Research On Some Key Soft Security Problems Of Peer-To-Peer Systems

P2P(Peer-to-Peer) has special charms in the application areas like file sharing, content distribution, distributed storage, distributed computing, etc. But its nature of openness, equality, autonomy, and free of supervision also leads to many new security problems. This paper concentrates on the heavily socialized soft security problems.Fairness and trust are at the core of these problems, and file pollution is one of the most typical representive. Free-riding is the most important embodiment of P2P's fairness problem. Effective incentive mechanism can reduce the happening of free-riding. The loss of trust brings forth many severe security problems such as file pollution and sevice fraud. This problem is especially prominent in flat P2P systems. File pollution damages the heath of sharing environment, decreases the availability of resources, and facilitates the spreading of mal-wares such as computer viruses and network worms. It is a great thread to the content security of P2P file sharing systems.The first part of this paper concentrates on the mico-payment incentive mechanism. We provide some new ideas in its three fundamental techniques (identity management, account management and payment transferring), to make a micro-payment system adapt more efficiently to the centerless, autonomous and trustless characteristics of P2P environment. Compared with others, the scheme in this paper can better ensure the fairness of P2P transactions, and further decrease the involvement of third party and center server.The second part of this paper puts the emphasis on the trust management of flat P2P networks. For this special environment, we present some new ideas in providing P2P-compatible identiy management, storage and retrieval of ratings, rating aggregation and trust evaluation mechanisms. They form a personalized trust management scheme, where peers can base their trust decisions on the subject judgement from their own experiences, and others'shared opnions facilitated by the system. Compared with others, this scheme can better identify and avoid deceiving ratings from malicious users, and give peers more reliable and personalized trust decision support.The third part of this paper is about file pollution. We focuse on two facets: understanding the rules and laws behind this phenomenon through a modeling and simulation study, and seeking new anti-pollution methods. For the former, a discrete time state-transfer statistic model is proposed in this paper, which is derived from the epidemic model of diseases in biology and medicine theories, and can be used to analyse and simulate the process of P2P file spreading and pollution propagation. Theoretical reasoning of this model is performed for some extreme situations, and more general cases are analysed by simulation experiments. By doing these, the influences of several important factors on P2P file pollution process can be clarified. These factors include the user group's generosity and slackness attribute, polluters'pollution policies, the system's supplementary mechanisms, and users'selection policies, etc. Based on the conclusion deduce from the model and simulation, a purely distributed new anti-pollution measure called Co-alerting is proposed and proved, and several now-existing anti-pollution measures are classified, compared, and analyzed.The main contributions of this paper include:1. A new identity management scheme for P2P micro-payment and trust management. By adopting ID-PKC and making use of eternal Email system, it greatly simplifies the identity and key managemet and adapts well to P2P environment.2. A DHT-based purely distributed account management scheme called L-ChordBank. It can ensure the accounts'secutity in a probabilistic sense by the proposed secure hashing and rundandacy maintenace.3. An optimistic fair-exchage payment protocol, the corresponding lagged and batched accounting protocol, and the complaint machnism. They can provide better faireness and reduce the involvement of third parties.4. A new trust decision algorithm based on Collaborative Filtering, and the improved adaptive weighting functions for binary rating system.5. An analytical model for P2P file pollution, and a simulation-based study which reveals some of the key factors determining the propogation process of polluted contents.6. A new fully distributed anti-file-pollution mechanism called Co-alerting. Its efficiency is proved by simulation experiments, and its immunity to fake alerts is proved by reasoning.