Collusion in Peer-to-Peer Systems

Peer-to-peer systems have reached a widespread use, ranging from academic and industrial applications to home entertainment. The key advantage of this paradigm lies in its scalability and flexibility, consequences of the participants sharing their resources for the common welfare. Security in such systems is a desirable goal. For example, when mission-critical operations or bank transactions are involved, their effectiveness strongly depends on the perception that users have about the system dependability and trustworthiness. A major threat to the security of these systems is the phenomenon of collusion. Peers can be selfish colluders, when they try to fool the system to gain unfair advantages over other peers, or malicious, when their purpose is to subvert the system or disturb other users. The problem, however, has received so far only a marginal attention by the research community. While several solutions exist to counter attacks in peer-to-peer systems, very few of them are meant to directly counter colluders and their attacks. Reputation, micro-payments, and concepts of game theory are currently used as the main means to obtain fairness in the usage of the resources. Our goal is to provide an overview of the topic by examining the key issues involved. We measure the relevance of the problem in the current literature and the effectiveness of existing philosophies against it, to suggest fruitful directions in the further development of the field

Framework for privacy-aware content distribution in peer-to- peer networks with copyright protection

The use of peer-to-peer (P2P) networks for multimedia distribution has spread out globally in recent years. This mass popularity is primarily driven by the efficient distribution of content, also giving rise to piracy and copyright infringement as well as privacy concerns. An end user (buyer) of a P2P content distribution system does not want to reveal his/her identity during a transaction with a content owner (merchant), whereas the merchant does not want the buyer to further redistribute the content illegally. Therefore, there is a strong need for content distribution mechanisms over P2P networks that do not pose security and privacy threats to copyright holders and end users, respectively. However, the current systems being developed to provide copyright and privacy protection to merchants and end users employ cryptographic mechanisms, which incur high computational and communication costs, making these systems impractical for the distribution of big files, such as music albums or movies.El uso de soluciones de igual a igual (peer-to-peer, P2P) para la distribución multimedia se ha extendido mundialmente en los últimos años. La amplia popularidad de este paradigma se debe, principalmente, a la distribución eficiente de los contenidos, pero también da lugar a la piratería, a la violación del copyright y a problemas de privacidad. Un usuario final (comprador) de un sistema de distribución de contenidos P2P no quiere revelar su identidad durante una transacción con un propietario de contenidos (comerciante), mientras que el comerciante no quiere que el comprador pueda redistribuir ilegalmente el contenido más adelante. Por lo tanto, existe una fuerte necesidad de mecanismos de distribución de contenidos por medio de redes P2P que no supongan un riesgo de seguridad y privacidad a los titulares de derechos y los usuarios finales, respectivamente. Sin embargo, los sistemas actuales que se desarrollan con el propósito de proteger el copyright y la privacidad de los comerciantes y los usuarios finales emplean mecanismos de cifrado que implican unas cargas computacionales y de comunicaciones muy elevadas que convierten a estos sistemas en poco prácticos para distribuir archivos de gran tamaño, tales como álbumes de música o películas.L'ús de solucions d'igual a igual (peer-to-peer, P2P) per a la distribució multimèdia s'ha estès mundialment els darrers anys. L'àmplia popularitat d'aquest paradigma es deu, principalment, a la distribució eficient dels continguts, però també dóna lloc a la pirateria, a la violació del copyright i a problemes de privadesa. Un usuari final (comprador) d'un sistema de distribució de continguts P2P no vol revelar la seva identitat durant una transacció amb un propietari de continguts (comerciant), mentre que el comerciant no vol que el comprador pugui redistribuir il·legalment el contingut més endavant. Per tant, hi ha una gran necessitat de mecanismes de distribució de continguts per mitjà de xarxes P2P que no comportin un risc de seguretat i privadesa als titulars de drets i els usuaris finals, respectivament. Tanmateix, els sistemes actuals que es desenvolupen amb el propòsit de protegir el copyright i la privadesa dels comerciants i els usuaris finals fan servir mecanismes d'encriptació que impliquen unes càrregues computacionals i de comunicacions molt elevades que fan aquests sistemes poc pràctics per a distribuir arxius de grans dimensions, com ara àlbums de música o pel·lícules

Cheating in networked computer games: a review

The increasing popularity of Massively Multiplayer Online Games (MMOG) - games involving thousands of players participating simultaneously in a single virtual world - has highlighted the scalability bottlenecks present in centralised Client/Server (C/S) architectures. Researchers are proposing Peer-to-Peer (P2P) architectures as a scalable alternative to C/S; however, P2P is more vulnerable to cheating as it decentralises the game state and logic to un-trusted peer machines, rather than using trusted centralised servers. Cheating is a major concern for online games, as a minority of cheaters can potentially ruin the game for all players. In this paper we present a review and classification of known cheats, and provide real-world examples where possible. Further, we discuss counter measures used by C/S architectures to prevent cheating. Finally, we discuss several P2P architectures designed to prevent cheating, highlighting their strengths and weaknesses

A survey on network game cheats and P2P solutions

The increasing popularity of Massively Multiplayer Online Games (MMOG) - games involving thousands of players participating simultaneously in a single virtual world - has highlighted the scalability bottlenecks present in centralised Client/Server (C/S) architectures. Researchers are proposing Peer-to-Peer (P2P) game technologies as a scalable alternative to C/S; however, P2P is more vulnerable to cheating as it decentralises the game state and logic to un-trusted peer machines, rather than using trusted centralised servers. Cheating is a major concern for online games, as a minority of cheaters can potentially ruin the game for all players. In this paper we present a review and classification of known cheats, and provide real-world examples where possible. Further, we discuss counter measures used by C/S game technologies to prevent cheating. Finally, we discuss several P2P architectures designed to prevent cheating, highlighting their strengths and weaknesses

A cross-domain trust model of smart city IoT based on self-certification

Smart city refers to the information system with Internet of things and cloud computing as the core technology and government management and industrial development as the core content, forming a large-scale, heterogeneous and dynamic distributed Internet of things environment between different Internet of things. There is a wide demand for cooperation between equipment and management institutions in the smart city. Therefore, it is necessary to establish a trust mechanism to promote cooperation, and based on this, prevent data disorder caused by the interaction between honest terminals and malicious terminals. However, most of the existing research on trust mechanism is divorced from the Internet of things environment, and does not consider the characteristics of limited computing and storage capacity and large differences of Internet of things devices, resulting in the fact that the research on abstract trust mechanism cannot be directly applied to the Internet of things; On the other hand, various threats to the Internet of things caused by security vulnerabilities such as collision attacks are not considered. Aiming at the security problems of cross domain trusted authentication of Intelligent City Internet of things terminals, a cross domain trust model (CDTM) based on self-authentication is proposed. Unlike most trust models, this model uses self-certified trust. The cross-domain process of internet of things (IoT) terminal can quickly establish a trust relationship with the current domain by providing its trust certificate stored in the previous domain interaction. At the same time, in order to alleviate the collision attack and improve the accuracy of trust evaluation, the overall trust value is calculated by comprehensively considering the quantity weight, time attenuation weight and similarity weight. Finally, the simulation results show that CDTM has good anti collusion attack ability. The success rate of malicious interaction will not increase significantly. Compared with other models, the resource consumption of our proposed model is significantly reduced

Foundations, Properties, and Security Applications of Puzzles: A Survey

Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing Survey