Peer-to-Peer Networking and Applications

, Volume 4, Issue 4, pp 325–345 | Cite as

mSSL: A framework for trusted and incentivized peer-to-peer data sharing between distrusted and selfish clients



Conventional client-server applications can be enhanced by enabling peer-to-peer data sharing between the clients, greatly reducing the scalability concern when a large number of clients access a single server. However, for these “hybrid peer-to-peer applications,” obtaining data from peer clients may not be secure, and clients may lack incentives in providing or receiving data from their peers. In this paper, we describe our mSSL framework that encompasses key security and incentive functions that hybrid peer-to-peer applications can selectively invoke based on their need. In contrast to the conventional SSL protocol that only protects client-server connections, mSSL not only supports client authentication and data confidentiality, but also ensures data integrity through a novel exploit of Merkle hash trees, all under the assumption that data sharing can be between untrustworthy clients. Moreover, with mSSL’s incentive functions, any client that provides data to its peers can also obtain accurate proofs or digital money for its service securely and reliably. Our evaluation further shows that mSSL is not only fast and effective, but also has a reasonable overhead.


Hybrid peer-to-peer application Peer-to-peer security Data sharing incentive Data integrity Proof of service Atomic purchase mSSL SSL 


  1. 1.
    BitTorrent Inc. (2005) BitTorrent.
  2. 2.
    Sherwood R, Braud R, Bhattacharjee B (2004) Slurpie: a cooperative bulk data transfer protocol. In: IEEE INFOCOMGoogle Scholar
  3. 3.
    Kong K, Ghosal D (1999) Mitigating server-side congestion in the internet through pseudoserving. IEEE/ACM Trans Netw 7(4):530–544CrossRefGoogle Scholar
  4. 4.
    Stavrou A, Rubenstein D, Sahu S (2002) A lightweight, robust P2P system to handle flash crowds. In: Proceedings of ICNP. Washington, DC, USA. IEEE Computer Society, Los Alamitos, pp 226–235Google Scholar
  5. 5.
    Rescorla E (2001) SSL and TLS: designing and building secure systems. Addison-Wesley, Boston, MA, USAGoogle Scholar
  6. 6.
    Yang B, Garcia-Molina H (2003) PPay: micropayments for peer-to-peer systems. In: Proceedings of the conference on computer and communications security. ACM Press, New York, pp 300–310Google Scholar
  7. 7.
    Merkle R (1980) Protocols for public key cryptosystems. In: IEEE symposium on privacy and security, pp 122–134Google Scholar
  8. 8.
    Wong CK, Lam SS (1999) Digital signatures for flows and multicasts. IEEE/ACM Trans Netw 7(4):502–513CrossRefGoogle Scholar
  9. 9.
    O’Connor L, Karjoth G (2002) Efficient downloading and updating applications on portable devices using authentication trees. In: IFIP TC8/WG8.8 4th working conference on smart card research and advanced applications. Kluwer Academic Publishers, NorwellGoogle Scholar
  10. 10.
    Yang YR, Li XS, Zhang XB, Lam SS (2001) Reliable group rekeying: a performance analysis. In: Proceedings of ACM SIGCOMM. ACM Press, California, pp 27–38Google Scholar
  11. 11.
    Mathis M, Mahdavi J, Floyd S, Romanow A (1996) IETF RFC 2018: TCP selective acknowledgement optionsGoogle Scholar
  12. 12.
    Cohen B (2003) Incentives build robustness in BitTorrent. In: Workshop on economics of peer-to-peer systemsGoogle Scholar
  13. 13.
    Habib A, Xu D, Atallah M, Bhargava B, Chuang J (2005) Verifying data integrity in peer-to-peer media streaming. In: Twelfth annual multimedia computing and networking (MMCN’05)Google Scholar
  14. 14.
    Devanbu PT, Gertz M, Martel CU, Stubblebine SG (2001) Authentic third-party data publication. In: Proceedings of the IFIP TC11/ WG11.3 14th annual working conference on database security. Deventer, The Netherlands, Kluwer, B.V., pp 101–112Google Scholar
  15. 15.
    Bertino E, Carminati B, Ferrari E, Thuraisingham BM, Gupta A (2004) Selective and authentic third-party distribution of XML documents. IEEE Trans Knowl Data Eng 16(10):1263–1278CrossRefGoogle Scholar
  16. 16.
    Neuman BC, Ts’o T (1994) Kerberos: an authentication service for computer networks. IEEE Commun 32(9):33–38CrossRefGoogle Scholar
  17. 17.
    Camenisch J, Lysyanskaya A, Meyerovich M (2007) Endorsed e-cash. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, Los Alamitos, CA, pp 101–115Google Scholar
  18. 18.
    Cox B, Tygar JD, Sirbu M (1995) NetBill security and transaction protocol. In: The first USENIX workshop on electronic commerce, pp 77–88Google Scholar
  19. 19.
    Zhou J, Gollmann D (1997) Evidence and non-repudiation. J Netw Comput Appl 20(3):267–281CrossRefGoogle Scholar
  20. 20.
    Bahreman A, Tygar JD (1994) Certified electronic mail. In: Proc. of symposium on network and distributed systems security. Internet Society, San Diego, pp 3–19Google Scholar
  21. 21.
    Wang G (2005) An abuse-free fair contract signing protocol based on the RSA signature. In: WWW 2005. ACM Press, New York, pp 412–421CrossRefGoogle Scholar
  22. 22.
    Ateniese G (1999) Efficient verifiable encryption (and fair exchange) of digital signature. In: Proceedings of the conference on computer and communications security. ACM Press, New York, pp 138–146Google Scholar
  23. 23.
    Ben-Or M, Goldreich O, Micali S, Rivest RL (1990) A fair protocol for signing contracts. IEEE Trans Inf Theory 36(1):40–46CrossRefGoogle Scholar
  24. 24.
    Kremer S, Markowitch O, Zhou J (2002) An intensive survey of fair non-repudiation protocols. Comput Commun 25(17):1606–1621CrossRefGoogle Scholar
  25. 25.
    Louridas P (2000) Some guidelines for non-repudiation protocols. ACM SIGCOMM Comput Commun Rev 30(5):29–38CrossRefGoogle Scholar
  26. 26.
    Coffey T, Saidha P (1996) Non-repudiation with mandatory proof of receipt. ACM SIGCOMM Comput Commun Rev 26(1):6–17CrossRefGoogle Scholar
  27. 27.
    Zhang N, Shi Q (1996) Achieving non-repudiation of receipt. Comput J 39(10):844–853CrossRefGoogle Scholar
  28. 28.
    Zhou J, Gollmann D (1996) A fair non-repudiation protocol. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society Press, Oakland, CA, pp 55–61Google Scholar
  29. 29.
    Asokan N, Shoup V, Waidner M (1998) Asynchronous protocols for optimistic fair exchange. In: Proceedings of the IEEE symposium on security and privacy. Oakland, CA, pp 86–99Google Scholar
  30. 30.
    Kremer S, Markowitch O (2000) Optimistic non-repudiable information exchange. In: Proceedings of the 21st symposium on information theory in the Benelux. Wassenaar, The Netherlands, pp 139–146Google Scholar

Copyright information

© Springer Science + Business Media, LLC 2010

Authors and Affiliations

  1. 1.Computer and Information ScienceUniversity of OregonEugeneUSA

Personalised recommendations