A New Scalable Distributed Authentication for P2P Network and … · 2008-12-16 · An existing authentication method called self-organized public-key management enables anauthen-tication

A New Scalable Distributed Authentication for P2P Networkand its Performance Evaluation

ATUSHI TAKEDA��, DEBASHISH CHAKRABORTY�, GEN KITAGATA��,KAZUO HASHIMOTO� and NORIO SHIRATORI��

�Graduate School of Information Science, Tohoku University�Research Institute of Electrical Communication, Tohoku University

�Department of Intelligent Information System, Tohoku Bunka Gakuen University2-1-1 Katahira, Aoba-ku, Sendai, Miyagi

[email protected], [email protected], [email protected],

[email protected], [email protected]

Abstract: Recently P2P networks become more and more popular. Though they have many advantages, P2Pnetworks suffer from authentication of nodes. To overcome this problem, a new authentication method calledHash-based Distributed Authentication Method (HDAM) is proposed in this paper. HDAM realizes a decen-tralized efficient mutual authentication mechanism for each pair of nodes in the P2P network. It performs adistributed management of public keys by using Web of Trust and Distributed Hash Table. Our proposed schemesignificantly reduces both the memory size requirement and the overhead of communication data sent by thenodes. Additionally, the results also show that required resource size of HDAM is �� and HDAM is morescalable than the conventional method.

Key–Words: Distributed authentication, Decentralized public key exchange, Peer-to-peer network

1 IntroductionIn Peer-to-peer (P2P) networks all client nodes com-municate directly with each other without any servers.P2P networks have many advantages over central-ized networks. It is easy to build such a network,anonymity in communications etc. Therefore, appli-cations which run in P2P networks are prevalent[1, 2].However, it is difficult to authenticate nodes in P2Pnetworks, which is an important issue in P2P networkoperation. Authenticating a node means validating amessage by using e-signature appended to the mes-sage and public keys of the sender[3, 4]. Public KeyInfrastructure (PKI) is a famous existing method ofnode authentication[5]. PKI can facilitate effectivenode authentication based on social trust between thenode user and the certificate authority-manager. PKIneeds the help of permanent servers called certificateauthority for managing authentication informations.However, no node can provide permanent services inP2P networks, because in P2P networks, all nodes al-ternate between login and logout states. Hence, man-aging authentication information with a permanentnode such as certificate authority is difficult in P2Pnetworks.

In this paper, we propose a new authenticationmethod called Hash-based Distributed Authentication

Method (HDAM). HDAM is an efficient authentica-tion method that enables mutual authentication for allpairs of nodes in the P2P network. The basic idea ofHDAM is efficient distributed management of pub-lic keys by using Web of Trust and Distributed HashTable (DHT). The public key are used for the mu-tual authentication between two nodes in a P2P net-work. HDAM forms a Web of Trust among all nodesin a P2P network by using DHT. As a result, HDAMsignificantly reduces the number of public keys re-quired by a node compared with conventional meth-ods. Thus, HDAM significantly yields a sizable re-duction in memory requirement by a node. More-over, HDAM realizes an efficient distributed man-agement of public keys by intelligent deployment ofDHT. Thus, HDAM significantly lowers the overheadof required communication data, sent for authenticat-ing nodes, participating into a network, leaving froma network and updating public keys. In this paper, weobserve from the results of computer simulations thatHDAM is more scalable than the conventional meth-ods. Specifically, the required memory size of HDAMis ��, and communication overhead of HDAMis ��. It means that adapting HDAM to a largenetwork is much easier than the conventional meth-ods. HDAM ensures easy establishment of secure and

WSEAS TRANSACTIONS on COMPUTERSAtushi Takeda, Debashish Chakraborty, Gen Kitagata, Kazuo Hashimoto, Norio Shiratori

ISSN: 1109-2750 1628 Issue 10, Volume 7, October 2008

large P2P networks. In addition, it enables creation ofmany secure decentralized applications such as a con-ference system and a file sharing system.

The organization of the rest of this paper is as fol-lows. In section 2, we discuss existing approaches forauthentication. In section 3, we present our proposedmethod HDAM. The advantages of HDAM are shownthrough computer simulations in section 4. Finally,in section 5, we describe the conclusion and futureworks.

2 Related WorksAuthentication methods can be divided into two maincategories. One is an authentication of node identifi-cations, which is to confirm whether the node identi-fication is valid. This is realized by using e-signatureand public key. Another is an authentication of userpermissions, which is to confirm whether the user canuse the service. This is usually realized by using userpassword[6]. In this paper, we focus on the first, andauthenticating means validating a message by usinge-signature and public keys[4].

Public Key Infrastructure (PKI) is the most fa-mous authentication method[5]. PKI authenticatesa node by using permanent servers called certifica-tion authority. The authentication is based on a socialtrust between the node user and the certificate author-ity manager. In a PKI system, users have to preparea certificate authority to authenticate nodes. How-ever, no node provides permanent services in P2P net-works, because P2P networks are networks in whichall nodes alternate between login and logout. There-fore, application of PKI to a P2P network is difficult.

