The document describes research into secure distributed data structures for peer-to-peer social networks. It proposes using distributed lists to store social media content like guestbook entries or photos, partitioned into buckets stored on different nodes. Remote operations are introduced to allow efficient list manipulation with less network traffic than retrieving full buckets. Access control is implemented cryptographically by encrypting or signing list elements and buckets. Evaluation shows the approach reduces network traffic compared to naïve distributed list implementations.
IEEE CRS 2014 - Secure Distributed Data Structures for Peer-to-Peer-based Social Networks
1. HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for
Peer-to-Peer-based Social Networks
P2PCS as part of CTS 2014
May 21, 2014
Jens Janiuk
Alexander Mäcker
Kalman Graffi
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 1
2. 1 Introduction
2 Distributed List Concept
3 Access Control in Distributed List
Read and Write Access
Key Distribution
4 Evaluation
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 2
3. Introduction
Online Social Networks (OSNs)
Facebook, Google+, Twitter, . . .heavily used nowadays
HEINZ NIXDORF INSTITUTE
(semi-) public user profiles
communication
collaboration: sharing and searching user generated content
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 3
4. Introduction
Online Social Networks (OSNs)
Facebook, Google+, Twitter, . . .heavily used nowadays
HEINZ NIXDORF INSTITUTE
(semi-) public user profiles
communication
collaboration: sharing and searching user generated content
Current approaches are centralized
full access to data: massive data-mining
censorship
single point of failure, scalability
high operational costs
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 3
5. Introduction
Decentralized Approaches For OSNs
Peer-to-Peer based OSNs address drawbacks
DHT-based solution (e.g. PeerSoN, LifeSocial)
users build a structured P2P overlay
key-based routing
DHT: get, put
joining and leaving
replication
HEINZ NIXDORF INSTITUTE
University of Paderborn
0x11 0x1A
0x53
0xCB 0xA1
0x13
0xD1
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 4
6. 1 Introduction
2 Distributed List Concept
3 Access Control in Distributed List
Read and Write Access
Key Distribution
4 Evaluation
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 5
7. Distributed List Concept
Motivation For Distributed Data Structures
HEINZ NIXDORF INSTITUTE
University of Paderborn
DHT operations (get, put) on single items do not match OSN applications
Functionalities operate on
collection of items
guestbooks/ wall entries
photo albums
message history, . . .
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 6
8. 0x11 HEINZ NIXDORF INSTITUTE
University of Paderborn
0x1A
0x53
0xCB 0xA1
0xD1
Distributed List Concept
Storage Organization
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
9. A) List ^= DHT item
+ single get to retrieve list
- overloaded peers
- no parallelization
0x11 HEINZ NIXDORF INSTITUTE
University of Paderborn
0x1A
0x53
0xCB 0xA1
0xD1
Distributed List Concept
Storage Organization
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
10. A) List ^= DHT item
+ single get to retrieve list
- overloaded peers
- no parallelization
B) List element ^= DHT item
+ parallelization
+ overloading less probable
- many messages
HEINZ NIXDORF INSTITUTE
University of Paderborn
0x11 0x1A
0x53
0xCB 0xA1
0xD1
Distributed List Concept
Storage Organization
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
11. Distributed List Concept
Storage Organization
A) List ^= DHT item
+ single get to retrieve list
- overloaded peers
- no parallelization
B) List element ^= DHT item
+ parallelization
+ overloading less probable
- many messages
HEINZ NIXDORF INSTITUTE
University of Paderborn
0x11 0x1A
0x53
0xCB 0xA1
0xD1
C) Partition list into buckets, store buckets in DHT
+ splitsize gives tradeoff between A) and B)
i-th element has id=hash(listname + bi=splitsizec)
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 7
12. Distributed List Concept
Remote Operations
Operations on list by put/get functionalities inefficient
whole buckets are sent through network, e.g.,
set(i): retrieve bucket, send back bucket
contains(item): retrieve (several) bucket(s)
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 8
13. Distributed List Concept
Remote Operations
Operations on list by put/get functionalities inefficient
whole buckets are sent through network, e.g.,
set(i): retrieve bucket, send back bucket
contains(item): retrieve (several) bucket(s)
Introduce Remote Operations
use lookup function to issue commands
message contains request, possibly some data
+ less traffic
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 8
14. 1 Introduction
2 Distributed List Concept
3 Access Control in Distributed List
Read and Write Access
Key Distribution
4 Evaluation
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 9
15. Access Control in Distributed List
Example
User Alice has friends Bob and Carol
Alice
Bob Carol
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
16. Access Control in Distributed List
Example
User Alice has friends Bob and Carol
Alice has guestbook/ wall for friends (distributed list)
Alice
Bob Carol
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
17. User Alice has friends Bob and Carol
Alice has guestbook/ wall for friends (distributed list)
Only Alice and friends can read wall
Alice
HEINZ NIXDORF INSTITUTE
University of Paderborn
Dave
Access Control in Distributed List
Example
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
18. Access Control in Distributed List
Example
User Alice has friends Bob and Carol
Alice has guestbook/ wall for friends (distributed list)
Only Alice and friends can read wall
Only Alice and friends may create new entries
Alice
Bob Carol
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
19. Access Control in Distributed List
Example
User Alice has friends Bob and Carol
Alice has guestbook/ wall for friends (distributed list)
Only Alice and friends can read wall
Only Alice and friends may create new entries
Alice
HEINZ NIXDORF INSTITUTE
University of Paderborn
Dave
Bob Carol
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
20. Access Control in Distributed List
Example
User Alice has friends Bob and Carol
Alice has guestbook/ wall for friends (distributed list)
Only Alice and friends can read wall
Only Alice and friends may create new entries
Only author can modify existing entry
Alice
HEINZ NIXDORF INSTITUTE
University of Paderborn
Dave
Bob Carol
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 10
21. Access Control in Distributed List
Using Cryptographic Means
Restrict read access
encrypt elements with common symmetric key
Restrict changing elements
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 11
22. Access Control in Distributed List
Using Cryptographic Means
Restrict read access
encrypt elements with common symmetric key
Restrict changing elements
sign elements with author’s private key (+nonce)
storing peer verifies signatures
Restrict adding elements
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 11
23. Access Control in Distributed List
Using Cryptographic Means
Restrict read access
encrypt elements with common symmetric key
Restrict changing elements
sign elements with author’s private key (+nonce)
storing peer verifies signatures
Restrict adding elements
bucket signed with common key of Alice and friends
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 11
24. 1 Introduction
2 Distributed List Concept
3 Access Control in Distributed List
Read and Write Access
Key Distribution
4 Evaluation
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 12
25. Access Control in Distributed List
Key Distribution by Groups
Bootstrap security (Graffi et al. IEEE LCN 2009)
derive private key from user name and password
derive public key = identifier of user
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 13
26. Access Control in Distributed List
Key Distribution by Groups
Bootstrap security (Graffi et al. IEEE LCN 2009)
derive private key from user name and password
derive public key = identifier of user
Create and store a group item
asymmetric key pair (eG; dG), symmetric key SG
stored encrypted for each member
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 13
27. 1 Introduction
2 Distributed List Concept
3 Access Control in Distributed List
Read and Write Access
Key Distribution
4 Evaluation
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 14
28. Evaluation
Impact on Traffic
Simulation of 1000 list operations
each bucket stored at different node
elements of size 1 kB
Operation A B
get(i) 0:5 0:93
add(item) 0:375 0:053
remove(i) 0:125 0:017
HEINZ NIXDORF INSTITUTE
University of Paderborn
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 15
29. Simulation of 1000 list operations
each bucket stored at different node
