Cooperation incentives

Peer behavior assessment forms the basis of an efficient cooperation incentive mechanism.

From such an evaluation, well-behaved peers will be rewarded with incentives while ill-behaved peers will be punished. Incentives may consist in exchanging identical resources (Barter), or in conferring good reputation to the well behaved peers, or in providing well behaved peers a financial counterpart for their cooperation.

Bartering

Barter based approaches do not require the interacting peers to have any preset trust relationships. They rather rely on a simultaneous and reciprocal behavior. The exchange of resources in particular takes place if both peers cooperate with each other; otherwise, there is no exchange.

Cooperation incentives may be cheaply built on a tit-for-tat (TFT) strategy (“give and ye shall receive”). The peer initially cooperates, and then responds likewise to the opponent's previous action: if the opponent previously cooperated, the peer cooperates; otherwise, the peer defects. TFT is demonstrated to be an evolutionary stable strategy (ESS) in game theory jargon:

this strategy cannot be invaded (or dominated) by any alternative yet initially rare strategy.

In the Cooperative Internet Backup Scheme [Lillibridge et al. 2003], each peer has a set of geographically-separated partner peers that collectively hold its backed up data. In return, the peer backs up a part of its partners’ data. To detect free-riding, each peer periodically evaluates its remote data. If it detects that one of its partners dropped the data, the peer establishes a backup contract with a different partner. Since the scheme relies on identical and immediate resource exchanges, peers must be able to choose partners that match their needs and their capabilities and that ensure similar uptimes. To this end, a central server tracks peers and their partners. Decentralized methods of finding partners in a Gnutella-like flooding approach are also suggested although not evaluated in [Lillibridge et al. 2003].

However, TFT is not perfect as illustrated by the P2P file sharing protocol BitTorrent³⁴. In BitTorrent, unchoking a peer means that the peer is accepted to upload files for it. Peers follow a TFT strategy by unchoking peers that provide the highest throughput for them, and besides that they use an optimistic unchoking strategy to discover potentially better trading peers.

However this strategy of (probabilistically) cooperating with newcomers blindly can be

34 http://www.bittorrent.com/

exploited by whitewashers (peers that repeatedly join the network under new identities to avoid the penalty imposed on free-riders). [Piatek et al. 2007] describes the design of BitTyrant, a selfish client that demonstrates that BitTorrent incentives don’t build robustness. The reason is that TFT is no longer an evolutionary stable strategy in the presence of whitewashers.

Reputation

Reputation relies on the evaluation of the past behavior of a peer for deciding whether to cooperate with it. Reputation then builds a long-term trust between peers based on a statistical history of their past interactions. This allows going beyond barter-based approaches (direct reciprocity) by permitting to several peers to indirectly reciprocate to the behavior of the observed peer.

A reputation mechanism consists of three phases (summarized in Figure 7):

1. Collection of evidence: Peer reputation is constructed based on the observation of the peer, on experiences with it, and/or on recommendations from third parties. The semantics of the information collected can be described along two dimensions:

o Specific vs. general information: specific information about a given peer relates to the evaluation of its functionality such as its ability to deliver a service on time, which general information evaluates all its functionalities (e.g., measured as a weighted average).

o Objective vs. subjective information: objective information (also known as direct or private information) can be obtained about a given peer through past interactions, while subjective information (also known as indirect or public information) refers to either listening to messages intended for other peers or to using the opinion of others about the peer. A message can also voluntarily piggyback evaluations collected by other peers as extra information.

Figure 7 Reputation: diagram of operations

2. Cooperation decision: Based on the collected information, a peer can decide whether it should cooperate with another peer, based on the reputation of that other peer. There exists a variety of methods for computing the reputation of an entity such as voting, averaged ratings, Bayesian computation ([Jøsang and Ismail 2002] and [Mui et al.

2001]), or the flow model (e.g., PageRank [Page et al. 1998] algorithm for ranking Google³⁵’s web pages³⁶ and EigenTrust [Kamvar et al. 2003]). More details can be found in [Jøsang et al. 2005].

