Individualized Peer-to-peer Reputation

Description

The goal of this project is to give nodes in a p2p system an individualized, probabilistic reputation model of their peers. This should result in a system with high data retention.

An issue at the forefront of peer-to-peer storage is trusting the intent and reliability of the nodes you must communicate with. Schemes such as OpenPGP's web of trust lead to flexible, scalable trust, but require out-of-band information that does not readily translate to a peer-to-peer setting. We propose a similar system where individual peers replace this out-of-band communication with a dynamically learned probability distribution of trust values over nodes. We are implementing a decentralized file exchange protocol to demonstrate the power of personalized, learned trust. The key ideas in our system are that nodes make independent decisions about which nodes to trust and those trust tables are kept private and current. This gives nodes the ability to interact with different classes of peers differently based on trust, leading to more robust and decentralized peer-to-peer protocols. If a node is compromised, the most an attacker can learn is that that node trusted a certain group of other nodes. While the attacker can temporarily masquerade as an uncompromised node, the compromised node contains no detailed information about how the trust was obtained and the level of the mutual relationships between the compromised node and its trusted peers. A secondary motivation is to enable peers to use node profiles to detect and avoid nodes used for censorship and information poisoning, maximizing information survival.

The protocol we are using resembles BitTorrent, but it is completely decentralized and focuses on reliability and availability. By having individual peers calculate and store their own reputation data, our system is less susceptible to attacks that could poison a central reputation source. Also, individual learned reputation allows us to treat reputation as intransitive, letting us handle situations where a peer is a member of two disjoint organizations that have no trust relationship with each other. One important future direction for this system is to ensure that those in remote regions who are most vulnerable to information throttling, both incoming and outgoing, are able to fully participate. Thus, our protocols must scale over wide geographic areas and consequently be resistant to slower network links and interrupted connections. Current methods for BitTorrent scaling, such as utilizing all available upload bandwidth and trying to avoid having a peer send duplicate files should be readily adaptable to our system once we alter the fairness mechanisms to represent reputation. A key task will be for the underlying machine learning algorithm to differentiate between unreliable connections and malicious peers.

Status

The current implementation focuses on a set of negative indicators a node may use to edit its reputation. The next step is to create a broader node profile to match against to complement known areas of misbehavior. We will then use PlanetLab to simulate a large-scale deployment. PlanetLab will allow us to corrupt nodes with respect to either the entire network or a selected set of peers, which should give us a accurate model from which to reason about the security and feasibility of this protocol.