Expertise-based peer selection in Peer-to-Peer networks

Peer-to-Peer systems have proven to be an effective way of sharing data. Modern protocols are able to efficiently route a message to a given peer. However, determining the destination peer in the first place is not always trivial. We propose a a message to a given peer. However, determining the destination peer in the first place is not always trivial. We propose a model in which peers advertise their expertise in the Peer-to-Peer network. The knowledge about the expertise of other peers forms a semantic topology. Based on the semantic similarity between the subject of a query and the expertise of other peers, a peer can select appropriate peers to forward queries to, instead of broadcasting the query or sending it to a random set of peers. To calculate our semantic similarity measure, we make the simplifying assumption that the peers share the same ontology. We evaluate the model in a bibliographic scenario, where peers share bibliographic descriptions of publications among each other. In simulation experiments complemented with a real-world field experiment, we show how expertise-based peer selection improves the performance of a Peer-to-Peer system with respect to precision, recall and the number of messages

The Distributed Spanning Tree Structure

International audienceSearch algorithms are a key issue to share resources in large distributed systems as peer networks. Several distributed interconnection structures and algorithms have already been studied in this context. With expanding ring algorithms, the efficiency of searches depends on the topology used to send query requests and on the dynamics of the structure. In this paper, we present an interconnection structure that limits the number of messages needed for search queries. This structure, called Distributed Spanning Tree (DST), defines each node as the root of a spanning tree. So, it behaves as a tree for the number of messages but it balances the load generated by the requests among computers and, thus, it avoids to overload the root~node. This structure is scalable because it only needs a logarithmic memory space per computer to be maintained. A formal and practical description of the structure is presented and we describe traversal algorithms. Simulations show that DST based searches behave better than randomly generated graphs and trees as it generates less messages to query all computers while avoiding the tree bottlenecks

Trust Evaluation in the IoT Environment

Along with the many benefits of IoT, its heterogeneity brings a new challenge to establish a trustworthy environment among the objects due to the absence of proper enforcement mechanisms. Further, it can be observed that often these encounters are addressed only concerning the security and privacy matters involved. However, such common network security measures are not adequate to preserve the integrity of information and services exchanged over the internet. Hence, they remain vulnerable to threats ranging from the risks of data management at the cyber-physical layers, to the potential discrimination at the social layer. Therefore, trust in IoT can be considered as a key property to enforce trust among objects to guarantee trustworthy services. Typically, trust revolves around assurance and confidence that people, data, entities, information, or processes will function or behave in expected ways. However, trust enforcement in an artificial society like IoT is far more difficult, as the things do not have an inherited judgmental ability to assess risks and other influencing factors to evaluate trust as humans do. Hence, it is important to quantify the perception of trust such that it can be understood by the artificial agents. In computer science, trust is considered as a computational value depicted by a relationship between trustor and trustee, described in a specific context, measured by trust metrics, and evaluated by a mechanism. Several mechanisms about trust evaluation can be found in the literature. Among them, most of the work has deviated towards security and privacy issues instead of considering the universal meaning of trust and its dynamic nature. Furthermore, they lack a proper trust evaluation model and management platform that addresses all aspects of trust establishment. Hence, it is almost impossible to bring all these solutions to one place and develop a common platform that resolves end-to-end trust issues in a digital environment. Therefore, this thesis takes an attempt to fill these spaces through the following research work. First, this work proposes concrete definitions to formally identify trust as a computational concept and its characteristics. Next, a well-defined trust evaluation model is proposed to identify, evaluate and create trust relationships among objects for calculating trust. Then a trust management platform is presented identifying the major tasks of trust enforcement process including trust data collection, trust data management, trust information analysis, dissemination of trust information and trust information lifecycle management. Next, the thesis proposes several approaches to assess trust attributes and thereby the trust metrics of the above model for trust evaluation. Further, to minimize dependencies with human interactions in evaluating trust, an adaptive trust evaluation model is presented based on the machine learning techniques. From a standardization point of view, the scope of the current standards on network security and cybersecurity needs to be expanded to take trust issues into consideration. Hence, this thesis has provided several inputs towards standardization on trust, including a computational definition of trust, a trust evaluation model targeting both object and data trust, and platform to manage the trust evaluation process

Two-tier Intrusion Detection System for Mobile Ad Hoc Networks

Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed infrastructure (i.e. an access point) to facilitate communication between nodes when they roam from one location to another. The need for such a fixed supporting infrastructure limits the adaptability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes' communication as it only provides facility for mobile nodes to send and receive information, but not reroute the information across the network. Recent advancements in computer network introduced a new wireless network, known as a Mobile Ad Hoc Network (MANET), to overcome these limitations. MANET has a set of unique characteristics that make it different from other kind of wireless networks. Often referred as a peer to peer network, such a network does not have any fixed topology, thus nodes are free to roam anywhere, and could join or leave the network anytime they desire. Its ability to be setup without the need of any infrastructure is very useful, especially in geographically constrained environments such as in a military battlefield or a disaster relief operation. In addition, through its multi hop routing facility, each node could function as a router, thus communication between nodes could be made available without the need of a supporting fixed router or an access point. However, these handy facilities come with big challenges, especially in dealing with the security issues. This research aims to address MANET security issues by proposing a novel intrusion detection system that could be used to complement existing prevention mechanisms that have been proposed to secure such a network. A comprehensive analysis of attacks and the existing security measures proved that there is a need for an Intrusion Detection System (IDS) to protect MANETs against security threats. The analysis also suggested that the existing IDS proposed for MANET are not immune against a colluding blackmail attack due to the nature of such a network that comprises autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises trust relationships between nodes to overcome this nodes' anonymity issue. Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in global detection and response mechanisms could be eliminated. The applicability of the friendship concept as well as other proposed mechanisms to solve MANET IDS related issues have been validated through a set of simulation experiments. Several MANET settings, which differ from each other based on the network's density level, the number of initial trusted friends owned by each node, and the duration of the simulation times, have been used to study the effects of such factors towards the overall performance of the proposed IDS framework. The results obtained from the experiments proved that the proposed concepts are capable to at least minimise i f not fully eliminate the problem currently faced in MANET IDS

Semantic Routing in Peer-to-Peer Systems

Currently search engines like Google, Yahoo and Excite are centralized, which means that all queries that users post are sent to some big servers (or server group) that handle them. In this way it is easy for the systems to relate IP-addresses with the queries posted from them. Clearly privacy is a problem here. Also censoring out certain information which is not 'appropriate' is simple, and shown in recent examples. To give more privacy to the users and make censoring information more difficult, Peer-to-Peer (P2P) systems are a good alternative to the centralized approach. In P2P systems the search functionality can be devided over a large group of autonomous computers (Peers), where each computer only has a very small piece of information instead of everything. Now the problem in such a distributed system is to make the search process efficient in terms of bandwith, storage, time and CPU usage. In this Ph.D. thesis, three approaches are described that try to reach goal of finding the short routes between seeker and providers with high efficiency. These routing algorithms are all applied on 'Semantic-Overlay-Networks' (SONs). In a SON, peers maintain pointers to semantically relevant peers based on content descriptions, which makes them able to choose the relevant peers for queries instead of, for example, choosing random peers. This work tries to show that decentralized search algorithms based on semantic routing are a good alternative to centralized approaches.Harmelen, F.A.H. van [Promotor

Nuevo marco de autenticación para tarjetas inteligentes en red. Aplicación al pago electrónico en entornos inalámbricos

En la actualidad, la importancia de la seguridad de la Información y de las Comunicaciones resulta incuestionable. En este contexto, la relevancia de la autenticación fiable entre entidades queda también patente en una diversidad de aspectos cotidianos. Por sus cualidades y ventajas como módulo criptográfico, la tarjeta inteligente ha desarrollado un papel fundamental en la autenticación de usuarios. Esta tesis doctoral estudia el proceso de transformación que está atravesando actualmente y que la convierte en un equipo con conectividad a la red, dentro de la Nueva Generación de Tarjetas Inteligentes. De esta evolución, resultan una variedad de implicaciones, que se expanden transversalmente desde el momento que dicha tarjeta se integra en la red. En el presente trabajo se trata dicha integración exclusivamente desde la perspectiva de los mecanismos de autenticación involucrados. Pero, ¿hacia dónde evoluciona esa red?. Una diversidad de redes de acceso, entre las que destacan las tecnologías inalámbricas y los dispositivos multimodo, van a conformar un panorama global del que las tarjetas inteligentes, actuales y futuras, deberán participar. ¿Se pueden hacer más robustos y seguros los esquemas actuales de autenticación remota para éstas?. ¿En qué medida han sido diseñados para ser adaptados a estas nuevas circunstancias?. Esta tesis aborda la problemática de una forma conjunta, atendiendo al esquema de autenticación extremo-a-extremo y plantea un nuevo Marco de Autenticación para Tarjetas Inteligentes en Red bajo cuyo paraguas podemos modelar, analizar e incluso proponer una arquitectura de protocolos de autenticación remota para las tarjetas inteligentes actuales y venideras. Tras el diseño y la implementación acorde con dicha arquitectura y una evaluación de las funcionalidades previstas, se realiza una aplicación sobre un escenario realista de pago electrónico en entornos inalámbricos; por un lado demostrando la viabilidad de la propuesta y, por otro, incidiendo en su versatilidad, que le permite ser robusta ante la transformación que les conduce hacia esa nueva generación