1. peer-to-peer system

2. client-server server client client client/server client/server server

3. peer-to-peer
A peer’s resources are similar to the resources of the other participants.
peer
peer
peer
peer
peer
peer
peer
peer

4. Looking up Data in P2P Systems
Centralized directory model
Advantages : efficiency, low bandwidth usage and low storage requirement on the peers.
Drawbacks : single point of failure and limited scalability. 4

5. Flooded requests model
Advantages : no single point of failure, peers only need to know their immediate neighbours
Drawbacks : inefficient in searching, generating a lot of traffic, limited scalability

6. Document routing model
Advantages of the model : the searching is efficient, each node only needs to maintain a limited amount of information for routing queries and it provides a certain degree of fault tolerance.
Drawback of the model is that it is more complicated than the other two models.

7. Problems How to name nodes and objects
How to find other nodes efficiently
How to split data between nodes
How to prevent data from being lost

8. Content-Addressable Network (CAN)
The system is made up of a d-dimensional Cartesian coordinate space
Space divided between nodes
All nodes cover the entire space n1

9. When a node, say N2, joins the system, N2 is first mapped to a point, say R, in the system.
When N2 reaches point R, the owner of the zone within which R lies splits the zone into half and assigns one half to node N. n2 n1

10. n1 n2 n3

11. n1 n2 n3 n4

12. In a d-dimensional coordinate space, two nodes are neighbours if their coordinate spans overlap along d-1 dimensions and abut along one dimension n2 n4 n1 n3

13. a node is responsible for the items in its zone

14. User at n1 wants to look up for file i2
A node routes a message towards its destination by simple greedy forwarding to the neighbor with coordinates closest to the destination coordinates. i1 n1 n2 n3 n4 i2 i3 i4

15. node departure i1 i2 n2 i1 i2 n2 n4 i3 i3 n1 n1 n3 n3 i4 i4

16. node failure
A node sends periodic update messages to each of its neighbors giving its zone coordinates and a list of its neighbors and their zone coordinates. i1 n1 n2 n3 n4 i2 i3 i4

17. The prolonged absence of an update message from a neighbor signals its failure.
Once a node has decided that its neighbor has died it initiates the takeover mechanism by contacting all the neighbours of the failed node. i1 i2 n2 n4 i3 n1 n3 i4

18. coping with failure n1 n2 i2 n4 i4 n3 i3 i3 n3 n1 i1 i4 i2 n4 n2 i1

19. Chord Each data item is represented by a key.
Keys and nodes’ IDs are mapped to m-bit identifiers using hash functions.
Identifiers are ordered in an identifier circle modulo 2m. 7 1 6 2 5 3 4

20. Identifiers are ordered in an identifier circle modulo 2m.
Key k is assigned to the first node whose identifier is equal to or follows the identifier of k in the identifier space.
This node is called the successor node of key k, denoted by successor(k).

21. When a node n joins the network, certain keys previously assigned to n’s successor now become assigned to n.
When node n leaves the network, all of its assigned keys are reassigned to n’s successor. No other changes in assignment of keys to nodes need occur. 1 2 3 4 5 6 7
{0,4,5,6,7}
{1}
{2,3}
{0,7}
{4,5,6}

22. Looking for objects
Each node needs only be aware of its successor node on the circle.
query 5 7 1 6 2 5 3 4

23. improve the efficiency of the query routing
Each node, n, maintains a routing table with at most m entries, called the finger table
The ith entry in the table at node n contains the identity of the first node, s, that succeeds n by at least 2i-1 on the identifier circle. That is, s = successor((n+2i-1) mod 2m).
n.finger(i).start is (n+2i-1) mod 2m in the identifier circle.
n.finger(i).interval = [n.finger(i).start, n.finger(i+1).start)

25. A new node n first finds the identity of an existing Chord node n’.
n learns it predecessor and finger table from n’.
updating the finger tables of the other nodes is based on the following observations
n becomes the ith finger of a node p if and only if p precedes n by at least 2i-1
the ith finger of p succeeds n

28. Preserving the Identity of Message Sender and Receiver
Sometimes, it is important to preserve the identities of the senders and the receivers of the messages
for privacy
avoid persecution
It is possible to construct a peer-to-peer network that conceal the identity of the senders and the receivers of messages transmitted over the network.

