SlideShare a Scribd company logo

Secure Trust Management Model for Peer-to-Peer File Sharing System

I
IDES Editor

This document presents a secure trust management model for peer-to-peer (P2P) file sharing systems, focusing on mechanisms for authentication, authorization, and trust through reputation metrics. It categorizes existing P2P systems into centralized, decentralized, and hybrid architectures, highlighting the importance of trust and reputation in managing secure file sharing. The authors propose a model that combines local and community-wide reputation management to enhance security in file exchange while maintaining access control protocols.

Technology
Related topics:
Access Control Overview
1 of 7
Downloaded 24 times
1
2
3
4
5
6
7
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Secure Trust Management Model for Peer-to-Peer File Sharing System Amuthan.A, Marimuthu.G and Kaliaperumal.G Pondicherry Engineering College/Dept of Computer Science, India. Email: {amuthan, cs0711, kaliaperumal.g}@pec.edu Abstract---File sharing refers to the providing and receiving of Start file over the network, a central server that operates a centralized data repository search engine within a peer-to- peer network performs authentication and authorization operations with respect to users that access its services. Trust Send a request for a file mechanism and access control technology are used in the p2p file sharing system to be more secure with respect to the Receive a list of peers that have the file existing one. Index Terms---P2P, File sharing, Trust, Reputation, Access Receive a list of peers that have the file Control. Receive a list of peers that have the file 1. INTRODUCTION A. Background Yes No File is good Stop In a Peer-to-Peer (P2P) file sharing system, peer communicates directly with each other to exchange information and share files. P2P system can divide into Figure 1.2 Traditional P2P several categories (illustrate in Fig. 1.1). Centralized P2P systems (e.g., Napster [1]) use a centralized control server to manage the systems. Decentralized P2P systems try to 1. Send a file request distribute control over several peers. They can be divide 2. Receive a list of peers that have the requested file into purely decentralized (e.g., Gnutella [2]) and Hybrid 3. Select a peer decentralized systems (e.g., KaZaA [3]). 4. Download the file P2P Systems However, P2P file sharing system make the security issue a challenging problem. There is no trusted server to Partially Centralized validate the peer. At the same time, a trust mechanism is Decentralized E.g., Napster needed to punish peers that exhibit malicious behavior (i.e., those that provide malicious content or misleading filenames) and furthermore, an access control mechanism Purely Decentralized Hybrid Decentralized E.g., Gnutella E.g., KaZaA is developed to secure the file sharing P2P network. B. Motivation and Contribution Figure 1.1: P2P System Partially centralized P2P systems have been proposed to reduce the control overhead needed to run the P2P file sharing system. They also provide lower discovery time In traditional P2P System (i.e., without any trust because the discovery process involves in the server. The mechanism and access control), a user is given a list of proposed trust management model uses a reputation trust peers that can provide the requested file. The user has then mechanism system and access mechanism system. In to choose one peer from which the download will be reputation mechanism system, each peer may record performed. In traditional P2P systems, little information is information on past experience with all peers it has given to the user to help in the selection process. interacted with and the opinion regarding the peers that The following is the life cycle of a peer in a traditional P2P have the requested file. In access control mechanism, system (illustrate in Fig. 1.2) determines who can access the system, what kind of resources can be accessed (illustrate in Fig. 1.3): The following is the life cycle of a peer in a Trust Management Model based P2P system. 1 © 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Start Partially Centralized Architecture – In these systems, (illustrate in Fig. 2.1) there is a central server facilitate the interaction between peers by maintain directories of metadata, describing the shared files stored by the peer Send a request for a file nodes. Although the end-to-end interaction and file exchange may take place directly between two peer nodes, Receive a list of peers that have the file the central servers facilitate this interaction by performing the lookups and identifying the nodes storing the files. Select a peer based on a reputation metrics Access permission No Yes Access the file File is good Figure 2.1: Partially Centralized No Yes Purely Decentralized Architectures – All nodes in the network perform exactly the same tasks, (illustrate in Update Update Fig. 2.2) acting both as servers and clients, and there is Reputation Reputation Stop Data Data no central coordination of their activities. The nodes of such networks are often termed “servents” (SERVers + Figure 1.3 Trust Management Model P2P cliENTS), 1. Send a file request 2. Receive a list of peers that have the requested file 3. Select a peer based on a reputation metric 4. Check the access permission 5. Access the file 6. Send feedback and update the reputation data Figure 2.2: Purely Decentralized P2P C. Organization This paper is organized as follows. In section 2 Hybrid Decentralized Architectures – The basis is the discusses the literature survey of existing system, P2P file same as with purely decentralized systems. (Illustrate sharing network and the list of reputation based system that in Fig. 2.3) Some of the nodes, however, assume a we feel is more appropriate for peer-to-peer more important role, acting as local central indexes for communication. In Section 3 we enlist and discuss our file shared by local peers. The way in which these model of reputation based system. In Section 4 we present supernodes are assigned their role by the network an access control model for our P2P file sharing system. In varies between different systems. It is important, Section 5 we enlist the interaction procedure for our model. however, to note that these supernodes do not Section 6 is the summary of this paper. Finally we constitute single points of failure for a peer-to-peer concluded with our conclusion. network, since they are dynamically assigned and, if they fail, the network will automatically take action to II. RELATED WORK replace them with others. Several surveys have addressed the problem of enforcing trust on P2P networks based on reputation. A. P2P File Sharing Technologies Peer-to-Peer file sharing networks are supposed to be totally decentralized, in practice this is not always true, and systems with various degrees of centralization are encountered. Specifically the following three categories are identified. 