Private and censorship-resistant communication over public networks

Society’s increasing reliance on digital communication networks is creating unprecedented opportunities for wholesale surveillance and censorship. This thesis investigates the use of public networks such as the Internet to build robust, private communication systems that can resist monitoring and attacks by powerful adversaries such as national governments. We sketch the design of a censorship-resistant communication system based on peer-to-peer Internet overlays in which the participants only communicate directly with people they know and trust. This ‘friend-to-friend’ approach protects the participants’ privacy, but it also presents two significant challenges. The first is that, as with any peer-to-peer overlay, the users of the system must collectively provide the resources necessary for its operation; some users might prefer to use the system without contributing resources equal to those they consume, and if many users do so, the system may not be able to survive. To address this challenge we present a new game theoretic model of the problem of encouraging cooperation between selfish actors under conditions of scarcity, and develop a strategy for the game that provides rational incentives for cooperation under a wide range of conditions. The second challenge is that the structure of a friend-to-friend overlay may reveal the users’ social relationships to an adversary monitoring the underlying network. To conceal their sensitive relationships from the adversary, the users must be able to communicate indirectly across the overlay in a way that resists monitoring and attacks by other participants. We address this second challenge by developing two new routing protocols that robustly deliver messages across networks with unknown topologies, without revealing the identities of the communication endpoints to intermediate nodes or vice versa. The protocols make use of a novel unforgeable acknowledgement mechanism that proves that a message has been delivered without identifying the source or destination of the message or the path by which it was delivered. One of the routing protocols is shown to be robust to attacks by malicious participants, while the other provides rational incentives for selfish participants to cooperate in forwarding messages

One step further in large-scale evaluations: the V-DS environment

Validating current and next generation of distributed systems targeting large-scale infrastructures is a complex task. Several methodologies are possible. However, experimental evaluations on real testbeds are unavoidable in the life-cycle of a distributed middleware prototype. In particular, performing such real experiments in a rigorous way requires to benchmark developed prototypes at larger and larger scales. Fulfilling this requirement is an open challenge but is mandatory in order to fully observe and understand the behaviors of distributed systems. In this work, we present our Virtualization environment for large-scale Distributed Systems, called V-DS, as an answer for reaching scales steps further than current experimental evaluation scales. Then, through the use of V-DS, we experimentally benchmark the scalability of three P2P libraries by reaching scales commonly used for evaluations through simulations. Notably, our results on the Grid'5000 research testbed show that only one of the P2P library can optimally build overlays, whatever the size of the overlay i

Une Plate-forme d'Emulation Légère pour Etudier les Systèmes Pair-à-Pair

National audienceLes méthodes actuellement les plus utilisées pour étudier les systèmes pair-à-pair (modélisation, simulation, et exécution sur des systèmes réels) montrent souvent des limites sur les plans du passage à l'échelle et du réalisme. Cet article présente P2PLab, une plate-forme pour l'étude et l'évaluation des systèmes pair-à-pair, qui combine l'émulation (utilisation de l'application réelle à étudier à l'intérieur d'un environnement synthétique) et la virtualisation. Après la présentation des caractéristiques principales de P2PLab (émulation réseau distribuée, virtualisation légère), nous montrons son utilité lors de l'étude du système de diffusion de fichiers BitTorrent, notamment en comparant deux implantations différentes de ce protocole complexe

Designing incentives for peer-to-peer systems

Peer-to-peer systems, networks of egalitarian nodes without a central authority, can achieve massive scalability and fault tolerance through the pooling together of individual resources. Unfortunately, most nodes represent self-interested, or rational, parties that will attempt to maximize their consumption of shared resources while minimizing their own contributions. This constitutes a type of attack that can destabilize the system. The first contribution of this thesis is a proposed taxonomy for these rational attacks and the most common solutions used in contemporary designs to thwart them. One approach is to design the P2P system with incentives for cooperation, so that rational nodes voluntarily behave. We broadly classify these incentives as being either genuine or artificial , with the former describing incentives inherent in peer interactions, and the latter describing a secondary enforcement system. We observe that genuine incentives tend to be more robust to rational manipulations than artificial counterparts. Based on this observation, we also propose two extensions to BitTorrent, a P2P file distribution protocol. While this system is popular, accounting for approximately one-third of current Internet traffic, it has known limitations. Our extensions use genuine incentives to address some of these problems. The first extension improves seeding, an altruistic mode wherein nodes that have completed their download continue to provide upload service. We incentivize seeding by giving long-term identifiers to clients enabling seeding clients to be recognized and rewarded in subsequent downloads. Simulations demonstrate that our method is highly effective in protecting swarms from aggressive clients such as BitTyrant. Finally, we introduce The BitTorrent Anonymity Marketplace , wherein each peer simultaneously joins multiple swarms to disguise their true download intentions. Peers then trade one torrent for another, making the cover traffic valuable as a means of obtaining the real target. Thus, when a neighbor receives a request from a peer for blocks of a torrent, it does not know if the peer is really downloading that torrent, or only using it in trade. Using simulation, we demonstrate that nodes cannot determine peer intent from observed interactions

