Incentives-Compatible P2P Multicast

Document Sample
Incentives-Compatible P2P Multicast Powered By Docstoc
					Incentives-Compatible P2P

 Tsuen-Wan “Jonny” Ngan, Dan S.Wallach, Peter Druschel

                         Presenter: Jianming Zhou
   P2P Multicast System
       Freeloader: Peers not follow the protocol
           Refuse to forward stream
           Refuse to accept any children
       Tit-for-tat strategy for other P2P system is not
        clearly mapping onto Multicast System
           Because ALM static trees are constructed once and
            used forever
       Need a way to detect misbehaving peers and
        refuse to grant them service

   Basic Idea
       The peers make judgments by observing the
        behaviors of their upstream peers
       Peers periodically reverse relationship by
        reconstructing tree to detect freeloader
   General enough to be applied to almost any
    tree-based multicast systems
       This paper uses SplitStream as a concrete
   SplitStream
       Based on Pastry + Scribe
       Key idea:
           Split the original content stream into k stripes
           Multicast each stripe using a separate multicast tree
           Nodes subscribes to k different trees while roots uniformly
            spread around the Pastry ring
           Every node will (most likely) be an interior node in exactly
            one tree and will be leaf node in the remaining k-1 trees
       Objective:
           Fairness to node load: every node has k parent and k
   Not address malicious behavior
       Many techniques limits the damage of malicious
        node in P2P network [Castro et al..]
   Freeloading behaviors
       Falsely claims it bandwidth and refuses to
        accept new child
       Only join as leaf node but refuse to be interior
       Nodes can form a conspiracy to be freeloader
       …
   Naïve approach
       Require every node to forward at least same
        size of data as it received
       Nodes will prefer to forward “correct data”
   Problems
       Waste of bandwidth
       Legitimate traffic drops
       Can not prevent nodes false claiming its
        bandwidth and refuse to accept child
       Hard to differentiate good luck and freeloading
Fairness mechanisms 1
   Debt maintenance
       When A forwards data to B, both nodes track B owes A a
        debt of a packet
       When debt exceeds some threshold, A might refuse to
        send further data to B
   Ancestor rating
       Extension of Debt maintenance
       Apply debt to all ancestor in stead of immediate parent
           When a node receives[does not receive] a packet, it
            increments[decreases] its confidence value of each node in
            the path to the root
           When trees are reconstructed, any blame assigned falsely or
            due to lost packets would be average out while freeloaders
            will be pinpointed eventually.
Fairness mechanisms 2

   Periodic tree reconstruction
       Every node will benefit or suffer for at most a
        fixed time period
       New trees can be built concurrently while
        existing trees are in use
       New tree should be sufficiently different from the
        old one
       Trade-off between bandwidth overhead of tree
        reconstruction and the fairness
Fairness mechanisms 3

   Parental availability
       Measure whether the prospective parent can
        finally be parent
       Hard to differentiate false claim from the fact of
        genuinely out of capacity
       Protocol dependent
       But a node consistently refuse to accept a child
        is highly likely to be a freeloader
Fairness mechanisms 4

   Reciprocal requests
       Two well-behaved nodes have equal chance of
        being parent or child
       Need a way to judge
           When A requests B to be parent
           B occasionally attempts to make A its parent by
            requesting joining directly under A for a tree where A is
            supposed to be an interior node
           If A refuses consistently, A is likely to be a freeloader
Enforcement techniques
   Previous mechanisms rely on the knowledge of
       Selfish nodes have no incentive to provide correct
       Solution: data and path authentication => hash chain
   Sybil Attack
       Poor reputation nodes can quit and join using new ID
       Node with multiple-ID
       Solution:
           Certificated node ID/High maintenance overhead of node ID
           Put new node into probation with low Quality of Service
               A new node will not be able to join a tree until it is being
                reconstructed, i.e. a node will receive stripes step by step
               Nodes will suffer if it contributes nothing
               Nodes have to contribute to gain better service gradually
Hash Chain 1

   Generate value xn (sufficiently large n)
   Iteratively compute xn-1 ,…,x0 by
       xi = h(xi+1) , h: one-way hash, eg. MD5,SHA-1
       x0 is known by all nodes
   Source computes MD(message digest) for
    ith packet:
       di = h(datai, xi)
  Hash Chain 2
ith Packet               Compute: di = h(datai, xi)
                 S       Send: h(di,A) + hash chain value xi-1

                         Receive: h(di,A) + hash chain value xi-1
                 A       Send: h(h(di,A),B) + hash chain value xi-1 to B
                              h(h(di,A),F) + hash chain value xi-1 to F

             F       B

   i+1th packet contain xi , upon receipt of xi, confirm xi-1= h(xi)
   verify integrity of previous packet by
   reconstructing the message digest using xi and the path
Hash chain 3

   How it works:
       Lost Packet? Multi-hash till match last seen xi
       New node? Multi-hash till x0
       Use up xn? regenerate new chain
       Fake path? Impossible without knowing xi
        which would not be revealed after its obsolete!
   But node can still lie about their children!
Performance Study 1

   Setup:
       SplitStream
       Stochastic model for node proximity
           500 nodes randomly distributed on a plane
       Each node subscribe to 16 trees
       Good nodes accept up to 16 children
Tree Reconstruction Cost

                1664 byte/msg,
                for 500 nodes
                  reconstruct 16
                 trees every 2 min,
                128Kbps stream 
                  1.71% overhead
Parental Availability (PA)

         PA can be very low!!!

                        Prob. the prospective parent
                         becomes (in)direct parent
Debt Level

         Cannot distinguish selfish
         Nodes from normal nodes!!!

                     Debt / Expected debt

      Effectively distinguish selfish nodes!!!

                    5% selfish nodes
                    refusing to forward data
Overall effectiveness

   Experiment Setup:
       500 nodes with 4 selfish nodes
           Two types of selfish nodes
       Node will forward data unless its child:
           Confidence value < -2 or
           PA < 0.44 and Confidence value < 0.2
       Reciprocal requests are used when a child
        attempts to contact a parent at least a factor of 8
        times more often than their roles are reversed

   Mechanism effective by tracking only first-
    hand observed behavior
   Low network and computation overhead
   Future work:
       Robustness against more freeloaders
       Study dependence on multicast application, p2p
        substrate, and network topology

Shared By: