點對點系統(Peer-to-Peer，P2P)可以用來減輕或是防止許多在傳統Client-server環境中所造成的困難，譬如在傳統環境下可能造成的單點失效(Single point of failure)或是瓶頸效應(Bottleneck effect)。然而點對點網路同時也產生了許多新的網路問題，譬如自私行為(Free-riding)或信任關係建立(Trust relationship)。許多學者採用信任和信譽系統來偵測或是遏止在點對點網路環境下的不當行為。然而，由於中心機制的缺乏，使得對於使用者行為的監視或是強制執行某些網路規則等行為很難執行，也導致在設計點對點網路中的偵測和預防惡意行為時的複雜度。
傳統信譽系統通常考慮使用者是否提供可信賴的服務，但是由於處罰機制的缺乏，導致使用者很可能在獲得較高的評價後便停止繼續貢獻他們的檔案。在點對點系統中的兩個主要的挑戰便是如何去防止與處罰自私節點的行為，以及如何在缺乏可信賴的第三者時，兩個相互不認識的節點能夠建立彼此的信任關係。雖然在某些點對點網路環境下容許認證伺服器或憑證系統的存在，但使用這些系統來偵測網路下的檔案交換或是發佈不同節點的信任程度，在現有的點對點網路下通常是認為不可行的。
在本論文中，我們發展了兩個不同的機制：一個可用以防止自私節點的行為，另一個則用以改善節點間信任建立時的效能。我們新增了一個可信賴的第三方代理人(TRA)來維持與評估節點的信任程度，以彌補ATN/CATN環境與信譽系統之不足。當蒐集到足夠多的憑證時，節點可以對LRA提出增加信任程度的需求。同時在此系統中我們也提出了過濾與處罰的機制來避免共謀與信賴飽和的發生。此外，為了建立節點間彼此的信任關係，我們也提出了一個以「挑戰-回應」為基礎的信任建立協定。在每次信任關係建立時，使用「挑戰-回應」機制，因此不僅能夠獲得最後結點的信任度，同時也可確認並記錄每個中間節點的信任度。由於沒有額外的資訊會在挑戰-回應的協定中洩露，因此惡意節點幾乎不可能利用蒐集到的資訊來破壞點對點中的協定。此外，就我們所知，關於評估點對點檔案分享系統的效能分析與自私節點行為關係的研究相當少，因此我們提出了一個基本的數學分析公式來評估在不同系統下對自私節點的容忍程度，同時也可藉由此效能分析來提供不同點對點檔案分享系統的效能分析。利用這個評估公式，我們可以驗證所提出的機制可以更符合現有的網路環境。
在我們的模擬結果中，我們所提出的自私節點遏止機制相較於現有的機制仍有3-5%的改善程度，尤其當自私節點數目超過全體節點總數的80%時，我們的機制顯示更佳的改善程度。這也證明了我們的機制不僅能夠遏止自私節點的行為，同時亦能夠對正常節點提供較高的頻寬使用保證。而在「挑戰-回應」機制的信任協定模擬中，其結果也驗證我們所提出的協定比現有投票機制(Polling)更有效率。我們的協定能節省約90%傳輸成本，同時我們也觀察到一個較佳的容錯建議值為0.2。這個值能夠保證較低的非碰撞率(Non-Hit rate)與較低的誤差率(Difference )，並且能夠提供未來發展新的點對點信任關係建立協定時的參考依據。

P2P systems help to mitigate or prevent many challenges in traditional client–server environments, such as the single point of failure or the bottleneck effect. However, P2P networks also introduce many new problems, such as free riding or trust relationships among peers. Scholars and researchers have adopted trust and reputation systems as useful mechanisms for detecting or discouraging misbehaviors in P2P networks. Unfortunately, the lack of a centralized entity capable of monitoring user behavior and enforcing rules complicates the design of mechanisms for detecting and preventing malicious behavior in P2P environments.
