Most trust models in Peer-to-Peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer’s identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so that peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the security and the anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype PT-enabled P2P network. The strengths of our design include 1) no need for a centralized trusted party or CA, 2) high scalability and security, 3) low traffic and cryptography processing overheads, and 4) man-in-middle-attacks resistance.

Abstract not found

www.elsevier.com/locate/peva Performance optimization of region-based group key management in mobile ad hoc networks

Abstract: Open peer-to-peer (P2P) networks are being grossly abused by illegal distribution of copyrighted music, games, video streams, and popular software. These abuses are resulted from lack of proper peer authentication, modifiable file indices, and unauthorized file access in a P2P network. Peer collusion is a major source of illegal sharing of content files among clients and pirates. We propose a new copyright-protection scheme for P2P networks using enhanced chunking and hashing protocols. The idea is to use proactive content poisoning with token-based authorization to prevent pirates from downloading copyrighted files easily. Using identity-based signatures, our system distinguishes pirates from legitimate clients. The system distributes clean contents only to authorized clients. Pirates are detected with miss-matched keys and time-stamped tokens. Detected pirates receive only poisoned chunks, which corrupt the entire file. Detecting pirates or colluders produces some identity evidences against piracy. This will deter colluders from sharing clean contents with potential pirates. The pirates are penalized with intolerably long download time without success. This paper presents system architecture and enabling mechanisms for copyright protection on such trusted P2P networks. New detection and prevention techniques are presented. We test them in simulated P2P network families using hashing at the file, part, and piece levels. We developed a new peer authorization protocol (PAP) for this purpose. The system performs rather satisfactorily in P2P delivery of large content files. For an example to distribute a 700-MB file, the system protects the Gnutella, KaZaA, and Lime Wire with above 99.9 % success rate. The system secures the eMule network family including Shareaza or

Application layer multicast (ALM) has been proposed to overcome current limitations in IP multicast for large-group multimedia communication. We address offering data confidentiality tailored for ALM. To achieve confidentiality, a node may need to continuously re-encrypt packets before forwarding them downstream. Furthermore, keys have to be changed whenever there is a membership change, leading to rekey processing overhead at the nodes. For a large and dynamic group, these reencryption and rekeying operations incur high processing overhead at the nodes. We propose and analyze a scalable scheme called Secure Overlay Multicast (SOM) which clusters ALM peers so as to localize rekeying within a cluster and to limit re-encryption at cluster boundaries, thereby minimizing the total nodal processing overhead. We describe the operations of SOM and compare its nodal processing overhead with two other basic approaches, namely, host-to-host encryption and whole group encryption. We also present a simplified analytic model for SOM and show that there exists an optimal cluster size to minimize the total nodal processing overhead. By comparing with a recently proposed ALM scheme (DT protocol), SOM achieves a substantial reduction in nodal processing overhead with similar network performance in terms of network stress and delay.