A Fair Transaction Mechanism for P2P FileSharing Applications

1
A Fair Transaction Mechanism for P2P File-Sharing
Applications

• Dongsheng Peng
• 2009.01

2
Outline

• Introduction of P2P payment system
• Drawback
• Related works
• Fair exchange mechanism
• Performance analysis
• Implement considerations

3
Introduction of P2P payment system

• Typical P2P payment system
• DHT network
• A group of n nodes(Bank-set) in charge of money
  of each node
• Bank-set communicates
• in pair-wise way, decision
• making using majority
• Principle.
• Security of bank-set
• Suppose that ratio of
• malicious nodes is m,

4
Drawback

• Problem
• Payment system can solve the problem of
  Free-Riding, prevent abuse of resources and
  improve system availability. But the existing
  payment systems cannot guarantee the fairness of
  transaction.
• Requirements for fairness exchange
• Atomic exchange of file and money if a
  transaction succeeds, both sides get the desired
  file and money otherwise, both sides cannot
  benefit from the existing information they owned
• Security of the transaction process the trading
  content must not leak out to the third party.

5
Related works

• In many cases, buyer must pay money soon after
  negotiation is completed, its unfair to the
  buyer for the risk of unable to obtain the
  required resources.
• KARMA(p2pecon03)
• suggests to use certified mail scheme, which
  will cause many extra overhead.
• MARCH(infocom07)
• does not verify the trading contents. Instead, if
  the buyer thinks the file is fake, he accuse the
  seller. The authority punishes the seller by
  freezing the amount of money the buyer claims to
  lose. However, the punishment is unfounded.
• coin-ripping(EuroCrypt 95)
• The method prevents buyer from losing money. But
  it cannot solve the dispute in the case of
  unsuccessful commodity delivery.

6
Fair exchange mechanism

• Designing a fair exchange mechanism based on the
  existing payment systems
• Atomic exchange of file and money
• Trading file is signed by private key of the
  provider for distinguish and arbitration
• Third Trusted Party is constructed in distributed
  method to eliminate performance bottom neck
• Base on the existing payment systems to decrease
  extra overhead
• The fair exchange mechanism would not lead to
  security degradation to the payment system.

7
Fair exchange mechanism

• Suppose that
• Alice is buyer, Bob is file provider
• Before transaction
• Each file is identified by its Hash digest
• Downloader selects the proper file in the search
  results according to the reputation of the
  providers and prices, and signs a contract
• A contract should contain
• ID of both sides, file name, digest, money,
  payment receipt
• Trusted Third Party(TTP) is constructed in the
  same method as bank-set(consist of n nodes, using
  majority principle for decision making)

