© ACM, 2004. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM Computing Surveys, 36(4):335-371, December 2004. http://doi.acm.org/10.1145/1041680.1041681

A Survey of Peer-to-Peer Content Distribution Technologies

Stephanos Androutsellis-Theotokis¹ and Diomidis Spinellis
Athens University of Economics and Business

Abstract

Categories and Subject Descriptors: C.2.1 [Computer-Communication Networks]: Network Architecture and Design-Network topology; C.2.2 [Computer- Communication Networks]: Network Protocols-Routing protocols; C.2.4 [Computer-Communication Networks]: Distributed Systems-Distributed databases; H.2.4 [Database Management]: Systems-Distributed databases; H.3.4 [Information Storage and Retrieval]: Systems and Software-Distributed systems

General Terms: Algorithms, Design, Performance, Reliability, Security

Additional Key Words and Phrases: Content distribution, DOLR, DHT, grid computing, p2p, peer-to-peer

1  Introduction

1.1  Defining Peer-to-Peer Computing

• The sharing of computer resources by direct exchange, rather than requiring the intermediation of a centralized server. Centralized servers can sometimes be used for specific tasks (system bootstrapping, adding new nodes to the network, obtain global keys for data encryption), however systems that rely on one or more global centralized servers for their basic operation (e.g. for maintaining a global index and searching through it-Napster, Publius) are clearly stretching the definition of peer-to-peer.
  As the nodes of a peer-to-peer network cannot rely on a central server coordinating the exchange of content and the operation of the entire network, they are required to actively participate by independently and unilaterally performing tasks such as searching for other nodes, locating or caching content, routing information and messages, connecting to or disconnecting from other neighboring nodes, encrypting, introducing, retrieving, decrypting and verifying content as well as others.
• Their ability to treat instability and variable connectivity as the norm, automatically adapting to failures in both network connections and computers, as well as to a transient population of nodes.
  This fault-tolerant, self-organizing capacity suggests the need for an adaptive network topology that will change as nodes enter or leave and network connections fail or recover, in order to maintain its connectivity and performance.

Peer-to-peer systems are distributed systems consisting of interconnected nodes able to self-organize into network topologies with the purpose of sharing resources such as content, CPU cycles, storage and bandwidth, capable of adapting to failures and accommodating transient populations of nodes while maintaining acceptable connectivity and performance without requiring the intermediation or support of a global centralized server or authority.

1.2  Peer-to-Peer and Grid Computing

1.3  Classification of Peer-to-Peer Applications

Communication and Collaboration

This category includes systems that provide the infrastructure for facilitating direct, usually real-time, communication and collaboration between peer computers. Examples include chat and instant messaging applications, such as Chat/Irc, Instant Messaging (Aol, Icq, Yahoo, Msn), and Jabber [Jab03].

Distributed Computation

This category includes systems whose aim is to take advantage of the available peer computer processing power (CPU cycles). This is achieved by breaking down a computer-intensive task into small work units and distributing them to different peer computers, which execute their corresponding work unit and return the results. Central coordination is invariably required, mainly for breaking up and distributing the tasks and collecting the results. Examples of such systems include projects such as Seti@home [SIWB⁺97,Set03], genome@home [LSP03,Gen03], and others.

Internet Service Support

A number of different applications based on peer-to-peer infrastructures have emerged for supporting a variety of internet services. Examples of such applications include peer-to-peer multicast systems [VBB⁺03,CDKR02], internet indirection infrastructures [SAZ⁺02], and security applications providing protection against denial of service or virus attacks [KVR02,JWZ03,VATS04].

Database Systems

Considerable work has been done on designing distributed database systems based on peer-to-peer infrastructures. Bernstein et al. [BGK⁺02] propose the Local Relational Model (LRM), in which the set of all data stored in a peer-to-peer network is assumed to be comprised of inconsistent local relational databases interconnected by sets of "acquaintances" that define translation rules and semantic dependencies between them. PIER [HHLTL03] is a scalable distributed query engine built on top of a peer-to-peer overlay network topology that allows relational queries to run across thousands of computers. The Piazza system [HIMT03] provides an infrastructure for building semantic web [BLHL01] applications consisting of nodes that can supply either source data (e.g. from a relational database), schemas (or ontologies) or both. Piazza nodes are transitively connected by chains of mappings between pairs of nodes, allowing queries to be distributed across the Piazza network. Finally Edutella [NWQ⁺03] is an open-source project that builds on the W3C metadata standard RDF, to provide a metadata infrastructure and querying capability for peer-to-peer applications.

Content Distribution

Most of the current peer-to-peer systems fall within the category of content distribution, which includes systems and infrastructures designed for the sharing of digital media and other data between users. Peer-to-peer content distribution systems range from relatively simple direct file sharing applications, to more sophisticated systems that create a distributed storage medium for securely and efficiently publishing, organizing, indexing, searching, updating, and retrieving data. There are numerous such systems and infrastructures, some examples of which are: the late Napster, Publius [WAL00], Gnutella [Gnu03], Kazaa [Kaz03], Freenet [CSW00], MojoNation [Moj03], Oceanstore [KBC⁺00], PAST [DR01], Chord [SMK⁺01], Scan [CKK00], FreeHaven [DFM00], Groove [Gro03], and Mnemosyne [HR02].

1.4  Peer-to-Peer Content Distribution

• Peer-to-peer Applications
  This category includes content distribution systems that are based on peer-to-peer technology. We attempt to further subdivide them into the following two groups, based on their application goals and perceived complexity:

  Peer-to-Peer "File Exchange" Systems

  These systems are targeted towards simple, one-off file exchanges between peers. They are used for setting up a network of peers and providing facilities for searching and transferring files between them. These are typically light-weight applications that adopt a best effort approach without addressing security, availability and persistence. It is mainly systems in this category that are responsible for spawning the reputation (and in some cases notoriety) of peer-to-peer technologies.

  Peer-to-Peer Content Publishing and Storage Systems

  These systems are targeted towards creating a distributed storage medium in-and through-which users will be able to publish, store and distribute content in a secure and persistent manner. Such content is meant to be accessible in a controlled manner by peers with appropriate privileges. The main focus of such systems is security and persistence, and often the aim is to incorporate provisions for accountability, anonymity and censorship resistance, as well as persistent content management (updating, removing, version control) facilities.
• Peer-to-peer Infrastructures
  This category includes peer-to-peer based infrastructures that do not constitute working applications, but provide peer-to-peer based services and application frameworks. The following infrastructure services are identified:

  Routing and location

  Any peer-to-peer content distribution system relies on a network of peers within which requests and messages must be routed with efficiency and fault tolerance, and through which peers and content can be efficiently located. Different infrastructures and algorithms have been developed to provide such services.

  Anonymity

  Peer-to-peer based infrastructure systems have been designed with the explicit aim of providing user anonymity.

  Reputation management

  In a peer-to-peer network there is no central organization to maintain reputation information for users and their behavior. Reputation information is therefore hosted in the various network nodes. In order for such reputation information to be kept secure, up-to-date, and available throughout the network, complex reputation management infrastructures need to be employed.

