ucdavis, ecs251 spring 2007 05/18/2007davis social links1 davis social links a socially structured...
Post on 21-Dec-2015
214 views
TRANSCRIPT
05/18/2007 Davis Social Links 1
UCDavis, ecs251Spring 2007
Davis Social LinksA Socially Structured P2P System
S. Felix WuUniversity of California, Davis
[email protected]://www.cs.ucdavis.edu/~wu/
05/18/2007 Davis Social Links 2
UCDavis, ecs251Spring 2007 P2P
• Unstructured P2P– Napster, Bittorrent
• Structured P2P– DHT/Chord
05/18/2007 Davis Social Links 4
UCDavis, ecs251Spring 2007 Unstructured P2P
Where is this piece of music?What is the location of this content?What is the current IP address of this skype user?
05/18/2007 Davis Social Links 6
UCDavis, ecs251Spring 2007 DHT-based BT Tracker
Index key(Content-Dependent)
The owner of the identifier matching this hash entry will be the tracker for the corresponding index key!
Sharing/DownloadingFreeBSD 5.4 CD images
PUT & GET
05/18/2007 Davis Social Links 7
UCDavis, ecs251Spring 2007 DHT-based P2P
Index keyRouting from a key to an identifier
PUT & GET
05/18/2007 Davis Social Links 8
UCDavis, ecs251Spring 2007 DHT vs. DSL
• DHT– [Contents, Keys, Identifiers]– Conceptually, we have a global hash table!
• DSL– [Contents, Keys, Relative Identifiers]– Social/trust relationships along the route
path
05/18/2007 Davis Social Links 10
UCDavis, ecs251Spring 2007 A Social Link
representing a trust relationship in the application layer.
Trust Attribute
05/18/2007 Davis Social Links 11
UCDavis, ecs251Spring 2007 Requirement for a Social Link
They know how to communicate with each other (such as IP or email addresses) in any layer!
Trust Attribute
05/18/2007 Davis Social Links 12
UCDavis, ecs251Spring 2007 Social Keywords
Soccer, BGP, Davis, California, Intrusion Detection,…
05/18/2007 Davis Social Links 13
UCDavis, ecs251Spring 2007 Social Keywords
Soccer, BGP, Davis, California, Intrusion Detection,…
Social keywords represents your interests and the semantic/social interpretation of you.
Ownership
05/18/2007 Davis Social Links 14
UCDavis, ecs251Spring 2007 Identifier and Key
• Under DSL, each peer has its own decision or policy regarding what “social keywords” to announce, and it can change the announcement itself any time.
• There is NO global identifier.• Relative Peering relationship only.
05/18/2007 Davis Social Links 15
UCDavis, ecs251Spring 2007 DHT
• The binding among Content, Key, Identifier is “relatively static”.
• Once the key of the content is known, the route path to the identifier/key owner is determined, assuming the DHT ring is stable.– What does this imply?
05/18/2007 Davis Social Links 16
UCDavis, ecs251Spring 2007 Multiple Social Links
BGP, Davis, California, Intrusion Detection,…
Soccer, Wine, Bike, Davis, California,…
05/18/2007 Davis Social Links 17
UCDavis, ecs251Spring 2007Social Keywords can be Anything
Lord_of_the_Ring, Spiderman3, Royal Casino, Troy, …
05/18/2007 Davis Social Links 19
UCDavis, ecs251Spring 2007 Aggregation
Ownership
Ownership
Similar to Scope-Limited Flooding in Gnutella/Freenet, but more scalable with aggregation.
05/18/2007 Davis Social Links 20
UCDavis, ecs251Spring 2007 How to Aggregate?
• Local rules or dictionaries• {s1, s2,… , sn} --- “S”
05/18/2007 Davis Social Links 21
UCDavis, ecs251Spring 2007 How to find “content X”?
Owner of X Other Peers
Remember that under DSL there is no such thing called “global identifier”.
05/18/2007 Davis Social Links 22
UCDavis, ecs251Spring 2007Use the right “keywords for X”!
Owner of X Other Peers
Query
05/18/2007 Davis Social Links 23
UCDavis, ecs251Spring 2007 Example
PotentialTargets
PotentialPeers
“Davis,CA”
“Sacramento,CA”
Northern CaliforniaGreater Sacramento Area
Which keywords to use?