2 © 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Directly Directly Trust Trust Peer A Peer B Peer C Indirectly Trust Figure 2.5: Indirect Trust D. Existing P2P Reputation-based Systems This section briefly review some of the existing P2P Figure 2.3: Hybrid Decentralized P2P reputation systems, we start by giving an overview of the B. Trust and Reputation reputation systems. OpenPrivacy – In OpenPrivacy, the reputation Trust and reputation mechanisms have been proposed for information is stored in a certificate. The system is similar large environments in peer-to-peer computing, in concept to web of trust. A peer certifies another peer recommender systems. However, there is no universal through the use of certificate. Every certificate stores the agreement on the definition of trust and reputation. In this value of the target’s reputation and the confidence of the paper, we adopt the following working definitions: certificate creator. To prevent tampering, each certificate is Trust – a peer’s belief in another peers capabilities, digitally signed with the private key of the certificate honesty and reliability based on its own direct experiences; creator. This certificated are stored at the certificate creator Reputation – a peer’s belief in another peer’s as well as the certification target. capabilities, honesty and reliability based on P2Prep – In P2Prep, every peer in the system stores recommendations received from other peers. their interaction experience with other peers (based on Reputation can be centralized, computed by a trusted pseudonym). This reputation records are being update third party or it can be decentralized, computed every time an interaction takes place. These reputation independently by each peer after asking other peers and records can be used by other peers to make decision when recommendations. initializing an interaction. In this case, before a peer Although trust and reputation are different in how they consumes a service, the peer polls other peers about their are developed, they are closely related. They are both used knowledge of the service provider. At the end of the to evaluate a peer’s trustworthiness, so they also share interaction, the service consumer updates the reputation of some common characteristics. the provider and at the same time updates the credibility of the peers that addressed opinion on the provider. C. Classification of Reputation in P2P Communication Managing Trust – Managing Trust stores the In this section we present classification of reputation complaints about a peer in the P-Grid. The underlying idea for peer-to-peer communication. of the P-Grid approach is to create a virtual binary search The classification of reputation signifies if the structure with replication that is distributed over the peers reputation is obtained from a witness peer directly or and supports efficient search. The construction and the indirectly. Based on whether the reputation is obtained search/update operations can be performed without any directly or indirectly we identify two types of reputation central control or global knowledge. they are: RMS – Reputation Management System (RMS) also  Direct Reputation(Trust) stores the reputation information in a certificate. However,  Indirect Reputation(Trust) RMS is different from OpenPrivacy in the implementation Direct reputation – A peer’s belief in another peer’s of the reputation certificate. In RMS, there exists a trusted capabilities, honesty and reliability based on its own direct third party to record the transaction history for the experiences (illustrate in Fig. 2.4). subscribers. The transaction history that the trusted party stored is used by others to check the correctness of the Directly certificate presented by a peer. Trust EigenRep – In EigenRep, two types of value, local and Peer A Peer B global value, are being stored in the systems. The local Figure 2.4: Direct Trust value is stored in every peer and the global value, which is derived from multiple local values, are being handled by random peers in distributed hash table (DHT) such as CAN Indirect reputation – A peer’s belief in another peer’s or Chord. capabilities, honesty and reliability based on recommendations received from another peers (illustrate in Fig. 2.5). 3 © 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 III. PROPOSED SYSTEM reputation means the aggregated general opinion given by multiple peers. P2PRep is generally combining these two In the proposed peer-to-peer file sharing system is a factors together. windows program that allows you to host a secure peer-to- peer file sharing system without any additional software or C. Trusting Peer services. Users just need to install the client software on Xab(i)   each peer. This is the following key feature in our model. 1 if a' s transacti on is success 0 otherwise  Symmetric encryption with shared secret key   Asymmetric encryption with public/private keys.  Xab (i): the ith transaction between a and b.  Peer authentication with username/password  After n transactions. We obtained the history data  Binary data transfer between peers History: Dab = {Xab(1), Xab(2), … , Xab(n)}  All standard FTP operations  sat(a, b): +1, a downloads an authentic file from  Access control privileges to system resources b.  unsat(a, b): +1, a downloads an inauthentic file from b, or a fails to download a file from b. A. Peer software architecture model In peer software architecture model it consists mainly D. Evaluate Peer three components (illustrate in Fig. 3.1): In our model each client is requested to report the  P2P Substrate transaction detail. Also the client will calculate the  Middleware credibility of the other clients, which is the total number of  P2P Application good transaction by over the total number of transaction by In P2P substrate, it manages two things overlay the client. Management and Resource managements. In overlay management construction of the peer and maintenance of Ri = ∑GAi / ∑ TAi the peer join/leave in the P2P network. In resource  Ri : trust score of peer i management allocation (storage) of the file location and  GAi : Number of good actions for this peer i discovery (routing and lookup) of the peer, are handled in  TAi : total number of considered actions for this P2P substrate. peer i In middleware, provides services to the P2P application, e.g., peer selection, reputation based system, Notation and Assumptions authentication, authorization, integrity and FTP operation. In P2P application, potentially there could be multiple  Let ID denotes Peer ID. applications running on top of a single P2P substrate.  Let PTV denotes Positive trust value. Application includes file sharing and file storage systems  Let NTV denotes Negative trust value. etc.  Let SBU denotes Sum byte up.  Let SBD denotes Sum byte download. P2P Application  T denotes the Time.  SPTV denotes Sum of Positive trust value Middlewa  SNTV denotes Sum of Negative trust value P2P re  CV denotes Credibility value Substrat In this model each peer maintains two tables, a trust Operating System table and a credibility table. The trust table is similar to the one (illustrate in the Table I) and it contain the following Hardware information: Figure 3.1: Software Architecture Table I. Model for P2P Trust Table B. P2PRep model ID PTV NTV SBU SBD T P2Prep is a reputation-based protocol runs in a completely anonymous P2P networks. In P2Prep, local reputation management and community-wide reputation When uploading & downloading management are two different levels. Local reputation is PTV = 1; if SBU = SBD, otherwise PTV=0 defined as one single peer’s opinion of one other peer’s NTV = 1; if SBU≠ SBD, otherwise NTV=0 reputation, based on its formal experience. The community 4 © 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 The credibility table (illustrate in Table II). It stores Subject the credibility of a peer in reporting the trust value of other peers. It contains the following information. Subject Access control Access information Table Ii. Request Credibility Table Request Access ID SPTV SNTV CV T Fail Monitor CV = SPTV / SNTV SPTV > SNTV; Trusted peer Access Access SPTV < SNTV; Un-trusted peer Yes Function Permit Rules SPTV = SNTV; Indeterminate peer IV. ACCESS CONTROL Object Access control The process of giving an authenticated entity information Object permission to do some action or access some resource. In Request P2P application, a peer might be authenticated to access Figure 4.1: Access Control Architecture some subset of the resources on another peer. In the proposed model (illustrate in the Fig. 4.1) the Table Iii concept of access control is best described as the following Access Table things. The subject is defined as