3. Cooperation evaluation: The occurrence of an interaction with a peer is conditional on the previous phase. After interaction, the degree of cooperation of the peer involved is

35 http://www.google.com

36 The public PageRank measure does not fully describe Google's page ranking algorithm, which takes into account other parameters for the purpose of making it difficult or expensive to deliberately influence ranking results in what can be seen as a form of "spamming".

determined. Peers performing correct operations, that is, behaving cooperatively, are rewarded by increasing their reputation accordingly. A peer with a bad reputation will be isolated from the functionality offered by the group of peers as a whole.

The reputation mechanism may rely on an online TTP to collect auditing information, compute the reputation of the corresponding holder and disseminate such information to the rest of peers, either periodically or on-demand. However the approach results in a bottleneck problem and does not scale to large populations of peers. This task of reputation collection and dissemination can be attributed not to a single TTP but instead to several ones, even though decreasing the total shared history of peer actions while achieving a more scalable system.

Reputation values can be handled by peers through the use of TPMs or smart cards. These devices would then verify the data that the device holder has promised to store, compute the reputation of this latter accordingly, and distribute the reputation information to other peers when requested. The computed reputation would then provide an accurate and complete record of all peer actions. However, this approach may be still vulnerable to attacks whereby the peer maliciously disconnects the trusted device from the network. This would however prevent the peer from using the system and storing its data at other peers without presenting an up-to-date reputation certified by its device. For instance, a potential holder may request a data owner reputation by selecting a random number as a nonce. Then, the owner should send back its reputation along with the nonce certified by its trusted device.

Reputation may also just rely on peers themselves that compute reputation ratings for each other peer based on their personal experiences. The learning process of such ratings may be made fast by considering groups of peers rather than the whole system of peers. Group members interact with each other and accordingly compute reputation ratings for each other. The reputation approach based on this structure is describes in more detail in Section 5.2 of Chapter 5.

Payment

In contrast to reputation-based approaches, payment-based incentives constitute an explicit and discrete counterpart for cooperation and provide means to enforce a more immediate form of penalty for misconduct. Payment based approaches make it possible to secure short-term interactions between peers without relying neither on prior trust nor on some long-term history.

Payment brings up new requirements regarding the fairness of the exchange itself [Asokan et al. 1997]. This in general translates to a more complex and costly implementation than for reputation mechanisms. In particular, payment schemes require trusted third parties (TTP) such as banks; these entities do not necessarily take part in the online service, but may be contacted to resolve payment litigations. Tamper proof or tamper resistant hardware (TPH/TRH) like secure operating systems or smart cards have also been suggested as a distributed implementation of such a TTP.

A payment scheme comprises four main phases (summarized in Figure 8):

- Negotiation: Two peers may negotiate the terms of their interaction. Negotiating the remuneration in exchange for an enhanced service confers a substantial flexibility to the mechanism. The negotiation can be performed either between the participating peers or between peers and an authority if available.

- Cooperation decision: The peer is always the decision maker in a self-organizing system.

During negotiation and based on its outcome, a peer can decide whether it will cooperate.

- Cooperation evaluation: Cooperation is evaluated by the service requesting party in terms of adequacy of the service to the request, as well as by the service providing party,

in terms of adequate remuneration. Ensuring the fairness of both evaluations may ultimately require involving a trusted third party. Depending on the service, this TTP will ensure a fair exchange for every interaction, or may only be involved if arbitration is requested by one party (see below). The TTP, which may be centralized or distributed itself, may for instance give access to information unavailable to a peer, or more generally provide a neutral execution environment.

- Remuneration: The remuneration can consist in virtual currency units (a number of points stored in a purse or counter) or real money (banking and micropayment), or bartering units (for instance quotas defining how a certain amount of resources provided by the service may be exchanged between entities). The latter can even be envisioned in the form of micropayments [Jakobsson et al. 2003]. Regarding real money, this solution assumes that every entity possesses a bank account, and that banks are enrolled in the cooperative system, directly or indirectly through some payment scheme. The collaborating peer is remunerated by issuing a check or making a transfer of money. In the first case, remuneration implies that a number of points are added to a counter connected in some way with the collaborating peer. The remuneration effectiveness may be immediate or delayed after a certain number of steps (e.g., reservations, then remuneration in several phases for different services).

These phases can be executed repeatedly to perform some cooperative service on a finer granularity basis, which may ease cooperation enforcement. In particular, micropayment is often envisioned rather than an actual macro-payment in remuneration based cooperation enforcement mechanisms. With this scheme, trust establishment essentially relies on the presence of peers in the system, that is, their continued ability to pay proves they cooperated.

