Download - Dr. Tony White Chief Scientist
Dr. Tony White
Chief Scientist
Peer-to-Peer Technology
• Dimensions of Peer-to-Peer technology– Definition– Segmentation and Assessment– Requirements
• Information Sharing– Motivations– Requirements– Architectures– Solution
• The Future of Sharing
• Summary
What is it?
Peer to Peer Architecture: Peers have the same responsibility and basic capabilities; they are both client and server at the same time (a servent) - i.e. there is symmetric communication between peers
c.f. Client-server Architecture: Servers are more powerful and responsible for managing the network. Clients are PCs or workstations which run applications and rely on servers for resources.
Peer-to-peer computing is the location and sharing of computer resources and services by direct exchange between servents
P2P Industry Outline
“There’s no peer-to-peer market any more than there’s a client/server market” – Anne Manes, Sun Microsystems
• Peer-to-peer encompasses a wide range of technologies centered around decentralizing computing
• Business and revenue models are currently unclear
• There are clear opportunities and lots of excitement
Distribution of P2P Companies
Segment Examples Industry Share
Distributed Computing Entropia
United Devices
35%
Collaboration / Knowledge Management
Groove Networks
Engenia
20%
Content Distribution Akamai
Proksim
10%
Infrastructure / Platform Consilient
Xdegrees
10%
File Sharing CenterSpan
Napster
10%
Distributed Search Open Cola
InfraSearch (Sun)
5%
(From “P2P 101: An Overview of the P2P Landscape” by Larry Cheng)
Major Features of P2P Industry
(From “P2P 101: An Overview of the P2P Landscape” by Larry Cheng)
• Lack of experienced, quality management teams
• Lack of detailed business models
• Skeptical investors
• 150+ active companies
• Estimated 95% failure rate
“The elephant in the room is the fact that most companies here are not commercially viable.” - Heard from a speaker at O’Reilly
Current P2P Business Models
• Sell P2P products to end-users– No current revenue-generating business model– Sometimes coupled with content-sale models
• Sell content through P2P– Subscription-based – I buy content from you– Sponsor-based – Someone pays you to give me content– Ad-based – You give me content and sell ads
Current P2P Business Models (cont.)
• Sell something which lets others profit from P2P– Solve a critical problem for decentralized applications– Offer support and enhanced services for free tools– Specialized packages for particular industries– Tools and libraries for P2P infrastructure
“The people most likely to make money during a Gold Rush are the ones selling pickaxes and shovels.” – Andy Oram, The O’Reilly Network
Assessment of P2P Industry
• Significant investments, no business
• No one is making money – yet
• Attitude is “P2P will change the world,” but no one knows how
• To get investment, you need cool technology or a smart business plan
• If you have both, you’re ahead of the game
• At the moment, hype rules. But where’s the product?
Information Sharing, Search and Collaboration…
SearchSelective Sharing
Motivations for P2P Information Sharing
• Large quantities of unstructured data resides on the desktop at the edge of the network
• Data cannot be seen by others in the network, it’s not easy to share
• Individuals cannot find up to date information – rely on erroneous information on servers
• Duplication of data … keeping a local copy to avoid security
The Cost to the Enterprise
• Being unable to share from the edge costs the enterprise because:– It takes a long time to find information– Communication of location is via word of mouth– Erroneous, out-of-date information is used instead of
information from the source– Real-time collaboration is impossible– Costly workflow process required for publishing content from
the edge … publishing is hard
Publishing from the Edge
• Requires:– Information must be modelled– Data remains on the edge– Information can be selectively shared– Access should be audited
• Answer: the Entity– Represents the information, but is separate from it– Facilitates search: meta data– Provides security: policy-based– Responds to events, which are mediated
Peer-to-Peer Architectures
• Pure Peer-to-Peer search:
• Server-mediated Peer-to-Peer search:
1 2 3
Search RetrieveConnect
Current P2P File Sharing implementations
• Napster, Scour-Exchange:
– server-mediated P2P– *.mp3 file-sharing only (Napster), most multimedia (SX)– Napster has (had) of the order of 30 million users
• Freenet: – pure P2P– any file types– data mirroring based on popularity– data migration towards areas of higher demand– order of several thousand users
• Gnutella…(and clones)
Napster
• Server-mediated P2P– No security– No protection of intellectual property
• Problems– Scalability– Legal
Gnutella
• Clients and servers interchangeable (pure P2P)
• Servents are able to nominate any files they will share with others
• Gnutella protocol allows insecure file-swapping
• Searches & queries are propagated through the network from servent to servent, depending on time-to-live (TTL – the ‘search horizon’)
Gnutella Search (cont.)
11: Client asks network - does file exist?
2
2: Every servent replies with YES or NO
3
3: Host then connects directly to client and retrieves files
Problems with Gnutella
• No security involved – once shared your files are out of your control
• Vulnerable to:– search query flooding: flooding the network with false
messages and thus generating a denial-of-service attack– virus attack: no guarantee host you connect to will not
reply with a virus– spoofing: man-in-the middle attack and impersonating
someone else• Completely ‘flat’ structure
– no way to grow communities with shared interests• Inefficient bandwidth usage (too many Pings!)
Problems with Gnutella (cont.)
• Network in constant flux:– Will servent be there next time?– How do I find related info?– Is info beyond my horizon?– How about tomorrow?
• Security issues:– Can I trust other users?– Are they who they say
they are?– Could this data be intercepted?
What is needed?
• Interoperability (common protocols & standards):– A communication protocol– Representation of identity– Semantic content (meta-data)
• Secure information exchange:– Must be able to guarantee trust within a network– Prevent unauthorised access to network– Policy-based control of information exchange
• Ubiquity– Buy-in from large groups of users
Authentication and Authorization
Authorization answers the question:
“Can X perform some action (a) to Y”
X Ya
Authentication answers the question:“Is Bob who he says he is?”