an active entity which ID Upload Download Search … T initiates access requests and operates on objects. Users or autonomous agents can be subjects. The object is a passive entity which is target of an access. The examples of object are files, devices or any other resources that can be used by V. INTERACTION PROCEDURES subjects. However sometimes, a subject can be an object and vice versa under the dynamic situation of access in a Interaction procedure (illustrate in Fig. 5.1) in a system or an organization. typical interaction between a host and a client in our Note that identifying a subject is under the assumption framework. An interaction generally consists of three of successful authentication of the subject. The model, phases: which mediates the access from a subject to an object,  Preparation phase grants or denies access requests, based on the security  Transaction phase relevant attributes of subjects and objects. The model is a  Reputation phase powerful tool for designing and analyzing system security under the assumption of complete invocation for every Firstly, the preparation phase involves the access. authentication process. Secondly, the transaction phase allows the client to interact with the host in order to access A. Discretionary Access Control the files from the other peers, an access of the file can be Discretionary access control (DAC) is an access policy based on the authorization. Finally, the reputation phase that restricts access to files (and other system objects such consists of judging the interaction based on the transaction as directories and devices) based on the identity of users. of the file quality factors. Not only does DAC let you tell the system that can It can be seen from the whole interaction procedure access your data, it lets you specify the type of access that the client plays an active role in every allowed. For example, you might want everyone in the system to be able to read a particular file, but you might phase: from initializing the interaction. The host does a want only yourself and your manager to be able to change minimum amount of work and gets all the required it information from the client and from its own database to make the decision. We believe that this is appropriate because the design principle is that the host should not waste much of its resources (such as network bandwidth and CPU cycles), which is primarily beneficial to the client (which is obtaining the files). Hub (Host) - Hub is responsible for keeping information of authentication and authorization of the peer. Agent (Client) - Agent acts as both a client and a server at the same time 5 © 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Host Peer Table Iv Client Peer Trust Threshold Authentication Authentication Trust Threshold Meaning Less than x1 Distrust No Valid Preparation phase Between x1 and x2 Average Greater than x2 Full trust Yes B. Screenshots Request a file Search the file Server – A server is a P2P program dedicated to providing Select the peer Send the file one or more services over a computer network. based on reputation location No Check Privileges Access the file Yes Transaction Transaction phase Yes No Figure 6.1 The Server Update reputation Client – A client is a P2P Program dedicated to providing sharing the resources over a computer network Update reputation Reputation phase Yes Another file No Figure 5.1 Flow chart of an interaction between a host peer and client peer Figure 6.2 The Client VI. SIMULATION AND RESULTS File sharing – File sharing refers to the providing Our proposed system was implemented using and receiving of files over a P2P network Microsoft Visual VB.Net version 8.0 and SQL Server 2005. For implementation we created the peer-to-peer network and file sharing system with the following.  Elegant event driven paradigm for easy integration into windows application.  Peer authentication and authorization at application level with username/password and with private key or with the public key.  Instant alert and chart messaging  All standard FTP operations. Figure 6.3 File sharing  Finding the trust worthiness of the peer A. Experimental Setup C. Results Our proposed experiment is built on one central server and with seven P2P clients setup with 5 upload peer, 2 In our experiments we examined the dependence of download peers with the following thresholds peer performance from its reputation in the following scenarios. Senario1 - Increase in security when including authorization in P2P network 6 © 2011 ACEEE DOI: 01.IJNS.02.01.28
ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 mechanisms for evaluating a transaction not only help to differentiate poorly performing peers from good ones but also ensure that malicious peers are punished and isolated. Although we have designed our trust based access control framework to work specifically with P2P file sharing networks. REFERENCES Figure 6.4 Authorizations vs. Unauthorization [1] Huafeng Wu, Chaojian Shi, Haiguang Chen,Chuanshan Gao, “A Trust Management Model for P2P File Sharing System” Senario2 - Decrease of positive trust value when peer 2008 International Conference on Multimedia and starts “acting” maliciously. Ubiquitous Engineering, , page(s) 41-44, February 2008. [2] Lara Srour, Aymaan Kayssi, Ali Chehab “Reputation-Based Algorithm for Managing Trust in File Sharing Network”, IEEE International Conference on Computer and Information Technology, January 2006. [3] S. Q. Zhang, Y.T. Yang, A trust management model for peer-to-peer computer systems, Journal of Harbin Engineering University Vol. 26, No 4, PP 522-525,Aug 2005 [4] Y. Wang, E.J. Vassil, Trust and reputation model in Peer-to- Peer networks. The Third IEEE International Conference on Peer2to2Peer Computing, Linkopings, 2003. [5] E. Damian, D.C. Vimercati et al, A reputation-based Figure 6.5 Peer acting maliciously approach for choosing reliable resources in Peer-to-Peer Senario3 – Gain in positive trust value when peer starts networks, The 9th ACM Conference on Computer and “acting” properly. Communications Security. Washington DC, 2002 [6] A. Singh, L. Liu,, Anonymous management of trust relationships in decentralized P2P systems, The Third IEEE International Conference on Peer-to-Peer Computing, Linkopings, 2004. [7] K. Aberer, Z. Despotovic, Managing trust in a Peer-to-Peer information system, The Tenth International Conference on Information and Knowledge Management (ACM CIKM’01), Linkopings, 2001. [8] Li Xiong and Ling Liu. A Reputation-Based Trust Model for Peer-to-Peer eCommerce Communities. Proceedings of the IEEE International Conference on E- Figure 6.6 Peer acting properly Commerce. [9] Yao Wang and Julita Vassileva. Trust and Reputation Model in Peer-to-Peer Networks. IEEE Proceedings of the Third CONCLUSION International Conference on Peer-to-Peer Computing The proposed trust based access control framework (P2Pa˛r´03), 2003. satisfies the requirements of access control for P2P file- [10] Ali Aydin Selpk, Ersin Uzun and Mark Regat Pariente. A Reputation-Based Trust Management System for P2P sharing systems, by extending the discretionary access Networks. In IEEE International Symposium on Cluster control model, P2P’s partial decentralized properties and Computing and the Grid, 2004. peers autonomy are preserved while enabling and [11] Bin Yu, Munindar P. Singh and Katia Sycara. Developing maintaining collaboration between peers. The trust model Trust in Large-Scale Peer-to-Peer Systems. IEEE 2004. and score systems help to classify both known and [12] Sergio Marti and Hector Garcia-Molina. Limited Reputation unknown visitors according to their trustworthiness and Sharing in P2P Systems. In EC’04 May20.08, 2004, New contribution. Hence, appropriate access privileges can be York, New York, USA. assigned to each visitor accordingly. The proposed 7 © 2011 ACEEE DOI: 01.IJNS.02.01.28

