[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...
From: |
Hermanni Hyytiälä |
Subject: |
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert... |
Date: |
Mon, 02 Jun 2003 02:50:41 -0400 |
CVSROOT: /cvsroot/gzz
Module name: gzz
Changes by: Hermanni Hyytiälä <address@hidden> 03/06/02 02:50:41
Modified files:
Documentation/misc/hemppah-progradu: masterthesis.tex
Log message:
Steven's comments
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.205&tr2=1.206&r1=text&r2=text
Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.205
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.206
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.205 Mon May
26 05:07:05 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex Mon Jun 2
02:50:41 2003
@@ -821,34 +821,34 @@
\chapter{Open Problems in Peer-to-Peer}
-In this chapter, we discuss open problems in Peer-to-Peer research.
-Note that the open problems list considered here is not meant
-to be an exhaustive survey of \emph{all} open problems in Peer-to-Peer domain;
-we focus our attention to some issues related to security, scalability,
usability and performance.
+In this chapter we discuss open problems in Peer-to-Peer research.
+Note that the unsolved problems considered do not represent
+an exhaustive survey of \emph{all} unsolved problems in Peer-to-Peer domain.
In this chapter
+we focus our attention on some issues related to security, scalability,
usability and performance.
\section{Overview}
Partly due to the non-maturity of modern Peer-to-Peer technology, there are
several
-open problems to be solved. Also, many techniques developed for traditional
distributed
+problems to be solved. Also, many techniques developed for traditional
distributed
systems may no longer apply with Peer-to-Peer systems, e.g., load balancing
techiques \cite{byers03dhtbalancing}.
Different problems apply to both the loosely structured and the tightly
structured approach.
For instance, since the introduction of Gnutella \cite{gnutellaurl}, the main
concern has been the scalability problem of loosely structured
systems. However, the scalability problem of the loosely structured is often
misunderstood;
-\emph{the network overlay} of loosely structured systems is scalable, but the
\emph{data lookup model} is not as
+\emph{the network overlay} of loosely structured systems is scalable, but the
\emph{data lookup model} is not, because
the data lookup process creates lot of extra network traffic (e.g.,
\cite{yang02improvingsearch}).
-In tightly structured systems the main concern is to make overlay's data
lookup process
+In tightly structured systems the main objective is to make overlay's data
lookup process
more fault tolerant against hostile attacks (e.g.,
\cite{castro02securerouting}). Other key problems in tightly structured
systems are the lack of keyword searches \cite{harren02complex,
ansaryefficientbroadcast03}, support for heterogeneous peers
\cite{rowston03controlloingreliability} and load balancing
\cite{balakrishanarticle03lookupp2p, byers03dhtbalancing}.
\section{Security problems}
-In this section we describe security problems related to Peer-to-Peer domain.
First, we discuss attacks
-and lack of trust in Peer-to-Peer systems. Then, we describe anonymity, access
control, hostile entities
-and secure query routing problems. Finally, we briefly cover external security
threats.
+In this section we describe security problems related to the Peer-to-Peer
domain. First, we discuss well-known attacks
+on Peer-to-Peer systems. Then, we discuss the common lack of trust in
Peer-to-Peer system, and related issues of anonymity, access control, hostile
entities
+and secure query routing. Finally, we briefly cover external security threats.
\subsection{Attacks}
@@ -861,27 +861,27 @@
the Distributed Denial of Service attack.
In the Sybil attack model \cite{douceur02sybil}, a hostile entity presents
multiple
-entities, i.e., when a peer communicates with a subset of other participating
entities to perform an operation, a peer communicates
-only with the same hostile entity. Hostile entity can control a large fraction
of Peer-to-Peer system while
+entities, i.e., when a peer communicates with a subset of other participating
entities to perform an operation whereas a peer communicates
+only with the same hostile entity. A hostile entity can control a large
fraction of a Peer-to-Peer system while
repressing the redundancy of the system. Authors argue in
\cite{douceur02sybil} that without a centralized authority, Sybil attacks are
always possible in a Peer-to-Peer
system except under extreme and unrealistic assumptions of resource parity and
coordination among entities. Unrealistic assumptions include: all entities
-should be nearly homogeneous, all identities can be validated simultaneously
by all
-entities across the system and when accepting identities that are not directly
validated, the required number of certificates exceeds
+should be nearly homogeneous; all identities can be validated simultaneously
by all
+entities across the system; and, when accepting identities that are not
directly validated, the required number of certificates exceeds
the number of systemwide failures \cite{douceur02sybil}. Castro et al.
\cite{castro02securerouting} suggest the use of cryptographic content hashes in
the
-creation process of peer identifier against the Sybil attack. According to
authors, in this technique the IP address of a peer can be verified by the
other peer.
-They call this method as a one form of \emph{self-certifying data}.
+creation process of peer identifier against the Sybil attack. According to the
authors, in this technique the IP address of a peer can be verified by the
other peer.
+They characterize this method as a form of \emph{self-certifying data}.
In the Fail-stop attack model, cited in \cite{naor03simpledht}, a faulty peer
is deleted from the Peer-to-Peer system. Thus,
-a specific data item can be lost from the system temporarily (or permanently).
The reason for the faultiness of a peer can be a
-software failure or a hostile attack. The Byzantine attack model \cite{357176}
is closely related to Fail-stop model. In the Byzantine attack model
-$3f + 1$ is the minimum number of peers that allow system to provide the
safety and liveness properties when up to $f$ peers are faulty \cite{357176}.
-The Byzantine model can be seen as more severe than Fail-stop model as there
are no restrictions over the behavior of faulty peers, e.g., the cooperation
-between multiple \emph{malicious} faulty peers is possible \cite{357176}. A
practical solution for the Byzantine failures have been
-proposed by Castro et al. \cite{296824}. Authors use in their work replication
algorithm to tolerate Byzantine faults and cryptographic
+a specific data item can be lost from the system temporarily or permanently.
The reason for the faultiness of a peer can be a
+software failure or a hostile attack. The Byzantine attack model \cite{357176}
is closely related to the Fail-stop model. In the Byzantine attack model,
+$3f + 1$ is the minimum number of peers that allow the system to provide the
safety and liveness properties when up to $f$ peers are faulty \cite{357176}.
+The Byzantine model can be seen as more severe than the Fail-stop model
because there are no restrictions over the behavior of faulty peers, e.g., the
cooperation
+between multiple \emph{malicious} faulty peers is possible \cite{357176}.
Castro et al. \cite{296824} have proposed a practical solution for the
Byzantine failures.
+The authors use in their work replication algorithm to tolerate Byzantine
faults and cryptographic
certificate techniques to prevent spoofing and replays to detect corrupted
messages.
-The Spam generating attack \cite{naor03simpledht} is another known attack
model against Peer-to-Peer system. In the Spam
-attack, a hostile or faulty peer may produce false information of the data, or
refuses to (or is not able to) reply to requests.
+The Spam generating attack \cite{naor03simpledht} is another known attack
model against a Peer-to-Peer system. In the Spam
+attack, a hostile or faulty peer may produce false data information, or
refuses to (or is not able to) reply to requests.
Naor et al. \cite{naor03simpledht} have proposed a partial solution against
Spam attack in a \emph{faulty} peer environment (not hostile).
Overloading of targeted peers is a form of Distributed Denial of Service
attack (DDoS) (see, e.g., \cite{372148}). For instance,
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...,
Hermanni Hyytiälä <=