Trust and Reputation Issues

The basic p2p file-sharing implementations are usually open and blindly trusting. Any protocol-compliant computer that wishes to connect is accepted, assuming the accepting host’s connectivity settings allow new incoming connections. This behavior is after all the original open paradigm of mutual trust that used to rule in networks.

Complete openness however also means that the network is open to disruptive intrusions by rogue software. Although the current implementations are fairly resilient and generally immune to message spoofing, computer and bandwidth resources are finite and can eventually be overwhelmed. Intruders can exploit various vulnerabilities to disrupt at least the immediate subweb for a time. Ping and request flooding, false hit messages, and directed denial-of-service attacks on discovered nodes are some disruptive methods seen.

In late 2001, for example, it seemed that concerted attempts to disrupt music-sharing networks by, it was said, agents acting on the behalf of the music copyright owners. Bogus clients would repeatedly join the network and proceed to DoS-flood selected nodes that responded to queries for commercial music tracks. As a rule, the attacks proved little more than an inconvenience—the disrupted nodes quickly reestablish connectivity as part of another subweb, and the dynamic network moved on pretty much as usual. After all, the whole point of atomistic p2p is that the network doesn’t rely on any specific nodes to function.

Settings to filter or block connections based on user-specified criteria are generally available on all clients, but the default behavior has been not to filter. On the other hand, this initial openness is changing; more users begin to reconfigure the defaults, and more clients install with less permissive configurations. Typical filters will quickly drop nodes that aren’t sharing any content or have fewer than a certain number of connections, in addition to blocking the usual lists of explicitly entered addresses or blocks of addresses that users lose patience with.

Lately, there is a growing trend to implement something more sophisticated, with features spearheaded by some of the more innovative implementations. The new forms of connectivity management for p2p applications include various forms of trust or reputation management, encryption and digital signatures. The desire is to make the network more reliable and robust without the extra security getting in the way of legitimate users. However, p2p developers also want to avoid the kind of central administration and filtering that are ever-more characteristic of the server-centric solutions. The latter rapidly become overly restrictive under litigious or governmental pressures that can be applied to any central node.