Pretty Good Privacy (PGP) is an existing authen-tication method which does not need any servers[7].PGP enables a decentralized authentication by usingWeb of Trust which is a trusting relationship betweennodes. In a PGP system, nodes can get a new validpublic key from a trusted node. However, it is difficultto accumulate all public keys, because PGP does nothave the information for getting public keys such asrouting maps. In PGP systems, nodes require a lot ofmemory to manage keys and a lot of communicationdata to exchange keys, because an efficient schemefor obtaining public keys is not provided. The infor-mation for obtaining public keys is needed for real-ization of efficient authentication.

An existing authentication method called self-organized public-key management enables an authen-tication without any centralized service in an ad-hocnetwork[8]. In a self-organized public-key manage-ment system, all nodes automatically get new publickeys from trusted neighbor nodes in an ad-hoc net-

work. However, nodes require a lot of memory tomanage keys and a lot of communication data to ex-change keys, because nodes do not have a routing mapfor obtaining public keys.

There are some decentralized authenticationmethods which can systematically accumulate pub-lic keys in specific networks such as ad-hoc networksand OSPF networks[9, 10]. These methods realize areduction of required memory size as well as com-munication overhead. The reductions are enabled byusing routing map of the network and concept of Webof Trust. However, the kind of networks where wecan use these methods is limited, because the meth-ods depend on routing protocol of the networks.

Our proposed, HDAM system, automaticallymakes a routing map for getting public keys by effec-tively using Web of Trust and DHT. Therefore, thisHDAM system performs an on-demand and efficientdistributed authentication in any computer networks.

3 Hash-based Distributed Authenti-cation Method (HDAM)

3.1 Overview of HDAMAuthentication among all nodes in the P2P network isneeded by many applications such as conference sys-tems and file sharing systems. However, an efficientauthentication method for P2P networks is yet to berealized. Therefore, in this paper, we propose an au-thentication method that we name as Hash-based Dis-tributed Authentication Method (HDAM).

If nodes in a P2P network can achieve an efficientdistributed management of public keys, the number ofpublic keys which is managed by a node is reduced.Additionally, if the number of public keys is reduced,both the memory size and the amount of communi-cation data required by each node are also reduced.Therefore, in P2P networks, an efficient distributedmanagement of public keys is very important. It ispossible to manage public keys in a distributed man-ner by using Web of Trust between each node whichparticipates in a P2P network. If information whichthe nodes use for obtaining public keys is providedto all nodes, an efficient distributed management ofpublic keys with Web of Trust is possible. However,in P2P networks, there is no permanent node such ascertificate authority which provides the information,because all nodes in a P2P network alternate betweenparticipation and departure.

Our Proposed method, HDAM, enables efficientdistributed management of public keys by using Dis-tributed Hash Table (DHT) and safe authenticationamong all nodes in P2P network by using Web ofTrust. In HDAM system, information which the



A authenticates B

B sends data signed by KBK

B

A BA authenticates B


B

A BA authenticates B


BKB

A B

Fig. 1: Authentication

(b) After authenticating D

authenticate

KB

KC

KD

KC

KD

send KC

send KD

D

B C

A

(a) Before authenticating D

D

BKB

KC

KD

authenticateauthenticate

authenti

cate

C

Arequest authentication


authenticate

KB

KC

KD

KC

KD

send KC

send KD

D

B C

A


authenticate

KB

KC

KD

KC

KD

send KC

send KD

D

B C

Aauthenticate

KB

KB

KC

KC

KD

KD

KC

KC

KD

KD

send KC

send KD

D

B C

A


D

BKB

KC

KD


authenti

cate

C



D

BKB

KC

KD


authenti

cate

C


D

BKB

KB

KC

KC

KD

KD


authenti

cate

C


Fig. 2: Authentication with Web of Trust

nodes use for obtaining public keys is provided toall nodes without deploying a permanent node. DHTis often used to manage contents in P2P network[11,12, 13]. However, HDAM and existing DHT schemediffer in the protocol and the distributed managementscheme. The objects managed by a HDAM system ispublic keys. On the other hand, existing DHT schemeexpects that the managed objects are contents suchas text, sound and movie. Therefore, HDAM needsa new protocol and a new distributed managementscheme. In this paper, we present an authenticationwith Web of Trust and a distributed management ofpublic keys with DHT. And, we explain an authen-tication procedure with Web of Trust formed DHT.Moreover, we show that HDAM significantly reducesthe memory requirement at each node and the over-head of communication data at each node.

3.2 Authentication with Web of TrustIn this paper, a node authentication means validatinga message by using the e-signature appended to themessage and the public key of the node. Fig.1 showsthe steps in a node authentication process. When twonodes � and � exist, and node � has the public keyof node � (��), node � can validate messages sentby node �. Therefore, in this paper, the situation thatnode � has public key �� is called “node � authen-ticates node �”. And the aggregate of nodes whichare authenticated by node � is designated as �� .

Fig.2 shows a node authentication method withWeb of Trust. Fig.2(a) shows the situation wherefour nodes �, �, � and � exist, the status of au-thentications is � � �� , � � �� and� � �� , and node � is asked to authenticatenode �. In this situation, node � cannot authenticate

F.hash = 12

KG

KA

KB

D

B

CE

F

G

A.hash = 1

KB

KC

KD

B.hash = 4

KC

KD

KF

KD

C.hash = 7

KE

KG

KE

D.hash = 9

KG

KA

KF

E.hash = 11

KG

KB

G.hash = 15

KA

KB

KC

Hash Ring : N = 16A

authenticate

authenticate

F.hash = 12

KG

KA

KB

F.hash = 12

KG

KG

KA

KA

KB

KB

D

B

CE

F

G

A.hash = 1

KB

KC

KD

A.hash = 1

KB

KC

KD

KB

KB

KC

KC

KD

KD

B.hash = 4

KC

KD

KF

B.hash = 4

KC

KC

KD

KD

KF

KF

KD

C.hash = 7

KE

KG

KD

KD

C.hash = 7

KE

KE

KG

KG

KE

D.hash = 9

KG

KA

KE

KE

D.hash = 9

KG

KG

KA

KA

KF

E.hash = 11

KG

KB

KF

KF

E.hash = 11

KG

KG

KB

KB

G.hash = 15

KA

KB

KC

G.hash = 15

KA

KA

KB

KB

KC

KC

Hash Ring : N = 16A

authenticate

authenticate

Fig. 3: Distributed management of public keys

node � directly, because node � does not have thepublic key of node � (��). Therefore, node � getspublic key �� indirectly as follows.

1. Node � gets �� from node � � � ��

2. Node � gets �� from node � � � ��

An authentication method as above is called a nodeauthentication with Web of Trust.

3.3 Distributed Management in HDAMFig.3 shows an example of a distributed managementof public keys. In Fig.3, �� is a hash value ofnode �, �� is a public key of node �, and � is themaximum of hash value. In HDAM system, nodes arevirtually put on a Hash-Ring based on the hash valuewhich is derived from node ID and the one-way hashfunction. Hash-Ring is a ring in which indexes from1 to � are put circularly. Node � manages public keysof a forward node which is the nearest node in nodeswhich are located over �� from node�. In the situation shown in Fig.3, node � managesthree public keys as follows.

� Node � manages a public key of node � whichis the nearest forward node in nodes which arelocated over �� (��) from node �.

� Node � manages a public key of node � whichis the nearest forward node in nodes which arelocated over �� from node �.

� Node � manages a public key of node � whichis the nearest forward node in nodes which arelocated over �� from node �.

In the situation as above, the status of authenticationis �� . When the number of nodesin the P2P network is �, the number of public keymanaged at a node is ��. And, when the max-imum of hash value is � , the maximum number ofpublic keys managed at a node is �� .



// build the authentication path to ��authenticate��beginwhile�!�� begin�� closest trust node�� closest trust node��add �� to �trust

endend

// search for the closest node of ��closest trust node��begin��

foreach�� beginif��

then��

endifend

return ��

end

Fig. 4: Pseudo-code for authentications

F.hash = 12

KG

KA

KB

B

C

G

A.hash = 1

KB

KC

KD

B.hash = 4

KC

KD

KF

KD

C.hash = 7

KE

KG

G.hash = 15

KA

KB

KC

Hash Ring : N = 16

(1) requ

est

(4) au

then

tica

te

F

A

D

EKF

E.hash = 11

KG

KB

KE

D.hash = 9

KG

KA

(3) s

end K

F

(2) send KE

F

E

D

A

F.hash = 12

KG

KA

KB

F.hash = 12

KG

KG

KA

KA

KB

KB

B

C

G

A.hash = 1

KB

KC

KD

A.hash = 1

KB

KC

KD

KB

KB

KC

KC

KD

KD

B.hash = 4

KC

KD

KF

B.hash = 4

KC

KC

KD

KD

KF

KF

KD

C.hash = 7

KE

KG

KD

KD

C.hash = 7

KE

KE

KG

KG

G.hash = 15

KA

KB

KC

G.hash = 15

KA

KA

KB

KB

KC

KC

Hash Ring : N = 16

(1) requ

est

(4) au

then

tica

te

F

A

D

EKF

E.hash = 11

KG

KB

KF

KF

E.hash = 11

KG

KG

KB

KB

KE

D.hash = 9

KG

KA

KE

KE

D.hash = 9

KG

KG

KA

KA

(3) s

end K

F

(2) send KE

F

E

D

A

Fig. 5: Authentication procedures

3.4 Authentication Method in HDAMFig.4 shows an authentication algorithm in an HDAMsystem. When node � does not have a public key ofnode � and is asked to authenticate node �, node �gets the public key of node � by the steps as followsand authenticates node �.

