P2P Storage/Bandwidth Sharing: Fairness and Security

1
P2P Storage/Bandwidth SharingFairness and
Security
2
Examples
Gnutella/KazaA P2P Networks
3
Properties of Gnutella/KazaA

• Completely decentralized
• Nobody to sue (like in Napster), corporations try
  to sabotage use of the networks
• No revocation/security mechanisms
• Freeloaders thrive

4
Examples

• Hey, I have a kool song in asf format!

Oh really? Let me have a copy!
5
Examples
Can I download from you?
Im running out of bandwidth and storage!
6
Major Issues

• Malicious files and malicious servers should be
  flagged in a secure way
• Freeloaders should not be able to utilize the
  system as freely as honest contributors.

7
Flagging Malicious Content
Good Guy
Good Guy
Saboteur
The other Good Guy is malicious!
8
How do we flag malicious behaviour/content?

• No centralized trusted entity to give this job to
  
• Some users may be bad-mouthing on others.
  Therefore, any one user can not be trusted
• Do we flag users that unknowingly pass somebody
  elses content?
• Online or offline credentials checks?

9
How do we restrict freeloading?

• For fair storage distribution, we need to be
  assured that an honest user indeed stores the
  files he claims. This has to be done
  continuously since a user can always dump the
  files.
• For fair bandwidth usage, one needs to be assured
  that an honest user provides sufficient
  bandwidth to others.

10
PAST review

• PAST is a secure distributed file-replication
  system based on Pastry routing network
• A user can not control where his file will be
  replicated but he can control the number of
  replicas (see a note below)
• A dynamic challenge mechanism makes sure that
  the replicas are really being stored
• PKI is used for digital signatures
• PAST is most suitable for backup storage or when
  the storage demands of a user are higher than his
  capacity.

11
PAST review (contd)

• Every node has semi-random nodeId assigned to it.
  Each file is assigned semi-random fileId
• A file is replicated among the nodes whose
  nodeIds are closest to the fileId (which is
  generated with a smartcard)

0
1
7
Any problems?
fileId5, 3 copies
2
6
5
3
4
12
PAST smart cards
Centralized Scheme (revocation mechanism is
needed)
Here is the secure smart card
User
CTA
Smart cards are assumed to be uncorruptable
PAST
13
P2P Storage Sharing based on PAST

• Smart card infrastructure contradicts
  decentralized nature of P2P networks (Napster is
  dead but Gnutella and KazaA are thriving)
• With no central control, decisions should be made
  by inquiring a quorum of other (random) users
• Business model should be defined
• Equilibrium should exist in the system

14
Business Model

• What does a user gain by allowing others to
  download its files?
• Should a user be charged for replication in PAST,
  or more generally for storing its files remotely?
• How 2 unacquainted users interact with each
  other?
• How would a new user be able to enter the network?

15
Can I download this song?
Can you store Yesterday for me?
Can I download this song?
Sure! Do I get credit for that?
Can I download this song?
Can I download this song?
16
For the right price!
17
Security Model

• How about collaboration attacks?
• Faking storage of a file?
• Faking/inflating popularity?
• Inflating bandwidth provided?
• Can these collaboration be formed dynamically in
  a way beneficial to the collaborating parties?
• Should the user have a say where he stores his
  files?

18
Storage Sharing Model
2). Im storing files for the guy below
1). Im auditing you. You store your files
remotely but who do you store files for?
3) Is that true?
4) Its true
19
2) This file is huge! Let me keep the first half
and you keep the 2nd and collaborate when audited
1) I want to store file A at your places
20
Bandwidth Sharing Model
1) I need to download file from you. Ill be 3
MB in debt to you
2) OK, but youll need to return the favor before
next download from me
2) OK but the transfer has to go through the
middle guy
1) I know you dont owe me, but the guy in
between owes me and you owe him.
Cold start?
21
Cold Start

• A user with no bandwidth credit should not be
  given good faith credit
• Instead the new user should cache/publish popular
  content to accumulate bandwidth credit. Should
  PAST replication be used?
• QoS metrics can be used on a pairwise level

22
Reputations of content and servers

• Orthogonal to fair storage/bandwidth sharing
• A server may be publishing somebody elses
  malicious file, or a malicious server may be
  publishing also good files. Need to separate
  reputations of servers and files.
• Good reputation allows for server to download
  more files and attracts others, thereby
  accumulating bandwidth/storage credit. Rich get
  richer
• How to avoid cold starts for servers and files?

23
3) I want to dload the files
2) OK, these files look fine. Ill publish them
as well
1) Go ahead, download my files
4) Why is my system down? Did the guy on the
right send bad files on purpose?
24
2) Sending it now
3) How about Hours instead?
1) Can you send me Matrix Reloaded?
Need to be able to check integrity of files
incrementally
25
Other issues

• Changing 1 bit in a song does not change the song
  but the file is different. If 2 files differ
  slightly should they have similar reputation?
• A fixed file should have a fixed fileId (hash of
  its content for example) but its not required.
  The same goes for nodeId
• One can poll for reputations but can this be done
  offline?
• When do we eject the server from the network?

26
Avoiding attacks
Im controlling this IP subnet!
Need to inquire over different IP subnets
and confirm the results
27
More attacks
2) I have it and the good guy below does
1) Im sending a query for Yesterday
28
Incentives to users

• Changing 1 bit nullifies reputation, therefore
  self-modifying worms/viruses will not spread
  quickly.
• A fixed file should have a fixed fileId (hash of
  its content for example) but its not required.
  The same goes for nodeId
• One can poll for reputations but can this be done
  offline?
• When do we eject the server from the network?

29
Conclusions
Any comments or ideas?