Upload
kimi
View
28
Download
0
Tags:
Embed Size (px)
DESCRIPTION
A Trust Based Assess Control Framework for P2P File-Sharing System. Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15. Outline. Introduction Access Control Framework Search techniques Conclusion Reference. Introduction. P2P Concept - PowerPoint PPT Presentation
Citation preview
A Trust Based Assess Control Framework for P2P File-Sharing System
Speaker : Jia-Hui Huang
Adviser : Kai-Wei Ke
Date : 2004 / 3 / 15
Outline
Introduction Access Control Framework Search techniques Conclusion Reference
Introduction
P2P Concept P2P file sharing allows users on the edge of
network to directly access files from on another’s drives.
Why P2P so attractive ? Provide a flexible and universal model for the
exchange of information. Success of P2P file sharing network (i.e. Gnutella,
Napster.....) But most P2P file sharing no provide access
control.
Outline
Introduction Access Control Framework Search techniques Conclusion Reference
Requirement
Access control model requirements No centralized control or support Peer classification Encourage sharing files Limit spreading of malicious and harmful digital
content
Basic idea of Framework
An access control framework based on the discretionary access control.
Each file being assigned two threshold which capture two access aspects.
Two threshold values Trust Contribution
Overall Architecture
RD : Resource Discovery
FT : File Transfer AC : Access
Control
Authentication
In this framework, a peer is equipped with a 128-bit GUID number and a pair of public/private keys.
Authentication procedure Client sends authentication request. Host checks in its database. Host carries out authentication protocol.
Authentication protocol based on SSL.
Scoring system
Host peer needs to classify its client peers. Client peer is required to supply its rating
certificates for the host. Access values are evaluated via four types of
scores Direct trust Indirect trust Direct contribution Indirect contribution
Direct trust
The host’s belief on the client’s capacities, honesty and reliability based on the host’s direct experiences.
In this model, use Bethetal’s formula
denotes the trust value that peer i has in peer j
nijT 1
ijT
Direct trust ( Cont. )
n is the number of peer i’s
satisfied transactions with peer j.
is the learning rate – a real number in the interval [0,1]
must chose high enough.
Indirect trust
Host peer often encounters a client peer that it has never met.
The host’s belief on the client’s capacities, honesty and reliability based on recommendations from other peers.
Indirect trust ( Cont. )
The indirect trust calculated as
denotes the indirect trust of peer i in peer j
k is a number fixed by the host.
will be range 0 to 1 and less than or
kTTRk
ttjitij /)(
1
ijR
ijR itT tjT
Indirect trust ( Cont. )
Indirect trust calculate example
assume k = 1
Indirect trust ( Cont. )
The two main reasons why divide by k ? Avoid the client submit only one highest
recommendation. Allowing the host to specify a required number of
recommending peers.
Direct contribution
The contribution of the client to the host in term of information download/upload between them.
The direct contribution calculated as
is the direct contribution of peer j to peer I
denotes the amount information i download from j
denotes the amount information j download from i
jiijij DDQ
ijQ
ijD
jiD
Indirect contribution
The contribution of the client to the network in term of information volume exchange.
denotes the indirect contribution of peer j from peer i’s point of view.
k
ttjitij QTP
1
ijP
Granting access ( Cont. )
The client’s overall trust and contribution values calculated as
value depending on host’s control policy.
ijRijTij RCTCA
ijPijQij PCQCB
1 RT CC
1 PQ CC
PQRT CCCC 、、、
Granting access
Before making a file available for sharing, a host peer defines two thresholds value for the file.
Any client peer who has equal to or greater than the corresponding thresholds can access the file
Trust and contribution management After completing a download operation, client
peer has to issue the host peer a rating certificate.
Rating certificate contains the direct trust and direct contribution value based on the transaction’s satisfaction level.
Rating certificate
Rating certificate format
Satisfaction level
Evaluate satisfaction level based on the download speeds and file quality.
Five levels of satisfaction Good Fair T unchanged Poor Corrupted Unknown Harmful or malicious add to the black list
0T
)1(1 nT )2/(1 nT
)1(1 nT
Local file system
In local storage it stores follow Received certificates in which the peer itself is the
recommended peer. Certificates which the peer issued to other peers. A black list of peers who it believes to have
committed malicious acts.
Framework interaction procedure
Outline
Introduction Access Control Framework Search techniques Conclusion Reference
Metrics
Some metrics for evaluate the effectiveness of search technique. Cost
Bandwidth
consumed over every edge in the network on behalf of each query.
Processing cost
processing power consumed at every node on behalf of each query.
Metrics
Quality of results Satisfaction of query
user specify a value Z, if the number of result is equal or more than Z, the query is satisfied.
Time to satisfaction
the time of result arrive.
Search techniques
Inefficiency search blind search (BFS)
Three efficient search techniques: Iterative deepening Directed BFS Local indices
Blind search
Node forward to all their neighbors
Find max number of results
But inefficiency
Iterative deepening
Satisfaction is the metric of chose. Multiple breadth-fist searches are initiated
with successively larger depth limits until query is satisfied or max depth reached.
Time cost smaller than blind search
Iterative deepening
ex.
if policy is Source node initiates a
BFS of depth a. When depth reach, if
query not satisfied then continue to depth b and c
},,{ cbaP
Directed BFS
Minimizing response time. DBFS technique send query messages to
just a subset of its neighbors. In order to intelligently select neighbors, node
will maintain statistic on its neighbors.
Directed BFS
Some heuristic can help us to select the best neighbors Highest number of results for previous query. Response messages taken the lowest average
hop. Has forwarded the largest number of messages. Shortest message queue.
Local indices
Maintaining a high satisfaction rate and number of results while keeping low costs.
Node maintains an index over the data of each node within r hops of itself.
Parameter r is adjustable and independent of total size of network.
It must notify when host joint network Node index the leaving node’s collective will
remove after a timeout.
Local indices
ex.
if policy is Query source will send the
query message out to all its neighbors at depth 1.
All node at depth will process and forward to depth 2.
Depth not in list, it forward directly.
Process continue to depth 5
}5,1{P
Outline
Introduction Access Control Framework Search techniques Conclusion Reference
Conclusion
The framework satisfies the requirements of access control for P2P file-sharing system by trust and contribution model, and the implemented contribution work effectively as a payment scheme that giving incentive for users to share their resource.
The disadvantage is some overheads in validity of signatures in the rating certificate.
Reference
B. Yang and H. Carcia-Molina. Efficient Search in peer-to-peer Networks, ICDCS 2002, Jul 2002
Thomas Beth and Malte Borcherding and Birgit klein Valuation of trust in open network