Presentation on theme: "Cope with selfish and malicious nodes Jinyang Li."— Presentation transcript:
Cope with selfish and malicious nodes Jinyang Li
P2P requires cooperation Cooperation means nodes obey design However, P2P users control the nodes –Modify the given software –Shut down application –Delete app files –Rate limit application etc. P2P users are mostly selfish –Avoid contributing resources as much as possible P2P nodes could be malicious –Adversary can enroll (arbitrarily) many nodes P2P nodes speak the “right” protocol, but might not do the “right” things.
What if anyone can run Coral?
Design space for combating misbehaving nodes 1.Enforce nodes to run desired software –Obfuscate protocol/software –Rely on hardware support to authenticate a running piece of software (Trusted computing)
Design space for combating misbehaving nodes 2. Encourage nodes not to be selfish –Design protocols so it is in a node’s best interest to contribute 3. Choose trustworthy nodes for interaction –If only a few trusted nodes turn out to be bad, it is okay since data/service is replicated
#2 Encourage non-selfish behavior What do selfish users do in file-sharing? –Download from others, but refuse to upload –Why is it bad? –If everybody behaves like this, system is useless
A layman’s view of game theory Prisoner’s dilemma (PD) 3,30,5 5,01,1 CD C D Nash equilibrium both defect, worst global outcome Global optimal: Requires both to cooperate
Tit-for-tat What if boy and dog play the game over many iterations? –Tit-for-tat: Cooperate in the 1st round, mirror what your opponent did in the last round –Tit-for-tat with forgiveness: Occasionally cooperate to end a streak of retaliation and counter-retaliation
Tit-for-tat for file sharing Exchanging data between peers is like an iterated PD game –Break data exchange in multiple rounds. –If remote peer does not upload fast enough (defect), choke his download (play defect).
Bittorrent Group all peers interested in the same file into a swarm –Each node has sth. the other wants A big file is broken into pieces –Each node downloads pieces in random order Every 10 seconds, calculate a remote peer’s upload rate, if no good, choke it –Tit-for-tat Periodically chooses one random peer to unchoke –…with forgiveness
How tit-for-tat helps BT Tit-for-tat in BT ensures fair exchange(?) Tit-for-tat prevents selfish behavior(?) All selfish behaviors are non-profitable(?)
Cautions in applying tit-for-tat in other scenarios The game must be played over many rounds Each peer must have “goods” valued equally by the other What’s at stake?
# Combating malicious nodes Malicious (Byzantine) nodes –Their goal is to bring max harm to you –May also behave randomly and unpredictably Basic strategy –replicate data/functionalities –Obtain data or votes of results from multiple replicas The impossibility results: –No availability when all nodes are Byzantine. –No correct agreement when >1/3 nodes are Byzantine.
What’s at stake? What does the system vote on? –launch a nuclear missile –Buyer or seller’s reputation (eBay) –Importance of a webpage (Google) –Interesting news (digg) –Authenticity of a shared file (Credence)
Who can vote? eBay, digg: any registered users –Can an adversary register millions of users? Must ensure votes come from independent parties –Restrict voters to humans –Restrict one identity per human Credence: –Central authority issues public key to nodes –Limit how fast keys are issued to each node
What to vote on? Votes could be on subjective or objective matters –(Digg) Interesting vs. boring news Credence insight: –Make votes objective, honest users similar votes –Example votes: K Binds a vote to a user Binds a vote to its file
How to cast votes? U1 downloads files abf3,ba9f,35e4 with search term “britney mp3” K
How to use votes? U2 obtains hash abf3,ba9f,35e4 from search “britney mp3” Goal: Rank hashes according to votes 1.Collect a list of votes for each hash from peers 2.Weight peers using voting history correlation 3.Compute weighted aggregate votes on each hash 4.Sort
Weight peers based on vote correlation abcd britney name, b234 spears name, 4567 madonna name ff45 nina name 1234 britney name abf3 britney name b234 britney name 4567 madonna name ff45 nina name 1234 britney name My votesU1’s votes 4 votes on same files; 2 positive agreements P=.5 2 positive votes from me, 3 positive votes from U1 a=.5, b=.75 Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = 1.36
Weight peers based on vote correlation abcd britney name, b234 spears name, 4567 madonna name ff45 nina name 1234 britney name abf3 britney name b234 britney name 4567 madonna name ff45 nina name 1234 britney name My votesU2’s votes 4 votes on same files; 1 positive agreements P= positive votes from me, 3 positive votes from U1 a=.5, b=.75 Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = -0.57
What if there are no overlapping files? Use transitive correlation –If A has high correlation with B, B has high correlation with C, then A has high correlation with C