05/18/2007 Davis Social Links 24
UCDavis, ecs251Spring 2007 Example
PotentialTargets
PotentialPeers
“Davis,CA”
“Sacramento,CA”
Northern CaliforniaGreater Sacramento Area
“North California”“Davis, CA”
05/18/2007 Davis Social Links 25
UCDavis, ecs251Spring 2007 No Unique Identifier!!!
• Two peers might announced exactly the same set of keywords!
05/18/2007 Davis Social Links 26
UCDavis, ecs251Spring 2007 Example
PotentialTargets
PotentialPeers
“Davis,CA”
“Davis,CA”
Northern CaliforniaGreater Sacramento Area
Who will receive the query??
Query
05/18/2007 Davis Social Links 27
UCDavis, ecs251Spring 2007 No Unique Identifier!!!
• Two peers might announced exactly the same set of keywords!
• Both of them will receive the query, and this might not be a problem.
05/18/2007 Davis Social Links 29
UCDavis, ecs251Spring 2007 No Unique Identifier!!!
• Two peers might announced exactly the same set of keywords!
• Both of them will receive the query, and this might not be a problem.
• Usually, end2end applications can tell which one (or ones) is really wanted.
05/18/2007 Davis Social Links 30
UCDavis, ecs251Spring 2007 DSL in a Social Network
Owner of X Other Peers
QueryAppTest
05/18/2007 Davis Social Links 31
UCDavis, ecs251Spring 2007 Trackerless BitTorrent
Owner of X Other Peers
QueryAppTest
05/18/2007 Davis Social Links 32
UCDavis, ecs251Spring 2007 Tracker Volunteer
Volunteer Other Peers
QueryAppTest
Content/KeyTracker
05/18/2007 Davis Social Links 34
UCDavis, ecs251Spring 2007 Tracker Volunteers
Volunteers Other Peers
QueryAppTest
Content/KeyTracker
05/18/2007 Davis Social Links 35
UCDavis, ecs251Spring 2007 DSL-Torrent
• How to seed your torrent?– Use DSL to search for all the volunteers– You can screen out “unqualified” trackers
by not contacting them. (owner controllability)
• How to contact/select the tracker(s)?– Use the keywords, of course– But, use the right aggregation keywords to
reach the trackers closer to the “UCDavis” social circle!
05/18/2007 Davis Social Links 37
UCDavis, ecs251Spring 2007 Monitoring
• Seed• Tracker• With Trackerless, the inspector might
become the tracker itself to record all the IP addresses of the peers– Traceability vs. Privacy
• How about DSL-Torrent?
05/18/2007 Davis Social Links 40
UCDavis, ecs251Spring 2007 “Google”
• It’s about the “content”– Data-centric networking.
• Input to the Engine– A set of key words characterizing the target
document.
• Output– A set of documents/links matching the
keywords
05/18/2007 Davis Social Links 41
UCDavis, ecs251Spring 2007 “DSL”
• It’s also about the “content”– Application will decide the mechanism to
further the communication.
• Input to the Decentralized Engine– A set of key words characterizing the target
document (plus the aggregation keywords).
• Output– A set of DSL entities with the DSP (Davis
Social Path pointer) matching the keywords
05/18/2007 Davis Social Links 42
UCDavis, ecs251Spring 2007 DSL Search Engine
DSL Social World
Receiver orContent
Sender orReader
We are not just connecting the IP addresses!We are connecting all the contents that can be interpreted!
05/18/2007 Davis Social Links 43
UCDavis, ecs251Spring 2007 Google vs. DSL
• Google is essentially a “routing” framework between the contents and their potential consumers.
• Google decides how to extract the “key words” from your (the owner) web page or document.
05/18/2007 Davis Social Links 44
UCDavis, ecs251Spring 2007 Google vs. DSL
• Google is essentially a “routing” framework between the contents and their potential consumers.
• Google decides how to extract the “key words” from your (the owner) web page or document.
• A DSL “owner/receiver to be” has the complete control over that. A balance between:– How I would like others to know about me?
• And, I might want different folks to know me in different ways!
– How I can differentiate myself from other Felix Wu?
