multiple selective mutual authentication protocol for peer-to-peer system

Multiple Selective Mutual Multiple Selective Mutual Authentication Protocol for Authentication Protocol for Peer-to-Peer System Peer-to-Peer System School of Engineering 2001099 Hyunrok Lee

Upload: yamin

Post on 14-Jan-2016




0 download


Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System. School of Engineering 2001099 Hyunrok Lee. Contents. 1. Introduction 2. The Problem 3. Preliminaries 4. Proposed Scheme 5. Comparison 6. Conclusion 7. Reference. 1. Introduction. - PowerPoint PPT Presentation


Page 1: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System

Multiple Selective Mutual Authentication Multiple Selective Mutual Authentication Protocol for Peer-to-Peer SystemProtocol for Peer-to-Peer System

School of Engineering


Hyunrok Lee

Page 2: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System



1. Introduction

2. The Problem

3. Preliminaries

4. Proposed Scheme

5. Comparison

6. Conclusion

7. Reference

Page 3: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


1. 1. IntroductionIntroduction

The Internet three valuable fundamental assets A huge amount of information Increasing bandwidth Growing power of computing resources

Limitation of client-server model P2P model

Peer-to-peer computing Peer

A principal that simultaneously can have both client and server processes.

Sharing of computing resources and services by direct exchange or share between arbitrary network peers[2]

Pure P2P Hybrid P2P

Page 4: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


1. 1. Introduction (cont.)Introduction (cont.)

Trust model Trust modeling

Web of Trust model Hierarchical Trust (PKI) model

Trust quantifying Trust computation

Page 5: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


2. 2. The ProblemThe Problem

Different security problem between client-server model and peer-to-peer model

Most of P2P systems provide no provisions for mutual authentication or private information.[6][7][8][9]

Weak authentication mechanism PGP-based Freenet[12] does not have legal force.

P2P model may have temporary association P2P model should provide anonymity

Except the case of serious commercial transaction.

No authentication protocol based on view of trust model Trust between peers begins to mirror those real-world relationships. SMAP[1] did not consider trust model.

Page 6: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. PreliminariesPreliminaries

Key feature of peer-to-peer model[4] Discovering other peers Querying peers for resources Sharing resource with other peers

Pure peer-to-peer model

Page 7: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.) Hybrid peer-to-peer

A simple discovery server Discovery and lookup server

Discovery, lookup, and content server

Page 8: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Well-known insecure peer-to-peer file sharing Napster[10]

Central discovery and lookup server Weak authentication

Gnutella[11] Pure p2p Provide only anonymity.

Freenet Pure p2p PGP based authentication

No legal force Retrieving user’s public key every operation

Require specific server – Key Distribution Center

Page 9: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Selective authentication scheme[1] Two main technique

Mutual authentication based on X.509 certificate Key establishment protocol based on public-key encryption

Support Anonymity Support Strong Authentication

Selective mechanism Two Procedure

Exclusion Protocol Authentication scheme is excluded. Communicate with each other (without session key)

Inclusion Protocol Mutually strong authentication is included. Communicate with each other (with time-invariant session key)

Page 10: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Protocol. Selective mutual authentication protocol (SMAP) SUMMARY: A sends B one message, and B responds with one message that

include extra selective field. And then key establishment is performed. RESULT: (according to user choice)

(1) Mutual peer authentication and time-variant session key transport with key authentication(2) Peer authentication exclusion

1. Notation. PX(y) denotes the result of applying X’s encryption public key to data y. SX(y) denotes the result of applying X’s signature private key to y. rA, rB are never re-used numbers (to detect replay and impersonation). certX is a certificate binding peer X to a public key suitable for both encryption and

signature verification. selE is a selective field that notifies peer authentication exclusion. selS is a selective field that notifies mutual peer authentication inclusion. null denotes the confirmation about communication.(without authentication) reqcert denotes more information, such as X.509 certificate, is required.

Page 11: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

2. System setup. (a) Peer chooses a value of selective field. (b) Each peer has its public key pair for signatures and encryption. (c) A must acquire (and authenticate) the encryption public key of B. (This may

require additional messages and computation.)

3. Protocol messages. (An asterisk denotes items are optional.) First of all initiator must choose given two operations selE, selS.

Exclusion protocol:

A B: selE (1-E)

A B: null (2-E) Inclusion protocol: Let DA = (tA, rA, B, data1

*, PB(k1)*), DB = (tB, rB, A, rA, data2

*, PA(k2)*).

