Security in DHT-based peer-to-peer networks

Questa tesi riguarda il problema dell’integrazione dei meccanismi per la gestione di reputazione e dei processi di lookup nelle reti peer-to-peer basate su DHT (Distributed Hash Table) e l’applicazione di tali tecniche a scenari di reti chiuse e gerarchiche con particolare riferimento al livello di sicurezza e efficienza dello storage e del backup delle risorse. La soluzione proposta rappresenta una combinazione delle tecniche per la valutazione di reputazione e degli strumenti per i sistemi di computer distribuiti come protezione dagli specifici attacchi causati dai peer maliziosi in sistemi P2P collaborativi. Inoltre, e’ stata proposta l’applicazione dei meccanismi DHT nell’ambito delle reti di computer gerarchiche, in particolare nelle reti aziendali. L’obiettivo di questo lavoro e’ quello di offrire una soluzione ai problemi derivanti dall’utilizzo di una architettura centralizzata tramite l’introduzione del sistema di organizzazione dei dati inerente all’ambito P2P basato sugli algoritmi DHT in una rete aziendale.This thesis addresses the problem of integration of reputation management mechanisms and other instruments used in distributed computing environment with lookup processes in DHT-based peer-to-peer networks in order to improve resilience of such systems to destructive actions of malevolent or faulty components. The goal of this integration is to obtain a more efficient, less expensive (in terms of data transferred, computational resources involved and time spent) and possibly simple solution to cope with the specific problems of DHT-based environment. A particular accent has been given to DHT-based environments with a collaborative nature. Another issue considered in this work regards the application of DHT mechanisms to lookup and data retrieval processes in hierarchical collaborative environments, in particular, in enterprise networks. This approach exploits advantages of the P2P data organization system based on DHTs to avoid some problems inherent in systems with centralized architectures

Semantic search and composition in unstructured peer-to-peer networks

This dissertation focuses on several research questions in the area of semantic search and composition in unstructured peer-to-peer (P2P) networks. Going beyond the state of the art, the proposed semantic-based search strategy S2P2P offers a novel path-suggestion based query routing mechanism, providing a reasonable tradeoff between search performance and network traffic overhead. In addition, the first semantic-based data replication scheme DSDR is proposed. It enables peers to use semantic information to select replica numbers and target peers to address predicted future demands. With DSDR, k-random search can achieve better precision and recall than it can with a near-optimal non-semantic replication strategy. Further, this thesis introduces a functional automatic semantic service composition method, SPSC. Distinctively, it enables peers to jointly compose complex workflows with high cumulative recall but low network traffic overhead, using heuristic-based bidirectional haining and service memorization mechanisms. Its query branching method helps to handle dead-ends in a pruned search space. SPSC is proved to be sound and a lower bound of is completeness is given. Finally, this thesis presents iRep3D for semantic-index based 3D scene selection in P2P search. Its efficient retrieval scales to answer hybrid queries involving conceptual, functional and geometric aspects. iRep3D outperforms previous representative efforts in terms of search precision and efficiency.Diese Dissertation bearbeitet Forschungsfragen zur semantischen Suche und Komposition in unstrukturierten Peer-to-Peer Netzen(P2P). Die semantische Suchstrategie S2P2P verwendet eine neuartige Methode zur Anfrageweiterleitung basierend auf Pfadvorschlägen, welche den Stand der Wissenschaft übertrifft. Sie bietet angemessene Balance zwischen Suchleistung und Kommunikationsbelastung im Netzwerk. Außerdem wird das erste semantische System zur Datenreplikation genannt DSDR vorgestellt, welche semantische Informationen berücksichtigt vorhergesagten zukünftigen Bedarf optimal im P2P zu decken. Hierdurch erzielt k-random-Suche bessere Präzision und Ausbeute als mit nahezu optimaler nicht-semantischer Replikation. SPSC, ein automatisches Verfahren zur funktional korrekten Komposition semantischer Dienste, ermöglicht es Peers, gemeinsam komplexe Ablaufpläne zu komponieren. Mechanismen zur heuristischen bidirektionalen Verkettung und Rückstellung von Diensten ermöglichen hohe Ausbeute bei geringer Belastung des Netzes. Eine Methode zur Anfrageverzweigung vermeidet das Feststecken in Sackgassen im beschnittenen Suchraum. Beweise zur Korrektheit und unteren Schranke der Vollständigkeit von SPSC sind gegeben. iRep3D ist ein neuer semantischer Selektionsmechanismus für 3D-Modelle in P2P. iRep3D beantwortet effizient hybride Anfragen unter Berücksichtigung konzeptioneller, funktionaler und geometrischer Aspekte. Der Ansatz übertrifft vorherige Arbeiten bezüglich Präzision und Effizienz

Semantic search and composition in unstructured peer-to-peer networks

This dissertation focuses on several research questions in the area of semantic search and composition in unstructured peer-to-peer (P2P) networks. Going beyond the state of the art, the proposed semantic-based search strategy S2P2P offers a novel path-suggestion based query routing mechanism, providing a reasonable tradeoff between search performance and network traffic overhead. In addition, the first semantic-based data replication scheme DSDR is proposed. It enables peers to use semantic information to select replica numbers and target peers to address predicted future demands. With DSDR, k-random search can achieve better precision and recall than it can with a near-optimal non-semantic replication strategy. Further, this thesis introduces a functional automatic semantic service composition method, SPSC. Distinctively, it enables peers to jointly compose complex workflows with high cumulative recall but low network traffic overhead, using heuristic-based bidirectional haining and service memorization mechanisms. Its query branching method helps to handle dead-ends in a pruned search space. SPSC is proved to be sound and a lower bound of is completeness is given. Finally, this thesis presents iRep3D for semantic-index based 3D scene selection in P2P search. Its efficient retrieval scales to answer hybrid queries involving conceptual, functional and geometric aspects. iRep3D outperforms previous representative efforts in terms of search precision and efficiency.Diese Dissertation bearbeitet Forschungsfragen zur semantischen Suche und Komposition in unstrukturierten Peer-to-Peer Netzen(P2P). Die semantische Suchstrategie S2P2P verwendet eine neuartige Methode zur Anfrageweiterleitung basierend auf Pfadvorschlägen, welche den Stand der Wissenschaft übertrifft. Sie bietet angemessene Balance zwischen Suchleistung und Kommunikationsbelastung im Netzwerk. Außerdem wird das erste semantische System zur Datenreplikation genannt DSDR vorgestellt, welche semantische Informationen berücksichtigt vorhergesagten zukünftigen Bedarf optimal im P2P zu decken. Hierdurch erzielt k-random-Suche bessere Präzision und Ausbeute als mit nahezu optimaler nicht-semantischer Replikation. SPSC, ein automatisches Verfahren zur funktional korrekten Komposition semantischer Dienste, ermöglicht es Peers, gemeinsam komplexe Ablaufpläne zu komponieren. Mechanismen zur heuristischen bidirektionalen Verkettung und Rückstellung von Diensten ermöglichen hohe Ausbeute bei geringer Belastung des Netzes. Eine Methode zur Anfrageverzweigung vermeidet das Feststecken in Sackgassen im beschnittenen Suchraum. Beweise zur Korrektheit und unteren Schranke der Vollständigkeit von SPSC sind gegeben. iRep3D ist ein neuer semantischer Selektionsmechanismus für 3D-Modelle in P2P. iRep3D beantwortet effizient hybride Anfragen unter Berücksichtigung konzeptioneller, funktionaler und geometrischer Aspekte. Der Ansatz übertrifft vorherige Arbeiten bezüglich Präzision und Effizienz

TrustedKad - Application of Trust Mechanisms to a Kademlia-Based Peer-to-Peer Network

