PKI-based security for peer-to-peer information sharing

Freeflow of information is the feature that has made peer-to-peer information sharing applications popular. However, this very feature holds back the acceptance of these applications by the corporate and scientific communities. In these communities it is important to provide confidentiality and integrity of communication and to enforce access control to shared resources. We present a collection of security mechanisms that can be used to satisfy these security requirements. Our solutions are based on established and proven security techniques and we utilize existing technologies when possible. As a proof of concept, we have developed an information sharing system, called scishare, which integrates a number of these security mechanisms to provide a secure environment for information sharing. This system will allow a broader set of user communities to benefit from peer-to-peer information sharing.

[1]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[2]  Olivier Chevassut Authenticated group Diffie-Hellman key exchange: theory and practice , 2002 .

[3]  Markus Lorch,et al.  A new security model for collaborative environments , 2003 .

[4]  Olivier Chevassut,et al.  A practical approach to the InterGroup protocols , 2002, Future Gener. Comput. Syst..

[5]  Olivier Chevassut,et al.  An integrated solution for secure group communication in wide-area networks , 2001, Proceedings. Sixth IEEE Symposium on Computers and Communications.

[6]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[7]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[8]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[10]  Hector Garcia-Molina,et al.  EigenRep: Reputation Management in P2P Networks , 2003 .

[11]  Ling Liu,et al.  TrustMe: anonymous management of trust relationships in decentralized P2P systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).