A B: selS (1-S)

A B: reqcert (2-S)

A B: certA, DA, SA(DA) (3)

A B: certB, DB, SB(DB) (4)

Page 12: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Trust Model in PGP [3] Web of trust No Legal force

Trust Values Complete trust

Fully trusted to certify others public keys Marginal trust

Marginally trusted to certify others public keys Not trusted



CharlieCharlie BobBob


Page 13: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Trust Model in PKI [5] Hierarchical Trust Model

Strict rule Cross Certificate for performance Hard to reflect trust relationship of real world

Legal Force RootRootCACA




User DUser DUser BUser BUser CUser CUser AUser A

Page 14: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Trust Model in distributed computing [13] Propose a model for trust based on distributed


Consider reputation of each entity based on multi-domain

Support dynamic revocation / refresh

Propose Trust quantifying / calculation method

Trust is divided into Direct Indirect ( Recommendation )

Multiple trust value

Recommendation protocol ONLY

Page 15: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.) Direct Trust Value semantics

Recommender Trust Value Semantics

Page 16: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Recommendation Protocol

RRQ ::= Requestor_ID, Rquest_ID, Target_ID, Categories, RequestorPKC, GetPKC, Expiry

Categories ::= SET OF {Category Name}

Recommendation ::= Requestor_ID, Request_ID, Rec_Path, [SEQUENCE OF {Recommendation_Set, TargetPKC} | NULL]

Rec_Path ::= SEQUENCE OF {Recommender_ID}Recommendation_Set ::= SET OF Recommendation_SlipRecommendation_Slip ::= SET OF SEQUENCE {Target_ID, Category_Name,

Trust_Value, Expiry}

RRQ ::= Requestor_ID, Rquest_ID, Target_ID, Categories, RequestorPKC, GetPKC, Expiry

Categories ::= SET OF {Category Name}

Recommendation ::= Requestor_ID, Request_ID, Rec_Path, [SEQUENCE OF {Recommendation_Set, TargetPKC} | NULL]

Rec_Path ::= SEQUENCE OF {Recommender_ID}Recommendation_Set ::= SET OF Recommendation_SlipRecommendation_Slip ::= SET OF SEQUENCE {Target_ID, Category_Name,

Trust_Value, Expiry}

Page 17: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Recommendation Protocol Example Alice Bob Cathy Eric

Recommender trust relationship Direct trust relationship

Request recommendation1. Alice Bob : Alice, rrqA01, Eric, [Car_Service], T, 200112312. Bob Cathy : Bob, rrqB01, Eric, [Car_Service], T, 200112313. Cathy Bob : Bob, rrqB01, [Cathy], [ (Eric, Car_Service, 3, 20011231) ]4. Bob Alice : Alice, rrqA01, [Cathy, Bob], [ (Eric, Car_Service, 3, 20011231) ] , PKERIC

If change trustworthy,5. Cathy Bob : [Cathy], [ (Eric, Car_Service, 1, 20011231) ]6. Bob Alice : [Cathy, Bob], [ (Eric, Car_Service, 1, 20011231) ]

Request recommendation1. Alice Bob : Alice, rrqA01, Eric, [Car_Service], T, 200112312. Bob Cathy : Bob, rrqB01, Eric, [Car_Service], T, 200112313. Cathy Bob : Bob, rrqB01, [Cathy], [ (Eric, Car_Service, 3, 20011231) ]4. Bob Alice : Alice, rrqA01, [Cathy, Bob], [ (Eric, Car_Service, 3, 20011231) ] , PKERIC

If change trustworthy,5. Cathy Bob : [Cathy], [ (Eric, Car_Service, 1, 20011231) ]6. Bob Alice : [Cathy, Bob], [ (Eric, Car_Service, 1, 20011231) ]

Page 18: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


3. 3. Preliminaries (cont.)Preliminaries (cont.)

Trust Quantifying & Computation

Computing Trusttvp(T) = tv(R1)/4 X tv(R2)/4 X … X tv(Rn)/4 X rtv(T)Where

tv(Ri) : recommenders trust valuertv(T) : The recommended trust value of target T given in the recommendationtvp(T) : The trust value of target T derived from recommendation received through return path p.

tv(T) = Average (tv1(T), … , tvp(T))

Ex)tv1(Eric) = tv(Bob)/4 X tv(Cathy)/4 X rtv(Eric) = 2/4 X 3/4 X 3 = 1.125tv2(Eric) = 2.500tv(Eric) = Average( tv1(Eric), tv2(Eric)) = Average( 1.125, 2.500 ) = 2.375

Computing Trusttvp(T) = tv(R1)/4 X tv(R2)/4 X … X tv(Rn)/4 X rtv(T)Where

tv(Ri) : recommenders trust valuertv(T) : The recommended trust value of target T given in the recommendationtvp(T) : The trust value of target T derived from recommendation received through return path p.

tv(T) = Average (tv1(T), … , tvp(T))

Ex)tv1(Eric) = tv(Bob)/4 X tv(Cathy)/4 X rtv(Eric) = 2/4 X 3/4 X 3 = 1.125tv2(Eric) = 2.500tv(Eric) = Average( tv1(Eric), tv2(Eric)) = Average( 1.125, 2.500 ) = 2.375

