2011, Vol.16 No.5, 405-408 Article ID 1007-1202(2011)05-0405-04 DOI 10.1007/s11859-011-0770-7 A Mechanism Based on Reputation in P2P Networks to Counter Malicious Packet Dropping □ PENG Hao1, LU Songnian1,2†, LI Jianhua1,2, ZHANG Aixin2, ZHAO Dandan1 1. Electronic Engineering Department, Shanghai Jiao Tong University, Shanghai 200240, China; 2. School of Information Security Engineering, Shanghai Jiao Tong University, Shanghai 200240, China © Wuhan University and Springer-Verlag Berlin Heidelberg 2011 Abstract: In P2P (Peer-to-Peer) networks, some malicious peers can impact overall networks performance. One of the malicious behaviors of these peers is malicious packet dropping. In this paper, our focus is to detect and to exclude peers that misbehave by dropping some or all packets. Here, we propose a reputation-based mechanism for solving the problem efficiently. The proposed mechanism uses both direct reputation information and indirect reputation information to compute comprehensive reputation of a peer. At the same time, history reputation information is also taken into account when providing in faults tolerance capability and we regulate the imprecision based on the fact that the cause of packet dropping can be complex. Finally, the peers with bad comprehensive reputation can be detected easily and then will be excluded from the network. In this way, our proposed mechanism improves the performance of P2P networks without increasing computational overhead. Key words: P2P (Peer-to-Peer); reputation; malicious peers; packet dropping CLC number: TP 305 Received date: 2011-06-23 Foundation item: Supported by the National Key Basic Research Program of China(973 Program) (2010CB731403) and the Opening Project of Key Lab of Information Network Security of Ministry of Public Security (C09607). Biography: PENG Hao, male, Ph.D. candidate, research direction: network communications and information security.E-mail: penghao2007@ sjtu.edu.cn † To whom correspondence should be addressed. E-mail: snlu@sjtu.edu.cn 0 Introduction Peer-to-peer (P2P) networking has become a very active research area in recent years because of its advantages over the traditional Client/Server model for applications like file sharing, distributed computing, collaborative applications, etc. However, the open nature of P2P networks makes them vulnerable for malicious peers trying to manipulate the network. To solve this problem, many researchers have proposed various methods based on the reputation model and achieved degrees of success. There are mainly three kinds of reputation models: web-based, policy- based, and reputation-based reputation model [1,2]. These models can be directly or indirectly introduced into P2P networks to build reputation between peers. However, while peers’ identity privacy is important, it is difficult to be achieved in fully distributed P2P networks, because reputation usually depends on information related to identity. Previous works have focused on developing various reputation models and enhancing identity privacy for P2P networks in a number of ways. Ref. [3] discusses the conflicts between privacy and reputation and proposes a trade-off model between them. In this model, it introduces multi-pseudonym to protect peers’ identity privacy. Although all the pseudonyms of a peer may not be linked together by attackers, privacy is not well protected because each pseudonym’s transaction can still be linked. Ref. [4] alleviates the identity privacy problem in reputation negotiation by hiding the peers’ credentials. Howev- Wuhan University Journal of Natural Sciences 2011, Vol.16 No.5 406 er, the negotiation process also depends on the disclosure of information related to each peer’s identity. Ref. [5] proposes a reputation-based P2P network to achieve peers’ anonymity by changing the pseudonym. However, it is implemented using an online TTP (Trusted Third Part). It is acknowledged that identity privacy in fully distributed P2P networks is desirable and necessary, but hard to achieve when building reputation. Therefore, in this paper we propose an assessment mechanism for P2P networks based on reputation to alleviate this problem. A reputation model is also developed to improve the safety of P2P networks by implementing a reputation management method. The rest of the paper is structured as follows. Section 1 describes the proposed mechanism. Section 2 simulates the mechanism and analyzes its performance. Finally, Section 3 concludes the paper. 1 Proposed Mechanism In our design, the way of preventing malicious packet dropping in P2P networks is the detection and exclusion mechanism. Neighbor detecting reputation mechanism has been suggested as a means to reduce the opposite effect of malicious peers. In this section, a reputation-based mechanism will be stated in detail for detecting malicious peers. Our mechanism requires the following assumptions to accomplish its functions properly: ① All peers can operate in local mode for neighbor detecting. ② Misbehaving peers are considered to be selfish and not malicious. ③ Intrusion prevention measures, such as authentication and digital signature, serve as the first line of defense. ④ The network is a multi-forwarding network. 