05/18/2007 Davis Social Links 45
UCDavis, ecs251Spring 2007 DSL (Davis Social Links)
Principle:– Communication should reflect the
(social/trust) relationship between the sender and the receiver, and the receiver should have ways to control that.
Design:– Route discovery based on social keywords
and their potential aggregation– Separation of identity and routability– Penalty and Reputation framework
A B
A BF
FF
05/18/2007 Davis Social Links 46
UCDavis, ecs251Spring 2007Separation of Routing & Identity
• Under DSL, we do not have any fix format identity (defined and interpreted by applications).
05/18/2007 Davis Social Links 47
UCDavis, ecs251Spring 2007 Internet and IP address
• Basic datagram service between one IP address and another
• Routing: exchanging the information regarding the address space and how to reach them.
• Applications built on top of the services– Skype, Google, Bittorrent, Youtube, IM,…
05/18/2007 Davis Social Links 48
UCDavis, ecs251Spring 2007Separation of Routing & Identity
• Under DSL, we do not have any fix format identity (defined and interpreted by applications).
• In route discovery, the “sender to be” within DSL has no idea whether that is the “right” receiver!– Try “Felix Wu” on Google…– And, some applications don’t even care
about that.– The “receiver to be” will need to answer an
application level challenge within the route discovery process.
05/18/2007 Davis Social Links 49
UCDavis, ecs251Spring 2007 Communication
• Applications: email, skype, bittorrent, warcraft, youtube, www.united.com, im– Why do I need IP address as a user?– Why do I need DNS lookup as a user?– Why do we need global identity?
• Global connectivity without global identity!
05/18/2007 Davis Social Links 50
UCDavis, ecs251Spring 2007 An Identity under DSL
• “Key words” plus one or more DSL paths– Why will this be sufficient for
communication?– Especially, when even the DSL information
itself is decentralized? (I.e., in general, no one single DSL router knows the complete DSP.)
05/18/2007 Davis Social Links 51
UCDavis, ecs251Spring 2007Are you two talking to the same Felix
Wu?
• We can have so many simple tests if it is true.
05/18/2007 Davis Social Links 52
UCDavis, ecs251Spring 2007 Keyword: [email protected]
• I sent you an email earlier containing two “secure random numbers”. Here is the first one, and what is the other one?
05/18/2007 Davis Social Links 54
UCDavis, ecs251Spring 2007 An extra plane
• Data, Control, Management planes– Internet Reference model
• Trust and Social Plane!
• Traceability– Tracing routers is one thing (probably not
very interesting)– Tracing the social relationship is the key to
almost everything!
05/18/2007 Davis Social Links 55
UCDavis, ecs251Spring 2007
DSL Route Discovery& Trust Management
DSL Forwarding Plane
05/18/2007 Davis Social Links 56
UCDavis, ecs251Spring 2007
Global Communication Infrastructure
• Information assurance about the infrastructure itself
• Supporting securer & more effective communications– Internet infrastructure is somewhat
“neutral”.– If we have a common software vulnerability,
the Internet guarantees that a robust botnet can be rapidly developed at “network speed.”
05/18/2007 Davis Social Links 57
UCDavis, ecs251Spring 2007Problem? or “Internet is doing
exactly what it supposed to do!”
• spam/spit/spim, worm, spyware, DDoS, virus, phishing, cyberbully…
• Proposition #1: can the applications (plus firewall/IPS/NAT, maybe PKI) be able to win the battle by themselves?
• Proposition #2: can the network infrastructure help in a fundamental way?
05/18/2007 Davis Social Links 58
UCDavis, ecs251Spring 2007Issues about Internet Security
• Mixtures of Good and Bad activities• Privacy is not really preserved while we
can not trace the attack sources• The trust is very ad hoc -- e.g., anybody
can claim to be N years old in blog or the most honest seller on eBay
• Detection is arm-racing, while prevention is not really clear what to prevent
05/18/2007 Davis Social Links 59
UCDavis, ecs251Spring 2007Problem? or “Internet is doing
exactly what it supposed to do!”
• spam/spit/spim, worm, spyware, DDoS, virus, phishing, cyberbully…
• Proposition #1: can the applications (plus firewall/IPS/NAT, maybe PKI) be able to win the battle by themselves?