elements of size 1 kB
traffic considerably reduced
Operation A B
get(i) 0:5 0:93
add(item) 0:375 0:053
remove(i) 0:125 0:017
HEINZ NIXDORF INSTITUTE
University of Paderborn
0 200 400 600 800 1000
0 50000 150000 250000
operations
traffic (kB)
remote ops, splitsize=10, consolidation
remote ops, splitsize=inf
remote ops, splitsize=10
no remote ops, splitsize=inf
0 200 400 600 800 1000
0 2000 6000 10000
operations
traffic (kB)
remote ops, splitsize=10, consolidation
remote ops, splitsize=inf
remote ops, splitsize=10
no remote ops, splitsize=inf
Evaluation
Impact on Traffic
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 15
30. Simulation of 1000 list operations
each bucket stored at different node
elements of size 1 kB
traffic considerably reduced
traffic depends on splitsize
Operation A B
get(i) 0:5 0:93
add(item) 0:375 0:053
remove(i) 0:125 0:017
HEINZ NIXDORF INSTITUTE
University of Paderborn
0 200 400 600 800 1000
0 10000 30000
operations
traffic (kB)
splitsize=1, no consolidation
splitsize=5, no consolidation
splitsize=20, no consolidation
splitsize=100, no consolidation
0 200 400 600 800 1000
0 2000 4000 6000
operations
traffic (kB)
splitsize=1, no consolidation
splitsize=5, no consolidation
splitsize=20, no consolidation
splitsize=100, no consolidation
Evaluation
Impact on Traffic
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 15
31. Summary
HEINZ NIXDORF INSTITUTE
University of Paderborn
Distributed datastructures are useful for OSNs
Buckets and remote operations allow flexible, efficient list functionalities
Access control fundamental in OSNs
Cryptographic approaches and groups to control access to list
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 16
32. Thank you for your attention!
HEINZ NIXDORF INSTITUTE
University of Paderborn
Alexander Mäcker
Heinz Nixdorf Institute
& Department of Computer Science
University of Paderborn
Address: Fürstenallee 11
33102 Paderborn
Germany
E-mail: amaecker@upb.de
Web: http://www.p2pframework.com
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 17
33. Remote Write Access
HEINZ NIXDORF INSTITUTE
University of Paderborn
1) C requests item from S; possibly sends hash of its own version of item
2) S replies with current version of item or ACK
3) C performs following steps
perform change locally
compute signature
send back signature, command and old hash
4) C compares hashes; either performs changes locally and stores or back to step 2
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 18
34. Consolidation of Distributed List
1) Initiating node computes B0k
and B0k
+1 and signatures Sig(B0k
HEINZ NIXDORF INSTITUTE
University of Paderborn
), Sig(B0k
+1).
Signatures sent to nodes Sk and Sk+1 storing Bk and Bk+1.
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
35. Consolidation of Distributed List
1) Initiating node computes B0k
and B0k
+1 and signatures Sig(B0k
HEINZ NIXDORF INSTITUTE
University of Paderborn
), Sig(B0k
+1).
k
k
00Signatures sent to nodes Sk and Sk1 storing Bk and Bk1.
++2) Sk and Sk1 compute Band B++1. Cancel if differ from received ones.
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
36. Consolidation of Distributed List
1) Initiating node computes B0k
and B0k
+1 and signatures Sig(B0k
HEINZ NIXDORF INSTITUTE
University of Paderborn
), Sig(B0k
+1).
k
k
00Signatures sent to nodes Sk and Sk1 storing Bk and Bk1.
++2) Sk and Sk1 compute Band B++1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
37. 1) Initiating node computes B0k
and B0k
+1 and signatures Sig(B0k
HEINZ NIXDORF INSTITUTE
University of Paderborn
), Sig(B0k
+1).
k
k
00Signatures sent to nodes Sk and Sk1 storing Bk and Bk1.
++2) Sk and Sk1 compute Band B++1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
4) On reception of notification, Sk+1 stores B0k
and notifies Sk+1.
Consolidation of Distributed List
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19
38. Consolidation of Distributed List
1) Initiating node computes B0k
and B0k
+1 and signatures Sig(B0k
HEINZ NIXDORF INSTITUTE
University of Paderborn
), Sig(B0k
+1).
k
k
00Signatures sent to nodes Sk and Sk1 storing Bk and Bk1.
++2) Sk and Sk1 compute Band B++1. Cancel if differ from received ones.
3) Sk+1 notifies Sk .
4) On reception of notification, Sk+1 stores B0k
and notifies Sk+1.
5) On reception of notification, Sk stores B0k
+1 after checking that B0k
is stored as
expected.
Secure Distributed Data Structures for Peer-to-Peer-based Social Networks Alexander Mäcker 19