This paper addresses the problem of forming groups in peer-to-peer (P2P) systems and examines what dependability means in decentralized distributed systems. Much of the literature in this field assumes that the participants form a local picture of global state, yet little research has been done discussing how this state remains stable as nodes enter and leave the system. We assume that nodes remain in the system long enough to benefit from retaining state, but not sufficiently long that the dynamic nature of the problem can be ignored. We look at the components that describe a system's dependability and argue that next-generation decentralized systems must explicitly delineate the information dispersal mechanisms (e.g., probe, event-driven, broadcast), the capabilities assumed about constituent nodes (bandwidth, uptime, re-entry distributions), and distribution of information demands (needles in a haystack vs. hay in a haystack [13]). We evaluate two systems based on these criteria: Chord [22] and a heterogeneous-node hierarchical grouping scheme [11]. The former gives a failed request rate under normal P2P conditions and a prototype of the latter a similar rate under more strenuous conditions with an order of magnitude more organizational messages. This analysis suggests several methods to greatly improve the prototype.

In this paper, we examine the issue of managing trust in peerto -peer systems. In particular, we focus on reputation-based schemes. We look at some design considerations in implementing distributed reputationbased systems, namely storage, integrity, metrics and changing of identity.

Abstract. Reputation systems for Peer-to-Peer (P2P) networks are relatively new. Most of the existing systems are centrally controlled hence raising scalability issues and single points of failure. In this paper we present a completely decentralized reputation scheme for P2P networks. The system is based on a certificate, RCert, which is a document that resides on a participating P2P node, which consists of information ratings collected from previous transactions with other peers. Central to the scheme is the concept of Public Key Infrastructure (PKI), upon on which much of the mechanism is based. In order to facilitate updates of RCert certificates, we present two protocols, RCertP and RCertP X. RCertP does not prevent the node from using older copies of RCert. An extended version, RCertP X, solves this problem by keeping track of the latest timestamp. 1

Abstract. Reputation systems help peers decide whom to trust before undertaking a transaction. Conventional approaches to reputation-based trust modeling assume that peers reputed to provide trustworthy service are also likely to provide trustworthy feedback. By basing the credibility of a peer’s feedback on its reputation as a transactor, these models become vulnerable to malicious nodes that provide good service to badmouth targeted nodes. We propose to decouple a peer’s reputation as a service provider from its reputation as a service recommender, making the reputation more robust to malicious peers. We show via simulations that a decoupled approach greatly enhances the accuracy of reputations generated, resulting in fewer malicious transactions, false positives, and false negatives. 1

We consider broadcasting in random d-regular graphs by using a simple modification of the so-called random phone call model introduced by Karp et al. [19]. In the phone call model every time step each node calls on a randomly chosen neighbour to establish a communication channel with this node. The communication channels can then be used to transmit messages in both directions. We show that, if we allow every node to choose four distinct neighbours instead of one, then the average number of message transmissions per node decreases exponentially. Formally, we present a broadcasting algorithm that has time complexity O(log n) and uses O(n log log n) transmissions per message. In contrast, we show for the standard model that every distributed and address-oblivious algorithm that broadcasts a message in time O(log n) needs Ω(n log n / log d) message transmissions. Our algorithm can efficiently handle limited communication failures, only requires rough estimates of the number of nodes, and is robust against limited changes in the size of the network. Our results have applications in peer-to-peer networks and replicated databases.

Reputation systems help establish social control in peer-to-peer networks. To be truly effective, however, a reputation system should counter attacks that compromise the reliability of user ratings. Existing reputation approaches either average a peer’s lifetime ratings or account for rating credibility by weighing each piece of feedback by the reputation of its source. While these systems improve cooperation in a P2P network, they are extremely vulnerable to unfair ratings attacks. In this paper, we recommend that reputation systems decouple a peer’s service provider reputation from its service recommender reputation, thereby, making reputations more resistant to tampering. We propose a scalable approach to system-wide decoupled service and feedback reputations and demonstrate the effectiveness of our model against previous nondecoupled reputation approaches. Our results indicate that decoupled approache significantly improves reputation accuracy, resulting in more successful transactions. Furthermore, we demonstrate the effectiveness and scalability of our decoupled approach as compared to PeerTrust, an alternative mechanism proposed for decoupled reputations. Our results are compiled from comprehensive logs collected from Maze, a large file-sharing system with over 1.4 million users supporting searches on 226TB of data.

We have examined the tradeoffs in applying regular and Compressed Bloom filters to the name query problem in distributed file systems and developed and tested a novel mechanism for scaling queries as the network grows large. Filters greatly reduced query messages when using Fan's "Summary Cache" in web cache hierarchies[6], a similar albeit smaller, searching problem. We have implemented a testbed that models a distributed file system and run experiments that test various configurations of the system to see if Bloom filters could provide the same kind of improvements. In a realistic system, where the chance that a randomly queried node holds the file being searched for is low, we show that filters always provide lower bandwidth /search and faster time/search, as long as the rates of change of the files stored at the nodes is not extremely high relative to the number of searches. In other words, we confirm the intuition that keeping some state about the contents of the rest of the system will aid in searching as long as acquiring this state is not overly costly and it does not expire too quickly.

Certificate revocation is one of the many challenges faced by Public Key Infrastructure (PKI). Certificate revocation is the action of declaring a certificate, which has not expired, is no longer valid due to various reasons ranging from change of relationship between certificate issuer and the public key owner to compromised private keys of the associated certificate to change of information contained in the certificate. All the revoked certificates by the certificate issuer must be made available to all the end-entities, which need to verify a certificate. Many schemes have been proposed for certificate revocation; each with its own strenghts and weaknesses. Some of these schemes, although straightforward and easy to implement, suffer when faced with the challenge of efficient distribution of certificate revocation information. In this paper we look into the use of Peer-to-Peer (P2P) technology to effectively and efficiently distribute the revoked information. P2P is an emerging paradigm that is now viewed as a potential technology that could re-formulate well known distributed architectures (e.g., the Internet). It is a network architecture in which all participating computers (or nodes), in most cases, have equivalent capabilities and responsibilities. Certificate revocation schemes such as Certification Revocation Lists, which has the potential to distribute very large list, will definitely benefit from the P2P implementation.

Next generation Web 2.0 communities and distributed P2P systems rely on the cooperation of diverse user populations spread across numerous administrative and security domains. Zero accountability via anonymous online identities and divergent interests result in selfish behavior that can disrupt or manipulate networks for personal gain. While “reputation systems ” are recognized as a promising means to establish social control for such communities, developing reliable reputation systems remains a challenge. Several unaddressed threats still limit the effectiveness of reputation systems. Furthermore, most existing work on reputations has focused on accurate reputations for stable systems, but not examined the implications of integrating user reputations into scalable distributed infrastructures. The primary goal of this paper is to investigate and address the critical open challenges that limit the effectiveness of reputations. First, we identify a thorough taxonomy on reputation management, and use it as our framework to classify adversarial threats that compromise reliable operation of reputation systems. Second, we survey existing research to address these threats. Finally, we present our solutions to address the two leading reasons for erroneous and misleading values produced by reputation systems today, i.e., user collusion and short-lived online identities. We believe that this paper not only serves as an introduction to reputation systems design, but will also help researchers deploy reliable reputation solutions that contribute towards improving the performance of large distributed applications.