Peer-to-Peer-Netzwerke (P2P) sind verteilte Systeme, die aus gleichberechtigten Knoten („Peers“) bestehen. Im Gegensatz zu klassischen Client-Server-Systemen gibt es in P2P-Netzwerken keine hierarchischen Ebenen oder zentrale Kontrolleinheiten: Alle Peers bieten gleichzeitig Dienste an und nutzen sie. Im vergangenen Jahrzehnt ist eine Vielzahl verschiedener P2P-Anwendungen entwickelt worden – Filesharing-Anwendungen wie BitTorrent und eMule und Kommunikations-Anwendungen wie Skype gehören zu den bekanntesten von ihnen. Forschungsarbeiten haben gezeigt, dass P2P-Netzwerke anfällig für verschiedene Arten von Angriffen sind. Bekannte Angriffe sind z.B. die Sybil- und die Eclipse-Attack. Die üblichen Gegenmaßnahmen gegen die Angriffe sind Replikation und das Verwenden von disjunkten Routing-Pfaden, um die Wahrscheinlichkeit zu reduzieren, während einer Routing- oder Storage-Operation mit bösartigen Knoten zu interagieren. Seit einiger Zeit wird die Anwendung von Vertrauensmechanismen auf P2P-Netzwerke untersucht. Existierende Arbeiten betrachten meist unstrukturierte P2P-Netzwerke – in realen Umgebungen überwiegen jedoch die strukturierten Netzwerke. Insbesondere Implementierungen des Kademlia-Algorithmus‘ sind weit verbreitet, da er von BitTorrent und eMule genutzt wird. Dennoch versucht keiner der vertrauensbasierten Ansätze, die strukturierte Netzwerke behandeln, speziell die Sicherheit von Kademlia zu verbessern. Aufgrund der Verbreitung von Kademlia wird TrustedKad vom Autor entwickelt, um die Sicherheit des Kademlia-Algorithmus‘ zu verbessern. In dieser Arbeit wird TrustedKad eingeführt und die Funktionsweise erläutert. TrustedKad bewertet das Verhalten von Knoten nach Routing- oder Storage-Operationen als entweder positiv oder negativ. Dafür definiert TrustedKad unter Berücksichtigung der Funktionsweise von Kademlia die Regeln, nach denen gut- und bösartiges Verhalten identifiziert wird. Basierend auf diesen Bewertungen werden Vertrauenswerte für Routing und Storage berechnet, um gutartige und bösartige Knoten zu erkennen. Jeder Knoten nutzt Schwellwerte für diese Vertrauenswerte, um zu entscheiden, welche Knoten er als vertrauenswürdig ansieht. Nicht vertrauenswürdige Knoten werden während der eigenen Operationen eines Knotens vermieden. Darüber hinaus nutzt TrustedKad zusätzliche Sicherheitsfunktionen, um die Sicherheit des Systems weiter zu erhöhen. Diese werden im Verlauf dieser Arbeit vorgestellt. Um TrustedKad zu evaluieren, wird es in einer Simulationsumgebung implementiert und analysiert. Die in dieser Arbeit präsentierten Ergebnisse zeigen, dass TrustedKad in der Lage ist, gutartige und bösartige Knoten zu unterscheiden. Es wehrt verschiedene Variationen von bekannten Angriffen ab und verbessert die Sicherheit von Kademlia-basierten Netzwerken deutlich.Peer-to-peer networks (P2P) are distributed systems that consist of equal nodes (“peers”). In contrast to classic client/server systems, there is no hierarchy or central entity: All peers offer services and use them at the same time. In the past decade, a multitude of different P2P applications has been developed – filesharing applications such as BitTorrent and eMule and communication applications such as Skype are among the most popular of them. Research has shown that P2P networks are vulnerable to different kinds of attacks. Known attacks include, e.g., the Sybil attack and the Eclipse attack. Traditional countermeasures against the attacks are replication and the usage of disjoint routing paths to reduce the probability of interacting with malicious nodes during a routing or storage operation. More recently, trust mechanisms have been proposed and analyzed for applicability to P2P networks. The existing related work mostly targets unstructured P2P networks – however, in real-world environments, the structured networks prevail. Especially implementations of the Kademlia algorithm are widely spread, as it is used by BitTorrent and eMule. Nevertheless, none of the trust-based approaches that aim at structured networks specifically attempts to enhance Kademlia’s security. Due to Kademlia’s prevalence, TrustedKad is particularly designed by the author to improve the security of the Kademlia algorithm. In this thesis, TrustedKad is introduced and its functioning is explained. TrustedKad rates the behavior of nodes after routing and storage operations as either positive or negative. To do so, it defines the rules by which inoffensive and malicious behavior is identified in dependence of the functioning of the Kademlia algorithm. Based on the ratings, routing and storage trust values are calculated to identify inoffensive and malicious nodes. Every node uses thresholds for these trust values to decide which nodes it regards as trustworthy. Non-trustworthy nodes are avoided during a node’s own operations. Furthermore, TrustedKad uses additional security features to further increase the security of the system. They are introduced in this thesis. In order to evaluate TrustedKad, it is implemented and analyzed in a simulation environment. The results presented in this thesis show that TrustedKad is able to distinguish inoffensive and malicious nodes. It counters miscellaneous variations of known attacks and improves the security of Kademlia-based networks considerably

Service recommendation and selection in centralized and decentralized environments.

With the increasing use of web services in everyday tasks we are entering an era of Internet of Services (IoS). Service discovery and selection in both centralized and decentralized environments have become a critical issue in the area of web services, in particular when services having similar functionality but different Quality of Service (QoS). As a result, selecting a high quality service that best suits consumer requirements from a large list of functionally equivalent services is a challenging task. In response to increasing numbers of services in the discovery and selection process, there is a corresponding increase of service consumers and a consequent diversity in Quality of Service (QoS) available. Increases in both sides leads to a diversity in the demand and supply of services, which would result in the partial match of the requirements and offers. Furthermore, it is challenging for customers to select suitable services from a large number of services that satisfy consumer functional requirements. Therefore, web service recommendation becomes an attractive solution to provide recommended services to consumers which can satisfy their requirements.In this thesis, first a service ranking and selection algorithm is proposed by considering multiple QoS requirements and allowing partially matched services to be counted as a candidate for the selection process. With the initial list of available services the approach considers those services with a partial match of consumer requirements and ranks them based on the QoS parameters, this allows the consumer to select suitable service. In addition, providing weight value for QoS parameters might not be an easy and understandable task for consumers, as a result an automatic weight calculation method has been included for consumer requirements by utilizing distance correlation between QoS parameters. The second aspect of the work in the thesis is the process of QoS based web service recommendation. With an increasing number of web services having similar functionality, it is challenging for service consumers to find out suitable web services that meet their requirements. We propose a personalised service recommendation method using the LDA topic model, which extracts latent interests of consumers and latent topics of services in the form of probability distribution. In addition, the proposed method is able to improve the accuracy of prediction of QoS properties by considering the correlation between neighbouring services and return a list of recommended services that best satisfy consumer requirements. The third part of the thesis concerns providing service discovery and selection in a decentralized environment. Service discovery approaches are often supported by centralized repositories that could suffer from single point failure, performance bottleneck, and scalability issues in large scale systems. To address these issues, we propose a context-aware service discovery and selection approach in a decentralized peer-to-peer environment. In the approach homophily similarity was used for bootstrapping and distribution of nodes. The discovery process is based on the similarity of nodes and previous interaction and behaviour of the nodes, which will help the discovery process in a dynamic environment. Our approach is not only considering service discovery, but also the selection of suitable web service by taking into account the QoS properties of the web services. The major contribution of the thesis is providing a comprehensive QoS based service recommendation and selection in centralized and decentralized environments. With the proposed approach consumers will be able to select suitable service based on their requirements. Experimental results on real world service datasets showed that proposed approaches achieved better performance and efficiency in recommendation and selection process.N/

Component-based Adaptation Methods for Service-Oriented Peer-to-Peer Software Architectures

Service-oriented peer-to-peer architectures aim at supporting application scenarios of dispersed collaborating groups in which the participating users are capable of providing and consuming local resources in terms of peer services. From a conceptual perspective, service-oriented peer-to-peer architectures adopt relevant concepts of two well-established state-of-the-art software architectural styles, namely service-oriented architectures (also known as SOA) and peer-to-peer architectures (P2P). One major argumentation of this thesis is that the adoption of end-user adaptability (or tailorability) concepts is of major importance for the successful deployment of service-oriented peer-to-peer architectures that support user collaboration. Since tailorability concepts have so far not been analyzed for both peer-to-peer and service-oriented architectures, no relevant models exist that could serve as a tailorability model for service-oriented peer-to-peer architectures. In order to master the adaptation of peer services, as well as peer service compositions within service-oriented peer-to-peer architectures, this dissertation proposes the adoption of component-oriented development methods. These so-called component-based adaptation methods enable service providers to adapt their provided services during runtime. Here, a model for analyzing existing dependencies on subscribed ser-vice consumers ensures that a service provider is able to adapt his peer services without violating any dependencies. In doing so, an adaptation policy that can be pre-arranged within a peer group regulates the procedures of how to cope with existing dependencies in the scope of a group. The same methods also serve as a way to handle exceptional cases, in particular the failure of a dependent service provider peer and, hence, a service that is part of a local service composition. In this, the hosting runtime environment is responsible for detecting exceptions and for initiating the process of exception resolution. During the resolution phase, a user can be actively involved at selected decision points in order to resolve the occurred exception in unpredictable contexts. An exception could also be the reason for the violation of an integrity constraint that serves as a contract between various peers that interact within a given collaboration. The notion of integrity constraints and the model of handling the constraint violation aim at improving the reliability of target-oriented peer collaborations. This dissertation is composed of three major parts that each makes a significant contribution to the state of the art. First of all, a formal architectural style (SOP2PA) is introduced to define the fundamental elements that are necessary to build service-oriented peer-to-peer architectures, as well as their relationships, constraints, and operational semantics. This architectural style also formalizes the above-mentioned adaptation methods, the exception handling model that embraces these methods, the analysis model for managing consumer dependencies, as well as the integrity constraints model. Subsequently, on this formal basis, a concrete (specific) service-oriented peer-to-peer architecture (DEEVOLVE) is conceptualized that serves as the default implementation of that style. Here, the notions described above are materialized based on state-of-the-art software engineering methods and models. Finally, the third contribution of this work outlines an application scenario stemming from the area of construction informatics, in which the default implementation DEEVOLVE is deployed in order to support dispersed planning activities of structural engineers

Combining SOA and BPM Technologies for Cross-System Process Automation

This paper summarizes the results of an industry case study that introduced a cross-system business process automation solution based on a combination of SOA and BPM standard technologies (i.e., BPMN, BPEL, WSDL). Besides discussing major weaknesses of the existing, custom-built, solution and comparing them against experiences with the developed prototype, the paper presents a course of action for transforming the current solution into the proposed solution. This includes a general approach, consisting of four distinct steps, as well as specific action items that are to be performed for every step. The discussion also covers language and tool support and challenges arising from the transformation

A fuzzy-based trustworthiness system for P2P communications in JXTA-overlay considering positive and negative effects

In Peer-to-Peer (P2P) networks, peers often interact with unknown peers and finding a reliable peer for interaction is a major challenge. In our previous work, we proposed and implemented a fuzzy-based trustworthiness system, which considered only positive effect parameters. In this paper, we propose a new fuzzy-based trustworthiness system for P2P Communications in JXTA-Overlay that decides the Peer Reliability (PR) considering three parameters: Number of Uploads (NU), Peer Disconnections (PD) and Reputation(R). In the proposed system, the NU and PD parameters have negative effect, while R parameter has positive effect for deciding peer reliability. We evaluate the proposed system by computer simulations. The simulation results has shown that the proposed system can effectively help peers to select reliable peers to download information.Peer Reviewe