4.1 place on anonymity in the context of the

4.1
Anonymity

There is much work that has taken place on anonymity
in the context of the internet both at the network-layer as well as at the
application-layer. In this section we specifically focus on application-layer
anonymity in P2P data sharing systems. While some would suggest that many users
are interested in anonymity because it allows them to illegally trade copyrighted
data files in an untraceable fashion, there are many legitimate reasons for
supporting anonymity in a P2P system. Anonymity can enable censorship resistance,
freedom of speech without the fear of persecution, and privacy protection.
Malicious parties can be prevented from deterring the creation, publication,
and distribution of documents.For example, such a system may allow an Iraqi
nuclear scientist to publish a document about the true state of Iraq’s nuclear
weapons program to the world without the fear that Saddam Hussein’s regime could
trace the document back to him or her. Users that access documents could also
have their privacy protected in such a system. An FBI agent could access a
company’s public information resources (i.e., web pages, databases, etc.) anonymously
so as not to arouse suspicion that the company may be under investigation. There
are a number of different types of anonymity that can be provided in a P2P
system. It is difficult for the adversary to determine the answers to different
questions for different types of anonymity. We would ideally like to provide
anonymity while maintaining other desirable search and security features such
as efficiency, decentralization, and peer discovery. Unfortunately, providing
various types of anonymity often conflicts with these design goals for a P2P system.
To illustrate one of these conflicting goals, consider the natural trade-off
between server anonymity and efficient search. If we are to provide server anonymity,
it should be impossible to determine which nodes are responsible for storing a document.
On the other hand, if we would like to be able to efficiently search for a
document, we should be able to tell exactly which nodes are responsible for storing
a document. A P2P system such as Free Haven that strives to provide server
anonymity resorts to broadcast search, while others such as Freenet provide for
efficient search but do not provide for server anonymity. Freenet does, however,
provide author anonymity. Nevertheless, supporting server anonymity and efficient
search concurrently remains an open issue. There exists a middle-ground: we
might be able to provide some level of server by assigning pseudonyms to each
server, albeit at the cost of search efficiency. If an adversary is able to
determine the pseudonym for the server of a controversial document, the
adversary is still unable to map the pseudonym to the publisher’s true identity
or location. The document can be accessed in such a way as to preserve the
server’s anonymity by requiring that a reader (a potential adversary) never
directly communicate with a server. Instead, readers only communicate with a
server through a chain of intermediate proxy nodes that forward requests from
the reader to the server. The reader presents the server’s pseudonym to a proxy
to request communication with the server (thereby hiding a server’s true
identity), and never obtains a connection to the actual server for a document
(thereby hiding the server’s location). Reader anonymity can also be provided
using a chain of intermediate proxies, as the server does not know who the
actual requester of a document is, and each proxy does not know if the previous
node in the chain is the actual reader or is just another proxy. Of course, in
both these cases, the anonymity is provided based on the assumption that proxies
do not collude. The degradation of anonymity protocols under attacks has been
studied in and this study suggests that further work is necessary in this area.
Free Haven and Crowds are examples of systems that use forwarding proxies to
provide various types of anonymity with varying strength. Each of these systems
differ in how the level of anonymity degrades as more and more potentially
colluding malicious nodes take on the responsibilities of proxies. Other techniques
that are commonly found in systems that provide anonymity include mix networks
and using cryptographic secret-sharing techniques to split files into many
shares.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

4.2
Access Control

Intellectual
property management and digital rights management issues can be cast as access
control problems. We want to restrict the accessibility of documents to only
those users that have paid for that access. P2P systems currently cannot be
trusted to successfully enforce copyright laws or carry out any form of such
digital rights management, especially since few assumptions can be made about
key management infrastructure. This has led to blatant violation of copyright
laws by users of P2P systems, and has also led to lawsuits against companies that
build P2P systems. The trade-offs involved in enforcing access control in a P2P
data sharing system are challenging because if a system imposes restrictions
over what types of data it shares (i.e., only copy-protected content), then its
utility will be limited. On the other hand, if it imposes no such restrictions,
then it can be used as a platform to freely distribute any content to anyone
that wants it. Further effort must go into exploring whether or not it is reasonable
to have P2P network enforce access control, or if the enforcements should take
place at the endpoints of the network. In either case, only users that own (or
have paid for) the right to download and access certain files should be able to
do so to legally support data sharing applications.