[attachment=15309]
Abstract
Peer-to-peer (P2P) networks are self-configuring networks which plays vital role in file sharing with minimal or no central control. The purpose of securing P2P networks essential in nature. P2P networks are vulnerable to peers who cheat, propagate malicious code, leech on the network, or simply do not cooperate. The Traditional security techniques developed for the centralized distributed systems like client-server networks are insufficient for P2P networks by the virtue of their centralized nature. The absence of a central authority in a P2P network poses unique challenges for reputation management in the network. These challenges include identity management of the peers, secure reputation data management, Sybil attacks, and above all, availability of reputation data. In the proposed system, we present a cryptographic protocol for ensuring secure and timely availability of the reputation data of a peer to other peers at extremely low costs. The past behaviour of the peer is encapsulated in its digital reputation, and is subsequently used to predict its future actions. As a result, a peer’s reputation motivates it to cooperate and desist from malicious activities. The cryptographic protocol is coupled with self-certification and cryptographic mechanisms for identity management and countering Sybil attack. The reputation of requester and provider, both are considered to ostracize malicious peer in the P2P network, which leads to data secrecy, less network traffic and no delay in the transaction.
Keywords-Peer-to-peer networks, Identity management, Reputations, Security, Recommendation Chain.
I INTRODUCTION
Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the application. They are said to form a peer-to-peer network of nodes. Peers make a portion of their resources, such as processing power, disk storage or network bandwidth, directly available to other network participants, without the need for central coordination by servers or stable hosts. Peers are both suppliers and consumers of resources, in contrast to the traditional client–server model where only servers supply, and clients consume. The peer-to- peer application structure was popularized by file sharing systems like Napster. P2P networks are self-configuring networks with minimal or no central control. P2P networks are more vulnerable to dissemination of malicious or spurious content, malicious code, viruses, worms, andtrojans than the traditional client-server networks, due to their unregulated and unmanaged nature. The peers in the P2P network have to be discouraged from leeching on the network. Policing these networks is extremely difficult due to the decentralized and ad hoc nature of these networks. Besides, P2P networks, like the Internet, are physically spread across geographic boundaries and hence are subject to variable laws. The traditional mechanisms for generating trust and protecting client-server networks cannot be used for pure P2P networks. This is because the trusted central authority used in the traditional client-server networks is absent in P2P networks. Introduction of a central trusted authority like a Certificate Authority (CA) can reduce the difficulty of securing P2P networks. In the absence of any central authority, repository, or global information, there is no silver bullet for securing P2P networks.
In this paper, Reputation Systems for P2P networks are investigated—a more ambitious approach to protect the P2P network without using any central component, and thereby harnessing the full benefits of the P2P network. The reputations of the peers are used to determine whether a peer is a malicious peer or a good peer. Once detected, the malicious peers are ostracized from the network as the good peers do not perform any transactions with the malicious peers. Expulsion of malicious peers from the network significantly reduces the volume of malicious activities.
All peers in the P2P network are identified by identity certificates (aka identity). The reputation of a given peer is attached to its identity. The identity certificates are generated using self-certification, and all peers maintain their own (and hence trusted) certificate authority which issues the identity certificate(s) to the peer. Each peer owns the reputation information pertaining to all its past transactions with other peers in the network, and stores it locally. A two-party cryptographic protocol not only protects the reputation information from its owner, but also facilitates secure exchange of reputation information between the two peers participating in a transaction. The main contributions of this paper are: