ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Secure Trust Management Model for Peer-to-Peer File Sharing System Amuthan.A, Marimuthu.G and Kaliaperumal.G Pondicherry Engineering College/Dept of Computer Science, India. Email: {amuthan, cs0711, kaliaperumal.g}@pec.edu Abstract---File sharing refers to the providing and receiving of file over the network, a central server that operates a centralized data repository search engine within a peer-topeer network performs authentication and authorization operations with respect to users that access its services. Trust mechanism and access control technology are used in the p2p file sharing system to be more secure with respect to the existing one.
Start
Send a request for a file Receive a list of peers that have the file
Index Terms---P2P, File sharing, Trust, Reputation, Access Control.
Receive a list of peers that have the file Receive a list of peers that have the file
1. INTRODUCTION A. Background
No
In a Peer-to-Peer (P2P) file sharing system, peer communicates directly with each other to exchange information and share files. P2P system can divide into several categories (illustrate in Fig. 1.1). Centralized P2P systems (e.g., Napster [1]) use a centralized control server to manage the systems. Decentralized P2P systems try to distribute control over several peers. They can be divide into purely decentralized (e.g., Gnutella [2]) and Hybrid decentralized systems (e.g., KaZaA [3]).
Purely Decentralized E.g., Gnutella
Yes
Stop
Figure 1.2 Traditional P2P
1. 2. 3. 4.
P2P Systems
Partially Centralized E.g., Napster
File is good
Send a file request Receive a list of peers that have the requested file Select a peer Download the file
However, P2P file sharing system make the security issue a challenging problem. There is no trusted server to validate the peer. At the same time, a trust mechanism is needed to punish peers that exhibit malicious behavior (i.e., those that provide malicious content or misleading filenames) and furthermore, an access control mechanism is developed to secure the file sharing P2P network.
Decentralized
Hybrid Decentralized E.g., KaZaA
B. Motivation and Contribution Partially centralized P2P systems have been proposed to reduce the control overhead needed to run the P2P file sharing system. They also provide lower discovery time because the discovery process involves in the server. The proposed trust management model uses a reputation trust mechanism system and access mechanism system. In reputation mechanism system, each peer may record information on past experience with all peers it has interacted with and the opinion regarding the peers that have the requested file. In access control mechanism, determines who can access the system, what kind of resources can be accessed (illustrate in Fig. 1.3):
Figure 1.1: P2P System
In traditional P2P System (i.e., without any trust mechanism and access control), a user is given a list of peers that can provide the requested file. The user has then to choose one peer from which the download will be performed. In traditional P2P systems, little information is given to the user to help in the selection process. The following is the life cycle of a peer in a traditional P2P system (illustrate in Fig. 1.2)
The following is the life cycle of a peer in a Trust Management Model based P2P system.
1 Š 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Partially Centralized Architecture – In these systems, (illustrate in Fig. 2.1) there is a central server facilitate the interaction between peers by maintain directories of metadata, describing the shared files stored by the peer nodes. Although the end-to-end interaction and file exchange may take place directly between two peer nodes, the central servers facilitate this interaction by performing the lookups and identifying the nodes storing the files.
Start
Send a request for a file Receive a list of peers that have the file Select a peer based on a reputation metrics
No
Access permission Yes Access the file
Figure 2.1: Partially Centralized
File is good
Purely Decentralized Architectures – All nodes in the network perform exactly the same tasks, (illustrate in Fig. 2.2) acting both as servers and clients, and there is no central coordination of their activities. The nodes of such networks are often termed “servents” (SERVers + cliENTS),
Yes
No Update Reputation Data
Update Reputation Data
Stop
Figure 1.3 Trust Management Model P2P
1. 2. 3. 4. 5. 6.
Send a file request Receive a list of peers that have the requested file Select a peer based on a reputation metric Check the access permission Access the file Send feedback and update the reputation data Figure 2.2: Purely Decentralized
C. Organization This paper is organized as follows. In section 2 discusses the literature survey of existing system, P2P file sharing network and the list of reputation based system that we feel is more appropriate for peer-to-peer communication. In Section 3 we enlist and discuss our model of reputation based system. In Section 4 we present an access control model for our P2P file sharing system. In Section 5 we enlist the interaction procedure for our model. Section 6 is the summary of this paper. Finally we concluded with our conclusion.
Hybrid Decentralized Architectures – The basis is the same as with purely decentralized systems. (Illustrate in Fig. 2.3) Some of the nodes, however, assume a more important role, acting as local central indexes for file shared by local peers. The way in which these supernodes are assigned their role by the network varies between different systems. It is important, however, to note that these supernodes do not constitute single points of failure for a peer-to-peer network, since they are dynamically assigned and, if they fail, the network will automatically take action to replace them with others.
II. RELATED WORK Several surveys have addressed the problem of enforcing trust on P2P networks based on reputation. A. P2P File Sharing Technologies Peer-to-Peer file sharing networks are supposed to be totally decentralized, in practice this is not always true, and systems with various degrees of centralization are encountered. Specifically the following three categories are identified.
2 © 2011 ACEEE DOI: 01.IJNS.02.01.28
P2P
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Directly Trust Peer A
Directly Trust Peer B
Peer C
Indirectly Trust Figure 2.5: Indirect Trust
D. Existing P2P Reputation-based Systems This section briefly review some of the existing P2P reputation systems, we start by giving an overview of the reputation systems. OpenPrivacy – In OpenPrivacy, the reputation information is stored in a certificate. The system is similar in concept to web of trust. A peer certifies another peer through the use of certificate. Every certificate stores the value of the target’s reputation and the confidence of the certificate creator. To prevent tampering, each certificate is digitally signed with the private key of the certificate creator. This certificated are stored at the certificate creator as well as the certification target. P2Prep – In P2Prep, every peer in the system stores their interaction experience with other peers (based on pseudonym). This reputation records are being update every time an interaction takes place. These reputation records can be used by other peers to make decision when initializing an interaction. In this case, before a peer consumes a service, the peer polls other peers about their knowledge of the service provider. At the end of the interaction, the service consumer updates the reputation of the provider and at the same time updates the credibility of the peers that addressed opinion on the provider. Managing Trust – Managing Trust stores the complaints about a peer in the P-Grid. The underlying idea of the P-Grid approach is to create a virtual binary search structure with replication that is distributed over the peers and supports efficient search. The construction and the search/update operations can be performed without any central control or global knowledge. RMS – Reputation Management System (RMS) also stores the reputation information in a certificate. However, RMS is different from OpenPrivacy in the implementation of the reputation certificate. In RMS, there exists a trusted third party to record the transaction history for the subscribers. The transaction history that the trusted party stored is used by others to check the correctness of the certificate presented by a peer. EigenRep – In EigenRep, two types of value, local and global value, are being stored in the systems. The local value is stored in every peer and the global value, which is derived from multiple local values, are being handled by random peers in distributed hash table (DHT) such as CAN or Chord.
Figure 2.3: Hybrid Decentralized P2P
B. Trust and Reputation Trust and reputation mechanisms have been proposed for large environments in peer-to-peer computing, recommender systems. However, there is no universal agreement on the definition of trust and reputation. In this paper, we adopt the following working definitions: Trust – a peer’s belief in another peers capabilities, honesty and reliability based on its own direct experiences; Reputation – a peer’s belief in another peer’s capabilities, honesty and reliability based on recommendations received from other peers. Reputation can be centralized, computed by a trusted third party or it can be decentralized, computed independently by each peer after asking other peers and recommendations. Although trust and reputation are different in how they are developed, they are closely related. They are both used to evaluate a peer’s trustworthiness, so they also share some common characteristics. C. Classification of Reputation in P2P Communication In this section we present classification of reputation for peer-to-peer communication. The classification of reputation signifies if the reputation is obtained from a witness peer directly or indirectly. Based on whether the reputation is obtained directly or indirectly we identify two types of reputation they are: Direct Reputation(Trust) Indirect Reputation(Trust) Direct reputation – A peer’s belief in another peer’s capabilities, honesty and reliability based on its own direct experiences (illustrate in Fig. 2.4). Directly Trust Peer A
Peer B Figure 2.4: Direct Trust
Indirect reputation – A peer’s belief in another peer’s capabilities, honesty and reliability based on recommendations received from another peers (illustrate in Fig. 2.5).
3 © 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
III. PROPOSED SYSTEM
reputation means the aggregated general opinion given by multiple peers. P2PRep is generally combining these two factors together.
In the proposed peer-to-peer file sharing system is a windows program that allows you to host a secure peer-topeer file sharing system without any additional software or services. Users just need to install the client software on each peer. This is the following key feature in our model.
C. Trusting Peer
1 Xab(i) 0
Symmetric encryption with shared secret key Asymmetric encryption with public/private keys. Peer authentication with username/password Binary data transfer between peers All standard FTP operations Access control privileges to system resources
if a' s transacti on is success otherwise
Xab (i): the ith transaction between a and b. After n transactions. We obtained the history data History: Dab = {Xab(1), Xab(2), … , Xab(n)} sat(a, b): +1, a downloads an authentic file from b. unsat(a, b): +1, a downloads an inauthentic file from b, or a fails to download a file from b.
A. Peer software architecture model D. Evaluate Peer
In peer software architecture model it consists mainly three components (illustrate in Fig. 3.1): P2P Substrate Middleware P2P Application In P2P substrate, it manages two things overlay Management and Resource managements. In overlay management construction of the peer and maintenance of the peer join/leave in the P2P network. In resource management allocation (storage) of the file location and discovery (routing and lookup) of the peer, are handled in P2P substrate. In middleware, provides services to the P2P application, e.g., peer selection, reputation based system, authentication, authorization, integrity and FTP operation. In P2P application, potentially there could be multiple applications running on top of a single P2P substrate. Application includes file sharing and file storage systems etc.
In our model each client is requested to report the transaction detail. Also the client will calculate the credibility of the other clients, which is the total number of good transaction by over the total number of transaction by the client. Ri = ∑GAi / ∑ TAi
Notation and Assumptions
P2P Application
Middlewa re
P2P Substrat
Ri : trust score of peer i GAi : Number of good actions for this peer i TAi : total number of considered actions for this peer i
Let ID denotes Peer ID. Let PTV denotes Positive trust value. Let NTV denotes Negative trust value. Let SBU denotes Sum byte up. Let SBD denotes Sum byte download. T denotes the Time. SPTV denotes Sum of Positive trust value SNTV denotes Sum of Negative trust value CV denotes Credibility value
Hardware
In this model each peer maintains two tables, a trust table and a credibility table. The trust table is similar to the one (illustrate in the Table I) and it contain the following information:
Figure 3.1: Software Architecture Model for P2P
Table I. Trust Table
Operating System
B. P2PRep model
ID
P2Prep is a reputation-based protocol runs in a completely anonymous P2P networks. In P2Prep, local reputation management and community-wide reputation management are two different levels. Local reputation is defined as one single peer’s opinion of one other peer’s reputation, based on its formal experience. The community
NTV
SBU
SBD
T
When uploading & downloading PTV = 1; if SBU = SBD, otherwise PTV=0 NTV = 1; if SBU≠ SBD, otherwise NTV=0
4 © 2011 ACEEE DOI: 01.IJNS.02.01.28
PTV
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
The credibility table (illustrate in Table II). It stores the credibility of a peer in reporting the trust value of other peers. It contains the following information.
Subject
ID
SPTV
SNTV
CV
T
Request
Access Fail
Monitor
CV = SPTV / SNTV SPTV > SNTV; Trusted peer SPTV < SNTV; Un-trusted peer SPTV = SNTV; Indeterminate peer IV. ACCESS CONTROL
Access Function
Yes Permit
The process of giving an authenticated entity permission to do some action or access some resource. In P2P application, a peer might be authenticated to access some subset of the resources on another peer. In the proposed model (illustrate in the Fig. 4.1) the concept of access control is best described as the following things. The subject is defined as an active entity which initiates access requests and operates on objects. Users or autonomous agents can be subjects. The object is a passive entity which is target of an access. The examples of object are files, devices or any other resources that can be used by subjects. However sometimes, a subject can be an object and vice versa under the dynamic situation of access in a system or an organization. Note that identifying a subject is under the assumption of successful authentication of the subject. The model, which mediates the access from a subject to an object, grants or denies access requests, based on the security relevant attributes of subjects and objects. The model is a powerful tool for designing and analyzing system security under the assumption of complete invocation for every access.
Access Rules
Object Access control information
Object
Request
Figure 4.1: Access Control Architecture Table Iii Access Table ID
Upload
Download
Search
…
T
V. INTERACTION PROCEDURES Interaction procedure (illustrate in Fig. 5.1) in a typical interaction between a host and a client in our framework. An interaction generally consists of three phases:
Preparation phase Transaction phase Reputation phase
Firstly, the preparation phase involves the authentication process. Secondly, the transaction phase allows the client to interact with the host in order to access the files from the other peers, an access of the file can be based on the authorization. Finally, the reputation phase consists of judging the interaction based on the transaction of the file quality factors. It can be seen from the whole interaction procedure that the client plays an active role in every
A. Discretionary Access Control Discretionary access control (DAC) is an access policy that restricts access to files (and other system objects such as directories and devices) based on the identity of users. Not only does DAC let you tell the system that can access your data, it lets you specify the type of access allowed. For example, you might want everyone in the system to be able to read a particular file, but you might want only yourself and your manager to be able to change it
phase: from initializing the interaction. The host does a minimum amount of work and gets all the required information from the client and from its own database to make the decision. We believe that this is appropriate because the design principle is that the host should not waste much of its resources (such as network bandwidth and CPU cycles), which is primarily beneficial to the client (which is obtaining the files). Hub (Host) - Hub is responsible for keeping information of authentication and authorization of the peer. Agent (Client) Agent acts as both a client and a server at the same time
5 © 2011 ACEEE DOI: 01.IJNS.02.01.28
Subject Access control information
Access Request
Table Ii. Credibility Table
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Table Iv Trust Threshold
Host Peer
Client Peer Authentication
Authentication
No Valid
Preparation phase
Trust Threshold Less than x1
Meaning
Between x1 and x2
Average
Greater than x2
Full trust
Yes
Select the peer based on reputation
Server – A server is a P2P program dedicated to providing one or more services over a computer network.