1. Node � asks node �� to send a public key of node� (��) to node �. Node �� is the closest to node� among nodes which have been authenticatedby node �.

2. If node �� has public key ��, node �� sends pub-

F.hash = 12

KG

KA

KB

B

C

G

A.hash = 1

KB

KC

KD

B.hash = 4

KC

KD

KF

KD

C.hash = 7

KE

KG

G.hash = 15

KA

KB

KC

Hash Ring : N = 16

(1)request

F

A

D

EKF

E.hash = 11

KG

KB

(2) send KF

'

F

E

KE

D.hash = 9

KG

KA

KF'

F.hash = 12

KG

KA

KB

F.hash = 12

KG

KG

KA

KA

KB

KB

B

C

G

A.hash = 1

KB

KC

KD

KB

KB

KC

KC

KD

KD

B.hash = 4

KC

KD

KF

B.hash = 4

KC

KC

KD

KD

KF

KF

KD

C.hash = 7

KE

KG

KD

KD

C.hash = 7

KE

KE

KG

KG

G.hash = 15

KA

KB

KC

G.hash = 15

KA

KA

KB

KB

KC

KC

Hash Ring : N = 16

(1)request

F

A

D

EKF

E.hash = 11

KG

KB

KF

KF

E.hash = 11

KG

KG

KB

KB

(2) send KF

'

F

E

KE

D.hash = 9

KG

KA

KF'K

E

D.hash = 9

KG

KA

KF'K

EKE

D.hash = 9

KG

KG

KA

KA

KF'KF'

Fig. 6: Problem of insider attack in HDAM system

lic key �� to node �. Node � authenticates node� by using public key ��.

3. If node �� does not have public key ��, node�� sends a public key of node �� (��) to node�. Node �� is the closest to node � among nodeswhich have been authenticated by node ��. Node� authenticates node �� by using public key �� ,and repeats the process from step 1.

Fig.5 shows an example of the authenticationprocess. In this example, node � authenticates node� by the HDAM authentication method as above.

1. Node � requests node � to authenticate node � .

2. Node � does not have the public key, � tonode � . Node � is the closest node to node �from node �. So, node � asks node � to senda public key of node � (� ) to node �. Node� sends a public key of node � (�) in place of� , because node � does not have � . Node �authenticates node �, and the status of authenti-cations is � � �� .

3. Node � repeats the process by asking node � tosend public key � . Node � sends public key� to node �.

4. Node � authenticates node � , and the status ofauthentications is � � �� .

Node � gets public key � with the above steps, andnode � authenticates node � . When the number ofnodes in the P2P network is �, the amount of com-munication data required to authenticate is ��.

3.5 Authentication via multiple nodesHDAM manages public keys by using Web of Trust.The precondition for Web of Trust is that all nodes arehonest. Therefore, HDAM with single Hash-Ring isnot resistance to insider attacks from dishonest nodes,Fig.6 shows an example of insider attack in HDAM



B

C

G

(1)request

F

A

DE (2

) send KF

'

B

C

G

(1) requestF A

D

E

(2) sen

d KF

Hash Ring 1 Hash Ring 2

B

C

G

(1)request

F

A

DE (2

) send KF

'

B

C

G

(1) requestF A

D

E

(2) sen

d KF


B

C

G

(1)request

F

A

DE (2

) send KF

'

B

C

G

(1) requestF A

D

E

(2) sen

d KF


Fig. 7: Authentication via multiple Hash-Ring

system. In this example, node �, which is a dishon-est node, sends an invalid public key ��

to node �.In this situation, node � believes that ��

sent bydishonest node � is valid, because node � can notconfirm if the received public key is invalid. Thus,node � try to authenticate node � by using the in-valid public key ��

. But, the authentication processwill be failed, because the valid public key of node� is different from ��

. In this example, node � cannot authenticate node � , and a secure communicationbetween node � and node � is impossible.

The authentication process fails when a node getsan invalid public key from a dishonest node in HDAMsystem. This is because the node receives a public keyfrom one node only. If a node in HDAM system canget a public key from more than one node, the nodecan validate the public key by comparing the publickeys sent by several nodes. If the public key is sameas others, the public key is valid. On the other hand,if a public key is different from others, the public keymight be invalid.

HDAM enables the confirmation of public keysby using several Hash-Rings. HDAM system canhave more than one Hash-Rings. The position of anode is decided from hash value which is derivedfrom node ID and Hash-Ring number. The hash valueis calculated by using one-way hash function such asMD5 and SHA1. Therefore, the positions of a nodein each Hash-Ring are different, In HDAM systemwhich has several Hash-Rings, a node can get a pub-lic key from several nodes, and the node can confirmthe valid public key by comparing public key data re-ceived from several nodes. If nodes find the valid pub-lic keys, nodes can authenticate other nodes.