8
Fair exchange mechanism

• Transaction flow

1)Contract signing When Alice and Bob come to an
agreement on the trading file and money, they
sign the contract, which contains C Contract
ID, PKAlice, PKBob, F, (F)md5, Npnt, P Where
PKAlice and PKBob are public keys, (F)md5 is file
digest, Npnt is amount of money, P is receipt.
Both sides sign the contract with their private
keys, and register the contract to their
Bank-sets.
2)File encryption Bob generates a secret key K
randomly, encrypts file F and gets F FK. Then
he calculates the digest (F)md5, and generates
the signature K, (F)md5SK_B.
3)File transmission Bob sends file F to Alice,
and then send ltK, (F)md5, K, (F)md5SK_BgtBob
to TTP. Msg1 Bob-gtAlice ltFgtBob Msg2 Bob-gtTTP
ltK, (F)md5, K, (F)md5SK_BgtBob Alice obtains
file F, calculates the digest (F)md5, generates
the receipt R, signs the digest and receipt, and
gets R, (F)md5SK_A. Then Alice sends the
digest, receipt and signature to
TTP. Msg3 Alice-gtTTP ltP, (F)md5, P,
(F)md5SK_AgtAlice
4)Fair exchange TTP verifies R, (F)md5SK_A and
K, (F)md5SK_B. Then lt(F)md5gtAlice and
lt(F)md5gtBob are compared. If the digests are the
same, receipt R is verified. If passed, TTP sends
ltK, K, (F)md5SK_BgtBob to Alice, and lt R, R,
(F)md5SK_A gtAlice to Bob otherwise, the
transaction failed, not information is
exchanged. IF lt(F)md5gtAlice lt(F)md5gtBob and
P is verified Msg4 TTP-gtAlice ltK, K,
(F)md5SK_BgtBob Msg5 TTP-gtBob ltP, P,
(F)md5SK_AgtAlice ELSE Transaction failed.
5)Arbitration If Alice finds that the calculated
digest (F)md5 and the one in the contract are not
same, Alice sends file F and Msg4 to TTP for
arbitration. After verification, TTP punishes Bob
and returns the money back.
9
Fair exchange mechanism
C Contract ID, PKAlice, PKBob, F, (F)md5,
Npnt, P
Alice
Bob
1)Contract signing
F FK
2)File encryption
(F)md5
3)File transmission
P, (F)md5, P, (F)md5SK_A
K, (F)md5SK_B
4)Fair exchange
K, (F)md5, K, (F)md5SK_B
5)Arbitration
F
K, K, (F)md5SK_B
P, P, (F)md5SK_A
BankA
Trusted Third Party
10
Fair exchange mechanism

• Problems
• If any node in TTP colludes with Alice, Alice
  could decrypt the file without sending the
  receipt R to TTP
• If any node in TTP colludes with Bob, Bob could
  use the receipt R to transfer the money without
  sending secret key K to TTP.
• So the atomic exchange cannot be guaranteed.

11
Fair exchange mechanism

• Improvements
• Modify the payment mechanism, restrict that TTP
  instead of the provider send money freezing and
  transfer requests.
• Modify the transaction flow, postpone Msg2
  transmission until TTP have received Msg3. Msg3
  is firstly sent to TTP and verified. If
  verification is passed, TTP require Bob to send
  Msg2.

Improvement 1 can prevent collusion attacks of
few TTP peers with Bob Improvement 2 can prevent
collusion attacks of few TTP peers with Alice
12
Fair exchange mechanism
C Contract ID, PKAlice, PKBob, F, (F)md5,
Npnt, P
Alice
Bob
1)Contract signing
F FK
2)File encryption
(F)md5
3)File transmission
P, (F)md5, P, (F)md5SK_A
K, (F)md5SK_B
4)Fair exchange
K, (F)md5, K, (F)md5SK_B
5)Arbitration
F
K, K, (F)md5SK_B
P, P, (F)md5SK_A
BankA
Trusted Third Party
13
Fair exchange mechanism

Improved Transaction flow in SPN
Transaction flow in SPN (before improvement)
14
Performance analysis

• Security impact
• The usage of TTP in the transaction may bring
  security degradation.
• But the degradation can be eliminated by
  amalgamation TTP function with Bank-set.
• Trading session delay
• Small-size files have obviously delay than large
  files.
• As the file size k increases, the additional
  delay is the duration that file encryption and
  decryption cost.
• Overhead on TTP
• In usual cases, transaction process time is
  short, so overhead on TTP is always small.

15
Implement considerations

• The receipt P
• Phash(P),put P in the contract,and use P as
  the receipt?
• Trusted Third Party
• Let BankA undertake the task of TTP
• - less participants, improve the security of
  transaction
• eliminate one message transmission and one
  verification operation in contrast to BankB
• t-out-of-n secret sharing
• An altenate solution to improvement2 Bob encodes
  Msg2 into n parts and sends to n peers of TTP. If
  and only if TTP get no less than t parts, he can
  recover the original message.
• eliminate the communication overhead and
  processing latency, but need more computation
  overhead.

16
Thanks!

• Questions Suggestions?

pds04_at_mails.tsinghua.edu.cn