Page 19: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


4. 4. Proposed SchemeProposed Scheme Trust model RootRoot







Community 1




PeerPeer PeerPeer










SysopSysop Community 2SysopSysop




Web of Trust

Page 20: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)

Multiple Selective Mutual Authentication Protocol(MSMAP) Overview

Based on SMAP[1] Hybrid Trust Multiple Selective Mutual Authentication under view of hybrid trust Use the result of trust value computation

Assume that Standard P2P Protocol is established All peer CAN communicate with each other

Result of trust value computation tv(peer) < 0 refuse all process0 ≤ tv(peer) < 1.5 request formal certificate from CA1.5 ≤ tv(peer) < 3 request informal certificate from Service Provider3 ≤ tv(peer) ≤ 4 request self-signed certificate (Public Key)

Result of trust value computation tv(peer) < 0 refuse all process0 ≤ tv(peer) < 1.5 request formal certificate from CA1.5 ≤ tv(peer) < 3 request informal certificate from Service Provider3 ≤ tv(peer) ≤ 4 request self-signed certificate (Public Key)

Page 21: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)

SUMMARY: A sends B one message, and B responds with one message that include extra selective field. After B request recommendation to peers and then key establishment is performed.

RESULT: (according to user choice)(1) Mutual peer authentication and time-variant session key transport with key authentication using different source of certificate based on trustworthy.(2) Peer authentication exclusion

1. System setup. (a) Peer chooses a value of selective field. (b) Peer request and response recommendation to other peers (c) Each peer has its public key pair for signatures and encryption. (d) A must acquire (and authenticate) the encryption public key of B. (This may

require additional messages and computation.)

Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)

Page 22: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)2 . Notation.

PX(y) denotes the result of applying X’s encryption public key to data y. SX(y) denotes the result of applying X’s signature private key to y. rA, rB are never re-used numbers (to detect replay and impersonation). certX is a certificate binding peer X to a public key suitable for both encryption and

signature verification. selE is a selective field that notifies peer authentication exclusion. selS is a selective field that notifies mutual peer authentication inclusion. null denotes the confirmation about communication.(without authentication) reqFcert denotes more information, such as X.509 certificate from legal CA, is

required. reqIcert denotes more information, such as informal certificate from service provider,

is required. reqScert denotes more information, such as self-signed certificate, is required. peers are arbitrary peers between community members refuse denote that stop all mutual authentication process. So it means refuse

communication with that peer

Page 23: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)

3. Protocol messages. (An asterisk denotes items are optional.) First of all initiator must choose given two operations selE, selS. Exclusion protocolExclusion protocol:

A B: selE (1-E)A B: null (2-E)

Inclusion protocolInclusion protocol: Let DA = (tA, rA, B, data1

*, PB(k1)*), DB = (tB, rB, A, rA, data2

*, PA(k2)*).

A B : selS (1-S)peers B : Request trust recommendation (2-S)peers B : Recommendation result (3-S)

computing trustA B : refuse when tv(peer) < 0 (4-S)

reqFcert when 0≤ tv(peer) < 1.5

reqIcert when 1.5 ≤ tv(peer) < 3

reqScert when 3 ≤ tv(peer) ≤ 4

A B : certA, DA, SA(DA) (5)

A B : certB, DB, SB(DB) (6)

Page 24: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


5. Comparison5. Comparison

Page 25: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


6. 6. ConclusionConclusion

P2P computing rapidly span. Lack of security of P2P Proposed Multiple Selective Mutual Authentication

Protocol (MSMAP) support Strong authentication Legal force Real trust relationships Anonymity Cost effective

Future Work Formalized trust quantifying and calculation are needed Span the proposed scheme generally.

Page 26: Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System


7. 7. ReferencesReferences [1] Hyun-rok Lee “Selective mutual authentication scheme for peer-to-peer system.”

2001 Spring semester Modern cryptology term paper in ICU [2] P2P Working Group Homepage “” [3] P.Zimmermann, “Why do you need PGP ?” “” [4] Lance Olson .NET P2P: Writing Peer-to-Peer Networked Apps with the Microsoft .NET

Framework, MSDN magazine 2001.2. [5] R.Perlman, “An Overview of PKI Trust Models,” IEEE Network Magazine, 1999 [6] Soribada Homepage “” [7] Open4u Homepage “” [8] CuteMX Homepage “” [9] Aimster Homepage “” [10] Napster Homepage “” [11] Gnutella Homepage “” [12] Freenet Homepage “” [13] Alfarez Abdul-Rahman and Stephen Hailes, “A Distributed Trust Model”

Proceedings of the workshop on New security paradigms workshop, 1997, Pages 48 – 60 [14] Alfred J. Manezes, Paul C.van Oorschot, Scott A. Vanstone, Handbook of Applied

Cryptography, CRC press [15] W. Stallings, Cryptography and Network Security, Prentice Hall, 1999