File sharing refers to the providing and receiving of file over the network, a central server that operates a centralized data repository search engine within a peer-topeer network performs authentication and authorization operations with respect to users that access its services. Trust mechanism and access control technology are used in the p2p file sharing system to be more secure with respect to the existing one.

1. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Secure Trust Management Model for Peer-to-Peer
File Sharing System
Amuthan.A, Marimuthu.G and Kaliaperumal.G
Pondicherry Engineering College/Dept of Computer Science, India.
Email: {amuthan, cs0711, kaliaperumal.g}@pec.edu
Abstract---File sharing refers to the providing and receiving of Start
file over the network, a central server that operates a
centralized data repository search engine within a peer-to-
peer network performs authentication and authorization
operations with respect to users that access its services. Trust Send a request for a file
mechanism and access control technology are used in the p2p
file sharing system to be more secure with respect to the
Receive a list of peers that have the file
existing one.
Index Terms---P2P, File sharing, Trust, Reputation, Access Receive a list of peers that have the file
Control.
Receive a list of peers that have the file
1. INTRODUCTION
A. Background Yes
No File is good Stop
In a Peer-to-Peer (P2P) file sharing system, peer
communicates directly with each other to exchange
information and share files. P2P system can divide into Figure 1.2 Traditional P2P
several categories (illustrate in Fig. 1.1). Centralized P2P
systems (e.g., Napster [1]) use a centralized control server
to manage the systems. Decentralized P2P systems try to 1. Send a file request
distribute control over several peers. They can be divide 2. Receive a list of peers that have the requested file
into purely decentralized (e.g., Gnutella [2]) and Hybrid 3. Select a peer
decentralized systems (e.g., KaZaA [3]). 4. Download the file
P2P Systems
However, P2P file sharing system make the security
issue a challenging problem. There is no trusted server to
Partially Centralized validate the peer. At the same time, a trust mechanism is
Decentralized
E.g., Napster needed to punish peers that exhibit malicious behavior (i.e.,
those that provide malicious content or misleading
filenames) and furthermore, an access control mechanism
Purely Decentralized Hybrid Decentralized
E.g., Gnutella E.g., KaZaA is developed to secure the file sharing P2P network.
B. Motivation and Contribution
Figure 1.1: P2P System Partially centralized P2P systems have been proposed
to reduce the control overhead needed to run the P2P file
sharing system. They also provide lower discovery time
In traditional P2P System (i.e., without any trust because the discovery process involves in the server. The
mechanism and access control), a user is given a list of proposed trust management model uses a reputation trust
peers that can provide the requested file. The user has then mechanism system and access mechanism system. In
to choose one peer from which the download will be reputation mechanism system, each peer may record
performed. In traditional P2P systems, little information is information on past experience with all peers it has
given to the user to help in the selection process. interacted with and the opinion regarding the peers that
The following is the life cycle of a peer in a traditional P2P have the requested file. In access control mechanism,
system (illustrate in Fig. 1.2) determines who can access the system, what kind of
resources can be accessed (illustrate in Fig. 1.3):
The following is the life cycle of a peer in a Trust
Management Model based P2P system.
1
© 2011 ACEEE
DOI: 01.IJNS.02.01.28

2. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Start Partially Centralized Architecture – In these systems,
(illustrate in Fig. 2.1) there is a central server facilitate the
interaction between peers by maintain directories of
metadata, describing the shared files stored by the peer
Send a request for a file
nodes. Although the end-to-end interaction and file
exchange may take place directly between two peer nodes,
Receive a list of peers that have the file
the central servers facilitate this interaction by performing
the lookups and identifying the nodes storing the files.
