[Note: the following literature review was originally included in a new paper but needed to be removed for space and flow considerations]
How has previous research looked at information security?
Academic literature covering distributed computing and economics of information security and specifically peer-to-peer networks “Before Bitcoin” spans several decades.
Surveying literature (Lua et al. 2004; Hoffman et al. 2007; Momani and Challa 2009) we can see that there have been dozens of attempts to create decentralized peer-to-peer reputation systems that needed to be self-organizing, Sybil-resistant and fault tolerant.1
For instance, the Content Addressable Network (CAN), Chord, Kademlia and the Cooperative File System (CFS) each had a variety of characteristics that attempted to stave off abuse from attackers due to the environments they operated in (e.g., a distributed decentralized P2P infrastructure). Some used public-private key pairs, content hashes and others used NodeID.
These surveys also looked at Distributed Hash Trees (DHT) which have been known to be vulnerable to a number of attacks including Eclipse attacks, where the peering network itself comes under attack (which Bitcoin’s network is also prone to).2
What about other game theory issues? For example in (Lua et al., 2004) the authors wrote that:3
The ability to overcome free-rider problems in P2P overlay networks will definitely improve the system’s reliability and its value.
Sybil attacked termed by Douceur4 described the situation whereby there are a large number of potentially malicious peers in the system and without a central authority to certify peers’ identities. It becomes very difficult to trust the claimed identity. Dingledine et al.,5 proposes puzzles schemes, including the use of micro-cash, which allows peers to build up reputations. Although this proposal provides a degree of accountability, this still allows a resourceful attacker to launch attacks.
This is the same problem discussed above, that (Rosenfeld 2012) runs into regarding how to pay nodes on an open network.
How do these researchers believe it could be solved or fixed? According to (Lua et al., 2004):6
Having some sort of incentive model using economic and game theories, for P2P peers to collaborate is crucial to create an economy of equilibrium. When non-cooperative users benefit from free-riding on others’ resources, the tragedy of the commons7 is inevitable. Such incentives implementation in P2P overlay services would also provide a certain level of self-regulatory auditing and accounting behavior for resource sharing.
As shown above, despite rhetoric at Bitcoin-related conferences, many of the challenges facing Bitcoin today are in fact known problems facing decentralized peer-to-peer networks in general. The problem space for preventing Sybil attacks was and is relatively well-defined, Bitcoin again side-steps the actual solution by making it economically expensive, but not technically impossible to conduct history-reversing attacks, or even Sybil attacks on the gossip network.
P2Prep is a reputation system designed to “mitigate the effects of selfish and malicious peers in an anonymous, completely decentralized system.”8
How did it do this?
The system guards the anonymity of users and the integrity of packets through the use of public key cryptography. All replies are signed using the requester’s public key, protecting the identity of the responder and the integrity of the data. Only the requester is able to decrypt the packet and check the validity of the information.9
A key security consideration in the Credence system is the use of mechanisms to prevent spoofed votes or votes generated by fake identities. The system guards against such attacks by issuing digital certificates in an anonymous but semi-controlled fashion. The authors propose to mitigate Sybil attacks by requiring expensive computation on the part of the client before the server grants a new digital certificate. Every voting statement is digitally signed by the originator and anyone can cryptographically verify the authenticity of any given voting statement.
In (Momani and Challa 2010) the authors looked at security and trust concepts surrounding wireless sensor networks (WSN). At first glance this may seem unrelated to peer-to-peer networks but there are many similarities:12
The security issue has been raised by many researchers [14 – 24], and, due to the deployment of WSN nodes in hazardous and/or hostile areas in large numbers, such deployment forces the nodes to be of low cost and therefore less reliable or more prone to overtaking by an adversary force. Some methods used, such as cryptographic authentication and other mechanisms [25 – 32], do not entirely solve the problem. For example, adversarial nodes can have access to valid cryptographic keys to access other nodes in the network. The reliability issue is certainly not addressed when sensor nodes are subject to system faults. These two sources of problems, system faults and erroneous data or bad routing by malicious nodes, can result in the total breakdown of a network and cryptography by itself is insufficient to solve these problems. So new tools from different domains social sciences, statistics, e-commerce and others should be integrated with cryptography to completely solve the unique security attacks in WSNs, such as node capturing, Sybil attacks, denial of service attacks, etc.
In their survey they identified previous research that had looked at some of these same issues including In (Xiong and Liu 2003) where the authors attempted to build a reputation-based trust model for peer-to-peer distributed commerce platforms and use game theory to ameliorate the trust parameters by threats from malicious attacks.13
Going back more than fifteen years we can see that other researchers (Lamport 1998) and (Castro and Liskov 1999), that successful attempts were made to “use cryptographic techniques to prevent spoofing and replays and to detect corrupted messages” on a network that replicates services in the face of Byzantine faults.14
Volumes more can and will likely be written covering the research on these specific topics due in large part to the integral role that different types of information and financial networks play in the lives of consumers and businesses alike.
- A Survey and Comparison of Peer-to-Peer Overlay Network Schemes by Lua et al.; A Survey of Attack and Defense Techniques for Reputation Systems by Kevin Hoffman, David Zage and Cristina Nita-Rotaru; and Survey of trust models in different network domains by Mohammad Momani and Subhash Challa [↩]
- Eclipse Attacks on Bitcoin’s Peer-to-Peer Network by Heilman et al. [↩]
- A Survey and Comparison of Peer-to-Peer Overlay Network Schemes by Lua et al., p. 11 [↩]
- J. R. Douceur, “The sybil attack,” in Proceedings of the First International Workshop on Peer-to-Peer Systems , March 7-8 2002, pp. 251– 260. [↩]
- R. Dingledine, M. J. Freedman, and D. Molnar, “Accountability measures for peer-to-peer systems,” in Peer-to-Peer: Harnessing the Power of Disruptive Technologies , D. Derickson, Ed. O’Reilly and Associates, November. [↩]
- A Survey and Comparison of Peer-to-Peer Overlay Network Schemes by Lua et al., p. 20 [↩]
- G. Hardin, “The tragedy of the commons,” Science , vol. 162, pp. 1243– 1248, 1968. [↩]
- A Survey and Comparison of Peer-to-Peer Overlay Network Schemes by Lua et al., p. 28. Among other startups, Mnet was a peer-to-peer distributed data store, whose (former) employees would go on to help create BitTorrent and Tahoe-LAFS. This was during the same survey period. [↩]
- Ibid, p. 29 [↩]
- Experience with an Object Reputation System for Peer-to-Peer Filesharing by Kevin Walsh and Emin Gün Sirer [↩]
- A Survey of Attack and Defense Techniques for Reputation Systems by Kevin Hoffman, David Zage and Cristina Nita-Rotaru, p. 30 [↩]
- Survey of trust models in different network domains by Mohammad Momani and Subhash Challa [↩]
- A Reputation-Based Trust Model for Peer-to-Peer eCommerce Communities by Li Xiong and Ling Liu [↩]
- Practical Byzantine Fault Tolerance by Miguel Castro and Barbara Liskov. According to Leslie Lamport, in The Part-Time Parliament, p. 23: “The Paxon Parliament protocol provides a distributed, fault-tolerant imiplmentation of the database system.” [↩]