Conclusion and future work

Peer-to-Peer (P2P) systems have emerged as an important paradigm for distributed data storage in the way they exploit and efficiently make use of untapped peers’ storage resources.

Outsourcing data from a single location to multiple peers in a network is probably the only solution for increasing data availability and fault-tolerance on a large scale while reducing if not suppressing storage maintenance costs. In this thesis, we addressed the security and cooperation issues that such an application is likely to be exposed to when effectively deployed in the wild.

Summary and contributions

We first discussed the security issues associated with P2P data storage. The correct operation of a P2P storage system relies on the fair and effective cooperation of peers. Unfortunately, peers may misbehave in various ways. Data holders may pretend to be storing some data which they in fact destroyed. With replication based approaches, peers may collude to store a single data replica thereby defeating mechanisms to ensure reliability. Collusion may not be the sole way to do so, since Sybil attackers may generate several identities and deceitfully use them.

We describe elements of a modular architecture for such a system encompassing the security and cooperation mechanisms necessary to ensure the correct and secure operation of a P2P data storage system. We describe how a trusted environment may make it easier to prevent some misbehaviors, in particular if peer identification, data integrity verification, and trust management may be assured by dedicated hardware or trusted platforms rather than performed by peers themselves.

Hidden actions of non cooperative peers can be revealed using a new type of protocol that we call data possession verification. Such protocols enable a verifier to detect whether some data that are stored remotely have been corrupted. We propose three different such protocols with different verification capabilities, in particular regarding delegation.

The behavior of data holders can be evaluated based on the results obtained out of such protocols. Such audits form the basic observation primitives of the cooperation incentive mechanisms that we propose for stimulating cooperation and inciting correct behaviors. The originality of the incentive mechanism stems from the optimistic peer behavior evaluation, following a very different approach compared with cooperation incentives in MANETs: while peer behavior can only be decided at the end of the storage period, audits can be performed on a regular basis and we consider that a peer behaves well as long as no data corruption is detected.

We propose two incentive mechanisms, one reputation-based and the other remuneration-based.

Both mechanisms are designed not only to incent to cooperative behavior but also to establish trust as well as to detect and punish misbehaving peers. These constitute essential features of a security mechanism for such applications given the possibility of purely malicious attacks.

The effectiveness of our security and cooperation achieved by our proposed audit-based mechanisms is demonstrated through non-cooperative game theoretical models. We first evaluate the effectiveness of our incentives with various observation primitives both probabilistic and deterministic. Evolutionary games are also introduced in order to evaluate the macroscopic equilibria achieved.

The following is a summary list of the contributions of this thesis:

- P2P data storage architecture: organization principles for security mechanisms at various layers of the system, and interest of introducing a trusted computing base as a security infrastructure.

- Cryptographic protocols for remote data possession verification

o Probabilistic-based approach: realizes a good performance by conceding verification determinism, and allows open verifiability of the stored data.

o Restricted deterministic approach: achieves an efficient verification trading off security and performance with verification periodicity (availability).

o Deterministic-based approach: realizes a good performance to security tradeoff.

- P2P data storage and maintenance mechanism: introduction of a reactive data rejuvenation process in order to achieve storage reliability and availability on the long term. The process relies on the operation of an erasure code based data maintenance protocol.

- Cooperation incentive mechanisms: open and scalable reputation-based and remuneration-based mechanisms that do not require a trusted infrastructure, and are resilient to various attacks.

- Game theoretical models: validate the incentive property of proposed mechanisms at micro and macroscopic levels of granularity.

Perspectives

Our work presented primitives for evaluating the behavior of peers with respect to storage.

The feedback resulting from such evaluations mainly serves cooperation incentive mechanisms.

However, peers, in particular data owners, also need to adapt their storage strategies based on such evaluations. Detecting a storage fault should trigger a data regeneration process to ensure the long-term reliability of data storage. However, the effectiveness of such a process not only depends on the availability of enough holders, as we modeled it, but also on the time it takes to transfer data blocks between peers. A performance analysis of such a process would certainly bring more realistic estimations as to the bandwidth and churn requirements of a P2P storage application.

The security mechanisms developed in this thesis, and in particular cooperation incentives, are crucial in forecasting how trusted a peer can be and in stimulating its cooperation. Although they were tuned for P2P data storage in this work, other P2P applications (say for instance P2P IP telephony) would definitely benefit from such security and cooperation mechanisms. For instance, Internet providers are deploying Wifi relays for IP telephony with the cooperation of end-users that accept to configure their ADSL boxes to carry this service in exchange of the capability to use it. A finer grained yet self-organizing regulation of such infrastructures might be achieved with remuneration-based incentives in particular. Wuala for instance has started deploying its data storage infrastructure with such an approach. Remuneration-based cooperation incentives also pave the way for multi-service architectures that would then make it possible for heterogeneous platforms to cooperate efficiently and exchange some bandwidth for some storage for instance.

Protection against Sybil attackers and whitewashers is a central issue in many P2P applications. It should be noted that completely self-organized approaches can only mitigate such attacks while at the same time imposing a penalty on honest peers. We discussed the use of a trusted computing base, as provided by some tamper-resistant hardware, as a possible solution. Although costly in terms of deployment, it may indeed provide an interesting and scalable solution to this problem. In particular, the TCG architecture is increasingly deployed in corporate hardware, thus making it an interesting candidate. In particular direct anonymous

attestation mechanisms may link some data to a unique platform while preserving platform privacy. There is also an increasing trend to establish dynamic trust based on existing static trust relationships, as illustrated with the emergence of services based on social networks (e.g., Skype, Facebook, hi5, LinkedIn, MySpace). In such systems, small groups of peers may easily be established based on the graph of relationships. Dunbar’s rule determines that a given peer can maintain stable social relationships with 150 other peers. This may mean that P2P applications developed in the future may exhibit topologies very different from those used in P2P file sharing in which a peer may connect with 3000 others, as witnessed within BitTorrent

“swarms” for instance. Scalability will undoubtedly remain an important research challenge in such systems as well and may trigger the development of more efficient protocols for managing the interconnection of multiple groups of well connected peers.