Collusion-resilient credit-based reputation for peer-to-peer content distribution Nguyen Tran, Jinyang Li, Lakshminarayanan Subramanian New York University NetEcon’10 1
Incentive in P2P CDNs A solved problem? • Yes – BitTorrent tit-for-tat provides incentives for nodes to upload during download nodes to upload during download • No – No incentives for nodes to act as seeders (seeder promotion problem) 2
Incentive in P2P CDNs A solved problem? • Yes – BitTorrent tit-for-tat provides incentives for nodes to upload during download nodes to upload during download • No – No incentives for nodes to act as seeders (seeder promotion problem) 3
Private vs public BitTorrent communities PirateBay TorrentLeech CDF Average download speed [Kbps] More seeders � better performance 4
Robust reputations � seeder promotion • Private BitTorrent – Nodes report their contribution � vulnerable • Graph-based reputation (Page-rank, max-flow) • Graph-based reputation (Page-rank, max-flow) – not capture node contribution – vulnerable to collusion 5
Credo: a credit-based reputation mechanism • capture node contribution correctly • resilient to attacks (Sybil attack and collusion) 6
Credo’s system architecture central server 7
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils central server 8
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils A central server 9
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils A seeder central server 10
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils upload upload upload upload A seeder central server 11
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils upload upload upload upload A seeder central server 12
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils download download A leecher central server 13
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils download download A leecher central server 14
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils download download A leecher central server Rep (# uploads) (# downloads ) = − 15
Credo’s system architecture • Sybil-resilient node admission using social network ( SybilLimit [S&P’08], SumUp [NSDI’09], GateKeeper [PODC’10] ) � each adversary can bring in few Sybils download download A leecher central server Rep (# uploads) (# downloads ) = − 16 Seeders choose the highest reputation leecher to serve
Seeders collect credits in exchange for uploads C D A E credit pool B B signed token credit pool 17
Nodes issue their own credits C D A B E credit pool B credit pool 18 18
Nodes issue their own credits C D A B E credit pool B credit pool Rep (# credit earned ) (# issued credit ) = − 19 19
Nodes issue their own credits C D A B E credit pool B credit pool − � Rep (# credit earned ) 2 (# issued credit ) = 20 20
Nodes issue their own credits C D A B E credit pool B To encourage nodes to use credits in credit pool credit pools before issuing new credits − � Rep (# credit earned ) 2 (# issued credit ) = 21 21
Sybil attack C D A E B X X 1 X 2 X 1 X 2 X 1 X 2 X 1 X 2 credit pool − � Rep (# credit earned ) 2 (# issued credit ) = 22
Idea 1: Credit diversity C D A E B X X 1 X 2 X 1 X 2 X 1 X 2 X 1 X 2 credit pool − � Rep (# different issuers) 2 (# issued credit ) = 23
Credit diversity is not enough C D A Y E Y 1 Y 2 B X X 1 X 2 − � Rep (# different issuers) 2 (# issued credit ) = 24
Credit diversity is not enough C D colluders A Y E Y 1 Y 2 B X X 1 X 2 − � Rep (# different issuers) 2 (# issued credit ) = 25
Credit diversity is not enough C D colluders A Y E Y 1 X X Y X 2 Y 1 X 1 Y 2 Y Y 2 X 1 X 2 Y 1 Y 2 B X 2 Y 1 X 1 Y 2 X X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 − � Rep (# different issuers) 2 (# issued credit ) = 26
