The last few years have seen an explosive growth of diversified peer-to-peer (P2P) systems over the internet, such as Gnutella, Chord, Freenet, and KaZaA.

Different from traditional client/server systems, P2P systems enable sharing of various resources and services among a large collection of client computers (peers) without the need for central authorities or servers.

That is, every entity in a P2P environment acts as a peer, and by virtue of the huge number of peers, objects can be widely replicated, providing the opportunity for high availability and scalability.

All peers are both users and providers of resources and can directly access each other without intermediary agents. Therefore, P2P system, by its very nature, is a large, uncensored, distributed one to which any peer may contribute.

The topology of a P2P system evolves quickly as new nodes join or leave the network based on intentions of their users.

P2P systems pose too much higher amount of uncertainty and security problems compared with many other types of distributed systems, perhaps partly because there is no centralised entity to act as an authoritative TTP to monitor average peers and punish bad peers.

Attacks by anonymous malicious peers have been observed on today's popular P2P networks.

Thus, entities must determine that other entities are indeed who they declare they are, as well as determining whether other entities are authorised to access resources or functionalities.

To encourage use of certain P2P systems, especially ecommerce systems, the entities involved must establish trust at first before their interactions.

Trust in P2P systems is a peer's belief in another peer's identity, reliability, and capability based on its own experiences.

Comparatively, it is easy to establish trust in a small system where every entity knows every other entity. When it comes to a system like P2P, the complexity of managing trust largely increases.

Generally, in order to implement efficient trust management in P2P systems, a viable trust model needs to be incorporated that will allow peers to have varying amounts of dynamically changeable trust in other peers.

Many trust models are proposed for this purpose, most of which are based on reputation and recommendation of peers. Here we will give a brief overview of current researches in P2P trust.

Kazaa defines a participation level for each peer based on some QOS parameters. The participation level score is used in prioritising peers during periods of high demand.

However, locally stored participation level scores are potential threats against system security.

Aberer and Despotovic, (in Managing trust in a peer-2-peer information system, The Ninth International Conference on Information and Knowledge Management (CIKM), Nov. 2001.) proposed a binary trust model for P2P networks, i.e. a peer is either trustworthy or it is not.

This system assesses trust by computing an agent's reputation from its former interactions with other agents.

Currently, continuous trust values instead of discrete trust values are widely accepted in representing degrees of trust. In EigenRep, each peer locally stores its own view of the reputation of the peers it does transactions with.

The global reputation of each peer is computed by using the local reputation values assigned to it by other peers, but weighted by the global reputation of the assigning peers.

This method of reputation inference rules out the possibility of malicious peers maligning the reputation of other peers.

Another relevant work is a P2P protocol called P2PRep proposed by Cornelli (Choosing reputable servents in a P2P network, Proc. of the 11th Int World Wide Web Conf. Hawaii: ACM Press, 441~449).

Servants in P2PRep can keep track, and share with others, information about the reputation of their peers.

Their focus is to provide a protocol complementing existing P2P protocols, as demonstrated on top of Gnutella. There are no experimental results in the paper validating their approach.

Xiong and Liu (Building trust in decentralised peer-to-peer communities, International Conference on Electronic Commerce Research (ICECR-5), Oct. 2002) proposed a feedback based trust management system for peers called PeerTrust to quantify and compare the reputation of other peers in P2P networks.

The trust for a peer in this system is non-decreasing and subjective. It introduces a balancing factor to offset the impact of malicious peers that misreport other peers' service.

The aforementioned P2P systems or prototypes have mainly focused on giving a formal treatment of trust, and can be roughly divided into the following categories: trust model based on PKI (some peers act as leaders), trust model based on local recommendation, global trust model, and data signature trust model.

However, the effectiveness of a trust model depends not only on the factors and the metric for computing trust measure, but also on implementation of the trust model in a P2P system.

Some problems have not yet satisfactorily solved about trust management in P2P systems:

  • Anonymity. Peers can join the communities with ease without disclosing their identities in most previous P2P systems.

    Anonymity will assist malicious users to shelter and disguise themselves behind the scenes, or to conspire to provide false trust ratings.

    How to distinguish between beneficial users and malicious users under this environment? This problem has been mentioned a lot, but still not successfully solved.

  • What we called cyclic dependency problem (just like dead locks in OS research) emerges in the process of trust recommendation.

    Peers and recommendation relationships can be respectively viewed as a directed graph's nodes and edges.

    The cyclic dependency problem is as follows: when there is a loop existing in the directed graph, the trust computation will cause dead locks between two or more peers on the loop.

    It will bring about many problems, both in theory and in practice. Current trust models do not notice this when they perform trust computing.
  • Distributed trust data and communication management in P2P systems.

    For example, how to effectively store trust data providing guarantees for both efficiency and security at the same time? The problem has been lack of sufficient discussions before.

  • Single Point of Failure

Trust in P2P systems is a relatively new research area, and there are many open questions and interesting issues to be addressed.

Since the growth in popularity and use of P2P systems will continue and the security threats will multiply, trust-related research seems imperative under the situation.

Further reading

  • The Chord Project
  • S. Kamvar, M. Schlosser, and H. Garcia-Molina, The eigentrust algorithm for reputation management in p2p networks, International World Wide Web Conference (WWW), pages 640¨C651, 2003
  • Yao Wang, Julita Vassileva, Trust and Reputation Model in Peer-to-Peer Networks, Proceedings of the Third International Conference on Peer-to-Peer Computing (P2P'03), Sweden, Sep. 2003
  • Kamvar SD, Schlosser MT, EigenRep: Reputation management in P2P networks, Proc. of the 12th Int World Wide Web Conf. Budapest: ACM Press, 123~134

Haoyang Che is a PhD student at the Institute of Software, the Chinese Academy of Sciences. His research interests include peer-to-peer systems, trust management, and distributed computing.