[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...

[Hermanni Hyytiälä]

CVSROOT:        /cvsroot/gzz
Module name:    gzz
Changes by:     Hermanni Hyytiälä <address@hidden>      03/03/03 05:17:31

Modified files:
        Documentation/misc/hemppah-progradu: masterthesis.tex 
                                             progradu.bib 

Log message:
        Trust

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.101&tr2=1.102&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/progradu.bib.diff?tr1=1.88&tr2=1.89&r1=text&r2=text

Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.101 
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.102
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.101      Mon Mar 
 3 04:43:46 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex    Mon Mar  3 
05:17:31 2003
@@ -1042,22 +1042,27 @@
 
 Traditional overload of targeted peers is best known form of distrubuted 
Denial of Service attack (DDoS). For example, 
 hostile entity can attempt to burden targetted peers with garbage packets. As 
a implication, peers may act
-incorrectly or stop working. DDoS attack may be very severe, especially if 
rate of replication in Peer-to-Peer system 
-is low. This may lead to data loss in the Peer-to-Peer system. Daswani et al 
\cite{daswani02queryflooddos} has done 
-research regarding to this subject. Authors suggest efficient load balancing 
policies for Peer-to-Peer system in 
-order to prevent massive system failures. Sit et al \cite{sit02securitycons} 
suggests that identifier assignment 
-algorithm for peers would assign identifier with respect to network topology 
and replicas should be located 
-physically to different locations. 
+incorrectly or stop working. DDoS attack may be very severe, especially if 
rate of replication and caching 
+in Peer-to-Peer system is low. This may lead to data loss in the Peer-to-Peer 
system. Daswani et al 
+\cite{daswani02queryflooddos} has done research regarding to this subject. 
Authors suggest efficient load balancing 
+policies for Peer-to-Peer system in order to prevent massive system failures. 
Sit et al \cite{sit02securitycons} 
+suggests that identifier assignment algorithm for peers would assign 
identifier with respect to network topology 
+and replicas should be located physically to different locations. 
 
-\subsection{Data authenticity and integrity}
+\subsection{Trust, data authenticity and integrity}
 
+Quite recently, widely used Public Key Infrastructure (PKI) has been deployed 
in distributed
+systems \cite{rivest96sdsi}, \cite{spkiworkinggroup}. PKI is an reliable 
technology for securing
+data in rather \emph{static} computing systems, such as in the Internet. 
However, in Peer-to-Peer 
+network, the problem of PKI-based security mechanism is the maintenance of the 
keys as participating
+peer constantly join and leave the system. Specifically, the distribution of 
key changes comes an essential
+problem in ad hoc enviroments. These include revokation of keys and new key 
distribution. Also, the scenario
+in which hostile peers are present has to be addressed.
 
--Could we use SDSI/SPKI in our system (it's hierarchical), like in ConChord 
\cite{ajmani02conchord}
--is there any other implementations of SDSI/SPKI-like systems ?
--SDSI/SPKI is not optimal for us, but somewhat working solution
--in our model: trust = trust no one
--give a brief explanation of current techiques in accountability and trust
-
+ConChord \cite{ajmani02conchord} is the first Peer-to-Peer system which has a 
support for PKI based
+security infrastructure. Unfortunately, ConChord is in early in development 
and lacks of important
+features of PKI to be fully usable yet. Furthermore, the hierarchy of 
SDSI/SPKI may a problem for
+Peer-to-Peer systems, in which hierarchy is intentionally missing.
 
 
 \subsection{Anonymity}
Index: gzz/Documentation/misc/hemppah-progradu/progradu.bib
diff -u gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.88 
gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.89
--- gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.88   Fri Feb 28 
07:36:15 2003
+++ gzz/Documentation/misc/hemppah-progradu/progradu.bib        Mon Mar  3 
05:17:31 2003
@@ -2011,3 +2011,19 @@
        howpublished = {http://www.w3.org/RDF/}
 }
 
+
address@hidden,
+       author = "Ronald L. Rivest and Butler Lampson",
+       title = "{SDSI} -- {A} Simple Distributed Security Infrastructure",
+       howpublished = "Presented at CRYPTO'96 Rumpsession",
+       year = "1996",
+       url = "http://theory.lcs.mit.edu/~rivest/sdsi10.html";
+}
+
address@hidden,
+       title = {Simple Public Key Infrastructure working group},
+       key = {Simple Public Key Infrastructure working group},
+       url = {http://www.ietf.org/html.charters/spki-charter.html}
+}
+
+