(originally published on NewOrder Newsletter, #12)
---[ 10,000 Monkeys and a Webpage . by Izik <izik@tty64.org> ]
A lot has been said on the Peer2Peer structure and how flexible and useful
it could really be. But in reality the only concept that has proven to be
working on top of it, is mostly File sharing. The main advantage and
disadvantage in the Peer2Peer structure is lack of the central server which
acts as an authority figure. In this article I will explain a concept, a
theory on how one can implement a trust system within a Peer2Peer
structure, without any authority figure nor previous assumption toward
peers in the network.
To implement this concept we will take a goal, that goal will be to surf to
a given webpage from within the Peer2Peer network, using the peers as
proxies, thus providing the anonymity aspect. Each peer in our theoretical
network is equipped with a simple plugin that accepts a GET request,
processes it and then returns back the data. This situation is a bit
tricky, as we relay on peers to give us back a piece of data which we never
encountered before. This could easily be abused by evil peers to return a
false or modified context to mislead us. So how can we trust a given peer
to give us back the actual data without modifying nor fixing it? The answer
is by applying democracy.
Democracy in our case would be to a make a poll on the given GET request
(e.g. GET /index.html) and sample back the results. If all the peers were
telling the truth we should have only one type of result data, if for some
reason a few peers decided to be evil and fake back the data or return it
modified, the poll will let us know about it. To compare between one result
and another we will use a hash function like MD5, and will go with the MD5
hash that has been returned most often.
Of course this method isn't bullet proof, as massive amount of evil peers
returning the same MD5 will poison the poll, and lead us into thinking that
their data chunk/reply is the right one. But this as well can be dealt
with. We can perform a polygraph test by accessing a dummy site which can
be any site and sample different parts on it and keep the MD5 to ourself
and ask the peers to go to the same site and examine first hand who's
telling the truth and who's not. Another method could be the Human Factor
as in some cases it would be easy to spot a context spoofing as such
'Wrong Picture' or 'Broken Text' and based on Human judgement to issue out
individual trust levels for peers and increase their weight in the next
poll.
To conclude I would say it's possible to implement a trust system within an
Peer2Peer structure without having a well defined authority server. It's
just a matter of how much one is willing to risk.
---[ 10,000 Monkeys and a Webpage . by Izik <izik@tty64.org> ]
A lot has been said on the Peer2Peer structure and how flexible and useful
it could really be. But in reality the only concept that has proven to be
working on top of it, is mostly File sharing. The main advantage and
disadvantage in the Peer2Peer structure is lack of the central server which
acts as an authority figure. In this article I will explain a concept, a
theory on how one can implement a trust system within a Peer2Peer
structure, without any authority figure nor previous assumption toward
peers in the network.
To implement this concept we will take a goal, that goal will be to surf to
a given webpage from within the Peer2Peer network, using the peers as
proxies, thus providing the anonymity aspect. Each peer in our theoretical
network is equipped with a simple plugin that accepts a GET request,
processes it and then returns back the data. This situation is a bit
tricky, as we relay on peers to give us back a piece of data which we never
encountered before. This could easily be abused by evil peers to return a
false or modified context to mislead us. So how can we trust a given peer
to give us back the actual data without modifying nor fixing it? The answer
is by applying democracy.
Democracy in our case would be to a make a poll on the given GET request
(e.g. GET /index.html) and sample back the results. If all the peers were
telling the truth we should have only one type of result data, if for some
reason a few peers decided to be evil and fake back the data or return it
modified, the poll will let us know about it. To compare between one result
and another we will use a hash function like MD5, and will go with the MD5
hash that has been returned most often.
Of course this method isn't bullet proof, as massive amount of evil peers
returning the same MD5 will poison the poll, and lead us into thinking that
their data chunk/reply is the right one. But this as well can be dealt
with. We can perform a polygraph test by accessing a dummy site which can
be any site and sample different parts on it and keep the MD5 to ourself
and ask the peers to go to the same site and examine first hand who's
telling the truth and who's not. Another method could be the Human Factor
as in some cases it would be easy to spot a context spoofing as such
'Wrong Picture' or 'Broken Text' and based on Human judgement to issue out
individual trust levels for peers and increase their weight in the next
poll.
To conclude I would say it's possible to implement a trust system within an
Peer2Peer structure without having a well defined authority server. It's
just a matter of how much one is willing to risk.
