2P2P requires cooperation Cooperation means nodes obey designHowever, P2P users control the nodesModify the given softwareShut down applicationDelete app filesRate limit application etc.P2P users are mostly selfishAvoid contributing resources as much as possibleP2P nodes could be maliciousAdversary can enroll (arbitrarily) many nodesP2P nodes speak the “right” protocol,but might not do the “right” things.
4Design space for combating misbehaving nodes Enforce nodes to run desired softwareObfuscate protocol/softwareRely on hardware support to authenticate a running piece of software (Trusted computing)
5Design space for combating misbehaving nodes 2. Encourage nodes not to be selfishDesign protocols so it is in a node’s best interest to contribute3. Choose trustworthy nodes for interactionIf only a few trusted nodes turn out to be bad, it is okay since data/service is replicated
6#2 Encourage non-selfish behavior What do selfish users do in file-sharing?Download from others, but refuse to uploadWhy is it bad?If everybody behaves like this, system is useless
7A layman’s view of game theory CGlobal optimal:Requires both to cooperateD3,30,55,01,1CNash equilibriumboth defect,worst global outcomeDPrisoner’s dilemma (PD)
8Tit-for-tat What if boy and dog play the game over many iterations? Cooperate in the 1st round, mirror what your opponent did in the last roundTit-for-tat with forgiveness:Occasionally cooperate to end a streak of retaliation and counter-retaliation
9Tit-for-tat for file sharing Exchanging data between peers is like an iterated PD gameBreak data exchange in multiple rounds.If remote peer does not upload fast enough (defect), choke his download (play defect).
10Bittorrent Group all peers interested in the same file into a swarm Each node has sth. the other wantsA big file is broken into piecesEach node downloads pieces in random orderEvery 10 seconds, calculate a remote peer’s upload rate, if no good, choke itTit-for-tatPeriodically chooses one random peer to unchoke…with forgiveness
11How tit-for-tat helps BT Tit-for-tat in BT ensures fair exchange(?)Tit-for-tat prevents selfish behavior(?)All selfish behaviors are non-profitable(?)
12Cautions in applying tit-for-tat in other scenarios The game must be played over many roundsEach peer must have “goods” valued equally by the otherWhat’s at stake?
13# Combating malicious nodes Malicious (Byzantine) nodesTheir goal is to bring max harm to youMay also behave randomly and unpredictablyBasic strategyreplicate data/functionalitiesObtain data or votes of results from multiple replicasThe impossibility results:No availability when all nodes are Byzantine.No correct agreement when >1/3 nodes are Byzantine.
14What’s at stake? What does the system vote on? launch a nuclear missileBuyer or seller’s reputation (eBay)Importance of a webpage (Google)Interesting news (digg)Authenticity of a shared file (Credence)
15Who can vote? eBay, digg: any registered users Can an adversary register millions of users?Must ensure votes come from independent partiesRestrict voters to humansRestrict one identity per humanCredence:Central authority issues public key to nodesLimit how fast keys are issued to each node
16What to vote on? Votes could be on subjective or objective matters (Digg) Interesting vs. boring newsCredence insight:Make votes objective, honest users similar votesExample votes:<abf3: britney name, mp3 = type>K<ba9f: britney name, mp3 type>K<35e4: name = >KBinds a vote to its fileBinds a vote to a user
17How to cast votes?U1 downloads files abf3,ba9f,35e4 with search term “britney mp3”<abf3: britney name, mp3 = type>K<ba9f: britney name, mp3 type>K<35e4: name = >K
18How to use votes?U2 obtains hash abf3,ba9f,35e4 from search “britney mp3”Goal: Rank hashes according to votesCollect a list of votes for each hash from peersWeight peers using voting history correlationCompute weighted aggregate votes on each hashSort
19Weight peers based on vote correlation My votesU1’s votesabcd britney name,b234 spears name,4567 madonna nameff45 nina name1234 britney nameabf3 britney nameb234 britney name4567 madonna nameff45 nina name1234 britney name4 votes on same files; 2 positive agreementsP=.52 positive votes from me, 3 positive votes from U1a=.5, b=.75Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = 1.36
20Weight peers based on vote correlation My votesU2’s votesabcd britney name,b234 spears name,4567 madonna nameff45 nina name1234 britney nameabf3 britney nameb234 britney name4567 madonna nameff45 nina name1234 britney name4 votes on same files; 1 positive agreementsP=0.252 positive votes from me, 3 positive votes from U1a=.5, b=.75Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = -0.57
21What if there are no overlapping files? Use transitive correlationIf A has high correlation with B, B has high correlation with C, then A has high correlation with C