29. Tor: The Second-Generation Onion Router
Tor seeks to frustrate attackers from linking communication partners
An overlay network formed by peers
To communicate, a user constructs a circuit (i.e. a route for transmitting data) using some of the peers in the overlay network
Each peer (called a router) in a circuit only knows its two neighbours in the circuit
The router at the entry point of the circuit knows the IP of the user, but not the IP of the party that the user wants to communicate
The router at the exit point of the router knows the IP of the party that the user wants to communicate, but not the IP of the user

30. Onion Routing
During the circuit creation, the user sets up a session key with each of the routers in the circuit.
The user encrypts the data with the session keys repeatedly, starting with the exiting router and ending with entry router
In order to find out the transmitted data, the routers in the circuit need to decrypt the data using their session keys

31. How to set up a shared secrete key
An important issue in shared secret key protocol is how to set up the shared key between two parties
If the two parties know each other in advance, they can set up the keys before the communication.
What if the two parties do not know each other?
The Diffie–Hellman key agreement method allows two parties to establish a shared secret key over an insecure communication channel.
The two parties do not need to know each other in advance.
The communication channel does not need to be secure.

32. Diffie–Hellman key agreement
Alice and Bob want to agree on a secret key
Alice and Bob need to choose two numbers p and g
p is a large prime on the order of 1024 bits
The two numbers do not need to be confidential, i.e. they can be sent over the Internet
Alice and Bob choose a large random number respectively
Alice and Bob must keep their random number secret
Alice and Bob compute a value using p, g and their chosen random numbers respectively
The computed values do not need to be secret
Alice and Bob exchange their computed value
Alice and Bob use their received value and their chosen random value to form the shared key

34. Security of Diffie–Hellman (1)

35. Security of Diffie–Hellman (2)
Man-in-the-middle attack
The attacker intercepts Alice’s and Bob’s message and relay their messages
The attacker sets a key with Alice and Bob respectively
The attackers use the keys to decrypt/encrypt Alice’s and Bob’s messages

36. Constructing a circuit (1)
TOR client obtains a list of TOR nodes from a directory server
Directory servers maintain list of which onion routers are up, their locations, current keys, exit policies, etc.

37. Constructing a circuit (2)
User establishes key and circuit with Onion Router 1 using a Diffie–Hellman variation
User sends “ Create c1, E(gx1) ” where E is a PKI encryption function that uses router 1’s key
Router 1 replies with “Created c1, gy1, H(K1)” where K1 = gx1y1 and H is a hash function
The user computes the session key with router 1 from the reply

38. Constructing a circuit (3)
User tunnels through that circuit to extend to Onion Router 2
Relay c1 {Extend, OR2, E(gx2)}
Router 1 extends the circuit by sending “Create c2, E(gx2)” to router 2
Router 2 replies “Created c2, gy2, H(K2)”
Router 1 sends “Relay c1 {Extended, gy2, H(K2)}”

39. Constructing a circuit (4)
User tunnels through that circuit to extend to Onion Router 3

40. Communicate over the circuit
Client applications connect and communicate over TOR circuit

41. Create data User encrypts the data using the session keys
User sends the encrypted data to the circuit

42. Relay data
Router 1 decrypts the data, and relays it to router 2

43. Router 2 decrypts the data, and relays it to router 3

44. Router 3 decrypts the data, find the real receiver, and relay the data to the receiver

46. Send reply to a user
When a router later replies to a user with a relay cell, it encrypts the cell’s relay header and payload with the session key it shares with the user, and sends the cell back toward the user along the circuit.
Subsequent routers add further layers of encryption as they relay the cell back to the user.

47. location-hidden services
Bob wants to offer a service, such as a webserver, without revealing his IP address
protects against distributed DoS attacks
The scheme should allow Bob to control who can access his service
Tor supports this type of service through rendezvous points

48. Message Digest (hash)
Used to represent a message with a given number of bits.
produced by condensing the information in the message
Used to guarantee that a message has not been altered in transit
Like a cryptographic checksum
The function for computing the digest (hash) of a message must be secure.
Given a message M and its hash H(M), it must be very hard to find a message M’ that has the same digest; i.e., for which H(M) = H(M’).
One-way function
If you are given the digest for a message and you are able to compute exactly the same digest for that message, then it is highly likely this message produced the digest you were given.
The message has not been altered.