1.1 Reputation Model As mentioned above, the properties of P2P networks, such as peer-independence and lack of central management, means that detecting in P2P networks can only be performed in a fully distributed way. Thus, each peer should be responsible for detecting its neighbors’ behaviors for itself. We present a reputation-based assessment mechanism for detecting and excluding malicious peers. The proposed mechanism relies on reputation mechanism for detecting neighbor peers’ forwarding and for computing whether a peer is malicious or not. Here are some related definitions. Definition 1 Assessment of direct reputation represents direct experience of detecting to a neighboring peer. Definition 2 Assessment of indirect reputation represents the synthesis resulting by aggregating multiple recommendation opinions about a peer. Definition 3 Assessment of comprehensive reputation represents the final evaluation to neighboring peers. It can be defined as one peer’s comprehensive perception of another peer with regard to performing forwarding operation. A peer with a good comprehensive reputation means it behaves very well, while peers with bad comprehensive reputation are malicious. 1.2 Assessment of Direct Reputation In P2P networks, only fully distributed detecting techniques can be applied in P2P networks because of the lack of a central management peer. Assessment of direct reputation in our mechanism depends on neighbor observations and analysis. Each peer overhears its neighboring peers’ packet forwarding activities and detects any abnormal behaviors independently. The reputation value is hard to quantify because many dynamic factors are involved. If a peer detects a packet dropping of a neighboring peer by overhearing, it cannot determine whether the neighbor is selfish or failed to forward because of congestion or collision. Then, an approach based on fuzzy analysis can be used to deal with this problem. In our design, the assessment of direct reputation is not only related to a peer’s packet-forwarding ratio, but also related to the busy state of peers. Considering these, we define a packet forwarding ratio and busy degree to evaluate it. Peer “A” computes packet-forwarding ratio of peer “B” r (a, b) using the following metric: n( a, b) r ( a, b) (1) t ( a, b) In formula (1), n(a, b) is the number of packets forwarded by peer “B” during a fixed time, t (a, b) is the total number of packets forwarded by peer “B” during a fixed time. Peer “A” computes peer “B” busy degree u(a, b) using the following metric: u ( a, b) d ( a, b) (2) max(a, b) In formula (2), u(a, b) is the number of packets forwarded by peer “B” per unit time, max(a, b) is the maximum number of packets that can be forwarded per PENG Hao et al : A Mechanism Based on Reputation in P2P Networks to … unit time. According to the rules above, peer “A” computes peer “B” direct reputation D (a, b) using the following metric: (3) D(a, b) r (a, b) (1 ) d (a, b) where is a weight of packet-forwarding ratio and 1 is a weight of busy degree. Packet-forwarding ratio may be deemed to be more important than busy degree, so packet-forwarding ratio will be given greater weight in the reputation calculations. 1.3 Assessment of Indirect Reputation Direct observations may not always be effective because of the weakness described in Ref. [6]. If a peer makes decisions only based on firsthand information, it is hard to make sure whether all of its neighboring peers are normal or not. Using second-hand information can accelerate the detection and subsequent isolation of malicious peers in P2P networks. Collaborative detection between peers can be achieved by broadcasting reputation information to the neighboring peers. In our design, when peer “A” receives recommendation reputations of peer “B” from l neighboring peers, peer “A” computes the indirect reputation of peer “B” ID(a, b) using the following formula: ID(a, b) 1 l ID( Ni , b) R(a, Ni ) n i 1 (4) where ID(a, b) is the recommendation reputation value of peer “B” from peer Ni and R ( a, N i ) is the comprehensive reputation value of peer Ni stored in peer “A”. 