Achieving an effective implementation of payment-based mechanism depends upon the realization of a protocol that enforces the fair exchange of the payment (credits) against some task: “A fair exchange protocol can then be defined as a protocol that ensures that no player in an electronic commerce transaction can gain an advantage over the other player by misbehaving, misrepresenting or by prematurely aborting the protocol” [Asokan et al. 1998].

The fair-exchange may be enforced through a TTP that may be used online or opportunistically.

TPMs or smart cards may also be employed to carry out a fair-exchange protocol in a distributed fashion.

In a P2P network, TTPs may be represented as super-peers that play the same role as an online TTP but in a distributed fashion. One example of such architecture is FastTrack [Liang et al. 2006] which is used in P2P networks like KaZaA³⁷, Grokster³⁸, and iMesh³⁹. These networks have two-tier hierarchy consisting of ordinary nodes (ONs) in the lower tier and super-nodes (SNs) in the upper tier. SNs keep tracks of ONs and other SNs and act as directory servers during the search phase of files. Additionally, one way of implementing a payment scheme would be to use super-peers distributed within the P2P network as a trusted infrastructure for payment. These super-peers would provide neutral platforms for performing an optimistic fair exchange protocol. The use of such an infrastructure of trusted peers, that would not necessarily need to be related with the payment authority, may make sense, in particular in relationship with content distribution networks (CDNs)⁴⁰. Such networks involve the deployment of managed workstations all over the Internet, thereby providing a nice platform for payment functionalities.

37 http://www.kazaa.com/

38 http://www.grokster.com/

39 http://imesh.com

40 E.g., Akamai technologies, inc. http://www.akamai.com/

Negotiation Non cooperation

Cooperation Decision

Decision Study of Negotiation

Service

Remuneration Cooperation Evaluation

Cooperation

1 2

3

Figure 8 Payment: diagram of operations

The scale of the storage system makes it necessary to resort to a new type of protocols called optimistic protocols [Asokan et al. 1997] whereby the TTP does not necessarily take part in peer interactions, but may be contacted to arbitrate litigations between peers. In the cooperative backup system of [Lillibridge et al. 2003], a central server considered as a TTP tracks the partners of each peer participating in the backup system. Partners of a peer are peers that collectively hold its backed up data. In return, the peer backs up a part of its partners’ data. Each peer takes note of its direct experience with a partner, and if this partner does not cooperate voluntarily or not beyond some threshold, the peer may decide to establish a backup contract with a different partner that is obtained through the central server.

TPMs supported approaches have been suggested within the TermiNodes [Buttyán and Hubaux 2001] and CASHnet [Weyland et al. 2005] projects. Both schemes address the security of the networking function of packet forwarding through remuneration schemes. Each device possesses a TPM that manages its account by maintaining a counter that is interpreted as a currency. However, TPM-based approaches suffer from additional attacks: if the peer device of a non cooperative or malicious user is disconnected from the other peers, their credits/tokens might not be available, which might raise starvation issues. However, the use of secure operating system as a TPM might make it possible alleviate this problem notably by more completely controlling and possibly reducing the device functionalities if the peer does not connect to the system network.

Smart cards have been used in the P2P storage system PAST [Druschel and Rowstron 2001]

to ensure the fairness of peer contributions. Smart cards issued by a third party are held by each PAST peer to support a quota system that balances supply and demand of storage space in the system. Peers cannot use more remote storage than they are providing locally. With fixed quotas and expiration dates, peers are only allowed to use as much storage as they contribute.

If data storage should be achieved in a large-scale and open P2P system, designs based on a trusted environment may be unfeasible or unmanageable. In that case, implementing the optimistic fair exchange protocol would have to be done by relying solely on peers. [Asokan et al. 1998] describes design rules for such cryptographic protocols making it possible to implement appropriate fair-exchange protocols. For instance, the distribution of the banking function to multiple peers may make easier the realization of a scalable system that does not have recourse to a trusted environment. In the KARMA framework [Vishnumurthy et al. 2003], the exchange of payment against some task is supported by multiple peers that collaborate to provide a fair exchange even though mitigated by the selfishness of the latter.