49. Digital signatures
If the digest of a message is transmitted alongside the message, anybody who modifies the message can also replace the digest by one matching the modified message.
To prevent the above problem, the digest may be encrypted by the sender.
If the sender of a message encrypts the digest of the message by public key cryptography using a private key whose matching public key is available to the receiver, the encrypted digest serves as a digital signature.
assert the identity of the sender of the message
guarantee that a message was authorized by a specified entity

50. Digitally sign a message
The sender carries out the following operations
Generates a public/private key pair, Kpub and Kpri
Distribute the public key Kpub to the receiver
Computes the digest H(m) of message m
Encrypts the digest with the private key to obtain {H(m)}Kpri
Send (m, {H(m)}Kpri) to the receiver
The receiver carries out the following operations
Decrypts {H(m)}Kpri using the sender’s public key to obtain H(m)’
Check whether H(m) = H(m)’
If they are equal, m has not been tampered with, since it is infeasible to find a message that has the same digest as m
Can also be assured that the message comes from the specified sender, since only the sender has Kpri

51. Advertising service
Bob generates a long-term public key pair to identify his service.
Not issued by CA
Bob chooses some introduction points, and advertises them on the lookup service, signing the advertisement with his private key.
Bob builds a circuit to each of his introduction points, and tells them to wait for requests.

53. Contacting the server Alice learns about Bob’s service out of band
Bob told her, or she found it on a website
Alice retrieves the details of Bob’s service from the lookup service.
If Alice wants to access Bob’s service anonymously, she must connect to the lookup service via Tor.
Alice chooses a router as the rendezvous point (RP) for her connection to Bob’s service.
She builds a circuit to the RP, and gives it a randomly chosen “rendezvous cookie” to recognize Bob.
Alice connects anonymously to one of Bob’s introduction points, and gives it a message (encrypted with Bob’s public key) telling it about herself, her RP and rendezvous cookie, and the start of a DH handshake.

55. Connecting clients and services
The introduction point sends the message to Bob.
If Bob wants to talk to Alice, he builds a circuit to Alice’s RP and sends the rendezvous cookie, the second half of the DH handshake, and a hash of the session key they now share.
The RP relays this information to Alice.
The RP connects Alice’s circuit to Bob’s.
The RP can’t recognize Alice, Bob, or the data they transmit.

57. Some analysis of Tor
Tor assumes that the directory servers control who can join the peer network to become routers
Filter out most malicious peers
Tor has many directory servers, if a few directory servers disappear, Tor still works by using the others that are still available.
A hostile entity must have control of the first and the last router in order to know the communicating parties

58. reviews
What are the three techniques for looking resources in a P2P system? Compare and contrast them in terms of efficiency, reliability and scalability.
In the CAN protocol, how do we determine which node store a document and how to look up a document stored in the system?
In the CAN protocol, how do the peers determine whether a peer has left the system or has failed? How can we make sure that files stored in a system can survive failures of the peers in the system?
In the CHORD protocol, how do we determine which node store a document?
Understand how to construct the finger table for each of the node in the CHORD protocol.

59. reviews How does the Diffie–Hellman key agreement scheme work?
What attacks can be used against the Diffie–Hellman scheme? What measures can be used to counter these attacks?
Understand how to create a circuit in Tor.
Understand how a user uses a rendezvous point to connect to a anonymous service.
In Tor, how does a user know that the session key being created belong to the router that the user want to extend the circuit to?
In Tor, when a router sets up a session key with a user, what prevents the router from knowing the identity of the user?
In Tor, why do we need to encrypt the data transmitted over the circuit?

60. Readings
D.S. Milojicic et. al., Peer-to-Peer Computing, HP Laboratories, HPL
Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, and Scott Shenker. A scalable content-addressable network. In Proc. ACM SIGCOMM 2001
I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. Technical Report TR-819, MIT, March 2001
Roger Dingledine, Nick Mathewson, and Paul Syverson Tor: the second-generation onion router. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 (SSYM'04), Vol. 13. USENIX Association, Berkeley, CA, USA,
An interesting talk about Tor