P2P Security - Reputation and Credibility
1.0
07/October/2003
Niels Olof Bouvin
Aarhus Universitet
Recapture from last time:
· Cryptography enables (to a high degree) secure communication
· With asymmetric cryptography (public/private keys) messages can be free from eavesdropping and tampering
· Thus, we have the basics for building a secure infrastructure
· This however still leaves the question: Who can you trust?
Reputation and Credibility
· Introduction
· Reputation and moderation systems
Introduction
Who can you trust?
· Trust is inherent in most of our social interactions
· Generally we have a pretty good idea whom to trust and whom not to trust
· People (and companies) earn and loose our trust over time
· If Alice trusts Bob, and Bob trusts Daniel, Alice is more likely to trust Daniel
o and if Bob does not trust Carol, Alice is unlikely to trust Carol
· Trust is hard to earn - easy to loose
o a powerful incentive to be nice
Trust in a computer setting
· In real life, we have a number of mechanisms for handling trust, and we are usually dealing with people we know
· On the Internet, these mechanisms break down
o "on the Internet, no one knows you're a dog"
· You can establish trust across the Internet
o and the techniques outlined last time can help you ensure that you are dealing with the person you expect
Some types of attack on the Internet
· Pseudospoofing
o using a number of aliases to influence a situation (e.g. voting)
o on-line identities are not tied to real world identities - people cannot be prevented from using various aliases
· Denial of Service
o request a service so much it becomes unavailable
o can be handled (to a degree) through caching and micropayment
· Flooding
o filling a system with garbage drowning out the valid content
o various defences: micropayment or dropping unpopular content
Reputation and moderation systems
Usenet
· People on Usenet earn their reputations by their postings
· Some are respected as authorities - others are reviled as kooks, flamers, spammers, and trolls
· Especially trolls will often change their identities as they invariantly are kill filed by their unwilling audience
o uncovering these new identities is a pastime of some newsgroup residents - but they are of course always one step behind the troll
Usenet - anti-{kook,flamer,troll} weaponry
· Most news readers have 'kill file' functionality
o the user adds an unwanted poster to his/her kill file and the unwanted one is then automatically filtered by the news reader
o disadvantage: binary, requires user intervention. Per user.
· Some news readers (Gnus) use adaptive scoring
o postings and users are awarded scores depending on the reader's actions
o advantage: much more flexible
o still not shared - does not work for newsgroups only visited seldom or for the first time
· Apart from adaptive scoring, scoring can be explicitly designated, so that specific subjects or authors are scored up or down. Scoring can depend on arbitrary computations on the postings
o disadvantage: complex
Usenet - moderation
· Some newsgroups become too cluttered by spam or flame wars
· Either the newsgroup is left to deteriorate (with the regulars moving elsewhere) or the newsgroup becomes moderated
· A number of trusted regulars are elected as moderators by the newsgroup
· A posting must hence forward be approved by a moderator, before it appears on the newsgroup
· Problems:
o moderation is hard work
o moderators can misuse their power
o moderation of newsgroup can be bypassed
Usenet - NoCeM and GroupLens
· Moderators do a great job, but
o not all newsgroups are moderated
o you may not agree with all the moderators' decisions
· NoCeM
o opt-in moderation - if you trust a moderator, you can subscribe to his/her/its decisions
· GroupLens
o moderation done by people you agree with
o you assign scores to individual postings, and thus build a profile
o the moderation done by people with similar profiles are then used to score the postings they see
Slashdot
· Purpose
o moderate postings on the discussion boards by scoring interesting posts up and scoring uninteresting/inflammatory posts down
· Moderation were traditionally handled by a group of trusted moderators
o problem: way too many posts for the moderators to handle
o misuse of moderator power (who watches the watchers?)
Slashdot - meta-moderation
· All (registered) users in good standing occasionally gets (limited) moderation power
· Moderators cannot themselves participate in the discussions they moderate
· The moderations are meta-moderated by all registered users
· Bad moderators will not moderate again (or very rarely)
Amazon
· Purpose:
o the recommendation of books, you're likely to like (and buy)
· Based on the buying habits of the Amazon customers
· You're (presumed) likely to buy books bought by people, who buy the books you buy
· This works surprisingly well
eBay
· How can you trust a stranger with your money?
· Sellers and buyers mutually rate each other after each transaction
· So, you don't buy stuff from sellers with bad reputations
· Problem:
o you can build up a good reputation over many smaller transactions and then cheat people on high price deals
Advogato
· System to establish the reputation of open source programmers
o users assign trust to each other - their own reputation determines how much their trust is worth to others
o pseudospoofing attacks become difficult as new users have zero trust to give to others
Micropayment - making cheating unprofitable
· DoS attacks becomes infeasible if attackers must pay for the used resources
· Cash payment
o using a number of sophisticated cryptographic methods
o very much an ongoing research topic
· Proof of Work (POW)
o performing some non-trivial work to gain access to a resource
o typically variation of cryptographic hash collision calculation
Summary
· Existing reputation systems provides users a modicum of quality of service
· However, they are not tamper proof and may be misused
· Even if the moderators have integrity, you may not agree with them
· Systems must have checks and balances in order to prevent abuse
P2P systems
· Reputation and security in P2P systems
· Damiani et al.
