CSCE 715Ankur Jain11/16/2010

Providing Witness Anonymity in Peer-to-Peer Systems

Bo Zhu, Sanjeev Setia and Sushil Jajodia

IntroductionDesign GoalsFrameworkSDT ProtocolAchievements of GoalsOverhead of SDTConclusion

Outline

Peer-to-Peer systemsDistributed application architecturePartitions task between peers

equivalently.E.g. – Skype, Cloud Computing, P2PTV

and many more.Fundamental Challenge

Trust relationship between peers.Several research studies.To build trust and reputation between

peers.

Introduction

ReliabilityComputing true trust value.Presence of malicious user.

AnonymityNon Identification of peers

AccountabilityIdentification of malicious peers.

Previous research focused on reliability.

Requirements for Trust Management

Overall GoalExtend P2P trust management systemsTo provide Witness Anonymity

To provide anonymity to person reporting malicious behavior.

To preserve privacy of peers.

To hide trust topology from malicious parties.

Motivation

Identity Anonymity

Backward Anonymity

Traceability

Non-slanderability.

Additional GoalsEfficiencyDecentralization.

Design Goals

System Model No Trusted Third Party.2 types of user

Offline Group Manager (OGM)User

# of adversaries less than threshold t.

Adversary Model 2 types of adversaries

Malicious userSelfish user

Will collude together to maximize the attack.

Framework

Network Model Mixnet based anonymous system

Consist of series of servers called MIXes.Associated with public keys.Receives encrypted messages.Decrypts, batches, permutes, forwards

messages.Strips off sender’s name and identifying

information.

Mechanism for monitoring claims sentIrrespective of claims being generated or

forwarded.

Framework

SDT – Secure Deep ThroatProvide anonymity and accountability together.Include tracing mechanism to identify user.

4 step procedureSetupRegistrationClaim BroadcastingPublic Tracing

Modes of OperationActive: Real Time requirements.Passive: Not strict Real Time requirements.

SDT Protocol

OGM generates public and secret keys.

Identification list (LIST) initially empty.

Define tag basesUsed in claim broadcasting

To create anonymous claims.

Only one per type of misbehavior per user.

SDT Protocol – Setup

User contacts OGM.

User selects identity.

Check its availability.

User obtains a member public/secret key pair.

OGM adds a new entry to LIST.

OGM select s items from LIST and sends it to user.

User sends confirmation for key pair and LIST items received.

SDT Protocol – Registration

User maintain two databases. Maintains claim sent by herself.Maintains claim received from other user.

On detecting malicious behaviorChecks database for previous entries for

same type of behavior.If not found generates new claim using tag

base.Broadcast through anonymous

communication system.Also stores claim in database.

SDT Protocol – Claim Broadcasting

On receiving claim Checks whether entry for that claim is

present or not.If yes, then drops the claim.If not check its validity and stores the claim.Also forwards it in the system.

Initializing Public TracingUser finds t claims.Checks distinctness of all t claims.Generates a message including t claims and

broadcast it to network

SDT Protocol – Claim Broadcasting

Check for entries in databases.

If found broadcast two entries as proof to disclose the identity of malicious user.

If no entries found broadcast message NO-ONE.

After receiving NO-ONE message other repeat the steps in their local LIST.

SDT Protocol – Public Tracing

Used when real time requirement is not critical.

Achieve better efficiency.

Changes in claims broadcastingClaims regarding malicious behavior not sent

immediately.Sent these claims only when queried about the

behavior of user.

Public tracing will performed on all claims to prevent multiple claims from an adversary.

SDT Protocol – Passive Mode

Peer forwards claim with a probability.Instead of flooding entire network.Lower the probability, lower is the number

of peers storing the claim.Lower is the probability that one peer

stores every t distinct claims.Require more number of witnesses in this

case.Also non zero probability that adversary

may escape disclosure.

SDT Protocol – Probabilistic Forwarding

Identity AnonymityMay be broken using Traffic Analysis or Protocol

Analysis

Traffic Analysis is prevented by Mixnet based communication system.

Protocol Analysis is also hard to perform

No public key in claim broadcasted

All parameter are calculated using discrete algorithm so very robust against brute force attack.

Achievement of Goals

Backward AnonymityAdversaries can compromise multiple peers.

Claim does not provide information regarding identity.

No way to differentiate the user on basis of claims.

Also ensured when OGM and adversaries are in contact

User’s secret key is only known to user.

No way to extract secret key from OGM.

Achievement of Goals

TraceabilityGood peers need to find a valid record of

adversary from LIST.

LIST items are distributed among different peers.

Probability of all copies controlled by adversary group is very small.

Achievement of Goals

Non-SlanderabilityMax number of claims sent by adversaries

against a user

Total number of adversaries which is less than t.

Adversaries cannot collect enough claims to remove good user from the system.

Achievement of Goals

Distributed storage of LISTOGM maintains LIST offline.LIST is stored in distributed form.Peers do not have knowledge of LIST items

with other peers.Helps in detecting a adversary even if

adversary is controlling the majority of LIST.

Overhead of SDT

Communication CostsMajor cost is forwarding claims.

Implemented using elliptic curve or hyper elliptic curve over a finite field.

Claim size not more than 409 bytes.

LIST distribution another cost.

Smaller the LIST, higher probability of message broadcast while tracing.

Overhead of SDT

Storage RequirementsFor cryptographic keys, LIST and local

databases.Storing personal keys and public key of OGM.

Only small part of the entire LIST.

Very small database requirement in passive mode.

A probabilistic forwarding approach may reduce database space in active mode.

Overhead of SDT

SDT provide witness anonymity to users reporting malicious behavior.

Two modes of operation: Active and Passive.

Overhead is acceptable in peer-to-peer systems.

Conclusion

Questions