Post on 15-Jun-2015
description
Secure Distributed Data Structures forPeer-to-Peer-based Social NetworksP2PCS as part of CTS 2014
Secure Distributed Data Structures forPeer-to-Peer-based Social NetworksP2PCS as part of CTS 2014
May 21, 2014
Jens JaniukAlexander MäckerKalman Graffi
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 1
HEINZ NIXDORF INSTITUTE
University of Paderborn
1 Introduction
2 Distributed List Concept
3 Access Control in Distributed ListRead and Write AccessKey Distribution
4 Evaluation
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 2
HEINZ NIXDORF INSTITUTE
University of Paderborn
Facebook, Google+, Twitter, . . . heavily used nowadays(semi-) public user profilescommunicationcollaboration: sharing and searching user generated content
Current approaches are centralized
full access to data: massive data-miningcensorshipsingle point of failure, scalabilityhigh operational costs
IntroductionOnline Social Networks (OSNs)
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 3
HEINZ NIXDORF INSTITUTE
University of Paderborn
Facebook, Google+, Twitter, . . . heavily used nowadays(semi-) public user profilescommunicationcollaboration: sharing and searching user generated content
Current approaches are centralized
full access to data: massive data-miningcensorshipsingle point of failure, scalabilityhigh operational costs
IntroductionOnline Social Networks (OSNs)
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 3
HEINZ NIXDORF INSTITUTE
University of Paderborn
Peer-to-Peer based OSNs address drawbacks
DHT-based solution (e.g. PeerSoN, LifeSocial)
users build a structured P2P overlaykey-based routingDHT: get, putjoining and leavingreplication
0x11 0x1A0x53
0xA10xCB
0xD1
0x13
IntroductionDecentralized Approaches For OSNs
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 4
HEINZ NIXDORF INSTITUTE
University of Paderborn
1 Introduction
2 Distributed List Concept
3 Access Control in Distributed ListRead and Write AccessKey Distribution
4 Evaluation
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 5
HEINZ NIXDORF INSTITUTE
University of Paderborn
DHT operations (get, put) on single items do not match OSN applications
Functionalities operate oncollection of items
guestbooks/ wall entriesphoto albumsmessage history, . . .
Distributed List ConceptMotivation For Distributed Data Structures
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 6
HEINZ NIXDORF INSTITUTE
University of Paderborn
A) List =̂ DHT item+ single get to retrieve list- overloaded peers- no parallelization
B) List element =̂ DHT item+ parallelization+ overloading less probable- many messages
0x11 0x1A0x53
0xA10xCB
0xD1
C) Partition list into buckets, store buckets in DHT+ splitsize gives tradeoff between A) and B)
i-th element has id=hash(listname + bi/splitsizec)
Distributed List ConceptStorage Organization
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
HEINZ NIXDORF INSTITUTE
University of Paderborn
A) List =̂ DHT item+ single get to retrieve list- overloaded peers- no parallelization
B) List element =̂ DHT item+ parallelization+ overloading less probable- many messages
0x11 0x1A0x53
0xA10xCB
0xD1
C) Partition list into buckets, store buckets in DHT+ splitsize gives tradeoff between A) and B)
i-th element has id=hash(listname + bi/splitsizec)
Distributed List ConceptStorage Organization
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
HEINZ NIXDORF INSTITUTE
University of Paderborn
A) List =̂ DHT item+ single get to retrieve list- overloaded peers- no parallelization
B) List element =̂ DHT item+ parallelization+ overloading less probable- many messages
0x11 0x1A0x53
0xA10xCB
0xD1
C) Partition list into buckets, store buckets in DHT+ splitsize gives tradeoff between A) and B)
i-th element has id=hash(listname + bi/splitsizec)
Distributed List ConceptStorage Organization
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
HEINZ NIXDORF INSTITUTE
University of Paderborn
A) List =̂ DHT item+ single get to retrieve list- overloaded peers- no parallelization
B) List element =̂ DHT item+ parallelization+ overloading less probable- many messages
0x11 0x1A0x53
0xA10xCB
0xD1
C) Partition list into buckets, store buckets in DHT+ splitsize gives tradeoff between A) and B)
i-th element has id=hash(listname + bi/splitsizec)
Distributed List ConceptStorage Organization
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
HEINZ NIXDORF INSTITUTE
University of Paderborn
Operations on list by put/get functionalities inefficientwhole buckets are sent through network, e.g.,set(i): retrieve bucket, send back bucketcontains(item): retrieve (several) bucket(s)
Introduce Remote Operationsuse lookup function to issue commandsmessage contains request, possibly some data+ less traffic
Distributed List ConceptRemote Operations
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 8
HEINZ NIXDORF INSTITUTE
University of Paderborn
Operations on list by put/get functionalities inefficientwhole buckets are sent through network, e.g.,set(i): retrieve bucket, send back bucketcontains(item): retrieve (several) bucket(s)
Introduce Remote Operationsuse lookup function to issue commandsmessage contains request, possibly some data+ less traffic
Distributed List ConceptRemote Operations
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 8