2  Analysis Framework

• identifying the feature space of non-functional properties and characteristics of content distribution systems,
• determining the way in which the non-functional properties depend on and can be affected by various design features, and
• providing an account, analysis and evaluation of the design features and solutions that have been adopted by current peer-to-peer systems, as well as their shortcomings, potential improvements and proposed alternatives.

Security. Further analyzed in terms of:

Integrity and Authenticity

Safeguarding the accuracy and completeness of data and processing methods. Unauthorized entities cannot change data; adversaries cannot substitute a forged document for a requested one.

Privacy and Confidentiality

Ensuring that data is accessible only to those authorized to have access and that there is control over what data is collected, how it is used and how it is maintained.

Availability and Persistence

Ensuring that authorized users have access to data and associated assets when required. For a peer-to-peer content distribution system this often means always. This property entails stability in the presence of failure or changing node populations.


Scalability. Maintaining the system's performance attributes independent of the number of nodes or documents in its network. A dramatic increase in the number of nodes or documents will have minimal effect on performance and availability.
Performance. The time required for performing the operations allowed by the system, typically publication, searching and retrieval of documents.
Fairness. Ensuring that users offer and consume resources in a fair and balanced manner. May rely on accountability, reputation and resource trading mechanisms.
Resource Management Capabilities. In their most basic form peer-to-peer content distribution systems allow the publishing, searching and retrieval of documents. More sophisticated systems may afford more advanced resource management capabilities such as editing or removal of documents, management of storage space and operations on metadata.
Semantic Grouping of Information. An area of research that has attracted considerable attention recently is the semantic grouping and organization of content and information in peer-to-peer networks. Various grouping schemes are encountered, such as semantic grouping based on the content itself, grouping based on locality or network distance, grouping based on organization ties as well as others.

3  Peer-to-Peer Distributed Object Location and Routing

3.1  Overlay Network Centralization

Purely Decentralized Architectures

All nodes in the network perform exactly the same tasks, acting both as servers and clients, and there is no central coordination of their activities. The nodes of such networks are often termed "servents" (SERVers+clieENTS).

Partially Centralized Architectures

The basis is the same as with purely decentralized systems. Some of the nodes, however, assume a more important role, acting as local central indexes for files shared by local peers. The way in which these supernodes are assigned their role by the network varies between different systems. It is important, however, to note that these supernodes do not constitute single points of failure for a peer-to-peer network, since they are dynamically assigned and if they fail the network will automatically take action to replace them with others.

Hybrid decentralized architectures

In these systems there is a central server facilitating the interaction between peers by maintaining directories of meta-data describing the shared files stored by the peer nodes. Although the end-to-end interaction and file exchanges may take place directly between two peer nodes, the central servers facilitate this interaction by performing the lookups and identifying the nodes storing the files. The terms "peer-through-peer" or "broker mediated" are sometimes used for such systems [Kim01].

Obviously in these architectures there is a single point of failure (the central server). This typically renders them inherently unscalable and vulnerable to censorship, technical failure or malicious attack.

3.2  Network Structure

Unstructured

The placement of content (files) is completely unrelated to the overlay topology.

In an unstructured network, content typically needs to be located. Searching mechanisms range from brute force methods such as flooding the network with propagating queries in a breadth-first or depth-first manner until the desired content is located, to more sophisticated and resource-preserving strategies that include the use of random walks and routing indices (discussed in more detail in Section 3.3.4). The searching mechanisms employed in unstructured networks have obvious implications, particularly in regards to matters of availability, scalability, and persistence.

Unstructured systems are generally more appropriate for accommodating highly transient node populations. Some representative examples of unstructured systems are Napster, Publius [WAL00], Gnutella [Gnu03], Kazaa [Kaz03], Edutella [NWQ⁺03], FreeHaven [DFM00], as well as others.

Structured

They have emerged mainly in an attempt to address the scalability issues that unstructured systems were originally faced with. In structured networks the overlay topology is tightly controlled and files (or pointers to them) are placed at precisely specified locations. These systems essentially provide a mapping between content (e.g. file identifier) and location (e.g. node address), in the form of a distributed routing table, so that queries can be efficiently routed to the node with the desired content [LRS02].

Structured systems offer a scalable solution for exact-match queries, i.e. queries in which the exact identifier of the requested data object is known (as compared to keyword queries). Using exact-match queries as a substrate for keyword queries remains an open research problem for distributed environments [WMB99].

A disadvantage of structured systems is that it is hard to maintain the structure required for efficiently routing messages in the face of a very transient node population, in which nodes are joining and leaving at a high rate [LRS02].

Typical examples of structured systems include Chord [SMK⁺01], CAN [RFHK01], PAST [DR01], Tapestry [ZKJ01] et cetera.

A category of networks that are in between structured and unstructured are referred to as loosely structured networks. Although the location of content is not completely specified, it is affected by routing hints. A typical example is Freenet [CSW00,CHSW02].

3.3  Unstructured Architectures

3.3.1  Hybrid Decentralized

• A table of registered user connection information (IP address, connection bandwidth et cetera.)
• A table listing the files that each user holds and shares in the network, along with metadata descriptions of the files (e.g. filename, time of creation et cetera.)

3.3.2  Purely Decentralized

Ping

A request for a certain host to announce itself.

Pong

Reply to a Ping message. It contains the IP and port of the responding host and number and size of the files being shared.

Query

A search request. It contains a search string and the minimum speed requirements of the responding host.

Query Hits

Reply to a Query message. It contains the IP, port and speed of the responding host, the number of matching files found and their indexed result set.

3.3.3  Partially Centralized

• Discovery time is reduced in comparison with purely decentralized systems, while there still is no unique point of failure. If one or more supernodes go down, the nodes connected to them can open new connections with other supernodes, and the network will continue to operate.
• The inherent heterogeneity of peer-to-peer networks is taken advantage of and exploited. In a purely decentralized network all of the nodes will be equally (and usually heavily) loaded, regardless of their CPU power, bandwidth or storage capabilities. In partially centralized systems, however, the supernodes will undertake a large portion of the entire network load, while most of the other (so called "normal") nodes will be very lightly loaded, in comparison (see also [LRS02,ZMK02]).

3.3.4  Shortcomings and Evolution of Unstructured Architectures

• A dynamic topology adaptation protocol that ensures that most nodes will be at a short distance from high capacity nodes. This protocol, coupled with replicating pointers to the content of neighbors, ensures that high capacity nodes will be able to provide answers to a very large number of queries.
• An active flow control scheme that exploits network heterogeneity to avoid hot-spots, and
• A search protocol that is based on random walks directed towards high capacity nodes.

• keyword searching is the common operation,
• most content is typically replicated at a fair fraction of participating sites,
• the node population is highly transient,
• users will accept a best effort content retrieval approach, and
• the network size is not so large as to incur scalability problems [LRS02] (The last issue is alleviated through the various methods described in this Section).