Select a peer based on a reputation metrics
Access permission No
Yes
Access the file
File is good Figure 2.1: Partially Centralized
No Yes Purely Decentralized Architectures – All nodes in the
network perform exactly the same tasks, (illustrate in
Update Update Fig. 2.2) acting both as servers and clients, and there is
Reputation Reputation Stop
Data Data
no central coordination of their activities. The nodes of
such networks are often termed “servents” (SERVers +
Figure 1.3 Trust Management Model P2P cliENTS),
1. Send a file request
2. Receive a list of peers that have the requested file
3. Select a peer based on a reputation metric
4. Check the access permission
5. Access the file
6. Send feedback and update the reputation data
Figure 2.2: Purely Decentralized P2P
C. Organization
This paper is organized as follows. In section 2 Hybrid Decentralized Architectures – The basis is the
discusses the literature survey of existing system, P2P file same as with purely decentralized systems. (Illustrate
sharing network and the list of reputation based system that in Fig. 2.3) Some of the nodes, however, assume a
we feel is more appropriate for peer-to-peer more important role, acting as local central indexes for
communication. In Section 3 we enlist and discuss our file shared by local peers. The way in which these
model of reputation based system. In Section 4 we present supernodes are assigned their role by the network
an access control model for our P2P file sharing system. In varies between different systems. It is important,
Section 5 we enlist the interaction procedure for our model. however, to note that these supernodes do not
Section 6 is the summary of this paper. Finally we constitute single points of failure for a peer-to-peer
concluded with our conclusion. network, since they are dynamically assigned and, if
they fail, the network will automatically take action to
II. RELATED WORK replace them with others.
Several surveys have addressed the problem of
enforcing trust on P2P networks based on reputation.
A. P2P File Sharing Technologies
Peer-to-Peer file sharing networks are supposed to be
totally decentralized, in practice this is not always true, and
systems with various degrees of centralization are
encountered. Specifically the following three categories are
identified.
2
© 2011 ACEEE
DOI: 01.IJNS.02.01.28

3. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Directly Directly
Trust Trust
Peer A Peer B Peer C
Indirectly
Trust
Figure 2.5: Indirect Trust
D. Existing P2P Reputation-based Systems
This section briefly review some of the existing P2P
Figure 2.3: Hybrid Decentralized P2P
reputation systems, we start by giving an overview of the
B. Trust and Reputation reputation systems.
OpenPrivacy – In OpenPrivacy, the reputation
Trust and reputation mechanisms have been proposed for information is stored in a certificate. The system is similar
large environments in peer-to-peer computing, in concept to web of trust. A peer certifies another peer
recommender systems. However, there is no universal through the use of certificate. Every certificate stores the
agreement on the definition of trust and reputation. In this value of the target’s reputation and the confidence of the
paper, we adopt the following working definitions: certificate creator. To prevent tampering, each certificate is
Trust – a peer’s belief in another peers capabilities, digitally signed with the private key of the certificate
honesty and reliability based on its own direct experiences; creator. This certificated are stored at the certificate creator
Reputation – a peer’s belief in another peer’s as well as the certification target.
capabilities, honesty and reliability based on P2Prep – In P2Prep, every peer in the system stores
recommendations received from other peers. their interaction experience with other peers (based on
Reputation can be centralized, computed by a trusted pseudonym). This reputation records are being update
third party or it can be decentralized, computed every time an interaction takes place. These reputation
independently by each peer after asking other peers and records can be used by other peers to make decision when
recommendations. initializing an interaction. In this case, before a peer
Although trust and reputation are different in how they consumes a service, the peer polls other peers about their
are developed, they are closely related. They are both used knowledge of the service provider. At the end of the
to evaluate a peer’s trustworthiness, so they also share interaction, the service consumer updates the reputation of
some common characteristics. the provider and at the same time updates the credibility of
the peers that addressed opinion on the provider.
C. Classification of Reputation in P2P Communication Managing Trust – Managing Trust stores the
In this section we present classification of reputation complaints about a peer in the P-Grid. The underlying idea
for peer-to-peer communication. of the P-Grid approach is to create a virtual binary search
The classification of reputation signifies if the structure with replication that is distributed over the peers
reputation is obtained from a witness peer directly or and supports efficient search. The construction and the
indirectly. Based on whether the reputation is obtained search/update operations can be performed without any
directly or indirectly we identify two types of reputation central control or global knowledge.
they are: RMS – Reputation Management System (RMS) also
 Direct Reputation(Trust) stores the reputation information in a certificate. However,
 Indirect Reputation(Trust) RMS is different from OpenPrivacy in the implementation
Direct reputation – A peer’s belief in another peer’s of the reputation certificate. In RMS, there exists a trusted
capabilities, honesty and reliability based on its own direct third party to record the transaction history for the
experiences (illustrate in Fig. 2.4). subscribers. The transaction history that the trusted party
stored is used by others to check the correctness of the
Directly certificate presented by a peer.
