Securing group based peer-to-peer systems

Abstract

Peer-to-peer applications enable a group of users to create a communications framework from scratch without the need of a central service provider. This is achievable via the aggregation of resources each one of them provide, creating a completely distributed collaborative environment based in a flat hierarchy of users, without the need for centralization. Usually, peer-to-peer applications are conceptualized as a global network, without any kind of logical segmentation or segregation as far as resource availability is concerned. At every model, any peer may access any resource available within the network just by being able to reach the peer that provides such resource. Although having a unique huge open network may be desirable for some applications, there are cases in which it might be interesting to create different, but not necessarily disjoint, groups of peers operating under the same global peer-topeer network. In order for peer groups to be able to operate effectively in a global peer-to-peer network, additional security services must be provided. These mechanisms should allow peers to be able to prove group membership to other members of the group, so they can be granted access to group resources, as well as ensuring that resource discovery and message exchange between peer group members remain secure. A group may need to limit membership for various reasons, such as ensuring privacy, anonymity or enforcing that peer group members are up to some specific parameter (data shared, performance, computing power, etc.) The goals of this PhD. thesis are twofold, the reason being the fact that securing a peer group can be divided at two distinct, but interrelated, layers: • Enabling effective group membership, starting from the process by which any peer becomes part of a peer group and then, following, the mechanisms by which such peer may prove its membership to other group members for the rest of the membership's lifecycle (peer group access control). • Providing a secure environment for standard operations within a peer group, which functions once any peer's membership to the group has already been established. Typical operations at this layer are those of resource location and retrieval, or messaging. In order to achieve the former goal, basic group membership and access control scenarios are categorized and formalized as part of the research work in order to assess which are the current challenges. From this study, we present a generic model proposal that fulfils the objectives of autonomy, keeps a pure peer-to-peer model and the possibility to be used in different peer-to-peer frameworks. The later goal focuses in secure mechanisms in order to provide basic security services to both resource discovery and message exchange. However, in contrast with group membership models, where a generic approach is feasible, peer group operation security is intimately tied to each specific peer-to-peer framework, since each one specifies resource location and messaging primitives in a different manner. For that reason, a specific one has been chosen for the research work: JXTA. Such election is due to the fact that JXTA's architecture is entirely based on the concept of peer groups, since it was the one to first define the concept of peer group, providing an excellent testbed for peer group research