• Proposition #2: can the network infrastructure help in a fundamental way?– I don’t know but I will give it a try…
05/18/2007 Davis Social Links 60
UCDavis, ecs251Spring 2007 Contact me!
FROM:MR.CHEUNG PUIHang Seng Bank LtdSai Wan Ho Branch171 Shaukiwan RoadHong Kong.
Please contact me on my personal box [[email protected]]
Let me start by introducing myself. I am Mr. Cheung Pui,director of operations of the Hang Seng Bank Ltd,Sai Wan Ho Branch. I have a obscured business suggestion for you.
Before the U.S and Iraqi war our client Major Fadi Basem who was with the Iraqi forces and also business man made a numbered fixed deposit for 18 calendarmonths, with a value of Twenty Four millions Five Hundred Thousand United State Dollars only in my branch. Upon maturity several notice was sent to him,…
05/18/2007 Davis Social Links 61
UCDavis, ecs251Spring 2007
The same message content
• “M” from Cheung Pui
• “M” from Cheung Pui via GGCS mailing list
• “M” from Cheung Pui via Felix Wu
05/18/2007 Davis Social Links 62
UCDavis, ecs251Spring 2007
Social Link Identification
• “M” from Cheung Pui Probably a spam• “M” from Cheung Pui via GGCS mailing
list Probably not interesting• “M” from Cheung Pui via Felix Wu Better be more serious… (at least I
hope)
05/18/2007 Davis Social Links 63
UCDavis, ecs251Spring 2007 Social Links
• We have been utilizing the social infrastructure to enhance our communication for a long time!
• But, can we bring it to the cyber space?– So our trust can be propagated and
managed in network speed!
05/18/2007 Davis Social Links 64
UCDavis, ecs251Spring 2007
Route Discovery Messages
Soccer, BGP, Davis, California, Intrusion Detection, Liechtenstein
AND/OR expression
Soccer, BGP, Davis, California, Intrusion Detection, Liechtenstein+ a few extra
{ a bag of expected words}
Accepted or not??
Receiver
05/18/2007 Davis Social Links 65
UCDavis, ecs251Spring 2007
Route Discovery & DSL Table
001 002
PotentialReceivers
PotentialSenders
incoming outgoingDSL ID
Davis California Japan001
Japan Northern California002
003
Davis CANorthern California
05/18/2007 Davis Social Links 67
UCDavis, ecs251Spring 2007 M
.
.
.
.
Keywords and aggregated keywords
“content addressable emails”
05/18/2007 Davis Social Links 68
UCDavis, ecs251Spring 2007
Function F(incoming) = outgoing
001 002
PotentialReceivers
PotentialSenders
incoming outgoingDSL ID
Davis California Japan001
Japan Northern California002
003
Davis CANorthern California
Policy drivenMaybe itself a service
05/18/2007 Davis Social Links 69
UCDavis, ecs251Spring 2007
Forwarding: Source Routing
Sender:Data packet SR003, 001
05/18/2007 Davis Social Links 70
UCDavis, ecs251Spring 2007
Forwarding: Source Routing
003
001
Sender:Data packet SR003, 001
05/18/2007 Davis Social Links 71
UCDavis, ecs251Spring 2007
Traceability
• Any one individually in the Internet won’t know much about who is talking to what.
• But, if necessary, we can trace back hop by hop using local DSL ID.
05/18/2007 Davis Social Links 72
UCDavis, ecs251Spring 2007 Social Connection
• In route discovery, the receiver might want to know “how are we socially connected?”
• It is controlled by the sender and the intermediate DSL routers regarding how much information need to expose?– Part of the “application test”– If we are going to expose any information,
we need to know why (I.e., the application)– Maybe, we need intermediate DSL router
tests as well!
05/18/2007 Davis Social Links 73
UCDavis, ecs251Spring 2007 Traceability
• Support infrastructure, social routers– Forensics available per data packet
• If one person launches a command to a large number of bots to DDoS/spam some victim, we will be able to identify how this person is “socially connected” to the communication infrastructure.– And, still we will maintain reasonable/strong
user privacy.