More Related Content

PDF
SERVICE AGGREMENT IT
Hiram Medero , PE
 
PDF
6 deus leaflet wp5
imec.archive
 
PDF
Active directory job_interview_preparation_guide
abdulkalamattari
 
PDF
Dynamic Chunks Distribution Scheme for Multiservice Load Balancing Using Fibo...
Editor IJCATR
 
PDF
An Efficient approach of Integrated file Replication and Consistency Maintena...
ijceronline
 
DOCX
Basic features of distributed system
satish raj
 
PDF
Cs24613620
IJERA Editor
 
PPTX
Distributed File Systems
Medicaps University
 
SERVICE AGGREMENT IT
Hiram Medero , PE
 
6 deus leaflet wp5
imec.archive
 
Active directory job_interview_preparation_guide
abdulkalamattari
 
Dynamic Chunks Distribution Scheme for Multiservice Load Balancing Using Fibo...
Editor IJCATR
 
An Efficient approach of Integrated file Replication and Consistency Maintena...
ijceronline
 
Basic features of distributed system
satish raj
 
Cs24613620
IJERA Editor
 
Distributed File Systems
Medicaps University
 

Similar to Secure Trust Management Model for Peer-to-Peer File Sharing System (20)

PDF
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
PDF
A study of index poisoning in peer topeer
IJCI JOURNAL
 
PPTX
Network archetecture
shah fahad
 
PPTX
Peer to peer system
Jahanzaib Niazi
 
PPTX
computer networks
Gicheru Onesmus
 
PDF
FILE SYNCHRONIZATION SYSTEMS SURVEY
csandit
 
PDF
SECURITY PROPERTIES IN AN OPEN PEER-TO-PEER NETWORK
IJNSA Journal
 
PPTX
Bittorrent final seminar
Chirodeep Das
 
PDF
Textual based retrieval system with bloom in unstructured Peer-to-Peer networks
Uvaraj Shan
 
DOCX
IEEE 2014 DOTNET NETWORKING PROJECTS A proximity aware interest-clustered p2p...
IEEEMEMTECHSTUDENTPROJECTS
 
DOCX
2014 IEEE DOTNET NETWORKING PROJECT A proximity aware interest-clustered p2p ...
IEEEFINALSEMSTUDENTSPROJECTS
 
PDF
SECURITY CONSIDERATION IN PEER-TO-PEER NETWORKS WITH A CASE STUDY APPLICATION
IJNSA Journal
 
PDF
MODIFIED BITTORRENT PROTOCOL AND ITS APPLICATION IN CLOUD COMPUTING ENVIRONMENT
IJCSEA Journal
 
PPTX
Peer Sim & P2P
Chandan Balachandra
 
PPTX
Final peersimp pt
Clement Robert Habimana
 
PPT
Nfs ppt.ppt
sukhpreetsingh295239
 
PDF
Gt3112931298
IJERA Editor
 
PDF
Adaptive Sliding Piece Selection Window for BitTorrent Systems
Waqas Tariq
 
PPTX
Peer topeer
Higher Private School of Engineering and Technology
 
PPTX
Peer-to-Peer-P2P-Networks-A-Simple-Guide.pptx
mayank2498m
 
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
A study of index poisoning in peer topeer
IJCI JOURNAL
 
