Domain Description - File-sharing applications are notorious for the lack of reliability of the resources offered. It is very difficult for a peer to be confident that the resource it wants to download from another peer is completely safe and does not hide a trojan horse or a virus within it that could cause harm to it. Trust management in such a scenario helps a peer determine the reliability of both the resource provider and the resource, in order to make a more informed decision about whether to download a particular resource from that particular peer.
XREP Trust Model Description - Our file-sharing prototype used XREP which is a third-party trust model geared towards peer-to-peer resource-sharing applications. In XREP, a peer offering a file or a resource is called a “servant”. XREP consists of five phases: resource searching, resource selection and vote polling, vote evaluation, best servant check, and resource downloading. Resource searching is similar to that in Gnutella and involves a servant broadcasting to all its neighbors a Query message containing search keywords. When a servant receives a Query message, it responds with a QueryHit message. In the next phase, upon receiving QueryHit messages, the originator selects the best matching resource among all possible resources offered. At this point, the originator polls other peers using a Poll message to enquire their opinion about the resource or the servant offering the resource. Upon receiving a Poll message, each peer may respond by communicating its votes on the resource and servants using a PollReply message. These messages help identify reliable resources from unreliable ones, and trustworthy servants from fraudulent ones.
|"Phases in XREP"|
In the third phase, the originator collects a set of votes on the queried resources and their corresponding servants. Then it begins a detailed checking process which includes verification of the authenticity of the PollReply messages, guarding against the effect of a group of malicious peers acting in tandem by using cluster computation, and sending TrueVote messages to peers that request confirmation on the votes received from them. At the end of this checking process, based on the trust votes received, the peer may decide to download a particular resource. However, since multiple servants may be offering the same resource, the peer still needs to select a reliable servant. This is done in the fourth phase where the servant with the best reputation is contacted to check the fact that it exports the resource. Upon receiving a reply from the servant, the originator finally contacts the chosen servant and requests the resource. It also updates its repositories with its opinion on the downloaded resource and the servant who offered it.
Implementation Description - Our file-sharing project involved integrating the XREP trust model within the PACE architecture of every peer to develop a prototype trust-enabled peer-to-peer file sharing application. This effort was undertaken separately by two teams of undergraduate students resulting in the development of two separate prototype decentralized file-sharing applications. Both prototypes included all XREP phases except phase 3 and 4 due mainly to a limited development time frame, and enabled users to query and reason about the reputation of files and peers (servants) that were offering those files.