3.4  Structured Architectures

• Freenet is a loosely structured system that uses file and node identifier similarity to produce an estimate of where a file may be located, and a chain mode propagation approach to forward queries from node to node.
• Chord is a system whose nodes maintain a distributed routing table in the form of an identifier circle on which all nodes are mapped, and an associated finger table.
• CAN is a system using an n-dimensional Cartesian coordinate space to implement the distributed location and routing table, whereby each node is responsible for a zone in the coordinate space.
• Tapestry (and the similar Pastry and Kademlia) are based on the plaxton mesh data structure, which maintains pointers to nodes in the network whose IDs match the elements of a tree-like structure of ID prefixes up to a digit position.

3.4.1  Freenet-A Loosely Structured System

Data insert

A node inserts new data in the network. A key and the actual data (file) are included.

Data request

A request for a certain file. The key of the file requested is also included.

Data reply

A reply initiated when the requested file is located. The actual file is also included in the reply message.

Data failed

A failure to locate a file. The location (node) of the failure and the reason are also included.

• Nodes tend to specialize in searching for similar keys over time, as they get queries from other nodes for similar keys.
• Nodes store similar keys over time, due to the caching of files as a result of successful queries.
• Similarity of keys does not reflect similarity of files.
• Routing does not reflect the underlying network topology.

3.4.2  Chord

3.4.3  CAN

1. The new node identifies a node already in CAN network, using a bootstrap mechanism as described in [Fra00].
2. Using the CAN routing mechanism, the node randomly chooses a point P in the coordinate space and sends a JOIN request to the node covering P. The zone is then split, and half of it is assigned to the new node.
3. The new node builds its routing table with the IP addresses of its new neighbors, and the neighbors of the split zone are also notified to update their routing tables to include the new node.

3.4.4  Tapestry

• Each node additionally maintains a list of back-pointers, which point to nodes where it is referred to as a neighbor. These are used in dynamic node insertion algorithms to generate the appropriate neighbor maps for new nodes. Dynamic algorithms are employed for node insertion, populating neighbor maps and notifying neighbors of new node insertions.
• The concept of distance between nodes becomes semantically more flexible, and locations of more than one replica of an object are stored, allowing the application architecture to define how the "closest" node will be interpreted. For example, in the Oceanstore architecture [KBC⁺00] a "freshness" metric is incorporated in the concept of distance, that is taken into account when finding the closest replica of a document.
• The use of soft-state to maintain cached content, based on the announce/listen approach [Dee98], is adopted by Tapestry to detect, circumvent and recover from failures in routing or object location. Caches are periodically updated by refreshment messages, or purged if no such messages are received. Additionally, the neighbor map is extended to maintain two backup neighbors in addition to the closest (primary) neighbor. Furthermore, to avoid costly reinsertions of nodes after failures, when a node realizes that a neighbor is unreachable, instead of removing its pointer, it temporarily marks it as invalid in the hope that the failure will be repaired, and in the meantime routes messages through alternative paths.
• To avoid the single point of failure that root nodes constitute, Tapestry assigns multiple roots to each object. This enables a trade off between reliability and redundancy. A distributed algorithm called surrogate routing is employed to compute a unique root node for an object in a globally consistent fashion, given the non-static set of nodes in the network
• A set of optimizations improve performance by adapting to environment changes. Tapestry nodes tune their neighbor pointers by running refresher threads that update network latency values. Algorithms are implemented to detect query hotspots and offer suggestions as to where additional copies of objects can be placed to significantly improve query response time. A "hotspot cache" is also maintained at each node.

3.4.5  Comparison, Shortcomings and Evolution of Structured Architectures

• Locality is destroyed
  Files originating from a single site are not usually co-located, meaning that opportunities for enhanced browsing, pre-fetching and efficient searching are lost. They propose an approach towards allowing systems to exploit object locality.
• Useful application level information is lost
  Data used by applications is often naturally organized in a hierarchical fashion. The virtualization of the file namespace that takes place as files are represented by keys discards this information.

4  Content Caching, Replication and Migration

Passive Replication

Content replication occurs naturally in peer-to-peer systems as nodes request and copy content from one another. This is referred to as passive replication.

Cache-Based Replication

A form of replication employed in several systems (e.g. OceanStore, Mojonation, Freenet) is the result of caching copies of content as it passes through nodes in the network. In Freenet [CSW00] for instance, when a search request succeeds in locating a file, the file is transferred through the network node by node back to the originator of the request (see also Section 3.4.1). In the process, copies of the file are cached on all intermediated nodes, increasing its availability and location characteristics in future requests.

Active Replication

Active (or proactive) content replication and migration methods are often employed to improve locality of data, as well as availability and performance.

Instrospective replica management techniques are employed by OceanStore, on top of extensive caching, whereby traffic is observed and replicas of content objects are created to accommodate demand [RW⁺01]. OceanStore thus adapts to regional outages and denial of service attacks by migrating data to areas of use and maintaining sufficiently high levels of data redundancy.

A similar approach is seen in MojoNation, where additional copies of popular data are made by a central services broker that monitors traffic and requests, and are distributed to peer nodes for storage [Moj03].

Dynamic replica management algorithms are used in Scan to dynamically place a minimum number of replicas while meeting quality of service and server capacity constraints [CKK00]. Such algorithms are designed to satisfy both client latency and server loads by first searching for existing replicas that meet the client latency constraint without being overloaded, and, if unsuccessful, proceeding to place new replicas. Different versions of these algorithms differ in the degree to which replicas are enforced to lie close to the client requesting them.

In proactive replication studies for the Gnutella network [CS01] it was found that the optimal replication scheme for non-deterministic search is to replicate objects such that

p µ Ö   qr       ,

where p is the number of object replicas and q_r is the object query rate.

By replicating content, data consistency and synchronization issues come up that need to be addressed, especially in systems that allow the deletion and update of content (see also Section 9). Some applications effectively decide to weaken their consistency restrictions in favor of more extensive data replication and higher availability.

5  Security

5.1  Secure Storage

Self-certifying Data

Self-certifying data is data whose integrity can be verified by the node retrieving it [CDG⁺02]. A node inserting a file in the network calculates a cryptographic hash of the file's content, based on a known hashing function, to produce the file key. When a node retrieves the file using its key, it calculates the same hash function to verify the integrity of the data. Note the requirement for common knowledge of the hashing function by all nodes in the network. The above approach is adopted by the CFS system [DKK⁺01], while PAST uses a similar approach based on signed files [DR01]. Note that the method depends on using the hash-derived signature as a file's unique access key.

Information Dispersal

The information dispersal algorithm by Rabin [Rab89] is widely used. Publius [WAL00], Mnemosyne [HR02], FreeHaven [DFM00] employ the algorithm for encoding information to be published in the network. Files are encoded into m blocks so that any n are sufficient to reassemble the original data (m < n). This gives resilience "proportional" to a redundancy factor equal to [m/n].