Network archetecture
shah fahad
 
Peer to peer system
Jahanzaib Niazi
 
computer networks
Gicheru Onesmus
 
FILE SYNCHRONIZATION SYSTEMS SURVEY
csandit
 
SECURITY PROPERTIES IN AN OPEN PEER-TO-PEER NETWORK
IJNSA Journal
 
Bittorrent final seminar
Chirodeep Das
 
Textual based retrieval system with bloom in unstructured Peer-to-Peer networks
Uvaraj Shan
 
IEEE 2014 DOTNET NETWORKING PROJECTS A proximity aware interest-clustered p2p...
IEEEMEMTECHSTUDENTPROJECTS
 
2014 IEEE DOTNET NETWORKING PROJECT A proximity aware interest-clustered p2p ...
IEEEFINALSEMSTUDENTSPROJECTS
 
SECURITY CONSIDERATION IN PEER-TO-PEER NETWORKS WITH A CASE STUDY APPLICATION
IJNSA Journal
 
MODIFIED BITTORRENT PROTOCOL AND ITS APPLICATION IN CLOUD COMPUTING ENVIRONMENT
IJCSEA Journal
 
Peer Sim & P2P
Chandan Balachandra
 
Final peersimp pt
Clement Robert Habimana
 
Nfs ppt.ppt
sukhpreetsingh295239
 
Gt3112931298
IJERA Editor
 
Adaptive Sliding Piece Selection Window for BitTorrent Systems
Waqas Tariq
 
Peer topeer
Higher Private School of Engineering and Technology
 
Peer-to-Peer-P2P-Networks-A-Simple-Guide.pptx
mayank2498m
 
Ad

More from IDES Editor (20)

PDF
Power System State Estimation - A Review
IDES Editor
 
PDF
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
IDES Editor
 
PDF
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
IDES Editor
 
PDF
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
IDES Editor
 
PDF
Line Losses in the 14-Bus Power System Network using UPFC
IDES Editor
 
PDF
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
IDES Editor
 
PDF
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
IDES Editor
 
PDF
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
IDES Editor
 
PDF
Selfish Node Isolation & Incentivation using Progressive Thresholds
IDES Editor
 
PDF
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
IDES Editor
 
PDF
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
IDES Editor
 
PDF
Cloud Security and Data Integrity with Client Accountability Framework
IDES Editor
 
PDF
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
IDES Editor
 
PDF
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor
 
PDF
Low Energy Routing for WSN’s
IDES Editor
 
PDF
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
IDES Editor
 
PDF
Rotman Lens Performance Analysis
IDES Editor
 
PDF
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
IDES Editor
 
PDF
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
IDES Editor
 
PDF
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
IDES Editor
 
Power System State Estimation - A Review
IDES Editor
 
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
IDES Editor
 
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
IDES Editor
 
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
IDES Editor
 
Line Losses in the 14-Bus Power System Network using UPFC
IDES Editor
 
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
IDES Editor
 
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
IDES Editor
 
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
IDES Editor
 
Selfish Node Isolation & Incentivation using Progressive Thresholds
IDES Editor
 
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
IDES Editor
 
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
IDES Editor
 
Cloud Security and Data Integrity with Client Accountability Framework
IDES Editor
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
IDES Editor
 
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor
 
Low Energy Routing for WSN’s
IDES Editor
 
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
IDES Editor
 
Rotman Lens Performance Analysis
IDES Editor
 
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
IDES Editor
 
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
IDES Editor
 
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
IDES Editor
 
Ad

Recently uploaded (20)

PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Approach and Philosophy of On baking technology
30anthuong17
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Encapsulation theory and applications.pdf
gurumoop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 

