Citation Context

...massive node arrival/departure and are highly resilient to churn. From the point of view of content providers, relying on a P2P system allows shifting cost (e.g., bandwidth) to clients, and avoids the need for maintaining dedicated servers. A major problem that face large scale P2P systems deployed on the public domain is the existence of rational nodes, i.e., nodes that aim at receiving content without contributing their fair share, by forwarding it to others. Existing studies have shown that the presence of even a small portion of rational nodes significantly degrades the system performance [1]–[5]. This is why a number of protocols have been devised in the last decade to deal with the problem of rational nodes in collaborative systems, (e.g., rational resilient live streaming [6]–[8], spam filtering content dissemination [9] and Nparty transfer [10]). All these protocols provide incentives that encourage/force rational nodes to participate in the system. However, apart from the protocol presented in [8], all the existing solutions work under the assumption that rational nodes do not collude. This problem though has been demonstrated to be a reality in existing file sharing applicat...

Citation Context

...h taking such risk. We also suppose that rational nodes join and remain in the system for a long time and seek a long-term benefit. We refer to the source as the node that is disseminating a given content. We assume that each content is disseminated from a single source at a time but our principles can be easily applied to systems where the content is disseminated from multiple sources at the same time. We assume that all nodes but the source may be rational, or experience failures, and may organise themselves in colluding groups of arbitrary sizes. Classical fault-tolerance techniques (e.g., [21]) can relax the assumption that the source does not fail. We assume that the network allows every pair of nodes to exchange messages, and that they are eventually received if retransmitted sufficiently often. We also assume that hash functions are collision resistant and that cryptographic primitives cannot be forged. We assume that nodes are provided a pair of asymmetric keys, and denote a message m signed by a node i using its private key as (m)σ(i). As in [7] and [22], we assume that nodes maintain clocks synchronised within δ seconds, and we structure time as a sequence of rounds in which ...

Citation Context

...es collude (either in a large group or in small collusion groups), correct nodes observe 25% of message losses. The challenge we embrace in this paper is the design of a rational-resilient content dissemination protocol that prevents collusions to occur and that does not wrongfully exclude correct nodes. An observation one can start with is: a colluding behaviour can be considered as a Byzantine behaviour [13]. A legitimate question is thus to know whether it is possible to rely on existing techniques for Byzantine fault tolerance and Byzantine fault detection, such as Nysiad [14], PeerReview [15], Accountable Virtual Machines [16], Trinc [17], or A2M [18]? The answer is No. The reason is that these generic solutions for Byzantine fault tolerance and detection either assume a limited proportion of faulty nodes, or the existence of trusted nodes or hardware. Instead, we assume in this paper that all nodes can be rational, and we do not rely on any trusted entity, whether software or hardware. In this paper, we present AcTinG a content dissemination protocol that tolerates an unlimited number of (possibly colluding) rational nodes, while guaranteeing that no correct node is ever expelled...

Citation Context

...ive node arrival/departure and are highly resilient to churn. From the point of view of content providers, relying on a P2P system allows shifting cost (e.g., bandwidth) to clients, and avoids the need for maintaining dedicated servers. A major problem that face large scale P2P systems deployed on the public domain is the existence of rational nodes, i.e., nodes that aim at receiving content without contributing their fair share, by forwarding it to others. Existing studies have shown that the presence of even a small portion of rational nodes significantly degrades the system performance [1]–[5]. This is why a number of protocols have been devised in the last decade to deal with the problem of rational nodes in collaborative systems, (e.g., rational resilient live streaming [6]–[8], spam filtering content dissemination [9] and Nparty transfer [10]). All these protocols provide incentives that encourage/force rational nodes to participate in the system. However, apart from the protocol presented in [8], all the existing solutions work under the assumption that rational nodes do not collude. This problem though has been demonstrated to be a reality in existing file sharing applications...

Citation Context

...avoids the need for maintaining dedicated servers. A major problem that face large scale P2P systems deployed on the public domain is the existence of rational nodes, i.e., nodes that aim at receiving content without contributing their fair share, by forwarding it to others. Existing studies have shown that the presence of even a small portion of rational nodes significantly degrades the system performance [1]–[5]. This is why a number of protocols have been devised in the last decade to deal with the problem of rational nodes in collaborative systems, (e.g., rational resilient live streaming [6]–[8], spam filtering content dissemination [9] and Nparty transfer [10]). All these protocols provide incentives that encourage/force rational nodes to participate in the system. However, apart from the protocol presented in [8], all the existing solutions work under the assumption that rational nodes do not collude. This problem though has been demonstrated to be a reality in existing file sharing applications [11]. Handling colluding nodes is a difficult problem provided that colluders generally perform unobservable actions from the point of view of the collaborative protocol [12], which mak...

Citation Context

...ding as little as possible (possibly, none) stream updates or protocol messages to nodes not belonging to their coalition, 3) (Computation) Performing as little as possible computations for other nodes. Colluding rational nodes would typically exchange updates off the record, and, in order to save bandwidth, would not share the updates they obtained secretly with nodes outside their group. It is important to note that rational nodes are risk averse, i.e., they never deviate from the protocol if there is any risk of being evicted from the system. This assumption is commonly used in BAR systems [20]. Furthermore, this assumption is particularly relevant in our context as we use accountability techniques to deter faults and accuse nodes (as described in the following section). In this context, when a fault is detected, a proof of misbehaviour is produced, which can convince any correct node in the system of the necessity of evicting the misbehaving node. As eviction corresponds to an infinite penalty, no benefit is worth taking such risk. We also suppose that rational nodes join and remain in the system for a long time and seek a long-term benefit. We refer to the source as the node that ...

