Trust and anonymity in peer-to-peer systems
Abstract
Establishing trust in an unknown entity is difficult in malicious environments. In a peer-to-peer system, the ease of malicious activity is a threat to the security of the system. Creating and managing long-term trust relationships among peers can provide a more secure environment for peer-to-peer interactions. The first part of the dissertation introduces distributed algorithms used by a peer to reason about the trustworthiness of other peers based on the available local information which includes past interactions and recommendations received from others. Peers collaborate to establish trust among each other without using a priori information or a trusted third party. A peer's trustworthiness in providing services and giving recommendations is evaluated in service and recommendation contexts. Three main trust metrics, reputation, service trust, and recommendation trust, are defined to measure trustworthiness in these contexts. An interaction is evaluated based on three parameters: satisfaction, weight, and fading effect. When evaluating a recommendation, the recommender's trustworthiness and confidence about the information are considered. A file sharing application is simulated to understand the capabilities of the proposed algorithms in mitigating attacks. For realism, peer and resource parameters are based on several empirical studies. Service and recommendation based attacks are simulated. Various behavior models representing individual, collaborative, and identity changing malicious peers are studied in the experiments. Observations demonstrate that service-based attacks can be mitigated using only local information, even though malicious peers are able to gain high reputation. The second part of the dissertation studies anonymity of trust holders in a peer-to-peer system. We present a cryptographic protocol on Chord, which provides anonymous access to trust information. Each peer becomes a trust holder by storing the information about others. Trust holders form anonymity groups and exchange verification keys by using an adaptation of the Mental Poker protocol. These keys are used to enforce participating peers to comply with the rules of the anonymity protocol. A responder to a trust query has k-anonymity protection against an adversary who can sniff all communication on the network and launch active attacks including forging, dropping, and intercepting messages. Moreover, the protocol is secure against collaborating adversaries who might be the members of an anonymity group. Our encryption scheme ensures that the initiator of a trust query can check the validity of an anonymous reply. The performance of our protocol is comparable to Chord routing.
Degree
Ph.D.
Advisors
Bhargava, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.