|
Peer-to-peer (P2P) has proven as a most successful way to produce large
scale, reliable, and cost-effective applications, as illustrated for file sharing or
VoIP. P2P storage is an emerging field of application which allows peers to
collectively leverage their resources towards ensuring the reliability and
availability of user data. Providing assurances in both domains requires not
only ensuring the confidentiality and privacy of the data storage process, but
also thwarting peer misbehavior through the introduction of proper security
and cooperation enforcement mechanisms. Misbehavior may consist in data
destruction or corruption by malicious or free-riding peers. Additionally, a
new form of man-in-the-middle attack may make it possible for a malicious
peer to pretend to be storing data without using any local disk space. New
forms of collusion also may occur whereby replica holders would collude to
store a single replica of some data, thereby defeating the requirement of data
redundancy. Finally, Sybil attackers may create a large number of identities
and use them to gain a disproportionate personal advantage.The continuous
observation of peer behavior and monitoring of the storage process is an
important requirement to secure a storage system. Observing peer misbehavior
requires appropriate primitives like proofs of data possession, a form of proof
of knowledge whereby the holder interactively tries to convince the verifier
that it possesses the very data without actually retrieving them or copying
them at verifier’s memory. We present a survey of such techniques and discuss
their suitability for assessing remote data storage.
|