Secure Trust Management Model for Peer-to-Peer File Sharing System

  • 1. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Secure Trust Management Model for Peer-to-Peer File Sharing System Amuthan.A, Marimuthu.G and Kaliaperumal.G Pondicherry Engineering College/Dept of Computer Science, India. Email: {amuthan, cs0711, kaliaperumal.g}@pec.edu Abstract---File sharing refers to the providing and receiving of Start file over the network, a central server that operates a centralized data repository search engine within a peer-to- peer network performs authentication and authorization operations with respect to users that access its services. Trust Send a request for a file mechanism and access control technology are used in the p2p file sharing system to be more secure with respect to the Receive a list of peers that have the file existing one. Index Terms---P2P, File sharing, Trust, Reputation, Access Receive a list of peers that have the file Control. Receive a list of peers that have the file 1. INTRODUCTION A. Background Yes No File is good Stop In a Peer-to-Peer (P2P) file sharing system, peer communicates directly with each other to exchange information and share files. P2P system can divide into Figure 1.2 Traditional P2P several categories (illustrate in Fig. 1.1). Centralized P2P systems (e.g., Napster [1]) use a centralized control server to manage the systems. Decentralized P2P systems try to 1. Send a file request distribute control over several peers. They can be divide 2. Receive a list of peers that have the requested file into purely decentralized (e.g., Gnutella [2]) and Hybrid 3. Select a peer decentralized systems (e.g., KaZaA [3]). 4. Download the file P2P Systems However, P2P file sharing system make the security issue a challenging problem. There is no trusted server to Partially Centralized validate the peer. At the same time, a trust mechanism is Decentralized E.g., Napster needed to punish peers that exhibit malicious behavior (i.e., those that provide malicious content or misleading filenames) and furthermore, an access control mechanism Purely Decentralized Hybrid Decentralized E.g., Gnutella E.g., KaZaA is developed to secure the file sharing P2P network. B. Motivation and Contribution Figure 1.1: P2P System Partially centralized P2P systems have been proposed to reduce the control overhead needed to run the P2P file sharing system. They also provide lower discovery time In traditional P2P System (i.e., without any trust because the discovery process involves in the server. The mechanism and access control), a user is given a list of proposed trust management model uses a reputation trust peers that can provide the requested file. The user has then mechanism system and access mechanism system. In to choose one peer from which the download will be reputation mechanism system, each peer may record performed. In traditional P2P systems, little information is information on past experience with all peers it has given to the user to help in the selection process. interacted with and the opinion regarding the peers that The following is the life cycle of a peer in a traditional P2P have the requested file. In access control mechanism, system (illustrate in Fig. 1.2) determines who can access the system, what kind of resources can be accessed (illustrate in Fig. 1.3): The following is the life cycle of a peer in a Trust Management Model based P2P system. 1 © 2011 ACEEE DOI: 01.IJNS.02.01.28
  • 2. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Start Partially Centralized Architecture – In these systems, (illustrate in Fig. 2.1) there is a central server facilitate the interaction between peers by maintain directories of metadata, describing the shared files stored by the peer Send a request for a file nodes. Although the end-to-end interaction and file exchange may take place directly between two peer nodes, Receive a list of peers that have the file the central servers facilitate this interaction by performing the lookups and identifying the nodes storing the files. Select a peer based on a reputation metrics Access permission No Yes Access the file File is good Figure 2.1: Partially Centralized No Yes Purely Decentralized Architectures – All nodes in the network perform exactly the same tasks, (illustrate in Update Update Fig. 2.2) acting both as servers and clients, and there is Reputation Reputation Stop Data Data no central coordination of their activities. The nodes of such networks are often termed “servents” (SERVers + Figure 1.3 Trust Management Model P2P cliENTS), 1. Send a file request 2. Receive a list of peers that have the requested file 3. Select a peer based on a reputation metric 4. Check the access permission 5. Access the file 6. Send feedback and update the reputation data Figure 2.2: Purely Decentralized P2P C. Organization This paper is organized as follows. In section 2 Hybrid Decentralized Architectures – The basis is the discusses the literature survey of existing system, P2P file same as with purely decentralized systems. (Illustrate sharing network and the list of reputation based system that in Fig. 2.3) Some of the nodes, however, assume a we feel is more appropriate for peer-to-peer more important role, acting as local central indexes for communication. In Section 3 we enlist and discuss our file shared by local peers. The way in which these model of reputation based system. In Section 4 we present supernodes are assigned their role by the network an access control model for our P2P file sharing system. In varies between different systems. It is important, Section 5 we enlist the interaction procedure for our model. however, to note that these supernodes do not Section 6 is the summary of this paper. Finally we constitute single points of failure for a peer-to-peer concluded with our conclusion. network, since they are dynamically assigned and, if they fail, the network will automatically take action to II. RELATED WORK replace them with others. Several surveys have addressed the problem of enforcing trust on P2P networks based on reputation. A. P2P File Sharing Technologies Peer-to-Peer file sharing networks are supposed to be totally decentralized, in practice this is not always true, and systems with various degrees of centralization are encountered. Specifically the following three categories are identified. 2 © 2011 ACEEE DOI: 01.IJNS.02.01.28
  • 3. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Directly Directly Trust Trust Peer A Peer B Peer C Indirectly Trust Figure 2.5: Indirect Trust D. Existing P2P Reputation-based Systems This section briefly review some of the existing P2P Figure 2.3: Hybrid Decentralized P2P reputation systems, we start by giving an overview of the B. Trust and Reputation reputation systems. OpenPrivacy – In OpenPrivacy, the reputation Trust and reputation mechanisms have been proposed for information is stored in a certificate. The system is similar large environments in peer-to-peer computing, in concept to web of trust. A peer certifies another peer recommender systems. However, there is no universal through the use of certificate. Every certificate stores the agreement on the definition of trust and reputation. In this value of the target’s reputation and the confidence of the paper, we adopt the following working definitions: certificate creator. To prevent tampering, each certificate is Trust – a peer’s belief in another peers capabilities, digitally signed with the private key of the certificate honesty and reliability based on its own direct experiences; creator. This certificated are stored at the certificate creator Reputation – a peer’s belief in another peer’s as well as the certification