Citation Context

...ers. A major problem that face large scale P2P systems deployed on the public domain is the existence of rational nodes, i.e., nodes that aim at receiving content without contributing their fair share, by forwarding it to others. Existing studies have shown that the presence of even a small portion of rational nodes significantly degrades the system performance [1]–[5]. This is why a number of protocols have been devised in the last decade to deal with the problem of rational nodes in collaborative systems, (e.g., rational resilient live streaming [6]–[8], spam filtering content dissemination [9] and Nparty transfer [10]). All these protocols provide incentives that encourage/force rational nodes to participate in the system. However, apart from the protocol presented in [8], all the existing solutions work under the assumption that rational nodes do not collude. This problem though has been demonstrated to be a reality in existing file sharing applications [11]. Handling colluding nodes is a difficult problem provided that colluders generally perform unobservable actions from the point of view of the collaborative protocol [12], which makes their deviations difficult to deter. For ex...

Citation Context

...e streaming [6]–[8], spam filtering content dissemination [9] and Nparty transfer [10]). All these protocols provide incentives that encourage/force rational nodes to participate in the system. However, apart from the protocol presented in [8], all the existing solutions work under the assumption that rational nodes do not collude. This problem though has been demonstrated to be a reality in existing file sharing applications [11]. Handling colluding nodes is a difficult problem provided that colluders generally perform unobservable actions from the point of view of the collaborative protocol [12], which makes their deviations difficult to deter. For example, a group of colluders could be a group of nodes that collaborate to exchange content between each other “off the record” (e.g., using the silent broadcast protocol described in [12]). Such colluders do not share with nodes not belonging to the group the content they receive off the record, thus harming the protocol. To the best of our knowledge, the only gossip-based content dissemination protocol trying to prevent collusions is the LiFTinG protocol [8]. In this protocol, nodes log their interactions with other nodes and perform di...

Citation Context

...t face large scale P2P systems deployed on the public domain is the existence of rational nodes, i.e., nodes that aim at receiving content without contributing their fair share, by forwarding it to others. Existing studies have shown that the presence of even a small portion of rational nodes significantly degrades the system performance [1]–[5]. This is why a number of protocols have been devised in the last decade to deal with the problem of rational nodes in collaborative systems, (e.g., rational resilient live streaming [6]–[8], spam filtering content dissemination [9] and Nparty transfer [10]). All these protocols provide incentives that encourage/force rational nodes to participate in the system. However, apart from the protocol presented in [8], all the existing solutions work under the assumption that rational nodes do not collude. This problem though has been demonstrated to be a reality in existing file sharing applications [11]. Handling colluding nodes is a difficult problem provided that colluders generally perform unobservable actions from the point of view of the collaborative protocol [12], which makes their deviations difficult to deter. For example, a group of collude...

Citation Context

...sip protocol that is able to handle colluding nodes. We implement a streaming application that we deploy on top of the three protocols. We deploy 400 nodes on one hundred physical machines and show that AcTinG is able to deliver the entire stream despite the presence of colluders, whereas LiFTinG and BAR Gossip, both suffer heavy message losses. We also show that AcTinG is resilient to churn, and using complementary simulations involving up to a million nodes, that it is scalable: it yields a logarithmic growth of memory and bandwidth consumption, comparable to standard gossip based protocols [19]. The rest of the paper is structured as follows. Section II describes our system model. Section III introduces the core ideas of AcTinG. Section IV provides a detailed presentation of AcTinG. Section V discusses its resilience to (colluding) rational nodes. Section VI presents a detailed performance evaluation. Section VII reviews the related works. Section VIII concludes the paper. II. SYSTEM MODEL We consider a system with N nodes, which are uniquely identified, e.g., using a hash value of their IP address. We assume that nodes can join and leave the system (gently or by crashing) at any ti...

Citation Context

...est in deviating from the protocol whether individually 2We recall that the source is assumed to be a correct node. Node pyNode px Send(Serve_Updates,py) Round r Send(Propose_Updates,py) Receive(Propose_Updates,px) Send(Request_Updates,px) Receive(Request_Updates,py) Receive(Serve_Updates,px) Send(Serve_Updates,px) Send(Propose_Updates,px) Receive(Propose_Updates,py) Send(Request_Updates,py) Receive(Request_Updates,px) Receive(Serve_Updates,py) (1) (2) (3) Fig. 5. Update exchanges between nodes. or as a group. Due to the lack of space, this proof is available in the companion technical report [23]. We first evaluate the risk that two colluding partners take by deviating, for example when interacting as prescribed by the protocol, but without logging the updates they exchange. Specifically, consider two partners px and py that decide to collude. Assume px holds update u. To help py saving bandwidth in future rounds, py sends a proposition message to px that does not contain u, but logs that it has proposed u. As such, the logs of px and py appear correct if audited separately as px can not be blamed of not requesting u (as the official proposition sent by py does not contain u) and py c...