Shamir's Secret Sharing Scheme

Shamir's [Sha79] secret sharing scheme (SHA) is also used in several systems (Publius [WAL00], MojoNation [Moj03] and PAST [DR01]). The publisher of the content encrypts a file with a key K, then splits K into l shares so that any k of them can reproduce K, but k-1 give no hints about K. Each server then encrypts one of the key shares along with the file block. In order for the file to become inaccessible, at least (l-k-1) servers containing the key must be shut down.

Anonymous Cryptographic Relays

A mechanism based on publisher, forwarder, storer and client peers communicating through anonymous connection layers is employed by PAST [Ser02]. A publisher selects several forwarders and sends to them via anonymous connection encrypted shares of a file. The forwarders in turn select other nodes to act as storers for the shares, and forward the shares to them (again via an anonymous connection). Once all shares are stored, the publisher destroys them, and announces the file name together with the list of forwarders that were used.

In order to retrieve the content, a client will contact the forwarders; the forwarders will in turn contact random servers to act as decryptors for the addresses of the storers holding the shares. The forwarders will then contact the storers requesting the shares. The storers will decrypt the shares and send them back to the client. The process repeats until enough shares are collected to reconstruct the document.

Forwarders are visible to a potential attacker, but they are less likely to be attacked since they don't store the content, nor the addresses of the nodes storing the content.

Smartcards

The use of smartcards for tracking each node's use of remote resources and issuing digitally signed tickets was also suggested in the PAST system [DR01]. This would allow nodes to prove to other nodes that they are operating within their quota. It is argued however that it may be impractical to issue smartcards to a very large number of nodes, and that the danger of the smartcard keys being compromised by nodes of the network is considerable [Wal02].

Distributed steganographic file systems

A distributed steganographic file system, based on [ANS98] is implemented by Mnemosyne [HR02]. The main property of a steganographic file system is that encrypted blocks are indistinguishable from a random substrate, so that their presence cannot even be detected. The system is prepared by first writing random data to all blocks, and then files are stored by encrypting their blocks and placing them at pseudo-randomly chosen locations (e.g. by hashing the block number with a randomly chosen key). To avoid collisions a considerable amount of replication is required.

Erasure coding

A mechanism based on erasure coding for data durability and a Byzantine agreement protocol [LSP82] for consistency and update serialization is implemented by OceanStore [RW⁺01].

With erasure coding the data is broken in blocks and spread over many servers. Only a fraction is needed to reconstruct the original block (similar to the information dispersal algorithm). The objects and their associated fragments are then named using a secure hash over the object contents, giving them globally unique identifiers. This provides data integrity, by ensuring that a recovered file has not been corrupted, since a corrupted file would produce a different identifier. Blocks are dispersed with care to avoid possible correlated failures, picking nodes in different geographic locations or administrative domains or based on models of historical measurements.

An "inner ring" of servers is set up for each object to provide versioning capabilities. The role of the ring is to maintain a mapping from the original identifier of the object to the identifier of the most recent version of the object. The ring is kept consistent through a Byzantine agreement protocol, that lets 3f+1 servers reach an agreement when no more than f are faulty. So the mapping from an active (original) identifier to the most recent identifier is fault tolerant.

The inner ring is also responsible for verifying the object's legitimate writers and maintaining a history of the object's updates, thus providing a universal undo mechanism as well as true referential integrity by storing previous versions of objects.

5.2  Secure Routing

1. Secure assignment of IDs to nodes.
2. Secure maintenance of routing tables.
3. Secure forwarding of messages.

5.3  Access Control, Authentication and Identity Management

6  Provisions for Anonymity

• the author (or publisher) of the content,
• the identity of a node storing the content,
• the identity and details of the content itself, and
• the details of a query for retrieval of the content.

Disassociation of Content Source and Requestor

Freenet [CSW00] is a peer-to-peer content distribution system specifically targeted towards providing anonymity to its users by making it infeasible to discover the true origin or destination of a file passing through its network, and difficult for a node operator to determine or be held responsible for the actual physical content of their own node. It employs a mechanism whereby when a search for a file succeeds, the file is passed from the node that holds it to the originator of the request through every node that forwarded the search request. In order to achieve anonymity, any node along this path can unilaterally decide to claim itself or another arbitrarily chosen node as the data source. In this way there is no connection between the requestor of the file and the actual source node.

As a further measure, the initial value of the hops-to-live counter associated with each search message is randomly chosen in order to obscure the distance of the message from the originator node. More details about the location and routing mechanism employed by Freenet are discussed in Section 3.4.1.

Anonymous Connection Layers

Content distribution systems that seek to provide anonymity often employ infrastructures for providing anonymous connection layers, such as onion routing [GRS99], mix networks [Cha81,BFK98] or the Freedom anonymity system [Fre03]. For instance, the anonymizing, censorship-resistant system proposed in [Ser02] splits documents to be published into encrypted shares and uses an anonymizing layer of nodes (which it refers to as "forwarders") to pick nodes on which to store the shares, construct "onions" around them (as in onion routing) and anonymously forward them including their anonymous return addresses, while the original documents are destroyed.

FreeHaven [DFM00] is a similar system built on top of anonymous remailers for providing pseudonyms and communication channels.

The Tarzan system [FSCM02] is a completely decentralized anonymizing network layer infrastructure that builds anonymous IP tunnels between an open-ended set of peers. By using the Tarzan infrastructure a client can communicate with a server without anybody being able to determine their identity.

The Tarzan anonymizing layer is completely decentralized and transparent both to clients and servers, and it involves sequences of mix relays chosen from a large pool of volunteer participant nodes. Packets are routed through a tunnel of randomly chosen Tarzan peers using mix-style layered encryption, similar to onion routing. The two ends of the tunnel are a Tarzan node running a client application and a Tarzan node running a network address translator. The latter forwards the traffic to the ultimate destination, an ordinary internet server. A suggested policy to reduce the risk of attack to the system is for tunnels to contain peers from different jurisdictions or organizations, even if performance is sacrificed.

Crowds [RR99] is a system similar to Tarzan, its main difference being that in Tarzan the data is encrypted in the tunnels, whereas in Crowds it is not.

Censorship Resistant Lookup

A censorship resistant design based on the Chord lookup service is proposed in the Achord system [HW02]. Achord provides censorship resistance by focusing on publisher, storer and retriever anonymity and by making it difficult for a node to voluntarily assume responsibility for a certain document. The design of Chord is carefully varied so that these anonymity and censorship resistance properties are achieved without altering its main operation. In particular, the Chord algorithm is modified so that the node identification information is suppressed as the successor nodes are located. More details about the Chord Distributed Object Location and Routing system can be found in Section 3.4.2.

7  Provisions for Deniability

Deniability of Stored Content

This feature is offered by systems that store encrypted shares of files and no keys for them, and therefore cannot know the content of the files whose shares they are storing (examples are Publius [WAL00], Oceanstore [KBC⁺00] and PAST [DR01,Ser02]). Similarly, systems that implement distributed steganographic storage systems (such as Mnemosyne [HR02]) offer deniability through the fact that blocks of files that are written on a peer node's file system are undetectable (cannot be directly searched).

Deniability of Content in Transit

This feature can be offered through the use of anonymous connection layers incorporated in systems such as PAST (see also Section 6). It makes it possible to deny that a request from a client node n_c had anything to do with a share arriving at n_c some time later.