HEINZ NIXDORF INSTITUTE
University of Paderborn
1 Introduction
2 Distributed List Concept
3 Access Control in Distributed ListRead and Write AccessKey Distribution
4 Evaluation
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 9
HEINZ NIXDORF INSTITUTE
University of Paderborn
User Alice has friends Bob and Carol
Alice has guestbook/ wall for friends (distributed list)Only Alice and friends can read wallOnly Alice and friends may create new entriesOnly author can modify existing entry
Alice
Bob Carol
Access Control in Distributed ListExample
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
HEINZ NIXDORF INSTITUTE
University of Paderborn
User Alice has friends Bob and CarolAlice has guestbook/ wall for friends (distributed list)
Only Alice and friends can read wallOnly Alice and friends may create new entriesOnly author can modify existing entry
Alice
Bob Carol
Access Control in Distributed ListExample
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
HEINZ NIXDORF INSTITUTE
University of Paderborn
User Alice has friends Bob and CarolAlice has guestbook/ wall for friends (distributed list)Only Alice and friends can read wall
Only Alice and friends may create new entriesOnly author can modify existing entry
Alice
Dave
Access Control in Distributed ListExample
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
HEINZ NIXDORF INSTITUTE
University of Paderborn
User Alice has friends Bob and CarolAlice has guestbook/ wall for friends (distributed list)Only Alice and friends can read wallOnly Alice and friends may create new entries
Only author can modify existing entry
Alice
Bob Carol
Access Control in Distributed ListExample
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
HEINZ NIXDORF INSTITUTE
University of Paderborn
User Alice has friends Bob and CarolAlice has guestbook/ wall for friends (distributed list)Only Alice and friends can read wallOnly Alice and friends may create new entries
Only author can modify existing entry
Alice
DaveBob Carol
Access Control in Distributed ListExample
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
HEINZ NIXDORF INSTITUTE
University of Paderborn
User Alice has friends Bob and CarolAlice has guestbook/ wall for friends (distributed list)Only Alice and friends can read wallOnly Alice and friends may create new entriesOnly author can modify existing entry
Alice
DaveBob Carol
Access Control in Distributed ListExample
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
HEINZ NIXDORF INSTITUTE
University of Paderborn
Restrict read accessencrypt elements with common symmetric key
Restrict changing elements
sign elements with author’s private key (+nonce)storing peer verifies signatures
Restrict adding elements
bucket signed with common key of Alice and friends
Access Control in Distributed ListUsing Cryptographic Means
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 11
HEINZ NIXDORF INSTITUTE
University of Paderborn
Restrict read accessencrypt elements with common symmetric key
Restrict changing elementssign elements with author’s private key (+nonce)storing peer verifies signatures
Restrict adding elements
bucket signed with common key of Alice and friends
Access Control in Distributed ListUsing Cryptographic Means
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 11
HEINZ NIXDORF INSTITUTE
University of Paderborn
Restrict read accessencrypt elements with common symmetric key
Restrict changing elementssign elements with author’s private key (+nonce)storing peer verifies signatures
Restrict adding elementsbucket signed with common key of Alice and friends
Access Control in Distributed ListUsing Cryptographic Means
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 11
HEINZ NIXDORF INSTITUTE
University of Paderborn
1 Introduction
2 Distributed List Concept
3 Access Control in Distributed ListRead and Write AccessKey Distribution
4 Evaluation
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 12
HEINZ NIXDORF INSTITUTE
University of Paderborn
Bootstrap security (Graffi et al. IEEE LCN 2009)derive private key from user name and passwordderive public key = identifier of user
Create and store a group itemasymmetric key pair (eG, dG), symmetric key SG
stored encrypted for each member
Access Control in Distributed ListKey Distribution by Groups
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 13
HEINZ NIXDORF INSTITUTE
University of Paderborn
Bootstrap security (Graffi et al. IEEE LCN 2009)derive private key from user name and passwordderive public key = identifier of user
Create and store a group itemasymmetric key pair (eG, dG), symmetric key SG
stored encrypted for each member
Access Control in Distributed ListKey Distribution by Groups
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 13
HEINZ NIXDORF INSTITUTE
University of Paderborn
1 Introduction
2 Distributed List Concept
3 Access Control in Distributed ListRead and Write AccessKey Distribution
4 Evaluation
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 14
HEINZ NIXDORF INSTITUTE
University of Paderborn
Simulation of 1000 list operationseach bucket stored at different nodeelements of size 1 kB
traffic considerably reducedtraffic depends on splitsize
Operation A Bget(i) 0.5 0.93add(item) 0.375 0.053remove(i) 0.125 0.017
EvaluationImpact on Traffic