· Gupta et al
Reputation and security in P2P systems
Security?
· File sharing networks such as Gnutella do not have much protection against malicious users or dangerous content
· Some systems are more or less censorship proof (such as Freenet), but what about bad content and users?
· Or flooding and DoS?
· A central authority is not available in the fully distributed systems
· Most users are anonymous
· Who can you trust?
Damiani et al.
Distributed reputation in Gnutella using XRep
· Basic idea: collect other peers' votes on the reputation of resources and other peers
· Dangers:
o Malicious users may distribute dangerous content
o Other users may (unwittingly) distribute dangerous content
o Malicious users may lie about themselves or others
Gnutella revisited - how does it work again?
· A Gnutella peer starts out with a number of peers from "somewhere"
· It can query these peers for the peers they know, and thus build a list of potential peers to contact
· Queries are broadcast to all known peers who in turn call all their peers and so on
· Queries has a unique ID (128 bit) and a TTL (time to live). This ensures that peers do not retransmit the same query twice and that queries eventually die out
· Peers remembers received and transmitted queries and whence they came
· If a query match is found, the response (containing the query and the host address) is returned following the query route back to the originator
· The originator will (presumably) received a number of hits and then contact a host directly for downloading
Extensions to the Gnutella system
· Peers are known as "servents" (server/clients)
· All servents have (public,private) keys
· All servents have a unique ID based on a hash of their public key
· All resources have a digest - a cryptographic hash
o similar to Freenet...
· All servents have resource repositories, consisting of
o (resource_id, value)
o value: + or -
· All servents have servent repositories, consisting of
o (servent_id, num_plus, num_minus)
Resource Searching in XRep
· Queries are broadcast in normal fashion
· Query replies additionally contain
o servent_id
o digests for the matching resources
Resource searching
Resource selection and vote polling
· The user decides on a resource
· The servent queries peers about the resource and servents offering it.
· The vote polling query consists of
o the servent's generated poll public key
o the resource digest
o the servent_id for the supplying servent
· Other servents check their repositories and return their knowledge - encrypted with the public key
Resource selection and vote polling
Vote evaluation
· Votes are decrypted
· To prevent cheating by pseudospoofing IPs are collapsed and random voters queried to confirm their vote
Vote evaluation
Best servent check
· Based on the vote, the best servent is selected
· To prevent overloading the best servent, it is contacted for the resource digest (thus confirming the existence and identity of the resource)
Best servent check
Resource downloading
· A servent is decided upon, and downloading commences
· After download, the resource is checked against the digest and its repositories are updated
Resource downloading
Summary
· XRep makes it more difficult to pseudospoof by requiring different IPs (this can of course be circumvented)
· Again we see the usefulness of the cryptographic hash
· Dangerous content gets a bad score in this system
o making sure we don't download it - even from good servents
· Adds even more traffic to Gnutella...
Gupta et al
Reputation relying on a network of reputation agents
· Basic concept:
o peers calculates scores after each transaction
o these scores are collected by Reputation Computation Agents (RCA)
· Reputation scores depend on
o Behaviour
§ Content search contribution
§ Content download contribution
o Capability
§ Processing power
§ Bandwidth
§ Storage capacity
§ Memory
· Participation is voluntary
· All peers, including RCA, have (public,private) keys
Overall approach
Debit-Credit Reputation Computation
· Credit based on
o how often the peer responds to queries (QRC)
o how much the peer uploads compared to its bandwidth (DC)
o how much the peer shares (SC)
· Debit based on
o how much the peer downloads (DD)
Credit Only Reputation Computation
· No debits, but scores deteriorates over time
RCA in action
· Peers will regularly contact the RCA to update their score
· A peer sends (encrypted) Proofs of Processing consisting of
o (requester_id, query_keywords, query_size, time_stamp, self_id)
· The RCA returns a new (encrypted) score to the peer
· The RCA maintains a history of PPs to ensure that work is not credited twice
· Debits are stored until a credit PP comes in (to prevent peers from throwing debits away)
Downloading - DCRC
· The requester and sender exchange receipts for the download:
o the receipt is signed before transfer
Downloading - CORC
· Receipt sent after download
Summary
· Avoids overloading (already busy) Gnutella protocol
· At the cost of introducing a whole new layer (assumed not malicious!)
· Defence against a group of malicious peers?
o malicious peers could just claim to exchange large files
o this can be handled through Advogato like techniques
Conclusions
· Reputation and trust on the Internet is not easy
· A number of good techniques exist - often based on a central authority
o but can you trust the moderators?
· P2P makes everything worse
o no central authority
· Trust becomes an issue of trusting well-behaving peers and their judgement
o pretty much like real life
Created by JackSVG