In a different approach with the same goal, Freenet [CSW00] offers deniability by making it infeasible to discover the true origin of a file passing through the network (see Section 3.4.1 for a description of the Freenet location algorithm). Furthermore, as files passing through the network are transparently cached at all nodes encountered, it is difficult for a node operator to determine or be held responsible for the actual physical content of their own node.

8  Incentive Mechanisms and Accountability

• Trust-based Incentive Mechanisms.
  Trust is a straightforward incentive for cooperation, in which one engages in a transaction based on whether he/she trusts the other party. Reputation mechanisms belong in this category.
• Trade-based Incentive Mechanisms.
  In trade-based incentive mechanisms, one party offering some service to another is explicitly remunerated, either directly or indirectly. This category is mainly represented by various micropayment mechanisms and resource trading schemes.

8.1  Reputation mechanisms

8.2  Micropayments Mechanisms

8.3  Resource Trading Schemes

9  Resource Management Capabilities

Content Deletion and Update

Deleting and updating content are not straight-forward operations in a peer-to-peer environment if correct synchronization is to be maintained. Systems such as MojoNation [Moj03] use immutable files, which cannot be updated. The only way to update the content is to post a new version of the document under a different name. PAST [DR01] is similar in this respect. It does offer a delete functionality for reclaiming the disc space occupied by a file, but it does not guarantee that the file will no longer be available anywhere in the network. FreeHaven [DFM00] also forbids un-publishing or revocation of documents, but mainly for reasons of security and robustness to attacks.

Both deletion and update of content are offered by Publius [WAL00], which is however based on a static set of servers that store the content. Files are published along with a password file that ensures that only the publisher will be able to delete or modify the content.

Content Expiration

Document expiration dates are effectively introduced in FreeHaven [DFM00] through the use of contracts with different durations, as described in Section 8.

Content Versioning

A more sophisticated approach is employed by OceanStore [RW⁺01], which offers a version-based archival storage system. Versions of documents are stored in permanent read-only form, encoded with erasure codes and spread over hundreds of servers. OceanStore maintains active maps of document IDs, which redirect to the most recent version of a document, providing both an update history and an undo mechanism.

Directory Structure

An entire distributed directory structure system including directories and Unix-like inodes [Bac86] is built on top of files by Mnemosyne [HR02]. Directories are optionally used to aggregate files sharing a common key, serving as a mnemonic service for a set of file names.

Content Searching

Searching facilities may also vary in their degree of functionality and performance. Unstructured systems such as Gnutella, Kazaa and FreeHaven offer keyword-search mechanisms that are convenient but do not scale well (see also our discussion in 3.3.4). In structured systems searches are very efficient but can only be based on file identifiers. The problem of providing keyword search facilities on top of exact-match queries is open. One solution proposed in Freenet is the use of indirect files, published along with regular files and pointing to them, which are named according to relevant search keywords. The problem of managing the large volume of such files, however, also remains open [CSW00].

Storage and bandwidth Management

Managing the storage space available to the peers also varies between systems. Usually the amount of disk space contributed can be specified by each peer independently. In systems such as MojoNation users contribute storage in exchange for economic or other compensation. PAST [DR01] uses a secure quota system whereby users are either assigned a fixed quota of storage they can use, or they can use as much as they contribute on their node. This system can be optionally extended to incorporate the use of smartcards.

In order to protect from denial of service attacks, apart from enforcing a published size quota to users the idea of "hash cash" is also employed (e.g. in Publius [WAL00]). A publisher is requested to carry out computational work to solve a mathematical problem before being allowed to publish a certain amount of content. Alternatively, a per-node rate limiter can be used, as is for example the case in Mnemosyne [HR02]. Bandwidth management is also available in systems such as Kademlia [MM02], which allows the users to trade bandwidth for latency and fault recovery.

10  Semantic Grouping of Information

11  Conclusions

• The design of new distributed object location, routing and distributed hash table data structures and algorithms for maximizing performance, security and scalability, both in structured and unstructured network architectures.
• The study of more efficient security, anonymity and censorship resistance schemes. These features will be critical to the future of peer-to-peer systems and their adoption for increasingly more sensitive applications.
• The semantic grouping of information in peer-to-peer networks. This direction that has a lot in common with efforts in the semantic web domain.
• The design of incentive mechanisms and reputation systems that will stimulate the cooperative behavior between the users and make the overall operation of peer-to-peer networks more fair.
• The convergence of Grid and Peer-to-Peer systems. Research in this direction aims to combine the benefits of the established field of distributed computing (including interoperability standards) with the merits of new peer-to-peer architectures.

12  Acknowledgements

References

[AG04]

K Anagnostakis and MB Greenwald. Exchange-based incentive mechanisms for peer-to-peer file sharing. In To Appear in the Proceedings of the 24th International Conference on Distributed Computing (ICDCS04), March 2004.

[Agr03]

PE Agre. P2p and the promise of internet equality. Communications of the ACM, 46(2):39-42, February 2003.

[And01]

Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, New York, 2001.

[ANS98]

R Anderson, R Needham, and A Shamir. The steganographic file system. In Proceedings of IWIH: International Workshop on Information Hiding, 1998.

[APL03]

S Ayyasamy, C Patel, and Y Lee. Semantic web services and dht-based peer-to-peer networks: A new symbiotic relationship. In Proceedings of the 1st Workshop on Semantics in Peer-to-Peer and Grid Computing at the 12th International World Wide Web Conference, Budapest, Hungary, May 2003.

[Bac86]

MJ Bach. The Design of the UNIX Operating System. Prentice-Hall, 1986.

[BAS03]

C Buragohain, D Agrawal, and S Suri. A game theoretic framework for incentives in p2p systems. In Proceedings of the 3rd International Conference on Peer-to-Peer Computing, September 2003.

[BCMN02]

M Bonifacio, R Cuel, G Mameli, and M Nori. A peer-to-peer architecture for distributed knowledge management. In Proceedings of the 3rd International Symposium on Multi-Agent Systems, Large Complex Systems, and E-Businesses (MALCEB'2002), October 2002.

[BEH⁺03]

J Broekstra, M Ehrig, P Haase, F van Harmelen, A Kampman, M Sabou, R Siebes, S Staab, H Stuckenschmidt, and C Tempich. A metadata model for semantics-based peer-to-peer systems. In Proceedings of the 1st Workshop on Semantics in Peer-to-Peer and Grid Computing at the 12th International World Wide Web Conference, Budapest, Hungary, May 2003.

[BFK98]

O Berthold, H Federrath, and S Kopsell. Web mixes: A system for anonymous and unobservable internet access. In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, 1998.

[BGK⁺02]

P Bernstein, F Giunchiglia, A Kementsietsidis, J Mylopoulos, L Serafini, and I Zaihrayeu. Data management for peer-to-peer computing: A vision. In Proceedings of the Workshop on the Web and Databases, WebDB 2002., 2002.

