Summary:
This paper addresses the problem of false resources (spam, viruses,
Trojan horses, etc.) on file-sharing peer-to-peer networks. The
authors present a robust, self-regulating reputation system which uses
distributed polling to help clients decide which resources to
download. The algorithm considers both servent (SERVer/cliENT) and
resource reputations, and can be performed over existing peer-to-peer
networks with the addition of three new message pairs. In addition to
presenting the XRep protocol in detail, the paper discusses how it
attempts to resist common attacks against peer-to-peer and
reputation-based systems such as Man in the Middle, Pseudospoofing, ID
pr, and Shilling. Finally, the authors briefly consider the
distribution of resources on Gnutella networks and how likely adoption
of their system is with both sharing and free-riding users.
Greg's Pros:
- The authors take an existing, working, proven system and extend
it in a practical way.
- The authors are attempting to solve a real issue in current P2P
networks: the trade-off between full anonymity in the network vs.
the desire to prevent abuse of the network and to ensure
high-quality content in the network.
- The authors examine reasonable attacks against their design, in
two well-defined categories (attacks against P2P systems in general,
and attacks specifically against reputation-based systems). In
particular, their description of the "Shilling" attack is especially
important since it has been well established that entities who
attempt to blatantly pollute P2P networks on a wide-scale basis
exist. The authors make an attempt to provide countermeasures
against such a shilling attack.
- In Section 6, the authors provide a somewhat limited analysis of
P2P network performance and a discussion of its impact on the
success of their protocol.
Other pros:
- The XRep protocol considers both the reputation of both servents
and resources.
- A simple binary voting algorithm is proposed.
- The authors consider whether people who share resources and
free-riders will use their system.
Cons:
- The voting system is too subjective. There is no clear metric
for "good" vs. "bad".
- Is the system actually usable? How exactly is the user's
opinion of a download acquired?
- The paper did not quantify the additional overhead of XRep on a
P2P network. Will it scale?
- There is already a working informal reputation system on P2P
networks based on how many copies of a resource are available.
- The RIAA has lots of resources at its disposal. Could it defeat
XRep with a large shilling attack or simply lots of "bad" votes?
- Some anonymity must be lost to gain a high servent reputation.
Votes:
- Strong accept: 0
- Accept: 7
- Reject: 4
- Strong reject: 0