Credit pool of attackers vs honest nodes C D A Y E Y 1 X X Y X 2 Y 1 X 1 Y Y 2 Y 2 X 1 X 2 Y 1 Y 2 B X 2 Y 1 X 1 Y 2 X X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 Volume = 6 Volume(c) : # of credits issued by the issuer of c 27
Credit pool of attackers vs honest nodes C D A Y E Y 1 X X Y X 2 Y 1 X 1 Y Y 2 Y 2 X 1 X 2 Y 1 Y 2 B X 2 Y 1 X 1 Y 2 X X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 Volume(c) : # of credits issued by the issuer of c 28
Credit pool of attackers vs honest nodes C D A Y E Y 1 X X Y X 2 Y 1 X 1 Y Y 2 Y 2 X 1 X 2 Y 1 Y 2 B 6 X 2 Y 1 X 1 Y 2 6 X X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 6 6 Volume(c) : # of credits issued by the issuer of c 29
Credit pool of attackers vs honest nodes C D A Y E Y 1 X X Y X 2 Y 1 X 1 Y Y 2 Y 2 X 1 X 2 Y 1 Y 2 B 6 X 2 Y 1 X 1 Y 2 6 X X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 6 all are high volume credits 6 Volume(c) : # of credits issued by the issuer of c 30
Credit pool of attackers vs honest nodes C D A 3 3 Y E Y 1 X X Y X 2 Y 1 X 1 Y Y 2 Y 2 X 1 X 2 Y 1 Y 2 3 B 6 X 2 Y 1 X 1 Y 2 6 X 6 X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 6 all are high volume credits 6 Volume(c) : # of credits issued by the issuer of c 31
Credit pool of attackers vs honest nodes C D A 3 3 Y C E E Y 1 D X X Y X 2 Y 1 X 1 Y Y 2 B B Y 2 X 1 X 2 Y 1 Y 2 3 B 6 X 2 Y 1 X 1 Y 2 6 X 6 X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 6 all are high volume credits 6 Volume(c) : # of credits issued by the issuer of c 32
Credit pool of attackers vs honest nodes C D low volume A 3 3 Y C E E Y 1 D X X Y X 2 Y 1 X 1 Y Y 2 B B Y 2 X 1 X 2 Y 1 Y 2 3 B 6 X 2 Y 1 X 1 Y 2 high volume 6 X 6 X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 Y 1 X 1 X 2 Y 2 6 all are high volume credits 6 Volume(c) : # of credits issued by the issuer of c 33
Distribution of credits’ volume 1 obability density 1013 3 313 Prob 0 3 6 Volume Expected volume distribution in a normal credit pool Volume distribution in an adversary’s credit pool 34
Idea 2: Modeling good behavior obability density 1013 3 313 Prob 0 3 6 Volume Expected volume distribution in a normal credit pool 35
Idea 2: Modeling good behavior Central server samples a obability density subset of peers and ask 1013 for # of issued credits 3 313 Prob 0 3 6 Volume Expected volume distribution in a normal credit pool 36
Idea 2: Modeling good behavior obability density 1013 3 313 Prob 0 3 6 Volume Expected volume distribution in a normal credit pool 37
Idea 2: Modeling good behavior obability density 1013 3 313 Prob 0 3 6 Volume Expected volume distribution in a normal credit pool Volume distribution in a credit pool 38
Idea 2: Modeling good behavior filter credits obability density 1013 3 313 Prob 0 3 6 Volume Expected volume distribution in a normal credit pool Volume distribution in a credit pool 39
Idea 2: Modeling good behavior filter credits obability density 1013 313 3 Prob 0 3 6 Volume Expected volume distribution in a normal credit pool Volume distribution in a credit pool − � Rep (diversity of filtered pool) 2 (# issued credit ) = 40
Effect on attackers C D low volume A 3 3 Y C E E Y 1 D X X Y X 2 Y 1 X 1 Y 2 Y B B Y 2 X 1 X 2 Y 1 Y 2 3 B 6 Y 1 3 X 1 X 2 Y 2 high volume 3 6 X 6 X 1 X 1 X 2 Y 1 Y 2 X 2 X 2 Y 1 Y 2 X 1 X 1 X 2 Y 1 Y 2 6 3 6 6 Sybils issue similar amount of credits as honest nodes 41
Credo’s security properties k • Suppose there are adversaries, each brings in Sybils. They form a collusion s � size of , and do not contribute. C k s = 42
Recommend
More recommend