Abstract
Due to their nature, Peer-to-Peer (P2P) systems are subject to a wide range of security issues. In this paper, we focus on a specific security property, called the root authenticity (or RA) property of the so-called structured P2P overlays. We propose a P2P architecture that uses Trusted Computing as the security mechanism. We formalize that system using a process algebra (CSP), then verify that it indeed meets the RA property.
Chapter PDF
Similar content being viewed by others
References
Gnutella Project: Gnutella specification. WorldWide Web (July 2007), http://rfc-gnutella.sourceforge.net/developer/testing/
Emule Project: emule homepage. World Wide Web (May 2002), http://www.emule-project.net/
Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. In: 2001 ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 149–160 (2001)
Rowstron, A.I.T., Druschel, P.: Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg, pp. 329–350 (2001)
Rowstron, A., Druschel, P.: Storage management and caching in past, a large-scale, persistent peer-to-peer storage utility. SIGOPS Operating Systems Review 35(5), 188–201 (2001)
Bryan, D.A., Lowekamp, B.B., Jennings, C.: Sosimple: A serverless, standardsbased, p2p sip communication system. In: International Workshop on Advanced Archtectures and Algorithms for Internet Delivery and Applications, pp. 42–49 (2005)
Castro, M., Duschel, P., Kermarrec, A.M., Rowstron, A.: Scribe: a large-scale and decentralized application-level multicast infrastructure. IEEE Journal on Selected Areas in Communication 20(8) (2002)
Dinh, T.T.A., Chothia, T., Ryan, M.: A trusted infrastructure for p2p-based marketplaces. In: 9th IEEE International Conference on P2P Computing, pp. 151–154 (2009)
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, pp. 1–9 (2008)
Dinh, T.T.A., Ryan, M.: Checking security property of P2P systems in CSP. Technical Report CSR-10-07, School of Computer Science, University of Birmingham (2010), http://www.cs.bham.ac.uk/~ttd/files/technicalReport.pdf
Sit, E., Morris, R.: Security considerations for peer-to-peer distributed hash tables. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 261–269. Springer, Heidelberg (2002)
Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, D.S.: Secure routing for structured peer-to-peer overlay networks. ACM SIGOPS Operating Systems Review 36(SI), 299–314 (2002)
Wang, P., Hopper, N., Osipkov, I., Kim, Y.: Myrmic: Secure and robust DHT routing. Technical report, University of Minnesota (2006)
Ganesh, L., Zhao, B.Y.: Identity theft protection in structured overlays. In: EEE Workshop on Secure Network Protocols, pp. 49–54 (2005)
Borgström, J., Nestmann, U., Alima, L.O., Gurov, D.: Verifying a structured peerto- peer overlay network: The static case. In: Global Computing, pp. 250–265 (2004)
Bakhshi, R., Gurov, D.: Verification of peer-to-peer algorithms: A case study. Electronic Notes in Theoretical Computer Science 181, 35–47 (2007)
Dabek, F., Zhao, B., Druschel, P., Kubiatowicz, J., Stoica, I.: Towards a common api for structured peer-to-peer overlays. In: Kaashoek, M.F., Stoica, I. (eds.) IPTPS 2003. LNCS, vol. 2735, pp. 33–44. Springer, Heidelberg (2003)
Trusted Computing Group: TPM Specification version 1.2. Parts 1–3 (2007), http://www.trustedcomputinggroup.org/specs/TPM/
ISO/IEC PAS DIS 11889: Information technology – Security techniques – Trusted platform module
Trusted Computing Group: Press release (2008), http://www.trustedcomputinggroup.org/news/press/member_releases/WAVETCGPROMOTI%ONMW5_31_FINAL_.pdf
Trusted Computing Group: TCG timeline (2008), http://www.trustedcomputinggroup.org/about/corporate_documents/
Balfe, S., Lakhani, A.D., Paterson, K.G.: Trusted computing: Providing security for peer-to-peer networks. In: International Conference on Peer-to-Peer Computing, pp. 117–124. IEEE Computer Society, Los Alamitos (2005)
Lazic, R.S.: A Semantic Study of Data-Independence with Applications to the Mechanical Verification of Concurrent Systems. PhD thesis, Oxford University (1997)
Broadfoot, P.J.: Data Independence in the Model Checking of Security Protocols. PhD thesis, Oxford University (2001)
Formal System Europe Ltd: FDR2 model checker tool. World Wide Web, http://www.fsel.com/software.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dinh, T.T.A., Ryan, M. (2010). Verifying Security Property of Peer-to-Peer Systems Using CSP. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15497-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-15497-3_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15496-6
Online ISBN: 978-3-642-15497-3
eBook Packages: Computer ScienceComputer Science (R0)