[BKK⁺03]

H Balakrishnan, MF Kaashoek, D Karger, Morris R, and I Stoica. Looking up data in p2p systems. Communications of the ACM, 46(2):43-48, February 2003.

[BLHL01]

T Berners-Lee, J Hendler, and O Lassila. The semantic web. Scientific American, May 2001.

[CDG⁺02]

M Castro, P Druschel, A Ganesh, Rowstron A, and DS Wallach. Secure routing for structured peer-to-peer overlay networks. In Proceedings of the 5th Usenix Symposium on Operating Systems, Boston, MA, December 2002.

[CDKR02]

M Castro, P Druschel, A-M Kermarree, and A Rowstron. Scribe: A large-scale and decentralized application-level multicast infrastructure. IEEE Journal on Selected Areas in Communications, 20(8), October 2002.

[CDYR02]

M Castro, P Druschel, Hu YC, and A Rowstron. Exploiting network proximity in peer-to-peer overlay networks. In Proceedings of the International Workshop on Future Directions in Distributed Computing (FuDiCo 2002), June 2002.

[CEG⁺99]

Y Chen, J Edler, A Goldberg, A Gottlieb, S Sobti, and P Yanilos. A prototype implementation of archival intermemory. In Proceedings of the Fourth ACM Conference on Digital Libraries, Berkeley, CA, 1999.

[CFM⁺03]

S Castano, A Ferrara, S Montanelli, E Pagani, and GP Rossi. Ontology-addressable contents in p2p networks. In Proceedings of the 1st Workshop on Semantics in Peer-to-Peer and Grid Computing at the 12th International World Wide Web Conference, Budapest, Hungary, May 2003.

[CFV03]

B Chun, Y Fu, and A Vahdat. Bootstrapping a distributed computational economy with peer-to-peer bartering. In Proceedings of the 1st Workshop on Economics of Peer-to-Peer Systems, June 2003.

[CGM02a]

BF Cooper and H Garcia-Molina. Peer-to-peer resource trading in a reliable distributed system. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[CGM02b]

A Crespo and H Garcia-Molina. Routing indices for peer-to-peer systems. In Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS'02), Vienna, Autria, July 2-5 2002.

[Cha81]

D Chaum. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the ACM, 24(2):84-88, 1981.

[CHSW02]

I Clake, TW Hong, O Sanberg, and B Wiley. Protecting free expression online with Freenet. IEEE Internet Computing, 6(1):40-49, January-February 2002.

[CKK00]

Y Chen, RH Katz, and JD Kubiatowicz. Scan: A dynamic, scalable and efficient content distribution network. In Proceedings of International Conference on Pervasive Computing, 2000.

[Coh03]

B Cohen. Incentives build robustness in bitorrent. In Proceedings of the 1st Workshop on Economics of Peer-to-Peer Systems, June 2003.

[CRB⁺03]

Y Chawathe, S Ratnasamy, L Breslau, N Lanham, and S Shenker. Making Gnutella-like p2p systems scalable. In Proceedings of the 2003 conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pages 407-418, Karlsruhe, Germany, 2003.

[CS01]

E Cohen and S Shenker. Optimal replication in random search networks. Preprint, 2001.

[CSW00]

I Clarke, O Sandberg, and B Wiley. Freenet: A distributed anonymous information storage and /etrieval system. In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, Berkeley, California, June 2000.

[Dee98]

S Deering. Host extensions for IP multicasting. Technical Report RFC-1112, IETF, SRI International, Menlo Park, CA, August 1998.

[Del01]

C Dellarocas. Analyzing the economic efficiency of ebay-like online reputation mechanisms. In Proceedings of the 3rd ACM Conference on Electronic Commerce, Tampa, Florida, October 2001.

[DFM00]

R Dingledine, MJ Freedman, and D Molnar. The FreeHaven project: Distributed anonymous storage service. In Workshop on Design Issues in Anonymity and Unobservability, pages 67-95, July 2000.

[DFM01a]

R Dingledine, MJ Freedman, and D Molnar. Peer-to-peer: Harnessing the power of disruptive technology, chapter 1. A network of peers: Peer-to-peer models through the history of the Internet, pages 3-20. O'Reilly, first edition edition, March 2001.

[DFM01b]

R Dingledine, MJ Freedman, and D Molnar. Peer-to-peer: Harnessing the power of disruptive technology, chapter 16. Accountability, pages 271-340. O'Reilly, first edition edition, March 2001.

[DGMY03]

N Daswani, H Garcia-Molina, and B Yang. Open problems in data-sharing peer-to-peer systems. In Proceedings of the 9th International Conference on Database Theory, Siena, Italy, January 2003.

[DKK⁺01]

F Dabek, MF Kaashoek, D Karger, R Morris, and I Stoica. Wide-area cooperative storage with CFS. In Proceedings of the ACM SOSP'01 Conference, Banff, Canada, October 2001.

[Dou02]

JR Douceur. The Sybill attack. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[DR01]

P Druschel and A Rowstron. Past: A large-scale, persistent peer-to-peer storage utility. In Proceedings of the Eighth Workshop on Hot Topics in Operating Systems, May 2001.

[Fas03]

The FastTrack web site. http://www.fasttrack.nu, Accessed on-line 2003.

[FI03]

I Foster and A Iamnitchi. On death, taxes, and the convergence of peer-to-peer and grid computing. In Proceedings of the 2nd International Workshop on Peer-to-Peer Systems (IPTPS '03), Berkley, CA, USA, February 2003.

[FKT01]

I Foster, C Kesselman, and S Tuecke. The anatomy of the grid. Intl. J. Supercomputer Applications, 2001.

[Fos00]

I Foster. Internet computing and the emerging grid. Nature Web Matters, 2000.

[Fra00]

P Francis. Yoid: Extending the internet multicast architecture. Unpublished Paper, available on-line at http://www.aciri.org/yoid/docs/index.html, April 2000.

[Fre03]

The Freedom anonymity system web site. http://www.freedom.net, Accessed on-line 2003.

[FSCM02]

MJ Freedman, E Sit, J Cates, and R Morris. Introducing tarzan, a peer-to-peer anonymizing network layer. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[GEFB⁺04]

L Garces-Erice, PA Felber, EW Biersack, G Urvoy-Keller, and KW Ross. Data indexing in peer-to-peer dht networks. In Proceedings of the 24th IEEE International Conference on Distributed Computing Systems (ICDCS), pages 200-208, Tokyo, Japan, March 2004.

[Gen03]

The genome@home project web site. http://genomeathome.stanford.edu/, Accessed on-line 2003.

[GJA03]

M Gupta, P Judge, and M Ammar. A reputation system for peer-to-peer networks. In Proceedings of the NOSSDAV'03 Conference, Monterey, CA, June 1-3 2003.

[Gnu03]

The Gnutella web site: http://gnutella.wego.com, Accessed on-line 2003.

[Gro03]

The Groove web site. http://www.groove.net, Accessed on-line 2003.

[GRS99]

D Goldschlag, M Reed, and P Syverson. Onion routing for anonymous and private internet connections. Communications of the ACM, 42(2):39-41, 1999.