Fig.7 shows the example of authentication pro-cess in HDAM system. In this example, HDAM sys-tem has two Hash-Rings, which are HashRing1 andHashRing2. The deployments of nodes in each Hash-Ring are different. And node � is a dishonest node.When node � wants to get the public key of node � ,node � try to get the public key � in each Hash-Ring. In this example, node � gets an invalid pubilckey � �

from node � in HashRing1, because node �is dishonest. And node � gets a valid public key �

Sout

Sin

Probability = Plogin

Action = Login

Probability =Plogout

Action = Logout

Probability = Psend

Action = Send message

Probability = Pupdate

Action = Update public key

Sout

Sin


Action = Login


Action = Logout

Probability = Psend




Sout

Sin


Action = Login


Action = Logout

Probability = Psend




Fig. 8: State transition diagram of node agents

from node � in HashRing2, because node � is hon-est. In this situation, node � can receive public key� �

and public key � , and node � can detect thatone of them is invalid, because public key ��

andpublic key � are different.

In HDAM system, several Hash-Rings enablethat nodes get a public key from several nodes. Thus,HDAM system must manage the several Hash-Rings.Therefore, the required memory size and the amountof communication overhead in HDAM increase withthe number of Hash-Rings. When the number ofHash-Rings is �, the required memory size and theamount of communication overhead is ��. Use-ally, the number of Hash-Rings is, however, much lessthan the number of nodes. The number of Hash Ringsimpacts the scalability of HDAM little. Thus, even ifthe number of Hash-Rings is more than one, HDAMis scalable enough.

3.6 Life cycle of HDAM systemUsers of P2P networks are always able to createHDAM system in anywhere, because HDAM systemdoes not need any persistent servers. A HDAM sys-tem starts when a user creates the first node of it. Nospecific process is required for creating the network ofHDAM system. After creating the network, the nodecan invite ther nodes to the existing network. Beforethe node invite other nodes, they must authenticateeach other without the HDAM system. HDAM sys-tem is based on the trust given by the authenticationwhich is processed without HDAM system before theinvitation. All nodes in the network can invite anothernode which is trusted. The network of HDAM systemis alive as long as there is more than one nodes in it,and the network ends when all nodes leave from it.No specific process is required to terminate the net-work of HDAM system. The detail of participationprocess and departure process of HDAM is describedin [14]

4 Simulation and Evaluation4.1 Simulator for P2P networkIn order to examine characteristic of HDAM and eval-uate availability of HDAM, we developed a simula-



... ...

Computer Network

NodeNodeNodeNode

Number of Nodes

... ...

Computer Network

NodeNodeNodeNode

Number of Nodes

... ...

Computer Network

NodeNodeNodeNode

Number of Nodes

Fig. 9: Network topology assumed in the simulation

tor which simulates operations of nodes in P2P net-works. This system is written in Java, and runs onJava Runtime Environment. In this simulator, all op-eration of nodes are implemented in software agentscalled “node agent”. The messages between the nodeagents simulates all messages which are sent for par-ticipation, departure, updating public keys and send-ing messages.

Fig.8 is the state transition diagram of nodeagents. Node agents have two status. One is logoutstatus (��) which means that the node is leaving theP2P network. The other is login status (��) whichmeans that the node is joining to the P2P network.The probability of changing status �� to status ��is � ��, and the probability of changing status �� tostatus �� is � ��. Moreover, the probability of up-dating the public key of the node whose status is ��is ��, and the probability of sending a message torandomly selected node is ��. All messages con-tain e-signatures, and all nodes are authenticated byusing the authentication procedure described in 3.4.

Fig.9 shows the network topology assumed inthis simulator. In this simulator, all nodes are con-nected by some computer networks like the Internet,and can communicate with each others. Network fail-ures such as packet loss are not assumed, and allcommunications are executed completely. In simula-tion results that follow, number of nodes indicates thenumber of nodes participating in the computer net-work.

4.2 Tolerance to Insider AttackFig.10 shows the success probability of authentica-tion when insider attakers exist in the P2P network.In this figure, the squares show the success probabil-ity of authentication in HDAM system that has sin-gle Hash-Ring, and the diamonds show the successprobability of authenticaion in HDAM system thathas three Hash-Rings. This figure shows the relation-ship between the resistance to insider attacks and thenumber of Hash-Rings used by HDAM. In this sim-ulation, the number of nodes in the P2P network is500, and the rate of attackers means the percentageof insider attacker nodes among all nodes in the P2Pnetwork. For example, when the rate of attackers is

0.5

0.6

0.7

0.8

0.9

1.0

0.0 0.05 0.1 0.15 0.2

rate of attackers

success probability of authentication

HDAM using 1 Hash-Ring

HDAM using 3 Hash-Rings

0.5

0.6

0.7

0.8

0.9

1.0

0.0 0.05 0.1 0.15 0.2

rate of attackers

success probability of authentication





Fig. 10: Success probability of authentication

0.1, the number of insider attacker nodes is 50.The success probability of authentication in both

HDAM systems decreases with the number of insiderattackers. But, the success probability in HDAM sys-tem that has three Hash-Rings is more than HDAMsystem that has single Hash-Ring. In HDAM sys-tem that has single Hash-Ring, nodes can not validatethe public key which is received from other nodes.On the other hand, in HDAM system that has threeHash-Rings, nodes can validate the public key, be-cause nodes can compare the public keys which issent by three different nodes. For example, when anode receives a public key from three different nodes,the node can validate the public key and authenticatethe node which is owner of the public key, even if oneof the received public keys is invalid. Therefore, theresistance to insider attacks of HDAM system whichhas three Hash-Rings is more than HDAM which hassingle Hash-Ring.

4.3 Performance EvaluationIn order to confirm the effectiveness of HDAM, wecompare HDAM with a conventional method that cor-respond to the best performance parameters. In thisevaluation, the conventional method corresponds toa decentralized authentication method such as PGPand self-organized public-key management[8, 7]. Theconventional method authenticates nodes without acentralized server. This method performs authenti-cation by using Web of Trust which is not formed byDHT. Therefore, it needs to aggregate public keys in-dividually by each node. In the conventional system,a node aggregate all public keys when the node joinsthe P2P network, and the node uses them to authen-ticate each others. Thus, in the conventional method,a node needs to communicate each others for publickey exchange when the node joins the network. Ad-ditionally, a node needs a memory space to managepublic keys. In conventional system, a node does not



scenario � ��

no.1 0.45 0.05 0.5no.2 0.25 0.05 0.7no.3 0.05 0.05 0.9no.4 0.01 0.01 0.98

Table 1: Parameters of agent activities

however need any communication for public key ex-change when the node authenticate others.

We simulated the conventional method andHDAM in the simulation scenarios described above.In this simulation, the maximum of hash value, whichis a parameter of HDAM, was set to ��.

4.3.1 Simulation ScenarioWe evaluated the availability of HDAM by using thesimulator described above. In this simulation, wemonitored both the number of public keys managedby nodes and the number of messages sent by nodes.The number of public keys managed by nodes directlyrelates to the required memory size on nodes, and thenumber of messages sent by nodes corresponds to theamount of communication data for the authentication.

We considered four simulation scenarios withfour different types of node agents. The types of nodeagents are established by agent activity parametersdescribed above. Table 1 shows the configuration pa-rameters of node agents in each scenarios, and param-eter � �� is 1.0 in all scenarios. The node agents inscenario � send a few messages to communicate withits partners, so they need small number of public keyexchanges for secure communication. The character-istic of node agent in scenario � is the same as theapplications which join the network for a short time.On the other hand, the node agents in scenario � senda lot of messages to communicate with their partners,so they need a lot of public key exchanges for securecommunication. The node agent characteristic in sce-nario � is same as the applications which join the net-work for a long time. Scenario � and scenario areintermediate in agent characteristic between scenario� and scenario �.

4.3.2 Evaluation of Required Memory SizeFig.11 shows the number of public keys managed bya node. Here, the number of public keys means therequired memory size for node authentication. Thesolid line in the graph indicates the number of pub-lic keys in HDAM system which has single Hash-Ring, and the dotted line indicates the number of pub-lic keys in the conventional method. In Fig.11, it is

100 102101 103

number of nodes

number of public keys

10-1

101

102

103

104

100

HDAM (using 1 Hash-Ring)

conventional

100 102101 103

number of nodes


10-1

101

102

103

104

100


conventional

HDAM (using 1 Hash-Ring)HDAM (using 1 Hash-Ring)

conventionalconventional

Fig. 11: Number of public keys managed by eachnode

0

50

100

150

200

10 100number of nodes


HDAM (using 3 Hash-Rings)


Conventional

0

50

100

150

200

10 100number of nodes




Conventional



Conventional

Fig. 12: Number of public keys managed by eachnode

shown that the number of public keys managed bynodes in HDAM system is significantly less than theconventional method. In particular, when the numberof nodes is 1024, HDAM can achieve more than 95%reduction in the number of public keys managed bynodes compared with the conventional method. Thismeans that HDAM ensures a significant savings inmemory requirements at each node compared withthe conventional method.

Fig.12 also shows the number of public keysmanaged by a node. As described above, the numberof public keys means the required memory size fornode authentication. The solid line in the graph in-dicates the number of publick keys in HDAM systemthat has single Hash-Ring, and the dashed-dotted lineindicates the number of public keys in HDAM sys-tem that has three Hash-Rings. The number of publickeys in HDAM system that has three Hash-Rings isthree times as many as HDAM system that has sin-gle Hash-Ring. This means that the memory size re-quired by HDAM system that has three Hash-Rings isthree times as much as HDAM system that has singleHash-Ring. However, the scalability of both HDAM



100 102101 103

number of nodes

number of messages


conventional

10-1

100

101

102

103

104

100 102101 103

number of nodes

number of messages


conventional



10-1

100

101

102

103

104

Fig. 13: Communication overhead in scenario �

100 102101 103

number of nodes

number of messages


conventional

10-1

100

101

102

103

104

100 102101 103

number of nodes

number of messages


conventional



10-1

100

101

102

103

104

Fig. 14: Communication overhead data in scenario �

100 102101 103

number of nodes

number of messages


conventional

10-1

100

101

102

103

104

100 102101 103

number of nodes

number of messages


conventional



10-1

100

101

102

103

104

Fig. 15: Communication overhead in scenario

systems is better than the conventional method whichis indicated by the dotted line in this graph. Thus, thenumber of public key in HDAM system that has threeHash-Rings is less than the conventional method.