Send the file location
Check Privileges
No Yes
Access the file Transaction Yes
B. Screenshots
Search the file
Request a file
Distrust
Transaction phase No Figure 6.1 The Server
Update reputation Update reputation Yes
Client – A client is a P2P Program dedicated to providing sharing the resources over a computer network Reputation phase
Another file No
Figure 5.1 Flow chart of an interaction between a host peer and client peer Figure 6.2 The Client
VI. SIMULATION AND RESULTS
File sharing – File sharing refers to the providing and receiving of files over a P2P network
Our proposed system was implemented using Microsoft Visual VB.Net version 8.0 and SQL Server 2005. For implementation we created the peer-to-peer network and file sharing system with the following. Elegant event driven paradigm for easy integration into windows application. Peer authentication and authorization at application level with username/password and with private key or with the public key. Instant alert and chart messaging All standard FTP operations. Finding the trust worthiness of the peer
Figure 6.3 File sharing
A. Experimental Setup C. Results
Our proposed experiment is built on one central server and with seven P2P clients setup with 5 upload peer, 2 download peers with the following thresholds
In our experiments we examined the dependence of peer performance from its reputation in the following scenarios. Senario1 - Increase in security authorization in P2P network
6 © 2011 ACEEE DOI: 01.IJNS.02.01.28
when
including
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
mechanisms for evaluating a transaction not only help to differentiate poorly performing peers from good ones but also ensure that malicious peers are punished and isolated. Although we have designed our trust based access control framework to work specifically with P2P file sharing networks. REFERENCES [1] Huafeng Wu, Chaojian Shi, Haiguang Chen,Chuanshan Gao, “A Trust Management Model for P2P File Sharing System” 2008 International Conference on Multimedia and Ubiquitous Engineering, , page(s) 41-44, February 2008. [2] Lara Srour, Aymaan Kayssi, Ali Chehab “Reputation-Based Algorithm for Managing Trust in File Sharing Network”, IEEE International Conference on Computer and Information Technology, January 2006. [3] S. Q. Zhang, Y.T. Yang, A trust management model for peer-to-peer computer systems, Journal of Harbin Engineering University Vol. 26, No 4, PP 522-525,Aug 2005 [4] Y. Wang, E.J. Vassil, Trust and reputation model in Peer-toPeer networks. The Third IEEE International Conference on Peer2to2Peer Computing, Linkopings, 2003. [5] E. Damian, D.C. Vimercati et al, A reputation-based approach for choosing reliable resources in Peer-to-Peer networks, The 9th ACM Conference on Computer and Communications Security. Washington DC, 2002 [6] A. Singh, L. Liu,, Anonymous management of trust relationships in decentralized P2P systems, The Third IEEE International Conference on Peer-to-Peer Computing, Linkopings, 2004. [7] K. Aberer, Z. Despotovic, Managing trust in a Peer-to-Peer information system, The Tenth International Conference on Information and Knowledge Management (ACM CIKM’01), Linkopings, 2001. [8] Li Xiong and Ling Liu. A Reputation-Based Trust Model for Peer-to-Peer eCommerce Communities. Proceedings of the IEEE International Conference on ECommerce. [9] Yao Wang and Julita Vassileva. Trust and Reputation Model in Peer-to-Peer Networks. IEEE Proceedings of the Third International Conference on Peer-to-Peer Computing (P2Pa˛r´03), 2003. [10] Ali Aydin Selpk, Ersin Uzun and Mark Regat Pariente. A Reputation-Based Trust Management System for P2P Networks. In IEEE International Symposium on Cluster Computing and the Grid, 2004. [11] Bin Yu, Munindar P. Singh and Katia Sycara. Developing Trust in Large-Scale Peer-to-Peer Systems. IEEE 2004. [12] Sergio Marti and Hector Garcia-Molina. Limited Reputation Sharing in P2P Systems. In EC’04 May20.08, 2004, New York, New York, USA.
Figure 6.4 Authorizations vs. Unauthorization
Senario2 - Decrease of positive trust value when peer starts “acting” maliciously.
Figure 6.5 Peer acting maliciously
Senario3 – Gain in positive trust value when peer starts “acting” properly.
Figure 6.6 Peer acting properly
CONCLUSION The proposed trust based access control framework satisfies the requirements of access control for P2P filesharing systems, by extending the discretionary access control model, P2P’s partial decentralized properties and peers autonomy are preserved while enabling and maintaining collaboration between peers. The trust model and score systems help to classify both known and unknown visitors according to their trustworthiness and contribution. Hence, appropriate access privileges can be assigned to each visitor accordingly. The proposed
7 © 2011 ACEEE DOI: 01.IJNS.02.01.28