This Article 
 Bibliographic References 
 Add to: 
Defending a P2P Digital Preservation System
October-December 2004 (vol. 1 no. 4)
pp. 209-222
The LOCKSS (Lots Of Copies Keep Stuff Safe) system allows users to store and preserve electronic content through a system of inexpensive computers arranged in an ad hoc peer-to-peer network. These peers cooperate to detect and repair damage by voting in "opinion polls.” We develop a more accurate view of how the network will perform over time by simulating the system's behavior using dynamic models in which peers can be subverted and repaired. These models take into account a variety of parameters, including the rate of peer subversion, the rate of repair, the extent of subversion, and the responsiveness of each peer's system administrator. These models reveal certain systemic vulnerabilities not apparent in our static simulations: A typical adversary that begins with a small foothold within the system (e.g., 20 percent of the population) will completely dominate the voting process within 10 years, even if he only exploits one vulnerability each year. In light of these results, we propose and evaluate countermeasures. One technique, Ripple Healing, performs remarkably well. For models in which all system administrators are equally likely to repair their systems, it eliminates nearly systemic levels of corruption within days. For models in which some administrators are more likely to repair their systems, Ripple Healing limits corruption, but proves less effective, since these models already demonstrate superior performance.

[1] M. Abadi, M. Burrows, M. Manasse, and T. Wobber, “Moderately Hard, Memory-Bound Functions,” Proc. 10th Ann. Network and Distributed System Security Symp. (NDSS), Feb. 2003.
[2] W.A. Arbaugh, W.L. Fithen, and J. McHugh, “Windows of Vulnerability: A Case Study Analysis,” Computer, vol. 33, pp. 52-59, Dec. 2003.
[3] The Internet Archive, The Internet Archive Wayback Machine, http:/, 2004.
[4] Association of Research Libraries, ARL Statistics 2000-01, , 2001.
[5] B. Boliek, “U.S. Music Industry Sues Song Swappers,” http://www. =46%43035§ion=news , 2004.
[6] P. Bungale, G. Goodell, and M. Roussopoulos, “Conservation vs. Consensus in Peer-to-Peer Preservation Systems,” Technical Report TR-29-04, Harvard Univ., Nov. 2004.
[7] M. Castro and B. Liskov, “Practical Byzantine Fault Tolerance,” Proc. Symp. Operating Systems Design and Implementation, 1999.
[8] M. Castro and B. Liskov, “Proactive Recovery in a Byzantine-Fault-Tolerant System,” Proc. Fourth Symp. Operating Systems Design and Implementation (OSDI), Oct. 2000.
[9] J. Douceur, “The Sybil Attack,” Proc. IEEE Int'l Symp. Peer-to-Peer Systems, Mar. 2002.
[10] Cooperative Association for Internet Data Analysis, “Telescope Analysis,” /, 2004.
[11] The Long Now Foundation The Rosetta Project, http:/www., 2004.
[12] T.J. Giuli and M. Baker, “Narses: A Scalable, Flow-Based Network Simulator,” Technical Report arXiv:cs. PF/0211024, Computer Science Dept., Stanford Univ., Stanford, Calif., Nov. 2002.
[13] A. Goldberg and P.N. Yianilos, “Towards an Archival Intermemory,” Proc. IEEE Conf. Advances in Digital Libraries, pp. 147-156 1998.
[14] R. Greenstadt, G. Goodell, I. Becker, and M. Roussopoulos, “Establishing a Web of Trust in Sampled Voting Systems,” Technical Report TR-09-04, Harvard Univ., May 2004.
[15] T. Jefferson, “Thomas Jefferson to Ebenezer Hazard, Philadelphia, February 18, 1791,” Thomas Jefferson: Writings: Autobiography, Notes on the State of Virginia, Public and Private Papers, Addresses, Letters, 1984.
[16] J. Kubiatowicz, D. Bindel, Y. Chen, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao, “OceanStore: An Architecture for Global-Scale Persistent Storage,” Proc. ACM ASPLOS Conf., Nov. 2000.
[17] D. Malkhi and M. Reiter, “Byzantine Quorum Systems,” The J. Distributed Computing, vol. 11, no. 4, pp. 203-213, Oct. 1998.
[18] P. Maniatis, M. Roussopoulos, T.J. Giuli, D.S.H. Rosenthal, M. Baker, and Y. Muliadi, “Preserving Peer Replicas By Rate-Limited Sampled Voting,” Proc. 19th ACM Symp. Operating Systems Principles, pp. 44-59, Oct. 2003.
[19] P. Maniatis, M. Roussopoulos, T.J. Giuli, D.S.H. Rosenthal, M. Baker, and Y. Muliadi, “Preserving Peer Replicas By Rate-Limited Sampled Voting in LOCKSS,” Technical Report arXiv:cs. CR/0303026, Stanford Univ., Mar. 2003.
[20] D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, “Code-Red: A Case Study on the Spread and Victims of an Internet Worm,” Proc. Internet Measurement Workshop, Sept. 2002.
[21] OpenBSD, OpenBSD Site, http:/, 2004.
[22] G. Orwell, 1984. New York: New Am. Library, 1977.
[23] Honeynet Project, “Know Your Enemy: GenII Honeynets,”, 2004.
[24] LOCKSS Project, LOCKSS Home Page, http:/lockss.stanford. edu/, 2004.
[25] E. Rescorla, “Security Holes. . . Who cares?” Proc. 12th USENIX Security Symp., pp. 75-90, Aug. 2003.
[26] D.S.H. Rosenthal, “LOCKSS Security,” locksssecurity.html , 2004.
[27] D.S.H. Rosenthal, P. Maniatis, M. Roussopoulos, T.J. Giuli, and M. Baker, “Notes on the Design of an Internet Adversary,” Proc. Adaptive and Resilient Computing Security Workshop, Nov. 2003.
[28] A. Rowstron and P. Druschel, “Storage Management and Caching in PAST, a Large-Scale, Persistent Peer-to-Peer Storage Utility,” Proc. 18th ACM Symp. Operating Systems Principles, Oct. 2001.
[29] E. Sit and R. Morris, “Security Considerations for Peer-to-Peer Distributed Hash Tables,” Proc. Int'l Workshop Peer-to-Peer Systems, Mar. 2002.
[30] The Memory Hole, “Reasons Not to Invade Iraq,” , 2004.
[31] D.S. Wallach, “A Survey of Peer-to-Peer Security Issues,” Proc. Int'l Symp. Software Security, Nov. 2002.
[32] Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos, “Epidemic Spreading in Real Networks: An Eigenvalue Viewpoint,” Proc. IEEE Int'l Symp. Reliable Distributed Systems, Oct. 2003.

Index Terms:
Distributed applications, protection mechanisms, backup/recovery, model development, libraries/information repositories/publishing, peer-to-peer digital preservation.
Bryan Parno, Mema Roussopoulos, "Defending a P2P Digital Preservation System," IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 4, pp. 209-222, Oct.-Dec. 2004, doi:10.1109/TDSC.2004.39
Usage of this product signifies your acceptance of the Terms of Use.