4.3.3 Evaluation of Communication OverheadWe evaluate the number of messages sent by a nodein one step of each scenario described in 4.3.1. Thenumber of messages is the average in more than 200

100 102101 103

number of nodes

number of messages


conventional

10-2

100

101

102

103

10-1

100 102101 103

number of nodes

number of messages


conventional



10-2

100

101

102

103

10-1


steps. Node agents acts an action shown in 4.1 ineach step, and node agents send some authenticationmessages in each step. In this evaluation, the numberof messages means the communication overhead fornode authentication.

Fig.13 shows the number of messages sent bya node in scenario �. The solid line in the graphindicates the number of messages of HDAM whichhas single Hash-Ring, and the dotted line indicatesthe number of messages of conventional method. InFig.13, it is shown that the number of messages sentby a node in the HDAM system is more than the con-ventional method when the number of nodes is lessthan 64, because HDAM needs procedures to buildthe Web of Trust. However, the number of messagessent by a node in the HDAM system is less than theconventional method when the number of nodes ismore than 64. And the gap between HDAM and theconventional method increases with the increase innumber of nodes. When the number of nodes is 1024,HDAM can achieve 85% reduction in the number ofmessages sent by nodes compared to the conventionalmethod.

Fig.14, Fig.15 and Fig.16 show the number ofmessages sent by a node in scenario �, and �. Inthese scenarios, the advantage of HDAM over con-ventional method is less than scenario �, because�� which is the probability of sending a messageis higher than scenario �. Specifically, scenario �where �� is the highest is the most unfriendlyscenario to HDAM in all scenarios. The communi-cation overhead of HDAM in the sending messageaction is larger than conventional method, becauseHDAM’s authentication process described in 3.4 ismore complex than conventional method. However,the increase of communication overhead of HDAM issmaller than the conventional method. The the num-ber of participation and departure messages in HDAMis significantly less than conventional method, be-cause the number of managed public keys in HDAM



0

200

400

600

800

1000

101 102

number of nodes

number of messages



Conventional

0

200

400

600

800

1000

101 102

number of nodes

number of messages



Conventional



Conventional

Fig. 17: Communication overhead in scenario �

20

40

60

80

100

101 102

number of nodes102

0

number of messages



Conventional

20

40

60

80

100

101 102

number of nodes102

0

number of messages



Conventional



Conventional


is significantly less than conventional method. Thecommunication overhead of HDAM is therefore lessthan conventional method when the number of nodesis large enough. Specifically, in scenario � whichis the most unfriendly scenario to HDAM, when thenumber of nodes is 1024, HDAM can reduce morethan 60% of the number of messages sent by nodescompared with the conventional method.

Fig.17 shows the number of messages sent by anode in scenario �, and Fig.18 shows the number ofmessages sent by a node in scenario �. As describedabove, the number of messages means the commu-nication overhead for node authentication. The solidline in the graph indicates the number of messagesin HDAM system that has single Hash-Ring, andthe dashed-dotted line indicates the number messagesin HDAM system that has three Hash-Rings. Thenumber of messages in HDAM system that has threeHash-Rings is three times as many as HDAM systemthat has single Hash-Ring. This means that the com-municatino overhead for authentication in HDAMsystem that has three Hash-Rings is three times asmuch as HDAM system that has single Hash-Ring.However, the scalability of both HDAM systems is

required communicationmemory size overhead

onventionalmethod

��

HDAM ��

� : the number of nodes

Table 2: Scalability comparison

better than the conventional method which is indi-cated by the dotted line in this graph. Thus, whenthe number of nodes is large enough, the number ofmessages in HDAM system that has three Hash-Ringsis less than the conventional method.

4.4 DiscussionTable 2 shows the comparison of scalability betweenHDAM and the conventional method. When the num-ber of nodes is �, the memory size required by a nodein HDAM is ��, but the memory size requiredby a node in the conventional method is ��. Ad-ditionally, the amount of communication data for au-thentication in HDAM is ��, but the amountof communication data for authentication in the con-ventional method is ��. Therefore, when there aremany nodes in the P2P network, HDAM enables adrastic reduction of the number of messages. Thismeans that the scalability of HDAM is better the con-ventional method. According to the above evalua-tions, both the memory size requirement by a nodeand the amount of communication data sent by a nodeare much less than the conventional method when thenumber of nodes in the P2P network is large enough.Additionally, the advantage of HDAM over the con-ventional method become more prominent with theincreases in number of nodes. These results showsthat the scalability of HDAM is better than the con-ventional method.

