Stanford Professors Say “Rewiring” P2P Nets May Block RIAA Attacks
 

Will Knight

A proposed US law permitting attacks on peer-to-peer file sharing networks to disrupt illegal copying could be undermined by research from two US computer students.

A US bill proposed in July 2002 would give copyright holders the legal power to attack the computers of file sharers suspected of piracy. Experts say it would be relatively easy to log on to a network and deliberately overload suspected users with fake requests for a file, by misinforming other "nodes". This is similar to overloading a web site with fake traffic in a "denial of service" attack.

But Neil Daswani and Hector Garcia-Molina of the Database Research Department at Stanford University in the US believe it may be possible to redesign peer-to-peer networks to protect them against such attacks. Daswani says this may also guard these networks against malicious computer hackers. He told New Scientist: "We were interested in both protecting the network from being shut down and protecting individual users."
http://www.newscientist.com/news/news.jsp?id=ns99993037

- js.

An interesting article, yet the research was done only on Gnutella. So what's new here? :PO:

The idea of "peer review" was only briefly mentioned, but it seems to me that dynamic, community-controlled criteria of trust are the best way to drastically prevent malicious damage. There can never be absolute trust, as was discussed in the article, but giving ordinary peers the power to define their optimal environment would both compartmentalise and restrict any peers or bots with malicious intent.

There should be some kind of democratic "voting" system in place, but not to the detriment of unusual requests (which often deal with rare content.) For the common items on Gnutella it may be fine, but IMO there has to be a better solution than that! :RI:

Thanks for the article anyway. :tu:

That's a good point Dave, but I like their approach better than their conclusions. They're attacking the problem by looking only at the network protocol rather than the users on the network. A trust system can block spam, leeches and spoofers, but it operates on a plane above the basic message routing system of the network which can still be misused. Remember that users and nodes are not the same thing; it's easy for users to spot malicious users but it's hard for nodes to recognize malicious nodes. These guys are working below the surface and not many others are.

I would add a usage restriction to your voting system: if a user has a bad reputation then they should not be allowed to run a supernode. That might bridge the social and technological gap in network security allowing the client to focus on networking rather than bot-sniffing.