[Har68]

G Harding. The tragedy of the commons. Science, 162:1243-1248, 1968.

[HBS02]

P Heleher, B Bhattacharjee, and B Silaghi. Are vitrualized overlay networks too much of a good thing? In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[HHH⁺02]

M Harren, J Hellerstein, R Huebsch, B Loo, S Shenker, and I Stoica. Complex queries in dht-based peer-to-peer networks. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[HHLTL03]

R Huebsch, JM Hellerstein, N Lanham, and B Thau Loo. Querying the internet with pier. In Proceedings of the 29th VLDB Conference, Berlin, Germany, 2003.

[HIMT03]

AY Halevy, ZG Ives, P Mork, and I Tatarinov. Piazza: Data management infrastructure for semantic web applications. In Proceedings of the twelfth international conference on World Wide Web, pages 556-567, Budapest, Hungary, 2003.

[HKK03]

KA Hummel, G Kotsis, and R Kopecny. Peer profile driven group support for mobile learning teams. In Proceedings of the CATE/IASTED Conference, Rhodes, Greece, June 2003.

[HR02]

S Hand and T Roscoe. Mnemosyne: Peer-to-peer steganographic storage. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[HW02]

S Hazel and B Wiley. Achord: A variant of the Chord lookup service for use in censorship resistant peer-to-peerpublishing systems. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[IIKP02]

J Ioannidis, S Ioannidis, A Keromytis, and V Prevelakis. Fileteller: Paying and getting paid for file storage. In Proceedings of the Sixth International Conference on Financial Cryptography, March 2002.

[JAB01]

MA Jovanovich, FS Annexstein, and KA Berman. Scalability issues in large peer-to-peer networks-a case study of Gnutella. Technical report, ECECS Department, University of Cincinnati, Cincinnati, OH 45221, 2001. Technical Report.

[Jab03]

The Jabber web site. http://www.jabber.org/, Accessed on-line 2003.

[Jov00]

MA Jovanovic. Modelling large-scale peer-to-peer networks and a case study of Gnutella. Master's thesis, Department of Electrical and Computer Engineering and Computer Science, University of Cincinnati, June 2000.

[JWZ03]

R. Janakiraman, M. Waldvogel, and Q. Zhang. Indra: A peer-to-peer approach to network intrusion detection and prevention. In Proceedgings of 2003 IEEE WET ICE Workshop on Enterprize Security, Linz, Austria, June 2003.

[Jxt03]

The project JXTA web site. http://www.jxta.org, Accessed on-line 2003.

[Kaz03]

The Kazaa web site. http://www.kazaa.com, Accessed on-line 2003.

[KBC⁺00]

J Kubiatowicz, D Bindel, Y Chen, P Eaton, D Geels, SR Gummadi, H Weatherspoon, W Weimer, C Wells, and B Zhao. Oceanstore: An architecture for global-scale persistent storage. In Proceedings of ACM ASPLOS. ACM, November 2000.

[KDR04]

M Khambatti, P Dasgupta, and K Ryu. A role-based trust model for peer-to-peer communities and dynamic coalitions. In Proceedings of the Second IEEE International Information Assurance Workshop, Charlotte, NC, April 2004.

[KGZY02]

V Kalogeraki, D Gunopoulos, and D Zeinalipour-Yazti. A local search mechanism for peer-to-peer networks. In Proceedings of the 11th International Conference on Information and Knowledge Management (CIKM'02), McLean, Virginia USA, November 2002.

[Kim01]

HC Kim. P2p overview. Technical report, Korea Advanced Institute of Technology, August 2001.

[KLL⁺97]

D Karger, E Lehman, F Leighton, M Levine, D Lewin, and R Panigrahy. Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the world wide web. In Proceedings of the 29th Annual ACM Symposium on Theory of Computing, pages 654-663, El Paso, TX, May 1997.

[KRD03]

M Khambatti, K Ryu, and P Dasgupta. Structuring peer-to-peer networks using interest-based communities. In Proceedings of the International Workshop On Databases, Information Systems and Peer-to-Peer Computing (P2PDBIS), Berlin, Germany, September 2003.

[KSGM03]

Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. The Eigentrust algorithm for reputation management in p2p networks. In Proceedings of the twelfth international conference on World Wide Web, pages 640-651. ACM Press, 2003.

[Kub03]

John Kubiatowics. Extracting guarantees from chaos. Communications of the ACM, 46(2):33-38, February 2003.

[KVR02]

A Keromytis, Misra V, and D Rubenstein. SOS: Secure overlay services. In Proceedings of the ACM SIGCOMM'02 Conference, Pittsburgh, PA, August 2002.

[LCC⁺02]

Q Lv, P Cao, E Cohen, K Li, and S Shenker. Search and replication in unstructured peer-to-peer networks. In Proceedings of the 16th ACM International Conference on Supercomputing (ICS'02), New York, NY, June 2002.

[Lee03]

Jintae Lee. An end-user perspective on file-sharing systems. Communications of the ACM, 46(2):49-53, February 2003.

[LFSC03]

K. Lai, M. Feldman, I. Stoica, and J Chuang. Incentives for cooperation in peer-to-peer networks. In Proceedings of the Workshop on Economics of Peer-to-Peer Systems, Berkeley, CA, June 2003.

[LNBK02a]

D Liben-Nowell, H Balakrishnan, and D Karger. Analysis of the evolution of peer-to-peer systems. In Proceedings of the ACM Symposium on the Principles of Distributed Computing (PODC), Monterey, CA, July 2002.

[LNBK02b]

D Liben-Nowell, H Balakrishnan, and D Karger. Observations on the dynamic evolution of peer-to-peer networks. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[LRS02]

Q Lv, S Ratnasamy, and S Shenker. Can heterogeneity make Gnutella scalable? In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[LSP82]

L Lamport, R Shostak, and M Pease. The Byzantine generals problem. ACM Trans. Program. Lang. Syst., 4(3):382-401, July 1982.

[LSP03]

SM Larson, C Snow, and VS Pande. Modern Methods in Computational Biology,, chapter Folding@Home and Genome@Home: Using distributed computing to tackle previously intractable problems in computational biology. Horizon Press, 2003.

[LWSN03]

A Loeser, M Wolpers, W Siberski, and W Nejdl. Semantic overlay clusters within super-peer networks. In Proceedings of the International Workshop On Databases, Information Systems and Peer-to-Peer Computing (P2PDBIS), Berlin, Germany, September 2003.

[MM02]

P Mayamounkov and D Mazieres. Kademlia: A peer-to-peer information system based on the xor metric. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[Moj03]

The MojoNation web site. http://www.mojonation.net, Accessed on-line 2003.

[NWQ⁺03]

W Nejdl, B Wolf, C Qu, S Decker, M Sintek, A Naeve, M Nilsson, M Palmer, and T Risch. Edutella: A p2p networking infrastructure based on rdf. In Proceedings of the twelfth international conference on World Wide Web, Budapest, Hungary, 2003.

