[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...

[Hermanni Hyytiälä]

CVSROOT:        /cvsroot/gzz
Module name:    gzz
Changes by:     Hermanni Hyytiälä <address@hidden>      03/06/02 02:50:41

Modified files:
        Documentation/misc/hemppah-progradu: masterthesis.tex 

Log message:
        Steven's comments

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.205&tr2=1.206&r1=text&r2=text

Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.205 
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.206
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.205      Mon May 
26 05:07:05 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex    Mon Jun  2 
02:50:41 2003
@@ -821,34 +821,34 @@
 
 \chapter{Open Problems in Peer-to-Peer}
 
-In this chapter, we discuss open problems in Peer-to-Peer research.
-Note that the open problems list considered here is not meant
-to be an exhaustive survey of \emph{all} open problems in Peer-to-Peer domain; 
-we focus our attention to some issues related to security, scalability, 
usability and performance. 
+In this chapter we discuss open problems in Peer-to-Peer research.
+Note that the unsolved problems considered do not represent
+an exhaustive survey of \emph{all} unsolved problems in Peer-to-Peer domain. 
In this chapter 
+we focus our attention on some issues related to security, scalability, 
usability and performance. 
 
 
 \section{Overview}
 
 Partly due to the non-maturity of modern Peer-to-Peer technology, there are 
several
-open problems to be solved. Also, many techniques developed for traditional 
distributed
+problems to be solved. Also, many techniques developed for traditional 
distributed
 systems may no longer apply with Peer-to-Peer systems, e.g., load balancing 
techiques \cite{byers03dhtbalancing}. 
 
 Different problems apply to both the loosely structured and the tightly 
structured approach. 
 For instance, since the introduction of Gnutella \cite{gnutellaurl}, the main 
concern has been the scalability problem of loosely structured 
 systems. However, the scalability problem of the loosely structured is often 
misunderstood; 
-\emph{the network overlay} of loosely structured systems is scalable, but the 
\emph{data lookup model} is not as
+\emph{the network overlay} of loosely structured systems is scalable, but the 
\emph{data lookup model} is not, because
 the data lookup process creates lot of extra network traffic (e.g., 
\cite{yang02improvingsearch}). 
 
-In tightly structured systems the main concern is to make overlay's data 
lookup process 
+In tightly structured systems the main objective is to make overlay's data 
lookup process 
 more fault tolerant against hostile attacks (e.g., 
\cite{castro02securerouting}). Other key problems in tightly structured 
 systems are the lack of keyword searches \cite{harren02complex, 
ansaryefficientbroadcast03}, support for heterogeneous peers 
 \cite{rowston03controlloingreliability} and load balancing 
\cite{balakrishanarticle03lookupp2p, byers03dhtbalancing}.
 
 \section{Security problems}
 
-In this section we describe security problems related to Peer-to-Peer domain. 
First, we discuss attacks 
-and lack of trust in Peer-to-Peer systems. Then, we describe anonymity, access 
control, hostile entities
-and secure query routing problems. Finally, we briefly cover external security 
threats.
+In this section we describe security problems related to the Peer-to-Peer 
domain. First, we discuss well-known attacks 
+on Peer-to-Peer systems. Then, we discuss the common lack of trust in 
Peer-to-Peer system, and related issues of anonymity, access control, hostile 
entities
+and secure query routing. Finally, we briefly cover external security threats.
 
 \subsection{Attacks}
 
@@ -861,27 +861,27 @@
 the Distributed Denial of Service attack. 
 