1.4 Assessment of Comprehensive Reputation In our assessment mechanism, every peer has a table that stores a comprehensive reputation value about its neighbors. Peer “A” updates the comprehensive reputation value of peer “B” on the basis of D(a,b) and ID(a, b) . Peer “A” computes comprehensive reputation of peer “B” C (a, b) using the following formula: C (a, b) D(a, b) (1 ) ID(a, b) (5) where is the weight of the direct reputation and 0 ≤ ≤ 1. A peer can make bigger to increase the weight of its own observation and then to decrease bad influence caused by false information from misbehaving peers. When 1 , it means the peer does not receive recommendation. Reputation value should be updated dynamically because of the dynamic environment in P2P networks. So our design takes into account the peer’s historical reputation, which helps us calculate a peer’s comprehensive reputation. In this way, peer “A” can compute the 407 comprehensive reputation of peer “B” C (a, b) using the following formula: C (a, b) Cold (a, b) (1 ) Cnew (a, b) (6) The first part Cold (a, b) describes the comprehensive reputation value of peer ‘B’ figured in the reputation value table of peer “A” in the past. The second part Cnew (a, b) reflects the peer B’s new comprehensive reputation value computed currently based on formula (5). is the weight of the peer’s past comprehensive reputation value and 0 ≤ ≤ 1 . If 1 , history reputation value will play an important role and vice-versa. Each comprehensive reputation is initialized to 0.5. The lower the comprehensive reputation the peer has, the higher the possibility of misbehavior the peer has. When the comprehensive reputation value of a peer is below a certain threshold, it is broadcasted to all the neighboring peers. 2 Simulation Results To evaluate the effectiveness of the proposed assessment mechanism, a software simulator built from scratch is adopted. In our simulation design, we use a mesh topology with 25 000 peers selected randomly. This mesh represents a general topology and it can also be applied to specific P2P networks [7]. The simulator relies on a discrete time paradigm and the time step is equal to 225 ms. To perform the simulation analysis, we adopted the following parameter values. For the sake of clarity only 10 minutes of the overall simulation is presented. To obtain a realistic simulation we limited the available bandwidth. According to the application characteristics of P2P networks, the bandwidth is unable to keep a sustained speed of 5.00 Mb/s, but rather tends to stabilize around a maximum 2.75 Mb/s. The movement of all peers was randomly generated with a maximum speed of 2.5 Mb/s and an average pause of 30 s. Each simulation runs 500 simulation seconds. The result is shown in Fig. 1. The vertical axis shows the comprehensive reputation value in different forwarding rate, while the horizontal shows the time. From Fig. 1, it is found that normal peers can obtain a high reputation value ranging from 0.787 to 0.964 after a while; the comprehensive reputation of a peer that forwards packets with a rate of 80% can reach a reputation value ranging from 0.609 to 0.824. As the forwarding rate decreases, the comprehensive reputation of the malicious peer decreases from the value 0.5 to a value close Wuhan University Journal of Natural Sciences 2011, Vol.16 No.5 408 to 0.011 gradually. The changing of comprehensive reputation is gradual. This is because we take history reputation into consideration and deliberate that faults are tolerant. However, Fig. 1 the differences of comprehensive reputation between malicious peer and normal peers are still obvious. In this way, we can decide to select which peers to communicate and isolate the malicious peers. Comparison of comprehensive reputations of different forwarding rates tions with fuzzy reputation aggregation[J]. IEEE Internet 3 Conclusion Computing, 2005, 9(6): 24-34. [3] Seigneur J M, Jensen C D. Trading privacy for reputa- In this paper, we proposed a reputation-based mechanism to counter malicious packet dropping in P2P networks. It can offer defense against malicious peers and improve the peer’s quality of service, thus it can ensure P2P network’s communication security and robustness. However, the mechanism proposed in the paper only uses a reputation threshold to avoid attackers and then attackers in P2P networks may also adjust adaptively. To enhance our design here, in future work, we will introduce other mechanisms such as anonymity and load balance to optimize the mechanism. tion[C]// Proc 2nd International Conf on Reputation Management (LNCS 2995). Oxford: Springer-Verlag, 2004: 93107. [4] Bradshaw R W, Holt J E, Seamons K E. Concealing complex policies with hidden credentials[C]// Proc 11th ACM Conf on Computer and Communications Security, New York: ACM Press, 2004: 146-157. [5] Miranda H, Rodrigues L. A framework to provide anonymity in reputation networks[C]// Proc 3rd Annual International Conf on Mobile and Ubiquitous networks: Networks and Services. San Jose: IEEE Press, 2006: 1-4. [6] Despotovic Z, Aberer K. P2P reputation management: Prob- References abilistic estimation vs. social networks [J]. Computer Networks, 2006, 50(4): 485-500. [1] Bertino E, Ferrari E, Squicciarini A. Reputation-X: A peer- [7] Lua E K, Crowcroft J , Pias M, et al. A survey and compari- to-peer framework for reputation establishment [J]. IEEE son of peer-to-peer overlay network mechanisms [J]. IEEE Transaction on Knowledge and Data Engineering, 2004, Commun. Survey and Tutorial, 2005, 7(2): 72-93. 16(7): 827-842. [2] Song S, Hwang K, Zhou R, et al. Reputationed P2P transac- □