Trust EigenRep – In EigenRep, two types of value, local and
Peer A Peer B global value, are being stored in the systems. The local
Figure 2.4: Direct Trust value is stored in every peer and the global value, which is
derived from multiple local values, are being handled by
random peers in distributed hash table (DHT) such as CAN
Indirect reputation – A peer’s belief in another peer’s
or Chord.
capabilities, honesty and reliability based on
recommendations received from another peers (illustrate in
Fig. 2.5).
3
© 2011 ACEEE
DOI: 01.IJNS.02.01.28

4. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
III. PROPOSED SYSTEM reputation means the aggregated general opinion given by
multiple peers. P2PRep is generally combining these two
In the proposed peer-to-peer file sharing system is a
factors together.
windows program that allows you to host a secure peer-to-
peer file sharing system without any additional software or C. Trusting Peer
services. Users just need to install the client software on
Xab(i)  
each peer. This is the following key feature in our model. 1 if a' s transacti on is success
0 otherwise
 Symmetric encryption with shared secret key 
 Asymmetric encryption with public/private keys.  Xab (i): the ith transaction between a and b.
 Peer authentication with username/password  After n transactions. We obtained the history data
 Binary data transfer between peers History: Dab = {Xab(1), Xab(2), … , Xab(n)}
 All standard FTP operations  sat(a, b): +1, a downloads an authentic file from
 Access control privileges to system resources b.
 unsat(a, b): +1, a downloads an inauthentic file
from b, or a fails to download a file from b.
A. Peer software architecture model
In peer software architecture model it consists mainly D. Evaluate Peer
three components (illustrate in Fig. 3.1): In our model each client is requested to report the
 P2P Substrate transaction detail. Also the client will calculate the
 Middleware credibility of the other clients, which is the total number of
 P2P Application good transaction by over the total number of transaction by
In P2P substrate, it manages two things overlay the client.
Management and Resource managements. In overlay
management construction of the peer and maintenance of Ri = ∑GAi / ∑ TAi
the peer join/leave in the P2P network. In resource  Ri : trust score of peer i
management allocation (storage) of the file location and
 GAi : Number of good actions for this peer i
discovery (routing and lookup) of the peer, are handled in
 TAi : total number of considered actions for this
P2P substrate.
peer i
In middleware, provides services to the P2P
application, e.g., peer selection, reputation based system, Notation and Assumptions
authentication, authorization, integrity and FTP operation.
In P2P application, potentially there could be multiple  Let ID denotes Peer ID.
applications running on top of a single P2P substrate.  Let PTV denotes Positive trust value.
Application includes file sharing and file storage systems  Let NTV denotes Negative trust value.
etc.  Let SBU denotes Sum byte up.
 Let SBD denotes Sum byte download.
P2P Application
 T denotes the Time.
 SPTV denotes Sum of Positive trust value
Middlewa  SNTV denotes Sum of Negative trust value
P2P re
 CV denotes Credibility value
Substrat
In this model each peer maintains two tables, a trust
Operating System
table and a credibility table. The trust table is similar to the
one (illustrate in the Table I) and it contain the following
Hardware information:
Figure 3.1: Software Architecture Table I.