[PRR97]

CG Plaxton, R Rajaraman, and AH Richa. Accessing nearby copies of replicated objects in a distributed environment. In Proceedings of ACM SPAA. ACM, June 1997.

[Rab89]

MO Rabin. Efficient dispersal of information for security, load balancing and fault tolerance. Journal of the ACM, 36(2):335-348, April 1989.

[RD01]

A Rowstron and P Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proceedings of IFIP/ACM Middleware, Heidelberg, Germany, November 2001.

[RF02]

M Ripeanu and I Foster. Mapping the Gnutella network: Macroscopic properties of large-scale peer-to-peer systems. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[RFHK01]

S Ratnasamy, P Francis, M Handley, and R Karp. A scalable content-addressable network. In Proceedings of SIGCOMM 2001, August 2001.

[RL03]

L Ramaswamy and L Liu. Free riding: A new challenge for peer-to-peer file sharing systems. In Proceedings of the Hawaii International Conference on Systems Science, 2003.

[RR99]

MK Reiter and AD Rubin. Anonymous web transactions with Crowds. Communications of the ACM, 42(2):32-38, 1999.

[RW⁺01]

S Rhea, C Wells, et al. Maintenance-free global storage. IEEE Internet Computing, pages 40-49, September-October 2001.

[SAZ⁺02]

I Stoica, D Adkins, S Zhuang, S Shenker, and S Surana. Internet indirection infrastructure. In Proceedings of the ACM SIGCOMM'02 Conference, Pittsburgh, PA, August 2002.

[Ser02]

A Serjantov. Anonymizing censorship resistant systems. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[Set03]

The seti@home project web site. http://setiathome.ssl.berkeley.edu, Accessed on-line 2003.

[SF03]

D Schoder and K Fischbach. Peer-to-peer prospects. Communications of the ACM, 46(2):27-29, February 2003.

[SG95]

M Shaw and D Garlan. Formulations and formalisms in software architecture. In Jan van Leeuwen, editor, Computer Science Today: Recent Trends and Developments, pages 307-323. Springer Verlag, 1995. Lecture Notes in Computer Science 1000.

[SGG02]

S Saroiu, PK Gummadi, and SD Gribble. Exploring the design space of distributed peer-to-peer systems: Comparing the web, TRIAD and Chord/CFS. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), MIT Faculty Club, Cambridge, MA, USA, March 2002.

[Sha79]

A Shamir. How to share a secret. Communications of the ACM, 22:612-613, November 1979.

[Shi00]

C Shirky. What is p2p... and what isnt't. O'Reilly Network, available on-line at http://www.oreillynet.com/pub/a/p2p/2000/11/24/shirky1-whatisp2p.html, November 2000.

[SIWB⁺97]

WT Sullivan III, D Werthimer, S Bowyer, J Cobb, D Gedye, and D Anderson. A new major seti project based on project serendip data and 100,000 personal computers. In Proceedings of the 5th International Conference on Bioastronomy, 1997.

[SMK⁺01]

I Stoica, R Morris, D Karger, MF Kaashoek, and H Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. In Proceedings of SIGCOMM 2001, August 2001.

[SW01]

AB Stubblefield and DS Wallach. Dagster:censorship-resistant publishing without replication. Technical Report Technical Report TR01-380, Rice University, Dept. of Computer Science, July 2001.

[TR03]

D Tsoumakos and N Roussopoulos. A comparison of peer-to-peer search methods. In Proceedings of the Sixth International Workshop on the Web and Databases, San Diego, CA, June 2003.

[VATS04]

V Vlachos, S Androutsellis-Theotokis, and D Spinellis. Security applications of peer-to-peer networks. Computer Networks Journal, 45(2):195-205, 2004.

[VBB⁺03]

R VanRenesse, KP Birman, A Bozdog, D Dimitriu, M Singh, and W Vogels. Heterogeneity-aware peer-to-peer multicast. In Proceedings of the 17th International Symposium on Distributed Computing (DISC 2003), Sorrento, Italy, October 2003.

[VCGS03]

V Vishnimurthy, S Chandrakumar, and E Gun Sirer. Karma: A secure economic framework for p2p resource sharing. In Proceedings of the 1st Workshop on Economics of Peer-to-Peer Systems, June 2003.

[WAL00]

M Waldman, Rubin AD, and Cranor LF. Publius: A robust, tamper-evident, censorship-resistant web publishing system. In Proceedings of the 9th USENIX Security Symposium, August 2000.

[Wal02]

DS Wallach. A survey of peer-to-peer security issues. In International Symposium on Software Security, Tokyo, Japan, November 2002.

[WM01]

M Waldman and D Mazi. Tangler: a censorship-resistant publishing system based on document entanglements. In Proceedings of the ACM Conference on Computer and Communications Security, pages 126-131, 2001.

[WMB99]

IH Witten, A Moffat, and TC Bell. Managing Gigabytes: Compressing and Indexing Documents and Images. Morgan Kauffman, second edition, 1999.

[XL02]

L Xiong and L Liu. Building trust in decentralized peer-to-peer communities. In Proceedings of the International Conference on Electronic Commerce Research, October 2002.

[YGM01]

B Yang and H Garcia-Molina. Comparing hybrid peer-to-peer systems. In Proceedings of the 27th VLDB Conference, pages 561-570, Roma, Italy, September 11-14 2001.

[YGM02a]

B Yang and H Garcia-Molina. Designing a super-peer network. Technical report, Stanford University, February 2002. Available on-line: http://dbpubs.stanford.edu/pub/2002-13.

[YGM02b]

B Yang and H Garcia-Molina. Improving search in peer-to-peer networks. In Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS'02), Vienna, Autria, July 2-5 2002.

[YS03]

B Yu and MP Singh. Incentive mechanisms for peer-to-peer systems. In Proceedings of the 2nd International Workshop on Agents and Peer-to-Peer Computing, 2003.

[ZDDRH03]

Jim Zhou, V Dialani, D De Roure, and W Hall. A semantic search algorithm for peer-to-peer open hypermedia systems. In Proceedings of the 1st Workshop on Semantics in Peer-to-Peer and Grid Computing at the 12th International World Wide Web Conference, Budapest, Hungary, May 2003.

[ZJK02]

BY Zhao, AD Joseph, and J Kubiatowicz. Locality aware mechanisms for large-scale networks. In Proceedings of the International Workshop on Future Directions in Distributed Computing (FuDiCo 2002), June 2002.

[ZKJ01]

BY Zhao, J Kubiatowicz, and AD Joseph. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Technical Report UCB/CSD-01-1141, Computer Science Division, University of California, Berkeley, 94720, April 2001.

[ZMK02]

X Zhichen, M Mahalingam, and M Karlsson. Turning heterogeneity to an advantage in overlay routing. Technical Report HPL-2002-126, HP Labs, 2002.

[ZZZ⁺04]

X Zhang, Q Zhang, Z Zhang, G Song, and W Zhu. A construction of locality-aware overlay network: moverlay and its performance. IEEE JSAC Special Issue on Recent Advances on Service Overlay Networks, January 2004.

Footnotes: