Securing group based peer-to-peer systems

Arnedo Moreno, Joan

07 July 2009

Peer-to-peer applications enable a group of users to create a communications framework from scratch without the need of a central service provider. This is achievable via the aggregation of resources each one of them provide, creating a completely distributed collaborative environment based in a flat hierarchy of users, without the need for centralization. Usually, peer-to-peer applications are conceptualized as a global network, without any kind of logical segmentation or segregation as far as resource availability is concerned. At every model, any peer may access any resource available within the network just by being able to reach the peer that provides such resource. Although having a unique huge open network may be desirable for some applications, there are cases in which it might be interesting to create different, but not necessarily disjoint, groups of peers operating under the same global peer-topeer network. In order for peer groups to be able to operate effectively in a global peer-to-peer network, additional security services must be provided. These mechanisms should allow peers to be able to prove group membership to other members of the group, so they can be granted access to group resources, as well as ensuring that resource discovery and message exchange between peer group members remain secure. A group may need to limit membership for various reasons, such as ensuring privacy, anonymity or enforcing that peer group members are up to some specific parameter (data shared, performance, computing power, etc.) The goals of this PhD. thesis are twofold, the reason being the fact that securing a peer group can be divided at two distinct, but interrelated, layers: • Enabling effective group membership, starting from the process by which any peer becomes part of a peer group and then, following, the mechanisms by which such peer may prove its membership to other group members for the rest of the membership's lifecycle (peer group access control). • Providing a secure environment for standard operations within a peer group, which functions once any peer's membership to the group has already been established. Typical operations at this layer are those of resource location and retrieval, or messaging. In order to achieve the former goal, basic group membership and access control scenarios are categorized and formalized as part of the research work in order to assess which are the current challenges. From this study, we present a generic model proposal that fulfils the objectives of autonomy, keeps a pure peer-to-peer model and the possibility to be used in different peer-to-peer frameworks. The later goal focuses in secure mechanisms in order to provide basic security services to both resource discovery and message exchange. However, in contrast with group membership models, where a generic approach is feasible, peer group operation security is intimately tied to each specific peer-to-peer framework, since each one specifies resource location and messaging primitives in a different manner. For that reason, a specific one has been chosen for the research work: JXTA. Such election is due to the fact that JXTA's architecture is entirely based on the concept of peer groups, since it was the one to first define the concept of peer group, providing an excellent testbed for peer group research

Seguretat

Peer-to peer

IXTA

Middlewares

XMLdsig

XMLenc

Control d'acces

Peer groups

004

Efficient Range and Join Query Processing in Massively Distributed Peer-to-Peer Networks

Wang, Qiang

January 2008

Peer-to-peer (P2P) has become a modern distributed computing architecture that supports massively large-scale data management and query processing. Complex query operators such as range operator and join operator are needed by various distributed applications, including content distribution, locality-aware services, computing resource sharing, and many others. This dissertation tackles a number of problems related to range and join query processing in P2P systems: fault-tolerant range query processing under structured P2P architecture, distributed range caching under unstructured P2P architecture, and integration of heterogeneous data under unstructured P2P architecture. To support fault-tolerant range query processing so as to provide strong performance guarantees in the presence of network churn, effective replication schemes are developed at either the overlay network level or the query processing level. To facilitate range query processing, a prefetch-based caching approach is proposed to eliminate the performance bottlenecks incurred by those data items that are not well cached in the network. Finally, a purely decentralized partition-based join query operator is devised to realize bandwidth-efficient join query processing under unstructured P2P architecture. Theoretical analysis and experimental simulations demonstrate the effectiveness of the proposed approaches.

peer to peer networks

range query processing

join query processing

Computer Science

A Content Delivery Model for Online Video

Yuan, Liang

09 October 2009

Online video accounts for a large and growing portion of all Internet traffic. In order to cut bandwidth costs, it is necessary to use the available bandwidth of users to offload video downloads. Assuming that users can only keep and distribute one video at any given time, it is necessary to determine the global user cache distribution with the goal of achieving maximum peer traffic. The system model contains three different parties: viewers, idlers and servers. Viewers are those peers who are currently viewing a video. Idlers are those peers who are currently not viewing a video but are available to upload to others. Finally, servers can upload any video to any user and has infinite capacity. Every video maintains a first-in-first-out viewer queue which contains all the viewers for that video. Each viewer downloads from the peer that arrived before it, with the earliest arriving peer downloading from the server. Thus, the server must upload to one peer whenever the viewer queue is not empty. The aim of the idlers is to act as a server for a particular video, thereby eliminating all server traffic for that video. By using the popularity of videos, the number of idlers and some assumptions on the viewer arrival process, the optimal global video distribution in the user caches can be determined.

video

peer to peer

modelling

content distribution network

youtube

Electrical and Computer Engineering

Peer to Peer VoIP over IEEE 802.11 WLAN

Antham, Karunakar, Palle, Chandrashekar reddy, Mantoor, Ashwin kumar

January 2012

Voice over Internet Protocol (VoIP) over WLAN is one of the most important technologies in today’s world of communication. VoIP is simply a way to make phone calls through the internet because of the convergence of voice and data networks enables new applications and cost reductions. Voice over WLAN phones are already being offered to enterprises by leading vendors. Most of internet services or applications require centralized network to communicate, but with Ad-hoc networks there is no such requirement at all. In this report we have established a VoIP session by forming a network between Android mobile devices without using an Access point. Energy consumption is a major problem for VoIP over wireless LAN applications while using them in hand held devices. We investigated the energy consumption characteristics of our Evaluation kit during VoIP session. We further studied about new technology: “Wi-Fi Direct” which allows Wi-Fi equipped devices to share data without using wireless access points.

Peer to Peer VoIP

VoIP over WLAN

Wi-Fi

Wi-Fi Ad-Hoc

Android

A novel approach to local multimedia sharing

Motmans, Tim, Bel, Sander

January 2011

Sharing locally stored media files like music, videos and pictures has not been user-friendly for a long time now. Nowadays people, when they know where the media is stored, have to use the complicated network shares or external storage solutions like USB sticks, hard drives or even CD/DVDs to share media across different users. When the users do not know where the media is stored, they have to use Internet-based peer- to-peer applications like LimeWire, KaZaa or the Gnutella-network, which requires searching and downloading the media first, before being able to actually make use of it. But what if you do not have an Internet connection, do not want to mess around with external storage solutions nor want to wait while downloading or copying from a (network) device, but still want to make use of the media stored on another computer system? Indeed, nowadays there is not any easy solution that provides a very user-friendly, fast and responsive, flexible and stable solution for this. This problem brought us to our research question: “Is there a very easy solution for sharing or watching media throughout the local network?” After some research we stumbled upon some state-of-the-art technologies, which came very close to what we wanted to achieve, however, still having quite some drawbacks, not suitable as a solution for the problem mentioned above. We decided to innovate and tried to find a solution without any drawbacks while still being very user-friendly. We achieved quite good research results showing that: • Using a client-only network was the most efficient and flexible way to provide a stable network structure; • Java was the best programming language to provide a cross-platform application; • For compatibility with the media sharing itself an object-oriented based indexing storage structure, like db4o, yielded the best flexibility and speed in comparison with SQL or other technologies; • The streaming of the media could be achieved best by making use of Java VLC libraries. The user-friendliness of the demo application that we created was also very good, only a few clicks are sufficient to share your media across the network, no need to bother about user rights and so on. We can conclude that our research can be the base of a very successful innovative media sharing system and strongly believe, with some more adjustments in the future, that it has potential to become a very popular application along the media sharing industry.

Multimedia

Local

Sharing

New

DLNA

Orb

VLCj

Java

Network

Peer-to-peer

Efficient Range and Join Query Processing in Massively Distributed Peer-to-Peer Networks

Wang, Qiang

January 2008

Peer-to-peer (P2P) has become a modern distributed computing architecture that supports massively large-scale data management and query processing. Complex query operators such as range operator and join operator are needed by various distributed applications, including content distribution, locality-aware services, computing resource sharing, and many others. This dissertation tackles a number of problems related to range and join query processing in P2P systems: fault-tolerant range query processing under structured P2P architecture, distributed range caching under unstructured P2P architecture, and integration of heterogeneous data under unstructured P2P architecture. To support fault-tolerant range query processing so as to provide strong performance guarantees in the presence of network churn, effective replication schemes are developed at either the overlay network level or the query processing level. To facilitate range query processing, a prefetch-based caching approach is proposed to eliminate the performance bottlenecks incurred by those data items that are not well cached in the network. Finally, a purely decentralized partition-based join query operator is devised to realize bandwidth-efficient join query processing under unstructured P2P architecture. Theoretical analysis and experimental simulations demonstrate the effectiveness of the proposed approaches.

peer to peer networks

range query processing

join query processing

Computer Science

A Content Delivery Model for Online Video

Yuan, Liang

09 October 2009

Online video accounts for a large and growing portion of all Internet traffic. In order to cut bandwidth costs, it is necessary to use the available bandwidth of users to offload video downloads. Assuming that users can only keep and distribute one video at any given time, it is necessary to determine the global user cache distribution with the goal of achieving maximum peer traffic. The system model contains three different parties: viewers, idlers and servers. Viewers are those peers who are currently viewing a video. Idlers are those peers who are currently not viewing a video but are available to upload to others. Finally, servers can upload any video to any user and has infinite capacity. Every video maintains a first-in-first-out viewer queue which contains all the viewers for that video. Each viewer downloads from the peer that arrived before it, with the earliest arriving peer downloading from the server. Thus, the server must upload to one peer whenever the viewer queue is not empty. The aim of the idlers is to act as a server for a particular video, thereby eliminating all server traffic for that video. By using the popularity of videos, the number of idlers and some assumptions on the viewer arrival process, the optimal global video distribution in the user caches can be determined.

video

peer to peer

modelling

content distribution network

youtube

Electrical and Computer Engineering

Resource-Efficient Communication in the Presence of Adversaries

Young, Maxwell

January 2011

This dissertation presents algorithms for achieving communication in the presence of adversarial attacks in large, decentralized, resource-constrained networks. We consider abstract single-hop communication settings where a set of senders 𝙎 wishes to directly communicate with a set of receivers 𝙍. These results are then extended to provide resource-efficient, multi-hop communication in wireless sensor networks (WSNs), where energy is critically scarce, and peer-to-peer (P2P) networks, where bandwidth and computational power are limited. Our algorithms are provably correct in the face of attacks by a computationally bounded adversary who seeks to disrupt communication between correct participants. The first major result in this dissertation addresses a general scenario involving single-hop communication in a time-slotted network where a single sender in 𝙎 wishes to transmit a message 𝘮 to a single receiver in 𝙍. The two players share a communication channel; however, there exists an adversary who aims to prevent the transmission of 𝘮 by periodically blocking this channel. There are costs to send, receive or block 𝘮 on the channel, and we ask: How much do the two players need to spend relative to the adversary in order to guarantee transmission of the message? This problem abstracts many types of conflict in information networks, and the associated costs represent an expenditure of network resources. We show that it is significantly more costly for the adversary to block 𝘮 than for the two players to achieve communication. Specifically, if the cost to send, receive and block 𝘮 in a slot are fixed constants, and the adversary spends a total of 𝘉 slots to try to block the message, then both the sender and receiver must be active in only O(𝘉ᵠ⁻¹ + 1) slots in expectation to transmit 𝘮, where φ = (1+ √5)/2 is the golden ratio. Surprisingly, this result holds even if (1) the value of 𝘉 is unknown to either player; (2) the adversary knows the algorithms of both players, but not their random bits; and (3) the adversary is able to launch attacks using total knowledge of past actions of both players. Finally, these results are applied to two concrete problems. First, we consider jamming attacks in WSNs and address the fundamental task of propagating 𝘮 from a single device to all others in a WSN in the presence of faults; this is the problem of reliable broadcast. Second, we examine how our algorithms can mitigate application-level distributed denial-of-service attacks in wired client-server scenarios. The second major result deals with a single-hop communication problem where now 𝙎 consists of multiple senders and there is still a single receiver who wishes to obtain a message 𝘮. However, many of the senders (strictly less than half) can be faulty, failing to send 𝘮 or sending incorrect messages. While the majority of the senders possess 𝘮, rather than listening to all of 𝙎 and majority filtering on the received data, we desire an algorithm that allows the single receiver to decide on 𝘮 in a more efficient manner. To investigate this scenario, we define and devise algorithms for a new data streaming problem called the Bad Santa problem which models the selection dilemma faced by the receiver. With our results for the Bad Santa problem, we consider the problem of energy-efficient reliable broadcast. All previous results on reliable broadcast require devices to spend significant time in the energy-expensive receiving state which is a critical problem in WSNs where devices are typically battery powered. In a popular WSN model, we give a reliable broadcast protocol that achieves optimal fault tolerance (i.e., tolerates the maximum number of faults in this WSN model) and improves over previous results by achieving an expected quadratic decrease in the cost to each device. For the case where the number of faults is within a (1-∊)-factor of the optimal fault tolerance, for any constant ∊>0, we give a reliable broadcast protocol that improves further by achieving an expected (roughly) exponential decrease in the cost to each device. The third and final major result of this dissertation addresses single-hop communication where 𝙎 and 𝙍 both consist of multiple peers that need to communicate in an attack-resistant P2P network. There are several analytical results on P2P networks that can tolerate an adversary who controls a large number of peers and uses them to disrupt network functionality. Unfortunately, in such systems, operations such as data retrieval and message sending incur significant communication costs. Here, we employ cryptographic techniques to define two protocols both of which are more efficient than existing solutions. For a network of 𝘯 peers, our first protocol is deterministic with O(log²𝘯) message complexity and our second protocol is randomized with expected O(log 𝘯) message complexity; both improve over all previous results. The hidden constants and setup costs for our protocols are small and no trusted third party is required. Finally, we present an analysis showing that our protocols are practical for deployment under significant churn and adversarial behaviour.

Byzantine faults

Peer-to-peer networks

Wireless sensor networks

Algorithms

Distributed computing

Computer Science

Collaborative Data Access and Sharing in Mobile Distributed Systems

Islam, Mohammad Towhidul

January 2011

The multifaceted utilization of mobile computing devices, including smart phones, PDAs, tablet computers with increasing functionalities and the advances in wireless technologies, has fueled the utilization of collaborative computing (peer-to-peer) technique in mobile environment. Mobile collaborative computing, known as mobile peer-to-peer (MP2P), can provide an economic way of data access among users of diversified applications in our daily life (exchanging traffic condition in a busy high way, sharing price-sensitive financial information, getting the most-recent news), in national security (exchanging information and collaborating to uproot a terror network, communicating in a hostile battle field) and in natural catastrophe (seamless rescue operation in a collapsed and disaster torn area). Nonetheless, data/content dissemination among the mobile devices is the fundamental building block for all the applications in this paradigm. The objective of this research is to propose a data dissemination scheme for mobile distributed systems using an MP2P technique, which maximizes the number of required objects distributed among users and minimizes to object acquisition time. In specific, we introduce a new paradigm of information dissemination in MP2P networks. To accommodate mobility and bandwidth constraints, objects are segmented into smaller pieces for efficient information exchange. Since it is difficult for a node to know the content of every other node in the network, we propose a novel Spatial-Popularity based Information Diffusion (SPID) scheme that determines urgency of contents based on the spatial demand of mobile users and disseminates content accordingly. The segmentation policy and the dissemination scheme can reduce content acquisition time for each node. Further, to facilitate efficient scheduling of information transmission from every node in the wireless mobile networks, we modify and apply the distributed maximal independent set (MIS) algorithm. We also consider neighbor overlap for closely located mobile stations to reduce duplicate transmission to common neighbors. Different parameters in the system such as node density, scheduling among neighboring nodes, mobility pattern, and node speed have a tremendous impact on data diffusion in an MP2P environment. We have developed analytical models for our proposed scheme for object diffusion time/delay in a wireless mobile network to apprehend the interrelationship among these different parameters. In specific, we present the analytical model of object propagation in mobile networks as a function of node densities, radio range, and node speed. In the analysis, we calculate the probabilities of transmitting a single object from one node to multiple nodes using the epidemic model of spread of disease. We also incorporate the impact of node mobility, radio range, and node density in the networks into the analysis. Utilizing these transition probabilities, we construct an analytical model based on the Markov process to estimate the expected delay for diffusing an object to the entire network both for single object and multiple object scenarios. We then calculate the transmission probabilities of multiple objects among the nodes in wireless mobile networks considering network dynamics. Through extensive simulations, we demonstrate that the proposed scheme is efficient for data diffusion in mobile networks.

