Providing Witness Anonymity Under Peer-to-Peer Settings

In this paper, we introduce the concept of witness anonymity for peer-to-peer systems, as well as other systems with the peer-to-peer nature. Witness anonymity combines the seemingly conflicting requirements of anonymity (for honest peers who report on the misbehavior of other peers) and accountability (for malicious peers that attempt to misuse the anonymity feature to slander honest peers). We propose the Secure Deep Throat (SDT) protocol to provide anonymity for the witnesses of malicious or selfish behavior to enable such peers to report on this behavior without fear of retaliation. On the other hand, in SDT, the misuse of anonymity is restrained in such a way that any malicious peer attempting to send multiple claims against the same innocent peer for the same reason (i.e., the same misbehavior type) can be identified. We also describe how SDT can be used in two modes. The active mode can be used in scenarios with real-time requirements, e.g., detecting and preventing the propagation of peer-to-peer worms, whereas the passive mode is suitable for scenarios without strict real-time requirements, e.g., query-based reputation systems. We analyze the security and overhead of SDT, and present countermeasures that can be used to mitigate various attacks on the protocol. Moreover, we show how SDT can be easily integrated with existing protocols/mechanisms with a few examples. Our analysis shows that the communication, storage, and computation overheads of SDT are acceptable in peer-to-peer systems.

[1]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[2]  Jeong Hyun Yi,et al.  On the utility of distributed cryptography in P2P and MANETs: the case of membership control , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[3]  Helen J. Wang,et al.  Privacy-Preserving Friends Troubleshooting Network , 2005, NDSS.

[4]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[5]  Ernesto Damiani,et al.  A reputation-based approach for choosing reliable resources in peer-to-peer networks , 2002, CCS '02.

[6]  Xiaoyan Hong,et al.  ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks , 2003, MobiHoc '03.

[7]  Roger Dingledine,et al.  Reliable MIX Cascade Networks through Reputation , 2002, Financial Cryptography.

[8]  Ernesto Damiani,et al.  Choosing reputable servents in a P2P network , 2002, WWW.

[9]  Haiyun Luo,et al.  URSA: ubiquitous and robust access control for mobile ad hoc networks , 2004, IEEE/ACM Transactions on Networking.

[10]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[11]  Sally Floyd,et al.  Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[12]  Roger Dingledine,et al.  A Reputation System to Increase MIX-Net Reliability , 2001, Information Hiding.

[13]  Mohan S. Kankanhalli,et al.  Anonymous secure routing in mobile ad-hoc networks , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[14]  Brian Neil Levine,et al.  A protocol for anonymous communication over the Internet , 2000, CCS.

[15]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[16]  Mudhakar Srivatsa,et al.  TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks , 2005, WWW '05.

[17]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[18]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[19]  Mohan S. Kankanhalli,et al.  Efficient and robust key management for large mobile ad hoc networks , 2005, Comput. Networks.

[20]  Jacques Stern,et al.  Threshold Ring Signatures and Applications to Ad-hoc Groups , 2002, CRYPTO.

[21]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallets with Observers (Extended Abstract) , 1993, CRYPTO.

[22]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[23]  Reihaneh Safavi-Naini,et al.  Dynamic k-Times Anonymous Authentication , 2005, ACNS.

[24]  Martijn Stam,et al.  A Comparison of CEILIDH and XTR , 2004, ANTS.

[25]  Jianping Pan,et al.  Promoting Identity-Based Key Management in Wireless Ad Hoc Networks , 2007 .

[26]  Helen J. Wang,et al.  Friends Troubleshooting Network: Towards Privacy-Preserving, Automatic Troubleshooting , 2004, IPTPS.

[27]  Helen J. Wang,et al.  Applications of secure electronic voting to automated privacy-preserving troubleshooting , 2005, CCS '05.

[28]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[29]  Gene Tsudik,et al.  Some Open Issues and New Directions in Group Signatures , 1999, Financial Cryptography.

[30]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[31]  Kazue Sako,et al.  k-Times Anonymous Authentication (Extended Abstract) , 2004, ASIACRYPT.

[32]  Chrysanthos Dellarocas,et al.  Analyzing the economic efficiency of eBay-like online reputation reporting mechanisms , 2011, EC '01.

[33]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[34]  Ling Liu,et al.  TrustMe: anonymous management of trust relationships in decentralized P2P systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[35]  Paulo S. L. M. Barreto,et al.  On the Selection of Pairing-Friendly Groups , 2003, Selected Areas in Cryptography.