5 ConclusionOur proposed HDAM, which is a mutual authentica-tion method between each node in P2P network, en-ables safe authentication among all nodes in a P2Pnetwork by using Web of Trust and an efficient dis-tributed management of public keys by using DHT.HDAM reduces both the memory size needed by anode and the amount of communication data sent bya node. The scalability of conventional method isless than HDAM, because conventional method hasno mechanism for distributed management of publickeys. Therefore, conventional authentication meth-ods can not run in huge P2P networks, where a mil-



lion nodes may try to communicate with each other.Whereas, our proposed HDAM method can realizethe authentication in huge P2P networks, because ofits efficient distributed management mechanism ofpublic keys and thus HDAM is more scalable thanconventional methods. Through computer simula-tions, we have shown that the required memory sizeand the communication overhead are less than theconventional method when the number of nodes in theP2P network is large enough. It means that HDAMis more scalable than conventional methods, and itmeans that adapting HDAM to huge networks is mucheasier than conventional methods. HDAM thereforeenables easy establishment of a secure and huge P2Pnetwork. Also, HDAM ensures easy creation of manysecure decentralized applications such as conferencesystem and file sharing system.

In our study of distributed authentication methodwe have showed the basics of HDAM in this paper.As a future work, we want to establish the detail ofHDAM trust model. Our final goal is to realize a se-cure and large P2P network by using HDAM.

Acknowledgements: This research was partlyfunded by National institute of Information and Com-munications Technology Japan, under the programof “Research and Development of Dynamic NetworkTechnology”, Ministry of Internal Affairs and Com-munications in Japan, SCOPE project(071502003)and the Ministry of Education, Science, Sportsand Culture, Grant-in-Aid for Young Scientists,20700069, 2008.

References:[1] S. Oh, J.-S. Kim, K.-S. Kong, and J. Lee. Closed

p2p system for pvr-based file sharing. IEEE Trans-actions on Consumer Electronics, Vo.51, No.3:900–907, 2005.

[2] J. L. anf Juan R. Diaz, J. M. Jimenez, and M. Es-teve. The popularity parameter in unstructured p2pfile sharing networks. WSEAS Transactions on Com-puter, Issue 6, 3:2128–2133, 2004.

[3] B. Kaliski. Rfc 2315: Cryptographic message syntaxversion 1.5, 1998.

[4] S. Farrell and R. Housley. Rfc 3281: An internetattribute certificate profile for authorization, 2002.

[5] R. Housley, W. Polk, W. Ford, and D. Solo. Rfc3280: Internet x.509 public key infrastructure certifi-cate and certificate revocation list (crl) profile, 2002.

[6] A. Tabet, S. Shin, K. Kobara, and H. Imai. Onautomated analysis of password-based authentica-tion protocols: Csp/fdr model checking and avispa.WSEAS Transactions on Information Science andApplications, Issue 2, 6:336–343, 2006.

[7] S. Garfinkel. PGP : Pretty Good Privacy. Oreillyand Associates Inc., 1994.

[8] S. Capkun, L. Buttyan, and J.-P. Hubaux. Self-organized public-key management for mobile ad hocnetworks. IEEE Transactions on Mobile Computing,2, No.1:52–64, 2003.

[9] Y. Kitada, A. Watanabe, I. Sasase, and K. Takemori.On demand distributed public key management forwireless ad hoc networks. Communications, Com-puters and signal Processing, 2005. PACRIM. 2005IEEE Pacific Rim Conference on, pages 454– 457,2005.

[10] J. Goold and D. M. Clement. Improving routingsecurity using a decentralized public key distribu-tion algorithm. Internet Monitoring and Protection,2007. ICIMP 2007. Second International Confer-ence on, 2007.

[11] I. Stoica, R. Morris, D. Liben-Nowell, D. R. Karger,M. F. Kaashoek, F. Dabek, and H. Balakrishnan.Chord: A scalable peer-to-peer lookup protocol forinternet applications. IEEE/ACM Transactions onNetworking, 11, No.1:17–32, 2003.

[12] E. Kusmierek, D. H. Du, and J. Beyer. Highly adap-tive lookup systems for p2p computing. WSEASTransactions on Computer, Issue 6, 3:1611–1624,2004.

[13] Y. Zhu and Y. Hu. Efficient, proximity-aware loadbalancing for dht-based p2p systems. IEEE Trans-actions on Parallel and Distributed Systems, 16,No.4:349–361, 2005.

[14] A. Takeda, K. Hashimoto, G. Kitagata, S. M. S.Zabir, T. Kinoshita, and N. Shiratori. A new au-thentication method with distributed hash table forp2p network. Advanced Information Networking andApplications - Workshops, 2008. AINAW 2008. 22ndInternational Conference on, 2008.



A New Scalable Distributed Authentication for P2P Network and … · 2008-12-16 · An existing authentication method called self-organized public-key management enables anauthen-tication

Documents