05/18/2007 Davis Social Links 74
UCDavis, ecs251Spring 2007
DSL Route Discovery& Trust Management
DSL Forwarding Plane
05/18/2007 Davis Social Links 76
UCDavis, ecs251Spring 2007 Parallel Information
• Information among applications• Meta-information regarding the
information!– Social path information
information
Meta Information
05/18/2007 Davis Social Links 77
UCDavis, ecs251Spring 2007 Filtering in “Layer-3”
• IP header and Transport header• Packet payload analysis
05/18/2007 Davis Social Links 78
UCDavis, ecs251Spring 2007 Filtering in DSL
• “Social Path”
information
Meta Information
05/18/2007 Davis Social Links 79
UCDavis, ecs251Spring 2007 Penalization
• If Alice had forwarded lots of junk mails to Bob, then Bob will lower the priority of the social link between them.
• Alice will be informed about the downgrade.
• Alice needs to investigate “which messages” (from which incoming DSLs) were causing the downgrade.
05/18/2007 Davis Social Links 80
UCDavis, ecs251Spring 2007 Asking a Question
• Get on the bus, Information!
information
DSL query
05/18/2007 Davis Social Links 81
UCDavis, ecs251Spring 2007 Query
The Social Plane
Application
DSL Virtualization
information information
DSL query
Application
DSL Virtualization
DSL query
05/18/2007 Davis Social Links 82
UCDavis, ecs251Spring 2007 On/Off the Bus
• A query– “Is this an attack/virus/worm?”
• A comment– “I am pretty sure that this is an virus, and
you need to harden your environment before you let it off the bus.”
• A trace– “I want to know who will receive this piece
of information indirectly.”
05/18/2007 Davis Social Links 83
UCDavis, ecs251Spring 2007 P2P Incentives
• Trade-off between privacy and availability– If you don’t help in revealing the identities
of some communication sessions, you might be downgraded.
– If you are too easy to give away some identity related information, you might be downgraded as well.
05/18/2007 Davis Social Links 84
UCDavis, ecs251Spring 2007 Revisit Connectivity
• IPv4/v6 or even email address– You have one IP address and you will be
able to connect to every other IP address (if you know who they are).
– Problem of binding between application-layer identity and network-layer identity
– Spam/DDoS
05/18/2007 Davis Social Links 85
UCDavis, ecs251Spring 2007 Definition for DSL Connectivity
• Given a Stable/Converged Aggregate Table– One DSL node will be able to discover at
least one DSL route path toward every other node as long as it knows the origin keywords for the destinations.
– Connectivity means that we will be able to reach all DSL nodes advertising the same bag of origin keywords.
– Aggregation knowledge -- through the asynchronous converging process (toward a system fixed point).
05/18/2007 Davis Social Links 86
UCDavis, ecs251Spring 2007 Fairness in Communication
• Sender Fairness– If you wish to communicate with another
DSL entity, as long as you know the origin keywords, you should have “equal” chance to find “a” path to reach the destination.
– Social differentiation is still there (for the knowledge of origin keywords), but there should be nobody in the middle can block your communication!
05/18/2007 Davis Social Links 87
UCDavis, ecs251Spring 2007 DSL Connectivity
• It is possible that some DSL entities converge into different ways of aggregation for the same set of origin or aggregate keywords.
• But, the connectivity definition is still hold.– As long as the sender knows how to get
through it!
05/18/2007 Davis Social Links 88
UCDavis, ecs251Spring 2007 Comparison
• IP/email:– Convergence to an absolute consistent state– IP/email addresses are all you need, but the
controllability is biased toward the sender
• DSL:– Convergence to a relative consistent state– No global identity. Every DSL entity defines
its own identity based on origin keywords.– Controllability is more balanced with other
application challenges.
05/18/2007 Davis Social Links 89
UCDavis, ecs251Spring 2007
Message Prioritization
Application IDSControl Mechanisms:
Link RanksReputation
Other Trust-Management Metrics
05/18/2007 Davis Social Links 90
UCDavis, ecs251Spring 2007 DSL is an old idea!
We, as human, have been using similar communication principles.
Maybe it is a good opportunity to re-think about communication and trust.
Application-level security will play a major role, but will the infrastructure be sufficient to support the end2end security efficiently?
A B
A BF
FF