Skip to main content
SpringerLink
Log in

mSSL: A framework for trusted and incentivized peer-to-peer data sharing between distrusted and selfish clients

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Conventional client-server applications can be enhanced by enabling peer-to-peer data sharing between the clients, greatly reducing the scalability concern when a large number of clients access a single server. However, for these “hybrid peer-to-peer applications,” obtaining data from peer clients may not be secure, and clients may lack incentives in providing or receiving data from their peers. In this paper, we describe our mSSL framework that encompasses key security and incentive functions that hybrid peer-to-peer applications can selectively invoke based on their need. In contrast to the conventional SSL protocol that only protects client-server connections, mSSL not only supports client authentication and data confidentiality, but also ensures data integrity through a novel exploit of Merkle hash trees, all under the assumption that data sharing can be between untrustworthy clients. Moreover, with mSSL’s incentive functions, any client that provides data to its peers can also obtain accurate proofs or digital money for its service securely and reliably. Our evaluation further shows that mSSL is not only fast and effective, but also has a reasonable overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. BitTorrent Inc. (2005) BitTorrent. http://bittorrent.com

  2. Sherwood R, Braud R, Bhattacharjee B (2004) Slurpie: a cooperative bulk data transfer protocol. In: IEEE INFOCOM

  3. Kong K, Ghosal D (1999) Mitigating server-side congestion in the internet through pseudoserving. IEEE/ACM Trans Netw 7(4):530–544

    Article  Google Scholar 

  4. Stavrou A, Rubenstein D, Sahu S (2002) A lightweight, robust P2P system to handle flash crowds. In: Proceedings of ICNP. Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 226–235

    Google Scholar 

  5. Rescorla E (2001) SSL and TLS: designing and building secure systems. Addison-Wesley, Boston, MA, USA

    Google Scholar 

  6. Yang B, Garcia-Molina H (2003) PPay: micropayments for peer-to-peer systems. In: Proceedings of the conference on computer and communications security. ACM Press, New York, pp 300–310

    Google Scholar 

  7. Merkle R (1980) Protocols for public key cryptosystems. In: IEEE symposium on privacy and security, pp 122–134

  8. Wong CK, Lam SS (1999) Digital signatures for flows and multicasts. IEEE/ACM Trans Netw 7(4):502–513

    Article  Google Scholar 

  9. O’Connor L, Karjoth G (2002) Efficient downloading and updating applications on portable devices using authentication trees. In: IFIP TC8/WG8.8 4th working conference on smart card research and advanced applications. Kluwer Academic Publishers, Norwell

    Google Scholar 

  10. Yang YR, Li XS, Zhang XB, Lam SS (2001) Reliable group rekeying: a performance analysis. In: Proceedings of ACM SIGCOMM. ACM Press, California, pp 27–38

    Google Scholar 

  11. Mathis M, Mahdavi J, Floyd S, Romanow A (1996) IETF RFC 2018: TCP selective acknowledgement options

  12. Cohen B (2003) Incentives build robustness in BitTorrent. In: Workshop on economics of peer-to-peer systems

  13. Habib A, Xu D, Atallah M, Bhargava B, Chuang J (2005) Verifying data integrity in peer-to-peer media streaming. In: Twelfth annual multimedia computing and networking (MMCN’05)

  14. Devanbu PT, Gertz M, Martel CU, Stubblebine SG (2001) Authentic third-party data publication. In: Proceedings of the IFIP TC11/ WG11.3 14th annual working conference on database security. Deventer, The Netherlands, Kluwer, B.V., pp 101–112

  15. Bertino E, Carminati B, Ferrari E, Thuraisingham BM, Gupta A (2004) Selective and authentic third-party distribution of XML documents. IEEE Trans Knowl Data Eng 16(10):1263–1278

    Article  Google Scholar 

  16. Neuman BC, Ts’o T (1994) Kerberos: an authentication service for computer networks. IEEE Commun 32(9):33–38

    Article  Google Scholar 

  17. Camenisch J, Lysyanskaya A, Meyerovich M (2007) Endorsed e-cash. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, Los Alamitos, CA, pp 101–115

    Google Scholar 

  18. Cox B, Tygar JD, Sirbu M (1995) NetBill security and transaction protocol. In: The first USENIX workshop on electronic commerce, pp 77–88

  19. Zhou J, Gollmann D (1997) Evidence and non-repudiation. J Netw Comput Appl 20(3):267–281

    Article  Google Scholar 

  20. Bahreman A, Tygar JD (1994) Certified electronic mail. In: Proc. of symposium on network and distributed systems security. Internet Society, San Diego, pp 3–19

    Google Scholar 

  21. Wang G (2005) An abuse-free fair contract signing protocol based on the RSA signature. In: WWW 2005. ACM Press, New York, pp 412–421

    Chapter  Google Scholar 

  22. Ateniese G (1999) Efficient verifiable encryption (and fair exchange) of digital signature. In: Proceedings of the conference on computer and communications security. ACM Press, New York, pp 138–146

    Google Scholar 

  23. Ben-Or M, Goldreich O, Micali S, Rivest RL (1990) A fair protocol for signing contracts. IEEE Trans Inf Theory 36(1):40–46

    Article  Google Scholar 

  24. Kremer S, Markowitch O, Zhou J (2002) An intensive survey of fair non-repudiation protocols. Comput Commun 25(17):1606–1621

    Article  Google Scholar 

  25. Louridas P (2000) Some guidelines for non-repudiation protocols. ACM SIGCOMM Comput Commun Rev 30(5):29–38

    Article  Google Scholar 

  26. Coffey T, Saidha P (1996) Non-repudiation with mandatory proof of receipt. ACM SIGCOMM Comput Commun Rev 26(1):6–17

    Article  Google Scholar 

  27. Zhang N, Shi Q (1996) Achieving non-repudiation of receipt. Comput J 39(10):844–853

    Article  Google Scholar 

  28. Zhou J, Gollmann D (1996) A fair non-repudiation protocol. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society Press, Oakland, CA, pp 55–61

    Google Scholar 

  29. Asokan N, Shoup V, Waidner M (1998) Asynchronous protocols for optimistic fair exchange. In: Proceedings of the IEEE symposium on security and privacy. Oakland, CA, pp 86–99

  30. Kremer S, Markowitch O (2000) Optimistic non-repudiable information exchange. In: Proceedings of the 21st symposium on information theory in the Benelux. Wassenaar, The Netherlands, pp 139–146

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer and Information Science, University of Oregon, Eugene, OR, 97403-1202, USA

    Jun Li

Authors
  1. Jun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jun Li.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, J. mSSL: A framework for trusted and incentivized peer-to-peer data sharing between distrusted and selfish clients. Peer-to-Peer Netw. Appl. 4, 325–345 (2011). https://doi.org/10.1007/s12083-010-0087-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-010-0087-x

Keywords

Search

Navigation