target. capabilities, honesty and reliability based on P2Prep – In P2Prep, every peer in the system stores recommendations received from other peers. their interaction experience with other peers (based on Reputation can be centralized, computed by a trusted pseudonym). This reputation records are being update third party or it can be decentralized, computed every time an interaction takes place. These reputation independently by each peer after asking other peers and records can be used by other peers to make decision when recommendations. initializing an interaction. In this case, before a peer Although trust and reputation are different in how they consumes a service, the peer polls other peers about their are developed, they are closely related. They are both used knowledge of the service provider. At the end of the to evaluate a peer’s trustworthiness, so they also share interaction, the service consumer updates the reputation of some common characteristics. the provider and at the same time updates the credibility of the peers that addressed opinion on the provider. C. Classification of Reputation in P2P Communication Managing Trust – Managing Trust stores the In this section we present classification of reputation complaints about a peer in the P-Grid. The underlying idea for peer-to-peer communication. of the P-Grid approach is to create a virtual binary search The classification of reputation signifies if the structure with replication that is distributed over the peers reputation is obtained from a witness peer directly or and supports efficient search. The construction and the indirectly. Based on whether the reputation is obtained search/update operations can be performed without any directly or indirectly we identify two types of reputation central control or global knowledge. they are: RMS – Reputation Management System (RMS) also  Direct Reputation(Trust) stores the reputation information in a certificate. However,  Indirect Reputation(Trust) RMS is different from OpenPrivacy in the implementation Direct reputation – A peer’s belief in another peer’s of the reputation certificate. In RMS, there exists a trusted capabilities, honesty and reliability based on its own direct third party to record the transaction history for the experiences (illustrate in Fig. 2.4). subscribers. The transaction history that the trusted party stored is used by others to check the correctness of the Directly certificate presented by a peer. Trust EigenRep – In EigenRep, two types of value, local and Peer A Peer B global value, are being stored in the systems. The local Figure 2.4: Direct Trust value is stored in every peer and the global value, which is derived from multiple local values, are being handled by random peers in distributed hash table (DHT) such as CAN Indirect reputation – A peer’s belief in another peer’s or Chord. capabilities, honesty and reliability based on recommendations received from another peers (illustrate in Fig. 2.5). 3 © 2011 ACEEE DOI: 01.IJNS.02.01.28
  • 4. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 III. PROPOSED SYSTEM reputation means the aggregated general opinion given by multiple peers. P2PRep is generally combining these two In the proposed peer-to-peer file sharing system is a factors together. windows program that allows you to host a secure peer-to- peer file sharing system without any additional software or C. Trusting Peer services. Users just need to install the client software on Xab(i)   each peer. This is the following key feature in our model. 1 if a' s transacti on is success 0 otherwise  Symmetric encryption with shared secret key   Asymmetric encryption with public/private keys.  Xab (i): the ith transaction between a and b.  Peer authentication with username/password  After n transactions. We obtained the history data  Binary data transfer between peers History: Dab = {Xab(1), Xab(2), … , Xab(n)}  All standard FTP operations  sat(a, b): +1, a downloads an authentic file from  Access control privileges to system resources b.  unsat(a, b): +1, a downloads an inauthentic file from b, or a fails to download a file from b. A. Peer software architecture model In peer software architecture model it consists mainly D. Evaluate Peer three components (illustrate in Fig. 3.1): In our model each client is requested to report the  P2P Substrate transaction detail. Also the client will calculate the  Middleware credibility of the other clients, which is the total number of  P2P Application good transaction by over the total number of transaction by In P2P substrate, it manages two things overlay the client. Management and Resource managements. In overlay management construction of the peer and maintenance of Ri = ∑GAi / ∑ TAi the peer join/leave in the P2P network. In resource  Ri : trust score of peer i management allocation (storage) of the file location and  GAi : Number of good actions for this peer i discovery (routing and lookup) of the peer, are handled in  TAi : total number of considered actions for this P2P substrate. peer i In middleware, provides services to the P2P application, e.g., peer selection, reputation based system, Notation and Assumptions authentication, authorization, integrity and FTP operation. In P2P application, potentially there could be multiple  Let ID denotes Peer ID. applications running on top of a single P2P substrate.  Let PTV denotes Positive trust value. Application includes file sharing and file storage systems  Let NTV denotes Negative trust value. etc.  Let SBU denotes Sum byte up.  Let SBD denotes Sum byte download. P2P Application  T denotes the Time.  SPTV denotes Sum of Positive trust value Middlewa  SNTV denotes Sum of Negative trust value P2P re  CV denotes Credibility value Substrat In this model each peer maintains two tables, a trust Operating System table and a credibility table. The trust table is similar to the one (illustrate in the Table I) and it contain the following Hardware information: Figure 3.1: Software Architecture Table I. Model for P2P Trust Table B. P2PRep model ID PTV NTV SBU SBD T P2Prep is a reputation-based protocol runs in a completely anonymous P2P networks. In P2Prep, local reputation management and community-wide reputation When uploading & downloading management are two different levels. Local reputation is PTV = 1; if SBU = SBD, otherwise PTV=0 defined as one single peer’s opinion of one other peer’s NTV = 1; if SBU≠ SBD, otherwise NTV=0 reputation, based on its formal experience. The community 4 © 2011 ACEEE DOI: 01.IJNS.02.01.28
  • 5. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 The credibility table (illustrate in Table II). It stores Subject the credibility of a peer in reporting the trust value of other peers. It contains the following information. Subject Access control Access information Table Ii. Request Credibility Table Request Access ID SPTV SNTV CV T Fail Monitor CV = SPTV / SNTV SPTV > SNTV; Trusted peer Access Access SPTV < SNTV; Un-trusted peer Yes Function Permit Rules SPTV = SNTV; Indeterminate peer IV. ACCESS CONTROL Object Access control The process of giving an authenticated entity information Object permission to do some action or access some resource. In Request P2P application, a peer might be authenticated to access Figure 4.1: Access Control Architecture some subset of the resources on another peer. In the proposed model (illustrate in the Fig. 4.1) the Table Iii concept of access control is best described as the following Access Table things. The subject is defined as an active entity which ID Upload Download Search … T initiates access requests and operates on objects. Users or autonomous agents can be subjects. The object is a passive entity which is target of an