Malicious collective- A group of malicious peers who know each
other and collaborate to subvert a P2P system.
4. Self Replication- virus such as Gnutella vbs.worm poses as a peer
and then creates a copy of itself for download.
5. Pseudo spoofing- malicious peers control multiple identities, false
pseudonyms are used to give good reputation to other
pseudonyms controlled by the same malicious peer.
What is Trust Management:
Trust and Reputation System:
1. Peers store opinions on their experiences at downloading files.
2. They store an opinion about the file provider and the file.
3. These opinions are computed either into binary or using another
mathematical probability.
4. Peers share their opinions providing recommendations for file
providers and files.
5. A peers opinion can be weighted based on how much the
querying peer trusts them.
6. The aim of the system is to eliminate malicious peers and
inauthentic files.
P2P Properties Of Trust Management:
1. No central coordination
2. No central database
3. No peer has a global view of the system
4. Global behavior emerges from local interactions
5. Peers are autonomous
6. Peers and connections are unreliable
Protocols:
1-Xrep:
1. A peer, p, queries the network for other peer’s opinions (votes)
on resources and servants.
2. Resource repository - records an ID for each file downloaded
and whether it is good(+) or bad(-)
3. Servant repository - stores the number of successful and
unsuccessful downloads by each peer.
4. Votes are converted to binary, where a positive (+) = 1 and
negative (-) = 0.
XRep has six phases:
Resource Searching and Resource Selection:
1. query network, retrieving list of files, select one to download based on trust and
reputation.
Vote Polling:
1. peer (p) asks the other peers opinions (poll request) about the resource (r) it is about
to download or on the servant (s) offering the resource.
2. Poll responses encrypted using a public key called “pkpoll” - contains the responding
peers vote, IP Address and Port.
Vote Evaluation:
1. “pkpoll” decrypted.
2. p clusters the votes, which allows it to detect those sharing the same IP address.
(pseudo spoofing)
3. An average value of all votes in the cluster is calculated and returned to the querying
peer (p).
4. A random selection of “voters” from each cluster is contacted for confirmation of their
vote using the IP and Port encrypted in “pkpoll”.
Best Servant Check:
1. Choose the most reputable servant to download file from.
Resource Downloading:
1. After download, p updates his repositories with his opinion of both the servant and
resource.
2-Trust Vector:
1. Trust Vectors are kept locally by peers.
2. Consult own “trust vector”, or request a “trust rating”
from other peers
3. Uses query messages to gain recommendations from
other peers
4. “Trust Vectors” are updated after every download with +
or – opinion.
Trust Vectors
1. are binary
2. consist of 8, 16, or 32 bits
3. length is stored as an integer variable
4. positive (1) or negative (0) opinion is represented in the vector
as 1 bit
5. updates recorded at the vectors most significant bit
Trust Rating
1. Calculated by dividing the sum of the Trust Vector by the power
of 2, then dividing the result by 2 to the power of the number of
significant bits in the vector.
Distrust Rating
1. Has more weight than a Trust Rating
2. Malicious action hard to recover from
Problems:
Performance Bottleneck
1. Main problem facing Trust and Reputation systems
2. Peer with highest reputation always selected as download
source
3. No suitable solution proposed
4. Random selection
5. Priority queue
Conclusion:
1. None of the proposed systems have been implemented in ‘real
world’
2. Hard to measure trust and reputation when measuring human
opinion
3. No standards that define what trust and reputation is and how
it should be measured
4. Policing Quality of Service in P2P networks is virtually
impossible due to their decentralized nature.
5. Each individual peer is responsible for the quality of the
content they provide only
6. Not suitable for large P2P networks, only tested on small
simulations.
7. Performance of these systems not tested in terms of
bandwidth.
8. Excessive messaging places too much strain on network.