Traditional reputation concerns whether peers who are likely to provide reliable services can be identified, but the lack of punitive strategy motivates peers to stop contributing when they obtain good reputations. Two major challenges in P2P systems are how to discourage and punish for free-riders and how to establish trust relationships among different peers without the benefit of trusted third parties or authorities. Sometimes even when there are some authorities available, e.g., an authentication server or certification authority, it is imperceptible to assume that these authorities can monitor transactions and then declare the trustworthiness of different peers.
In this thesis, we develop two mechanisms to arrest free-riding problem and to improve the efficiency of trust-establishing among peers. These two mechanisms can be applied in hybrid and distributed P2P networks respectively. We complete ATN/CATN and reputation mechanisms in the first mechanism and extend a new trusted third party, called trust-rating agent (TRA), to maintain and evaluate peers’ trust levels. With enough collected licenses, peers can request for upgrading their trust levels. Filtering and diminishing schemes are also applied in this mechanism. They prevent collusions and saturation in P2P networks. We also present a concrete challenge-based trust protocol in a completely distributed P2P network. Our proposed protocol uses challenge-response operations in each trust evaluation phase so that it authenticates every contacted peer and records the corresponding trust value. No more information will be revealed, so malicious peers have little opportunity to tamper the P2P systems. Moreover, to our best knowledge, few studies have yet evaluated the essential effect of P2P file sharing systems with an increasing number of free riders. While several studies on free-riding improve the P2P performance, there is still little research addressing a mathematical metric to quantify P2P bandwidth utilities. Thus, a normalized metric is clearly needed for a systematic evaluation on performance issues. We propose a basic mathematical evaluation metric, which presents the different tolerance levels for free-riders, to address the underlying performance issues of P2P file sharing systems.
In our simulation results, our proposed mechanism still provides an improvement by around 3-5%, especially when the amount of free riders reaches more than 80% of total peers. It shows that our proposed mechanism not only restricts the behaviors of free riders, but also ensures high bandwidth utilization for cooperative peers. The result of our proposed challenge-based protocol also proves our concept that our protocol is more effective than polling methods. The communication cost can be saved around 90%, and we observe that the suggested tolerance value is 0.2. This value ensures the lower Non-Hit rate and lower difference in the P2P systems, and gives a design reference for implementing novel P2P trust-establishing protocols.

[1] A. Abdul-Rahman and S. Hailes, “Supporting trust in virtual communities,” Hawaii International Conference on System Sciences, 2000.
[2] L. A. Adamic and B. A. Huberman, “Zipf's law and the Internet,” Glottometrics 3, pp. 143-150, 2002.
[3] E. Adar and B. A. Huberman, “Free riding on Gnutella,” Technical Report, Xerox PARC, 2000.
[4] S. Androutsellis-Theotokis and D. Spinellis, “A survey of peer-to-peer content distribution technologies,” ACM Computing Surveys (CSUR), Volume 36, Issue 4, pp.335-371, 2004.
[5] N.B. Azzouna and F. Guillemin, “Experimental analysis of the impact of peer-to-peer applications on traffic in commercial IP networks,” European Transactions on Telecommunications: Special Issue on P2P Networking and P2P Services, Vol. 15, No. 6, pp.511–522, 2004.
[6] P.A. Bonatti and D. Olmedilla, “Driving and monitoring provisional trust negotiation with metapolicies,” IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), pp. 14-23, 2005.
[7] C.H. Chi, M. Su, L. Liu, H.G. Wang, “An active peer-to-peer System for heterogeneous service provisioning,” IEEE International Conference on Information Reuse and Integration, pp.17–22, 2006.
[8] S. Chandan, C. Hogendorn, “The Bucket brigade: pricing and network externalities in peer-to-peer communications networks,” Telecommunications Policy Research Conference, Alexandria, VA, October 2001.
[9] F. Cornelli, E. Damiani, S. D. C. d. Vimercati, S. Paraboschi, and P. Samarati, “Choosing reputable servents in a P2P network,” Proceedings of the 11th international conference on World Wide Web (WWW), 2002.
[10] E. Damiani, S.D.C. di Vimercati, S. Paraboschi, P. Samarati, and F. Violante, “A reputation-based approach for choosing reliable resources in peer-to-peer networks,” 9th ACM Conference on Computer and Communications Security, 2002.
[11] R. Dingledine, “The free haven project: design and deployment of an anonymous secure data haven,” Master Thesis, MIT, 2004.
[12] E.J. Friedman and P. Resnick, “The social cost of cheap pseudonyms,” Journal of Economics and Management Strategy, Vol. 10, No. 2, pp.173–199, 2001.
[13] S. Garfinkel, “Can 9 million skype users be wrong?” Computerworld, Vol. 11, No. 11, 2005.
[14] Z. Ge, D. R. Figueiredo, S. Jaiswal, J. Kurose, and D. Towsley, “Modeling peer-peer file sharing systems,” Proceedings of IEEE INFOCOM, March 2003.
[15] Gnutella Company. Available at: http://www.gnutella.com/.
[16] P. Golle and K. Leyton-Brown, “Incentives for sharing in peer-to-peer networks,” Proceedings of the Third ACM Conference on Electronic Commerce, October 2001.
[17] J. Golbeck and J. Hendler, “Reputation network analysis for email filtering,” Proceedings of the 1st Conference on Email and Anti-Spam (CEAS), 2004.
[18] J. Golbeck and J. Hendler, “Inferring binary trust relationships in web-based social networks,” ACM Trans. Inter. Tech. 6, 4, pp. 497–529, 2006.
[19] K. P. Gummadi, R. J. Dunn, S. Saroiu, S. D. Gribble, H. M. Levy, and J. Zahorjan, “Measurement, modeling, and analysis of a peer-to-peer file-sharing workload,” Proceeding of 19th ACM Symposium on Operating Systems Principles, pp. 314-329, October, 2003.
[20] M. Gupta, P. Judge, and M. H. Ammar, “A reputation system for peer-to-peer networks,” Network and Operating System Support for Digital Audio and Video (NOSSDAV), pp. 144-152, 2003.
[21] D. Hughes, G. Coulson, and J. Walkerdine, “Freeriding on Gnutella revisited: the bell tolls?” IEEE Distributed Systems Online, 6(6), 2005. http://dsonline.computer.org/portal/pages/dsonline/0506/o6001.html.
[22] C. Jennings, “Security mechanisms for peer to peer SIP,” Available at: http://tools.ietf.org/id/draft-jennings-p2psip-security-00.txt, February 2007.
[23] S.D. Kamvar, M.T. Schlosser, and H. Garcia-Molina, “The eigentrust algorithm for reputation management in P2P networks,” Proceedings of the 12th International Conference on World Wide Web (WWW 2003), pp.640–651, 2003.
[24] Kazaa participation level, http://www.kazaa.com.
[25] R. Krishnan, M.D. Smith, and R. Telang, “The economics of peer-to-peer networks,” Journal of Information Technology Theory and Applications, 2003.
[26] S.K. Lam, and J. Riedl, “Shilling recommender systems for fun and profit,” Proceedings of the 13th International Conference on World Wide Web, pp.393–402, 2004.
[27] A. Lee, M. Winslett, J. Basney, and V. Welch, “Traust: a trust negotiation-based authorization service for open systems,” Eleventh ACM Symposium on Access Control Models and Technologies (SACMAT 2006), 2006.
[28] S. Lee, R. Sherwood, et al., “Cooperative peer groups in NICE,” IEEE Infocom, San Francisco, USA, 2003.
[29] N. Luhmann. Trust and power. John Wiley press, 1979.
[30] Napster. Available at: http://www.napster.com.
[31] P2P Trust. Available at: http://www.p2ptrust.org/.
[32] L. Page, S. Brin, R. Motwani, and T. Winograd, “The pagerank citation ranking: bringing order to the web,” Technical Report 1999-66, Stanford University, 1999.
[33] A. Parker, “The true picture of peer-to-peer file sharing,” Available at: http://www.cachelogic.com/research/slide1.php. (2004)
[34] L. Ramaswamy and L. Liu, “Free riding: a new challenge to peer-to-peer file sharing systems,” Proceedings of the 36th HICSS Conference, 2003.
[35] K. Ranganathan, M. Ripeanu, A. Sarin, I. Foster, “To share or not to share: an analysis of incentives to contribute in file sharing environments,” International Workshop on Economics of Peer to Peer Systems, 2003.
[36] P. Resnick and R. Zeckhauser, “Trust among strangers in Internet transactions: Empirical analysis of ebay's reputation system,” M. R. Baye, editor, The Economics of the Internet and E-Commerce, volume 11 of Advances in Applied Microeconomics. Amsterdam, Elsevier Science, 2002.
[37] R. L. Rivest, “Chaffing and Winnowing: Confidentiality without Encryption,” Available at http://people.csail.mit.edu/rivest/Chaffing.txt, April 24, 1998.
[38] S. Rueda, P. Morillo, J.M. Orduna, J.Duato, “On the characterization of peer-to-peer distributed virtual environments,” IEEE Virtual Reality Conference (VR '07), pp. 107-114, March 2007.
[39] T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. Seamons, “Adaptive trust negotiation and access control,” 10th ACM Symposium on Access Control Models and Technologies, 2005
[40] S. Saroiu, P. K. Gummadi, and S. D. Gribble, “A measurement study of peer-to-peer file sharing systems,” SPIE Conference on Multimedia Computing and Networking (MMCN), January 2002.
[41] A. A. Selcuk, E. Uzun, and M. R. Pariente, “A reputation-based trust management system for P2P networks,” Proceedings of IEEE International Symposium on Cluster Computing and the Grid (CCGrid 2004), pp.251–258, 2004.
[42] C. Shields, “Secure hierarchical multicast routing and multicast internet anonymity,” PhD Thesis, Computer Engineering, University of California, Santa Cruz., 1999.
[43] Skype. Available at: http://www.skype.com.
[44] I. Stoica, R. Morris, D. Karger, F. Kaashoek, and H. Balakrishnan, “Chord: a scalable peer-to-peer lookup service for internet applications,” ACM SIGCOMM, pp. 149-160, Aug. 2001.
[45] The Freenet project. Available at: http://freenetproject.org/.
[46] The Gnutella Protocol Specification version 0.4, http://www.clip2.com/GnutellaProtocol04.pdf.
[47] D. Villela, “Performance Analysis of updating mechanisms for dynamic content in peer-to-peer networks,” Seventh IEEE International Symposium on Cluster Computing and the Grid (CCGRID), pp. 513-520, 2007.
[48] H.J. Woo, Y.J. Son, J.H. Kim, “Peer-to-peer data communication for controlling unmanned system according to the JAUS,” International Joint Conference SICE-ICASE, pp.2741–2745, October 2006.
[49] L. Xiong and L. Liu, “PeerTrust: supporting reputation-based trust in peer-to-peer communities,” IEEE Transactions on Knowledge and Data Engineering (TKDE), Special Issue on Peer-to-Peer Based Data Management, Vol. 16, No. 7, pp. 843-857, 2004.
[50] S. Ye, F. Makedion, and J. Ford, “Collaborative automated trust negotiation in peer-to-peer systems,” Proceedings of the 4th International Conference on Peer-to-Peer Computing (P2P'04), pp. 108-115, 2004.
[51] T. Yu and M. Winslett, “A unified scheme for resource protection in automated trust negotiation,” Proceedings of IEEE Symposium on Security and Privacy, pp. 110-122, 2003.
[52] T. Yu, M. Winslett, and K.E. Seamons, “Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation,” ACM Transactions on Information System Security, Volume 6, Issue 1, pp.1-42, 2003.
[53] M. Zuo, J. Li, “Constructing fair-exchange P2P file market,” Proceeding of the 4th International Conference on Grid and Cooperative Computing (GCC2005), pp. 941–946, Springer LNCS 3795, 2005.