Lifetime and availability of data stored on a P2P system: Evaluation of redundancy and recovery schemes

International audienceThis paper studies the performance of Peer-to-Peer storage and backup systems (P2PSS). These systems are based on three pillars: data fragmentation and dissemination among the peers, redundancy mechanisms to cope with peers churn and repair mechanisms to recover lost or temporarily unavailable data. Usually, redundancy is achieved either by using replication or by using erasure codes. A new class of network coding (regenerating codes) has been proposed recently. Therefore, we will adapt our work to these three redundancy schemes. We introduce two mechanisms for recovering lost data and evaluate their performance by modeling them through absorbing Markov chains. Specifically, we evaluate the quality of service provided to users in terms of durability and availability of stored data for each recovery mechanism and deduce the impact of its parameters on the system performance. The first mechanism is centralized and based on the use of a single server that can recover multiple losses at once. The second mechanism is distributed: reconstruction of lost fragments is iterated sequentially on many peers until that the required level of redundancy is attained. The key assumptions made in this work, in particular, the assumptions made on the recovery process and peer on-times distribution, are in agreement with the analysis in [1] and in [2] respectively. The models are thereby general enough to be applicable to many distributed environments as shown through numerical computations. We find that, in stable environments such as local area or research institute networks where machines are usually highly available, the distributed-repair scheme in erasure-coded systems offers a reliable, scalable and cheap storage/backup solution. For the case of highly dynamic environments, in general, the distributed-repair scheme is inefficient, in particular to maintain high data availability, unless the data redundancy is high. Using regenerating codes overcomes this limitation of the distributed-repair scheme. P2PSS with centralized-repair scheme are efficient in any environment but have the disadvantage of relying on a centralized authority. However, the analysis of the overhead cost (e.g. computation, bandwidth and complexity cost) resulting from the different redundancy schemes with respect to their advantages (e.g. simplicity), is left for future work

Highly intensive data dissemination in complex networks

This paper presents a study on data dissemination in unstructured Peer-to-Peer (P2P) network overlays. The absence of a structure in unstructured overlays eases the network management, at the cost of non-optimal mechanisms to spread messages in the network. Thus, dissemination schemes must be employed that allow covering a large portion of the network with a high probability (e.g.~gossip based approaches). We identify principal metrics, provide a theoretical model and perform the assessment evaluation using a high performance simulator that is based on a parallel and distributed architecture. A main point of this study is that our simulation model considers implementation technical details, such as the use of caching and Time To Live (TTL) in message dissemination, that are usually neglected in simulations, due to the additional overhead they cause. Outcomes confirm that these technical details have an important influence on the performance of dissemination schemes and that the studied schemes are quite effective to spread information in P2P overlay networks, whatever their topology. Moreover, the practical usage of such dissemination mechanisms requires a fine tuning of many parameters, the choice between different network topologies and the assessment of behaviors such as free riding. All this can be done only using efficient simulation tools to support both the network design phase and, in some cases, at runtime

A Content-Addressable Network for Similarity Search in Metric Spaces

Because of the ongoing digital data explosion, more advanced search paradigms than the traditional exact match are needed for contentbased retrieval in huge and ever growing collections of data produced in application areas such as multimedia, molecular biology, marketing, computer-aided design and purchasing assistance. As the variety of data types is fast going towards creating a database utilized by people, the computer systems must be able to model human fundamental reasoning paradigms, which are naturally based on similarity. The ability to perceive similarities is crucial for recognition, classification, and learning, and it plays an important role in scientific discovery and creativity. Recently, the mathematical notion of metric space has become a useful abstraction of similarity and many similarity search indexes have been developed. In this thesis, we accept the metric space similarity paradigm and concentrate on the scalability issues. By exploiting computer networks and applying the Peer-to-Peer communication paradigms, we build a structured network of computers able to process similarity queries in parallel. Since no centralized entities are used, such architectures are fully scalable. Specifically, we propose a Peer-to-Peer system for similarity search in metric spaces called Metric Content-Addressable Network (MCAN) which is an extension of the well known Content-Addressable Network (CAN) used for hash lookup. A prototype implementation of MCAN was tested on real-life datasets of image features, protein symbols, and text — observed results are reported. We also compared the performance of MCAN with three other, recently proposed, distributed data structures for similarity search in metric spaces