Distributed Systems

Mobile

Peer-to-Peer

Mobile P2P

Data Dissemination

Content Dissemination

Electrical and Computer Engineering

Bases for Trust in Online Social Networks

Shakimov, Amre

January 2012

<p>Online Social Network (OSN) services such as Facebook and Google+ are fun and useful. Hundreds of millions of users rely on these services and third-party applications to process and share personal data such as friends lists, photos, and geographic location histories. The primary drawback of today's popular OSNs is that users must fully trust a centralized service provider to properly handle their data.</p><p>This dissertation explores the feasibility of building feature-rich, privacy-preserving OSNs by shifting the bases for trust away from centralized service providers and third-party application developers and toward infrastructure providers and OSN users themselves.</p><p>We propose limiting the trust users place in service providers through two decentralized OSNs: Vis-a-Vis and Confidant. In Vis-a-Vis, privacy-sensitive data is only accessed by user-controlled code executing on ``infrastructure as a service" platforms such as EC2. In Confidant this data may only be accessed by code running on desktop PCs controlled by a user's close friends. To reduce</p><p>the risks posed by third-party OSN applications, we also developed a Multi-User Taint Tracker (MUTT). MUTT is a secure ``platform as a service" that ensures that third-party applications adhere to access policies defined by service providers and users. </p><p>Vis-a-Vis is a decentralized framework for location-based OSN services based on the</p><p>privacy-preserving notion of a Virtual Individual Server (VIS). A VIS is a personal virtual machine running within a paid compute utility. In Vis-a-Vis, a person stores her data on her own VIS, which arbitrates access to that data by others. VISs self-organize into overlay networks corresponding to social groups with whom their owners wish to share location information. Vis-a-Vis uses distributed location trees to provide efficient and scalable operations for creating, joining, leaving, searching, and publishing location data to these groups.</p><p>Confidant is a decentralized OSN platform designed to support a scalable application framework for OSN data without compromising users' privacy. Confidant replicates a user's data on servers controlled by her friends. Because data is stored on trusted servers, Confidant allows application code to run directly on these storage servers. To manage access-control policies under weakly-consistent replication, Confidant eliminates write conflicts through a lightweight cloud-based state manager and through a simple mechanism for updating the bindings between access policies and replicated data.</p><p>For securing risks from third-party OSN applications, this thesis proposes a Multi-User Taint Tracker (MUTT) -- a secure ``platform as a service'' designed to ensure that third-party applications adhere to access policies defined by service providers and users. Mutt's design is informed by a careful analysis of 170 Facebook apps, which allows us to characterize the requirements and risks posed by several classes of apps. Our MUTT prototype has been integrated into the AppScale cloud system, and experiments show that the additional data-confidentiality guarantees of running an app on MUTT come at a reasonable performance cost.</p> / Dissertation

Computer science

decentralization

online social networks

peer-to-peer

privacy

security

third-party applications