 In the Sybil attack model \cite{douceur02sybil}, a hostile entity presents 
multiple 
-entities, i.e., when a peer communicates with a subset of other participating 
entities to perform an operation, a peer communicates 
-only with the same hostile entity. Hostile entity can control a large fraction 
of Peer-to-Peer system while
+entities, i.e., when a peer communicates with a subset of other participating 
entities to perform an operation whereas a peer communicates 
+only with the same hostile entity. A hostile entity can control a large 
fraction of a Peer-to-Peer system while
 repressing the redundancy of the system. Authors argue in  
\cite{douceur02sybil} that without a centralized authority, Sybil attacks are 
always possible in a Peer-to-Peer 
 system except under extreme and unrealistic assumptions of resource parity and 
coordination among entities. Unrealistic assumptions include: all entities 
-should be nearly homogeneous, all identities can be validated simultaneously 
by all 
-entities across the system and when accepting identities that are not directly 
validated, the required number of certificates exceeds 
+should be nearly homogeneous; all identities can be validated simultaneously 
by all 
+entities across the system; and, when accepting identities that are not 
directly validated, the required number of certificates exceeds 
 the number of systemwide failures \cite{douceur02sybil}. Castro et al. 
\cite{castro02securerouting} suggest the use of cryptographic content hashes in 
the 
-creation process of peer identifier against the Sybil attack. According to 
authors, in this technique the IP address of a peer can be verified by the 
other peer. 
-They call this method as a one form of \emph{self-certifying data}. 
+creation process of peer identifier against the Sybil attack. According to the 
authors, in this technique the IP address of a peer can be verified by the 
other peer. 
+They characterize this method as a form of \emph{self-certifying data}. 
  
 In the Fail-stop attack model, cited in \cite{naor03simpledht}, a faulty peer 
is deleted from the Peer-to-Peer system. Thus,
-a specific data item can be lost from the system temporarily (or permanently). 
The reason for the faultiness of a peer can be a 
-software failure or a hostile attack. The Byzantine attack model \cite{357176} 
is closely related to Fail-stop model. In the Byzantine attack model
-$3f + 1$ is the minimum number of peers that allow system to provide the 
safety and liveness properties when up to $f$ peers are faulty \cite{357176}.  
-The Byzantine model can be seen as more severe than Fail-stop model as there 
are no restrictions over the behavior of faulty peers, e.g., the cooperation 
-between multiple \emph{malicious} faulty peers is possible \cite{357176}. A 
practical solution for the Byzantine failures have been 
-proposed by Castro et al. \cite{296824}. Authors use in their work replication 
algorithm to tolerate Byzantine faults and cryptographic 
+a specific data item can be lost from the system temporarily or permanently. 
The reason for the faultiness of a peer can be a 
+software failure or a hostile attack. The Byzantine attack model \cite{357176} 
is closely related to the Fail-stop model. In the Byzantine attack model,
+$3f + 1$ is the minimum number of peers that allow the system to provide the 
safety and liveness properties when up to $f$ peers are faulty \cite{357176}.  
+The Byzantine model can be seen as more severe than the Fail-stop model 
because there are no restrictions over the behavior of faulty peers, e.g., the 
cooperation 
+between multiple \emph{malicious} faulty peers is possible \cite{357176}. 
Castro et al. \cite{296824} have proposed a practical solution for the 
Byzantine failures. 
+The authors use in their work replication algorithm to tolerate Byzantine 
faults and cryptographic 
 certificate techniques to prevent spoofing and replays to detect corrupted 
messages.
 
-The Spam generating attack \cite{naor03simpledht} is another known attack 
model against Peer-to-Peer system. In the Spam
-attack, a hostile or faulty peer may produce false information of the data, or 
refuses to (or is not able to) reply to requests. 
+The Spam generating attack \cite{naor03simpledht} is another known attack 
model against a Peer-to-Peer system. In the Spam
+attack, a hostile or faulty peer may produce false data information, or 
refuses to (or is not able to) reply to requests. 
 Naor et al. \cite{naor03simpledht} have proposed a partial solution against 
Spam attack in a \emph{faulty} peer environment (not hostile).
 
 Overloading of targeted peers is a form of Distributed Denial of Service 
attack (DDoS) (see, e.g., \cite{372148}). For instance,