Cope with selfish and malicious nodes

Jinyang Li

P2P requires cooperation• Cooperation means nodes obey design• However, P2P users control the nodes

– Modify the given software– Shut down application– Delete app files– Rate limit application etc.

• P2P users are mostly selfish – Avoid contributing resources as much as possible

• P2P nodes could be malicious– Adversary can enroll (arbitrarily) many nodes

P2P nodes speak the “right” protocol, but might not do the “right” things.

What if anyone can run Coral?

Design space for combating misbehaving nodes

1. Enforce nodes to run desired software

– Obfuscate protocol/software– Rely on hardware support to

authenticate a running piece of software (Trusted computing)

Design space for combating misbehaving nodes

2. Encourage nodes not to be selfish– Design protocols so it is in a node’s best

interest to contribute

3. Choose trustworthy nodes for interaction– If only a few trusted nodes turn out to be bad,

it is okay since data/service is replicated

#2 Encourage non-selfish behavior

• What do selfish users do in file-sharing?– Download from others, but refuse to upload– Why is it bad?– If everybody behaves like this, system is useless

A layman’s view of game theory

• Prisoner’s dilemma (PD)

3,3 0,5

5,0 1,1

C D

C

D

Nash equilibriumboth defect, worst global outcome

Global optimal:Requires both to cooperate

Tit-for-tat

• What if boy and dog play the game over many iterations?– Tit-for-tat:

• Cooperate in the 1st round, mirror what your opponent did in the last round

– Tit-for-tat with forgiveness: • Occasionally cooperate to end a streak of

retaliation and counter-retaliation

Tit-for-tat for file sharing

• Exchanging data between peers is like an iterated PD game– Break data exchange in multiple rounds.– If remote peer does not upload fast enough

(defect), choke his download (play defect).

Bittorrent

• Group all peers interested in the same file into a swarm– Each node has sth. the other wants

• A big file is broken into pieces– Each node downloads pieces in random order

• Every 10 seconds, calculate a remote peer’s upload rate, if no good, choke it– Tit-for-tat

• Periodically chooses one random peer to unchoke– …with forgiveness

How tit-for-tat helps BT

• Tit-for-tat in BT ensures fair exchange(?)• Tit-for-tat prevents selfish behavior(?)• All selfish behaviors are non-profitable(?)

Cautions in applying tit-for-tat in other scenarios

• The game must be played over many rounds

• Each peer must have “goods” valued equally by the other

• What’s at stake?

# Combating malicious nodes

• Malicious (Byzantine) nodes– Their goal is to bring max harm to you– May also behave randomly and unpredictably

• Basic strategy– replicate data/functionalities– Obtain data or votes of results from multiple replicas

• The impossibility results:– No availability when all nodes are Byzantine. – No correct agreement when >1/3 nodes are Byzantine.

What’s at stake?

• What does the system vote on?– launch a nuclear missile– Buyer or seller’s reputation (eBay)– Importance of a webpage (Google)– Interesting news (digg)– Authenticity of a shared file (Credence)

Who can vote?

• eBay, digg: any registered users– Can an adversary register millions of users?

• Must ensure votes come from independent parties– Restrict voters to humans– Restrict one identity per human

• Credence:– Central authority issues public key to nodes– Limit how fast keys are issued to each node

What to vote on?• Votes could be on subjective or objective matters

– (Digg) Interesting vs. boring news

• Credence insight:– Make votes objective, honest users similar

votes– Example votes:

• <abf3: britney name, mp3 = type>K

• <ba9f: britney name, mp3 type>K

• <35e4: name = >KBinds a vote to a userBinds a vote to its file

How to cast votes?

• U1 downloads files abf3,ba9f,35e4 with search term “britney mp3”

• <abf3: britney name, mp3 = type>K

• <ba9f: britney name, mp3 type>K

• <35e4: name = >K

How to use votes?• U2 obtains hash abf3,ba9f,35e4 from search

“britney mp3”• Goal: Rank hashes according to votes

1. Collect a list of votes for each hash from peers2. Weight peers using voting history correlation3. Compute weighted aggregate votes on each hash4. Sort

Weight peers based on vote correlation

abcd britney name,b234 spears name, 4567 madonna nameff45 nina name1234 britney name

abf3 britney nameb234 britney name4567 madonna nameff45 nina name1234 britney name

My votes U1’s votes

4 votes on same files; 2 positive agreementsP=.52 positive votes from me, 3 positive votes from U1a=.5, b=.75Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = 1.36

Weight peers based on vote correlation

abcd britney name,b234 spears name, 4567 madonna nameff45 nina name1234 britney name

abf3 britney nameb234 britney name4567 madonna nameff45 nina name1234 britney name

My votes U2’s votes

4 votes on same files; 1 positive agreementsP=0.252 positive votes from me, 3 positive votes from U1a=.5, b=.75Correlation (p-ab)/sqrt(a(1-a)b(1-b)) = -0.57

What if there are no overlapping files?

• Use transitive correlation– If A has high correlation with B, B has

high correlation with C, then A has high correlation with C

Summary on DHT and P2P

• What did you learn?