Presentation is loading. Please wait.

Presentation is loading. Please wait.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International.

Published byKelly Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International."— Presentation transcript:

1 TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International Conference on Peer-to- Peer Computing (P2P’03) Presenter: Jianming Zhou

2 Introduction Open and anonymous nature of P2P invites malicious behavior Sharing harmful content, viruses, etc. Need decentralized mechanism to tack Trust Management Trust based reputation metrics  Measure the trustworthiness of a peer  Transaction-based v.s. user-based rating  Dynamically assign a trust value based on peer reviews Issues Trust Model : What reputation metrics to use Access Protocol : How to access and secure their use

3 Secure Access Protocol Questions: Where should the trust value of a peer be stored? How to securely access other peers’ trust value? Desired Feature Security: protect trust hosting peer from attacks Reliability: Queries get true value Accountability: able to identify malicious peer

4 Problems of existing protocols Poll-based (Cornelli, et al[4]) Every peer before interacting with another peer broadcasts a trust query for that peer All peers that have interacted with that peer send their votes which are combined locally Public Key Cryptography used to secure Problems: No persistence: incomplete review counting due to peer offline; vulnerable to malicious group cooperation No anonymity: identify disclosure in query message; peers giving poor trust value subject to revenge/threat such as DoS attacks. Tedious decision-making: Peer needs to contact all voters to confirm.

5 Problem of existing protocols DHT-based (Eigenrep[8]) Mother peers (Hash from peer ID) hold trust value Peer hash ID and query trust value from mother peers Peer decides trust value by majority rule Shortcomings: Insecure communication: vulnerable to MIB. DHT threats: routing tampering, malicious lookup.. No anonymity: mother peers disclosure Group threats: malicious group hold value for each other

6 TrustMe Protocal Terms: THA peer: peer hold trust value for a particular peer P i : peer i’s private key B i : peer i’s public key SP i : peer i’s special private key SB i : peer i’s special public key TV: trust value TS: time stamp |: concatenate BS: bootstrap server ID: peer identifier BID: special peer identifier assigned by BS K(M): Encryption of message M by key K Offering peer: peer offering resource Querying peer: peer querying for trust value

7 TrustMe: infrastructure Bootstrap Server (BS) Entry point for peers to enter the network Acts as a kind of certification authority Possess a private-public key pair B BS is publicly available to all peers Each Peer Possess two pair of private-public keys and BS assigned ID : BID i =P BS (“Valid Node”|B’ i ) BS maintains a list of active peers

8 TrustMe: Protocal General idea Peer A broadcasts to query trust value of Peer B THA peers for B reply with trust value Peer A decides to interact with B based on trust value Peer A reports new trust value of Peer B THA peers for B update Leverage smart public-key cryptography Stages: Peer Join, Trust Query, Trust Reply, Peer Interaction, Trust Report, Peer leave

9 Peer i: Bootstrap server: Join 1 2 Generate: BID i = P BS (“Valid node”|B i ’ ) B i, B i ’ Assign THA Peer 3 4 Trust Query of peer I : ID i Peer j: Reply with Peer I’s trust value: ID i |B i |SB i |SP i (TV|TS|BID j |P’ j (TS)) 5 Peer x: 6 Collecting Proof-of-interaction P x (TS|B i |ID i ) P i (TS|B x |ID x ) 7 Report Peer X’s trust value for peer I: ID i |SB i (“Report”|V| B x |P x (P i (TS|B x |ID x )))

10 TrustMe: Query/Reply Query: p j query trust value of p i1,p i2,p i3 …,p n Q(j,{i 1,i 2,i 3,…,i n }) = ID i1 |ID i2 |ID i3 |…|ID in Broadcast query message + P2P forwarding mechanism guarantee privacy Reply: THA p x holding trust value of p i R(x,i)=ID i |B i |SB i |SP i (TV|TS|BID x |P ’ x (TS)) ID i : trust value for Pi B i : for future communication with pi SB i : decrypt SPi(M) SP i : Guarantee reply from THA peer BID x : ensure valid replying is from p x (Given B’ x ), + malicious THA peers can be blacklisted by their BID TS/ P’ x (TS): prevent reply attack

11 TrustMe: Anti-attack 1 Manipulating Reply Message: R(x,i)=ID i |B i |SB i |SP i (TV|TS|BID x |P ’ x (TS)) Malicious THA Peer Send wrong value (solution:▼)  multiple THA Peers + Majority rule  Punishment (BID x blacklist)+ random THA peer assignment to reduce possibility of malicious cooperation Send wrong value using other BID (▼)  Use P’ x (TS) Malicious non-THA Peer Replay a genuine message (▼)  TS: old messages are discarded Fake keys (▼)  Multiple THA Peers=> Content Conflict=>Identify

12 TrustMe: Interact/Anti Attack 2 Collecting Proof-of-Interaction (pi  pj) Exchage P i (TS|B j |ID j ) of each other. Prevents replay (TS) Cannot be generated in a fake manner B j and ID j are used for protection against using a message from Peer i’s interaction with some other peer Manipulating Proof-of-Interaction Messages: Replay message (▼) TS : Timestamp Fake (P j, B j ) (▼) Impossible for offering peer because THA Peer send B j to P i in reply message. To prevent query peer fake: offering peer requests its public key from its THA peer

13 TrustMe: Report/Anti-attack 3 Report: update trust value to THA Peers P j files a report for P i ID i |SB i (“Report”|V|B j |P j (P i (TS|B j |ID j ))) Only THA Peer can read (SP i ) THA Peer need P j ’s ID which can be obtained by decrypting with B j and B i Bj and Pj to prevent unlikely scenario that malicious peers get P i (TS|B j |ID j )

14 TrustMe: Peer Join/Leave Peer Join Peer posses two pair of Keys (, ) Why use two pairs and  used only while acting as a THA peer  Prevents mapping of public key to identifier after prolonged monitoring of the network Bootstrap server needs to assign a THA peer (Peer x) Create a new private-public key pair Only the THA peer will have the knowledge of SP i Used for secure transmission of trust values for the reply and the report phase Securely transmits to Peer x Broadcast a message: BID x |P BS (BID x |B’ x (ID i |B i |SP i |SB i )) Only BS can generate and only Peer x can read

15 TrustMe: Peer Leave Peer Leave Create a new THA peer for peers it was responsible for Its trust information is dumped after it is not accessed for some time Not discuss how to handle unexpected leaving!

16 TrustMe: Benefits Persistence: All reviews are counted and stored distributed No Central Trusted Authority BS is just a form of certification authority All trust mechanism within the network Small decision time Only one reply message needed for decision Ease of contribution Easy to contribute its trust value for another peer Just sending one reply message

17 Analysis: Experiments Effect of persistence Non-persistent systems can report highly misleading values Having as little as 10 malicious peers acting together can rate the peer being untrustworthy, even when it is not

18 Analysis: Cost: TrustMe costs more because of more broadcasts Cost varies little with increase in number of THA peers

19 Analysis: Response Time Caching improves response times Increase in number of THA peers also improves response time

20 Conclusion Anonymous trust management possible TrustMe provides secure and reliable access to trust values in a decentralized P2P system Compatible with existing Gnutella style systems

Download ppt "TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK by Aravind Renganathan.

A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK by Aravind Renganathan.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec. 2006.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Similar presentations

Ads by Google