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 15
HEINZ NIXDORF INSTITUTE
University of Paderborn
Simulation of 1000 list operationseach bucket stored at different nodeelements of size 1 kBtraffic considerably reduced
traffic depends on splitsize
Operation A Bget(i) 0.5 0.93add(item) 0.375 0.053remove(i) 0.125 0.017
0 200 400 600 800 1000
050
000
1500
0025
0000
operations
traffi
c (k
B)
remote ops, splitsize=10, consolidationremote ops, splitsize=infremote ops, splitsize=10no remote ops, splitsize=inf
0 200 400 600 800 1000
020
0060
0010
000
operations
traffi
c (k
B)
remote ops, splitsize=10, consolidationremote ops, splitsize=infremote ops, splitsize=10no remote ops, splitsize=inf
EvaluationImpact on Traffic
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 15
HEINZ NIXDORF INSTITUTE
University of Paderborn
Simulation of 1000 list operationseach bucket stored at different nodeelements of size 1 kBtraffic considerably reducedtraffic depends on splitsize
Operation A Bget(i) 0.5 0.93add(item) 0.375 0.053remove(i) 0.125 0.017
0 200 400 600 800 1000
010
000
3000
0
operations
traffi
c (k
B)
splitsize=1, no consolidationsplitsize=5, no consolidationsplitsize=20, no consolidationsplitsize=100, no consolidation
0 200 400 600 800 1000
020
0040
0060
00
operations
traffi
c (k
B)
splitsize=1, no consolidationsplitsize=5, no consolidationsplitsize=20, no consolidationsplitsize=100, no consolidation
EvaluationImpact on Traffic
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 15
HEINZ NIXDORF INSTITUTE
University of Paderborn
Distributed datastructures are useful for OSNs
Buckets and remote operations allow flexible, efficient list functionalities
Access control fundamental in OSNs
Cryptographic approaches and groups to control access to list
Summary
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 16
HEINZ NIXDORF INSTITUTE
University of Paderborn
Thank you for your attention!Thank you for your attention!
Alexander Mäcker
Heinz Nixdorf Institute& Department of Computer ScienceUniversity of Paderborn
Address: Fürstenallee 1133102 PaderbornGermany
E-mail: amaecker@upb.deWeb: http://www.p2pframework.com
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 17
HEINZ NIXDORF INSTITUTE
University of Paderborn
1) C requests item from S; possibly sends hash of its own version of item
2) S replies with current version of item or ACK
3) C performs following steps
perform change locallycompute signaturesend back signature, command and old hash
4) C compares hashes; either performs changes locally and stores or back to step 2
Remote Write Access
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 18
HEINZ NIXDORF INSTITUTE
University of Paderborn
1) Initiating node computes B′k and B′
k+1 and signatures Sig(B′k), Sig(B′
k+1).Signatures sent to nodes Sk and Sk+1 storing Bk and Bk+1.
2) Sk and Sk+1 compute B′k and B′
k+1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
4) On reception of notification, Sk+1 stores B′k and notifies Sk+1.
5) On reception of notification, Sk stores B′k+1 after checking that B′
k is stored asexpected.
Consolidation of Distributed List
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
HEINZ NIXDORF INSTITUTE
University of Paderborn
1) Initiating node computes B′k and B′
k+1 and signatures Sig(B′k), Sig(B′
k+1).Signatures sent to nodes Sk and Sk+1 storing Bk and Bk+1.
2) Sk and Sk+1 compute B′k and B′
k+1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
4) On reception of notification, Sk+1 stores B′k and notifies Sk+1.
5) On reception of notification, Sk stores B′k+1 after checking that B′
k is stored asexpected.
Consolidation of Distributed List
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
HEINZ NIXDORF INSTITUTE
University of Paderborn
1) Initiating node computes B′k and B′
k+1 and signatures Sig(B′k), Sig(B′
k+1).Signatures sent to nodes Sk and Sk+1 storing Bk and Bk+1.
2) Sk and Sk+1 compute B′k and B′
k+1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
4) On reception of notification, Sk+1 stores B′k and notifies Sk+1.
5) On reception of notification, Sk stores B′k+1 after checking that B′
k is stored asexpected.
Consolidation of Distributed List
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
HEINZ NIXDORF INSTITUTE
University of Paderborn
1) Initiating node computes B′k and B′
k+1 and signatures Sig(B′k), Sig(B′
k+1).Signatures sent to nodes Sk and Sk+1 storing Bk and Bk+1.
2) Sk and Sk+1 compute B′k and B′
k+1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
4) On reception of notification, Sk+1 stores B′k and notifies Sk+1.
5) On reception of notification, Sk stores B′k+1 after checking that B′
k is stored asexpected.
Consolidation of Distributed List
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
HEINZ NIXDORF INSTITUTE
University of Paderborn
1) Initiating node computes B′k and B′
k+1 and signatures Sig(B′k), Sig(B′
k+1).Signatures sent to nodes Sk and Sk+1 storing Bk and Bk+1.
2) Sk and Sk+1 compute B′k and B′
k+1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
4) On reception of notification, Sk+1 stores B′k and notifies Sk+1.
5) On reception of notification, Sk stores B′k+1 after checking that B′
k is stored asexpected.
Consolidation of Distributed List
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
HEINZ NIXDORF INSTITUTE
University of Paderborn