The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.10 - October (2008 vol.19)
pp: 1325-1337
ABSTRACT
Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so that peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the security and the anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype PT-enabled P2P network. The strengths of our design include 1) no need for a centralized trusted party or CA, 2) high scalability and security, 3) low traffic and cryptography processing overheads, and 4) man-in-middle attack resistance.
INDEX TERMS
Protocols, Distributed Systems
CITATION
Li Lu, Jinsong Han, Yunhao Liu, Lei Hu, Jin-Peng Huai, Lionel Ni, Jian Ma, "Pseudo Trust: Zero-Knowledge Authentication in Anonymous P2Ps", IEEE Transactions on Parallel & Distributed Systems, vol.19, no. 10, pp. 1325-1337, October 2008, doi:10.1109/TPDS.2008.15
REFERENCES
[1] D. Qiu and R. Srikant, “Modeling and Performance Analysis of BitTorrent-Like Peer-to-Peer Networks,” Proc. ACM SIGCOMM, 2004.
[2] W.W. Terpstra, J. Kangasharju, C. Leng, and A.P. Buchmann, “BubbleStorm: Resilient, Probabilistic, and Exhaustive Peer-to-Peer Search,” Proc. ACM SIGCOMM, 2007.
[3] Y. Liu, L. Xiao, and L.M. Ni, “Building a Scalable Bipartite P2P Overlay Network,” IEEE Trans. Parallel and Distributed Systems, vol. 18, pp. 1296-1306, 2007.
[4] R. Sherwood, B. Bhattacharjee, and A. Srinivasan, “P5: A Protocol for Scalable Anonymous Communication,” Proc. IEEE Symp. Security and Privacy (S&P), 2002.
[5] V. Scarlata, B.N. Levine, and C. Shields, “Responder Anonymity and Anonymous Peer-to-Peer File Sharing,” Proc. Int'l Conf. Network Protocols (ICNP), 2001.
[6] P.P.C. Lee, J.C.S. Lui, and D.K.Y. Yau, “Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups,” IEEE/ACM Trans. Networking, vol. 14, pp. 263-276, 2006.
[7] E. Damiani, D.C.D. Vimercati, S. Paraboschi, P. Samarati, and F. Violante, “A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks,” Proc. ACM Conf. Computer and Comm. Security (CCS), 2002.
[8] S.D. Kamvar, M.T. Schlosser, and H. Garcia-Molina, “The Eigen-Trust Algorithm for Reputation Management in P2P Networks,” Proc. Int'l Conf. World Wide Web (WWW), 2003.
[9] A. Abdul-Rahman and S. Halles, “A Distributed Trust Model,” Proc. New Security Paradigms Workshop (NSPW), 1997.
[10] S. Lee, R. Sherwood, and B. Bhattacharjee, “Cooperative Peer Groups in NICE,” Proc. IEEE INFOCOM, 2003.
[11] B. Dragovic, E. Kotsovinos, S. Hand, and P. Pietzuch, “XenoTrust: Event-Based Distributed Trust Management,” Proc. IEEE Trust and Privacy in Digital Business Workshop (TrustBus), 2003.
[12] S. Goldwasser, S. Micali, and C. Rackoff, “The Knowledge Complexity of Interactive Proof Systems,” SIAM J. Computing, vol. 18, pp. 186-208, 1989.
[13] J. Brandt, I.B. Damgard, P. Landrock, and T. Pedersen, “Zero-Knowledge Authentication Scheme with Secret Key Exchange,” Proc. Advances in Cryptology (CRYPTO), 1990.
[14] O. Goldreich, Foundations of Cryptography. Cambridge Univ. Press, 2001.
[15] W. Mao, Modern Cryptography: Theory and Practice. Prentice Hall, 2004.
[16] U. Fiege, A. Fiat, and A. Shamir, “Zero Knowledge Proofs of Identity,” Proc. ACM Conf. Theory of Computing (STOC), 1987.
[17] Digital Signature Standard, FIPS PUB 186, http://csrc.nist.gov/publications/fips/fips186-2 fips186-2-change1.pdf, 2007.
[18] G. Ciaccio, “Improving Sender Anonymity in a Structured Overlay with Imprecise Routing,” Proc. Privacy Enhancing Technologies Workshop (PET), 2006.
[19] N. Borisov, “Anonymous Routing in Structured Peer-to-Peer Overlays,” PhD dissertation, Univ. of California, Berkeley, CA, 2005.
[20] A. Nambiar and M. Wright, “Salsa: A Structured Approach to Large Scale Anonymity,” Proc. ACM Conf. Computer and Comm. Security (CCS), 2006.
[21] B. Schneier, Applied Cryptography—Protocols, Algorithms, and Source Coed in C, second ed. John Wiley & Sons, Inc., 1996.
[22] J. Menezes, P.C.V. Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996.
[23] K. Lenstra and E.R. Verheul, “Selecting Cryptographic Key Sizes,” J. Cryptology, vol. 14, pp. 255-293, 2001.
[24] S. Saroiu, P. Gummadi, and S. Gribble, “A Measurement Study of Peer-to-Peer File Sharing Systems,” Proc. Multimedia Computing and Networking (MMCN), 2002.
[25] NTL, http://shoup.netntl/, 2007.
[26] L. Lu, L. Hu, J. Li, J. Han, and Y. Liu, “Anonymity and Security Analysis of Pseudo Trust,” technique report, http://www.cse.ust. hk/~liuPseudoTrust.htm , 2007.
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool