Accountability and Resource Management in Higher Ed P2P David Molnar, Free Haven Project and ShieldIP, Inc.
25 Minutes Show Problems Approaches and Tools Example Applications Why You Should Care! What to Watch – Where Next
P2P Problems Too much bandwidth! (Napster) File sharing fills with “garbage” Intentional – “fake” songs Unintentional – searching doesn’t work “Free Riding” Misbehaving Clients
Resource Management Accountability Lesson – P2P won’t save you! Cornucopia and Tragedy of the Commons Resource Management – prevent resources from being “abused.” Accountability – prevent member from using “too many” resources without giving something back.
Two Approaches Micropayments Reputation Systems
Micropayments Pay for Play! Not necessarily “real” money. Make attack “more trouble than it’s worth.” Slow down DoS attack Maybe get something useful on side? Many many different embodiments We’ll skip the details; see P2P book chapter.
Micropayment Example: “Postage” against Spam In real life, Post Office charges money Online, “free” “unlimited” spam Charge “postage,” limit spam Too hard to charge $$ online Solve “Medium-Hard” problems for postage Maybe use the solution for something else! Dwork & Naor “Pricing via Processing”, Back “hashcash”, Juels & Jakobsson “Bread Pudding Protocols,” camram mailing list
Micropayment Example: Protecting SSL Handshake SSL = “Secure Sockets Layer” Public-key handshake hard for server, but easy for client! One laptop DoS large server Solution: force laptop to “pay” for handshake Stubblefield & Dean “Client Puzzles and TLS” in USENIX 2001
Micropayment Example: MojoNation Buy and sell services with “mojo” “swarm” download, better content distribution Transition period Will Mojo ever be worth “real money?” Is Mojo just for “load balancing?” Will users accept micropayments?
Reputation Systems Reputation as Everyday Concept Consumer Reports, book reviews, etc. Pitfalls of Reputation Online Pseudospoofing – many identities, one “adversary” Erasing bad reps Shilling How to Automate Reputation?
Reputation Example – Free Haven Free Haven – content storage service Servers have “reputations” “Probationary period” – store for “free” Server “loses” content loses reputation Idea: amount lost < total amount ever stored Still researching details
Slashdot, AIM Slashdot moderation system Frequent users annotate posts as “good”/``bad” Site displays aggregate of all votes AIM “warn/block” system Buddy harasses you – warn ‘em Too many times – blocked
Pseudospoofing and Advogato Pseudospoofing – many “identities” controlled by single adversary May shill for each other May pretend to attack each other Advogato “trust metric” Create “trust graph,” find maximum flow from “trust source” to user. Pseudospoofing nodes have small flow from “trust source” can’t “meaningfully” affect each other
Higher Ed P2P Why is Higher Ed special? More bandwidth Fluid user population (wireless coming…) “Bottleneck” bandwidth Early adopters on network What can P2P do for Higher Ed?
Example – Lecture Video Watch lecture video on PC screen P2P no central video server Issue: more popular class videos harder to find than less popular? Issue: peers die in middle of serving video?
Example – Course Materials Central web page P2P access/storage Students add course materials easily Old final exams, personal notes, links Tools - wiki, P2P filesharing + naming, P2P groupware Issues include moderation, DoS, “which is the real handout?”
Why You Should Care Designing new P2P systems? Can’t ignore these issues! Using existing P2P systems? Judge between systems. Manage a network? Encourage better P2P systems.
Things To Watch “Supernode” routing (KaZa/Morpheus) Content-aware routing Bandwidth-aware routing Consistent hashing (Chord) User Interfaces for picking P2P nodes
Where To Go Next P2P-hackers mailing list Current technical P2P discussions. Free Haven Project All the details I left out, recent work on reputations. CiteSeer Indexes research papers like no one else. O’Reilly OpenP2P.com