access. The examples of object are files, devices or any other resources that can be used by V. INTERACTION PROCEDURES subjects. However sometimes, a subject can be an object and vice versa under the dynamic situation of access in a Interaction procedure (illustrate in Fig. 5.1) in a system or an organization. typical interaction between a host and a client in our Note that identifying a subject is under the assumption framework. An interaction generally consists of three of successful authentication of the subject. The model, phases: which mediates the access from a subject to an object,  Preparation phase grants or denies access requests, based on the security  Transaction phase relevant attributes of subjects and objects. The model is a  Reputation phase powerful tool for designing and analyzing system security under the assumption of complete invocation for every Firstly, the preparation phase involves the access. authentication process. Secondly, the transaction phase allows the client to interact with the host in order to access A. Discretionary Access Control the files from the other peers, an access of the file can be Discretionary access control (DAC) is an access policy based on the authorization. Finally, the reputation phase that restricts access to files (and other system objects such consists of judging the interaction based on the transaction as directories and devices) based on the identity of users. of the file quality factors. Not only does DAC let you tell the system that can It can be seen from the whole interaction procedure access your data, it lets you specify the type of access that the client plays an active role in every allowed. For example, you might want everyone in the system to be able to read a particular file, but you might phase: from initializing the interaction. The host does a want only yourself and your manager to be able to change minimum amount of work and gets all the required it information from the client and from its own database to make the decision. We believe that this is appropriate because the design principle is that the host should not waste much of its resources (such as network bandwidth and CPU cycles), which is primarily beneficial to the client (which is obtaining the files). Hub (Host) - Hub is responsible for keeping information of authentication and authorization of the peer. Agent (Client) - Agent acts as both a client and a server at the same time 5 © 2011 ACEEE DOI: 01.IJNS.02.01.28
  • 6. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 Host Peer Table Iv Client Peer Trust Threshold Authentication Authentication Trust Threshold Meaning Less than x1 Distrust No Valid Preparation phase Between x1 and x2 Average Greater than x2 Full trust Yes B. Screenshots Request a file Search the file Server – A server is a P2P program dedicated to providing Select the peer Send the file one or more services over a computer network. based on reputation location No Check Privileges Access the file Yes Transaction Transaction phase Yes No Figure 6.1 The Server Update reputation Client – A client is a P2P Program dedicated to providing sharing the resources over a computer network Update reputation Reputation phase Yes Another file No Figure 5.1 Flow chart of an interaction between a host peer and client peer Figure 6.2 The Client VI. SIMULATION AND RESULTS File sharing – File sharing refers to the providing Our proposed system was implemented using and receiving of files over a P2P network Microsoft Visual VB.Net version 8.0 and SQL Server 2005. For implementation we created the peer-to-peer network and file sharing system with the following.  Elegant event driven paradigm for easy integration into windows application.  Peer authentication and authorization at application level with username/password and with private key or with the public key.  Instant alert and chart messaging  All standard FTP operations. Figure 6.3 File sharing  Finding the trust worthiness of the peer A. Experimental Setup C. Results Our proposed experiment is built on one central server and with seven P2P clients setup with 5 upload peer, 2 In our experiments we examined the dependence of download peers with the following thresholds peer performance from its reputation in the following scenarios. Senario1 - Increase in security when including authorization in P2P network 6 © 2011 ACEEE DOI: 01.IJNS.02.01.28
  • 7. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011 mechanisms for evaluating a transaction not only help to differentiate poorly performing peers from good ones but also ensure that malicious peers are punished and isolated. Although we have designed our trust based access control framework to work specifically with P2P file sharing networks. REFERENCES Figure 6.4 Authorizations vs. Unauthorization [1] Huafeng Wu, Chaojian Shi, Haiguang Chen,Chuanshan Gao, “A Trust Management Model for P2P File Sharing System” Senario2 - Decrease of positive trust value when peer 2008 International Conference on Multimedia and starts “acting” maliciously. Ubiquitous Engineering, , page(s) 41-44, February 2008. [2] Lara Srour, Aymaan Kayssi, Ali Chehab “Reputation-Based Algorithm for Managing Trust in File Sharing Network”, IEEE International Conference on Computer and Information Technology, January 2006. [3] S. Q. Zhang, Y.T. Yang, A trust management model for peer-to-peer computer systems, Journal of Harbin Engineering University Vol. 26, No 4, PP 522-525,Aug 2005 [4] Y. Wang, E.J. Vassil, Trust and reputation model in Peer-to- Peer networks. The Third IEEE International Conference on Peer2to2Peer Computing, Linkopings, 2003. [5] E. Damian, D.C. Vimercati et al, A reputation-based Figure 6.5 Peer acting maliciously approach for choosing reliable resources in Peer-to-Peer Senario3 – Gain in positive trust value when peer starts networks, The 9th ACM Conference on Computer and “acting” properly. Communications Security. Washington DC, 2002 [6] A. Singh, L. Liu,, Anonymous management of trust relationships in decentralized P2P systems, The Third IEEE International Conference on Peer-to-Peer Computing, Linkopings, 2004. [7] K. Aberer, Z. Despotovic, Managing trust in a Peer-to-Peer information system, The Tenth International Conference on Information and Knowledge Management (ACM CIKM’01), Linkopings, 2001. [8] Li Xiong and Ling Liu. A Reputation-Based Trust Model for Peer-to-Peer eCommerce Communities. Proceedings of the IEEE International Conference on E- Figure 6.6 Peer acting properly Commerce. [9] Yao Wang and Julita Vassileva. Trust and Reputation Model in Peer-to-Peer Networks. IEEE Proceedings of the Third CONCLUSION International Conference on Peer-to-Peer Computing The proposed trust based access control framework (P2Pa˛r´03), 2003. satisfies the requirements of access control for P2P file- [10] Ali Aydin Selpk, Ersin Uzun and Mark Regat Pariente. A Reputation-Based Trust Management System for P2P sharing systems, by extending the discretionary access Networks. In IEEE International Symposium on Cluster control model, P2P’s partial decentralized properties and Computing and the Grid, 2004. peers autonomy are preserved while enabling and [11] Bin Yu, Munindar P. Singh and Katia Sycara. Developing maintaining collaboration between peers. The trust model Trust in Large-Scale Peer-to-Peer Systems. IEEE 2004. and score systems help to classify both known and [12] Sergio Marti and Hector Garcia-Molina. Limited Reputation unknown visitors according to their trustworthiness and Sharing in P2P Systems. In EC’04 May20.08, 2004, New contribution. Hence, appropriate access privileges can be York, New York, USA. assigned to each visitor accordingly. The proposed 7 © 2011 ACEEE DOI: 01.IJNS.02.01.28