Model for P2P Trust Table
B. P2PRep model ID PTV NTV SBU SBD T
P2Prep is a reputation-based protocol runs in a
completely anonymous P2P networks. In P2Prep, local
reputation management and community-wide reputation When uploading & downloading
management are two different levels. Local reputation is PTV = 1; if SBU = SBD, otherwise PTV=0
defined as one single peer’s opinion of one other peer’s NTV = 1; if SBU≠ SBD, otherwise NTV=0
reputation, based on its formal experience. The community
4
© 2011 ACEEE
DOI: 01.IJNS.02.01.28

5. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
The credibility table (illustrate in Table II). It stores Subject
the credibility of a peer in reporting the trust value of other
peers. It contains the following information. Subject Access control
Access information
Table Ii. Request
Credibility Table Request
Access
ID SPTV SNTV CV T Fail
Monitor
CV = SPTV / SNTV
SPTV > SNTV; Trusted peer
Access Access
SPTV < SNTV; Un-trusted peer Yes Function
Permit Rules
SPTV = SNTV; Indeterminate peer
IV. ACCESS CONTROL
Object Access control
The process of giving an authenticated entity information
Object
permission to do some action or access some resource. In Request
P2P application, a peer might be authenticated to access Figure 4.1: Access Control Architecture
some subset of the resources on another peer.
In the proposed model (illustrate in the Fig. 4.1) the Table Iii
concept of access control is best described as the following Access Table
things. The subject is defined as an active entity which
ID Upload Download Search … T
initiates access requests and operates on objects. Users or
autonomous agents can be subjects. The object is a passive
entity which is target of an access. The examples of object
are files, devices or any other resources that can be used by V. INTERACTION PROCEDURES
subjects. However sometimes, a subject can be an object
and vice versa under the dynamic situation of access in a Interaction procedure (illustrate in Fig. 5.1) in a
system or an organization. typical interaction between a host and a client in our
Note that identifying a subject is under the assumption framework. An interaction generally consists of three
of successful authentication of the subject. The model, phases:
which mediates the access from a subject to an object,  Preparation phase
grants or denies access requests, based on the security  Transaction phase
relevant attributes of subjects and objects. The model is a  Reputation phase
powerful tool for designing and analyzing system security
under the assumption of complete invocation for every Firstly, the preparation phase involves the
access. authentication process. Secondly, the transaction phase
allows the client to interact with the host in order to access
A. Discretionary Access Control the files from the other peers, an access of the file can be
Discretionary access control (DAC) is an access policy based on the authorization. Finally, the reputation phase
that restricts access to files (and other system objects such consists of judging the interaction based on the transaction
as directories and devices) based on the identity of users. of the file quality factors.
Not only does DAC let you tell the system that can It can be seen from the whole interaction procedure
access your data, it lets you specify the type of access that the client plays an active role in every
allowed. For example, you might want everyone in the
system to be able to read a particular file, but you might phase: from initializing the interaction. The host does a
want only yourself and your manager to be able to change minimum amount of work and gets all the required
it information from the client and from its own database to
make the decision. We believe that this is appropriate
because the design principle is that the host should not
waste much of its resources (such as network bandwidth
and CPU cycles), which is primarily beneficial to the client
(which is obtaining the files).
Hub (Host) - Hub is responsible for keeping
information of authentication and authorization of the peer.
Agent (Client) - Agent acts as both a client and a
server at the same time
5
© 2011 ACEEE
DOI: 01.IJNS.02.01.28

6. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
Host Peer Table Iv
Client Peer
Trust Threshold
Authentication Authentication Trust Threshold Meaning
Less than x1 Distrust
No
Valid Preparation phase Between x1 and x2 Average
Greater than x2 Full trust
Yes
B. Screenshots
Request a file Search the file
Server – A server is a P2P program dedicated to providing
Select the peer
Send the file one or more services over a computer network.
based on reputation
location
No Check
Privileges
Access the file Yes
Transaction Transaction phase
Yes No
Figure 6.1 The Server
Update
reputation Client – A client is a P2P Program dedicated to providing
sharing the resources over a computer network
Update
reputation Reputation phase
Yes
Another file
No
Figure 5.1 Flow chart of an interaction between a host peer
and client peer
Figure 6.2 The Client
VI. SIMULATION AND RESULTS
File sharing – File sharing refers to the providing
Our proposed system was implemented using
and receiving of files over a P2P network
Microsoft Visual VB.Net version 8.0 and SQL Server
2005. For implementation we created the peer-to-peer
network and file sharing system with the following.
 Elegant event driven paradigm for easy integration
into windows application.
 Peer authentication and authorization at
application level with username/password and
with private key or with the public key.
 Instant alert and chart messaging
 All standard FTP operations.
Figure 6.3 File sharing
 Finding the trust worthiness of the peer
A. Experimental Setup
C. Results
Our proposed experiment is built on one central server
and with seven P2P clients setup with 5 upload peer, 2 In our experiments we examined the dependence of
download peers with the following thresholds peer performance from its reputation in the following
scenarios.
Senario1 - Increase in security when including
authorization in P2P network
6
© 2011 ACEEE
DOI: 01.IJNS.02.01.28

7. ACEEE Int. J. on Network Security, Vol. 02, No. 01, Jan 2011
mechanisms for evaluating a transaction not only help to
differentiate poorly performing peers from good ones but
also ensure that malicious peers are punished and isolated.
Although we have designed our trust based access control
framework to work specifically with P2P file sharing
networks.
REFERENCES
Figure 6.4 Authorizations vs. Unauthorization [1] Huafeng Wu, Chaojian Shi, Haiguang Chen,Chuanshan Gao,
“A Trust Management Model for P2P File Sharing System”
Senario2 - Decrease of positive trust value when peer 2008 International Conference on Multimedia and
starts “acting” maliciously. Ubiquitous Engineering, , page(s) 41-44, February 2008.
[2] Lara Srour, Aymaan Kayssi, Ali Chehab “Reputation-Based
Algorithm for Managing Trust in File Sharing Network”,
IEEE International Conference on Computer and Information
Technology, January 2006.
[3] S. Q. Zhang, Y.T. Yang, A trust management model for
peer-to-peer computer systems, Journal of Harbin
Engineering University Vol. 26, No 4, PP 522-525,Aug 2005
[4] Y. Wang, E.J. Vassil, Trust and reputation model in Peer-to-
Peer networks. The Third IEEE International Conference on
Peer2to2Peer Computing, Linkopings, 2003.
[5] E. Damian, D.C. Vimercati et al, A reputation-based
Figure 6.5 Peer acting maliciously
approach for choosing reliable resources in Peer-to-Peer
Senario3 – Gain in positive trust value when peer starts networks, The 9th ACM Conference on Computer and
“acting” properly. Communications Security. Washington DC, 2002
[6] A. Singh, L. Liu,, Anonymous management of trust
relationships in decentralized P2P systems, The Third IEEE
International Conference on Peer-to-Peer Computing,
Linkopings, 2004.
[7] K. Aberer, Z. Despotovic, Managing trust in a Peer-to-Peer
information system, The Tenth International Conference on
Information and Knowledge Management (ACM CIKM’01),
Linkopings, 2001.
[8] Li Xiong and Ling Liu. A Reputation-Based Trust
Model for Peer-to-Peer eCommerce Communities.
Proceedings of the IEEE International Conference on E-
Figure 6.6 Peer acting properly Commerce.
[9] Yao Wang and Julita Vassileva. Trust and Reputation Model
in Peer-to-Peer Networks. IEEE Proceedings of the Third
CONCLUSION International Conference on Peer-to-Peer Computing
The proposed trust based access control framework (P2Pa˛r´03), 2003.
satisfies the requirements of access control for P2P file- [10] Ali Aydin Selpk, Ersin Uzun and Mark Regat Pariente. A
Reputation-Based Trust Management System for P2P
sharing systems, by extending the discretionary access
Networks. In IEEE International Symposium on Cluster
control model, P2P’s partial decentralized properties and Computing and the Grid, 2004.
peers autonomy are preserved while enabling and [11] Bin Yu, Munindar P. Singh and Katia Sycara. Developing
maintaining collaboration between peers. The trust model Trust in Large-Scale Peer-to-Peer Systems. IEEE 2004.
and score systems help to classify both known and [12] Sergio Marti and Hector Garcia-Molina. Limited Reputation
unknown visitors according to their trustworthiness and Sharing in P2P Systems. In EC’04 May20.08, 2004, New
contribution. Hence, appropriate access privileges can be York, New York, USA.
assigned to each visitor accordingly. The proposed
7
© 2011 ACEEE
DOI: 01.IJNS.02.01.28