Authorization using Policies
• Authorization questions form a sentence containing:– A subject (noun)– An action (verb)– An object (noun)
• Modelling of nouns using: entities– Meta data for search– Policy for authorization … and more
The Texar Solution
Texar and P2P
• Developed security-aware P2P applications:– PKI-based identity– Encryption between peers– Digital signing of queries– Policy-based sharing
• Two solutions:– s-Peer– SecureRealms Peer
Information Appliance
Information network bus
S-peer
SecureRealms peer
S-peer
Architecture
• s-Peer is based upon a service-oriented architecture:– I-network bus: topology management and information
routing– Basic Services: identity, entity (and policy)– Personality Services: file sharing, instant messaging, private
chat
I-network bus
Basic Services
Personality Services
JXTA Usage
The solution: Texar’s iProtocol
• Provides a security and communication framework which allows:– Mutual authentication (identity verification) between s-peers
– Information Clustering: Growth of secure Virtual Private Communities (VPCs) with shared interests
– Mediation and control of resource sharing with high granularity using SecureRealms™ technology
– Secure, encrypted connectivity– VPCs can extend search beyond TTL horizon– Users can improve search efficiency by targeting VPCs
Peer-to-Peer Now…
Flat, no conceptOf Community
The “Super Peer”
The Texar Solution: VPCs & the iProtocol
Music VPC
Pop Music VPC
Rock Music VPC
iProtocol: The Virtual Private Community
• Virtual Private Communities are formed by:
– Creating secure data channels between members carrying messages only members can decipher– Restricting searches, queries and resource sharing to stay within the VPC’s boundaries– Allowing anyone to create a VPC with a particular interest, and recruit members into it– Providing mechanisms for finding, applying to join, joining, querying, sharing resources within, and retiring from, VPCs
iProtocol Benefits
• Enables the information network bus
• Universal, secure (via SecureRealms™ technology) resource sharing between ad-hoc, dynamically-created, virtual communities
• Knowledge-clustering can take place as Virtual Centers of Excellence develop (more targeted search capability as information accretes)
• Improved distributed data storage (inexpensive desktop storage vs. expensive server storage)
• Semantic searching and routing using entity meta-data
iProtocol: The Essentials
• Introduce community identity
– concept of membership, functions restricted to VPC• Represent VPC with smaller subset containing most powerful peers
– forms a Dynamic Backbone with a load-balancing effect• Authenticate membership of VPC and mediate flow of information
via the SecureRealms peer
• Allow VPCs to grow organically based on interests of members.
Conclusion: VPCs act as ‘Virtual Super-servents’
iProtocol: Finding VPCs
Which VPCs do you know about? • Music
Music
Rock
Texar
Backbone Nodes
Connect to Texar
• Texar• Rock
• Music• Rock
VPC-level, Query Routing
iProtocol: Joining a VPC
• Broadcast query for knowledge of VPCs available within TTL
• Choose target VPC from responses
• Connect directly to target VPC backbone
• Mutually authenticate (incl. Capability and Identity exchange)
• Establish secure communication channels within the VPC (e.g. use PKI)
iProtocol: Intelligent Information Routing
searchI know of
another VPC which is
related to this search
query…
Let me pass this on to this
other VPC…
Yeah, I might have some info for you!
1) Join VPC
2) Download files
S-peer
Connection Management
Identity
Instant Messaging
Policies
Sharing
File Sharing
SecureRealms Peer Functionality
• SecureRealms peer extended with the I-protocol provides:– Query services, “Find X!”– Authorization services:
• “Can Bob see X?”• “Can Bob get X?”
– Authentication services, “Is Bob authenticated?
• Authorization is policy-based using our programmable policy technology
• Policy evaluation can be used to generate dynamic content– Perform database queries – Query the Web
• SecureRealms peer is extensible with:– Idyllic modules– Other services
iProtocol and the SecureRealms peer
• The SecureRealms peer acts as an information router enabling policy-based resource-sharing between peers
SecureRealms peer
This…File Systems
SecureRealms peer
…or this
The SecureRealms peer isjust another peer with policy mediation functions
SecureRealms Architecture
LegacyData
Web Servers
AppServers
Directories/ Database
VP
N /
In
tern
et /
FT
P /
Ext
ran
et /
LA
N /
Oth
er
AuthenticationAuthorization
Security Policy Administration
Policy Builder
Mngt Console(Texar or 3rd party)
Mngt. API
SecureRealms SDK
Au
then
. In
terf
ace
PolicyEngine
PolicyEngine
PolicyEngine
PolicyEngine
Data Abstraction Layer
Authentication System(s)
URL Filter
UNP
Tokens
PKI
Biometrics
BusinessPolicy
RiskMngt
WorkflowPolicy
PrivacyPolicy
LocalClient
RemoteClient
WebClient
FileServers
Persistent Data Store
PolicyDB
AuditLog
StateMngt
Notification Systems
ControlExternal
Data SourceLDAP
Monitor
“State”
Custom
AuditLog
TextMessaging/
Page
E-mailNotification
React
Control, Monitor, React
Mngt. API
SecureRealms SDK
Au
then
. In
terf
ace
PolicyEngine
PolicyEngine
PolicyEngine
PolicyEngine
Data Abstraction Layer
Policy Creation and Management
• Policy Builder– Best of Breed GUI
– Fully Programmable
– Dynamic Change Control
• Benefits– Programming ease
– Management of complex business rules
– Write once, repeated use
P2P & Texar’s iProtocol
SecureRealms peer
File Systems
P2P
Virtual Private Realm
What resources
are you prepared to share with
me?
<list of files><location on File Server>
P2P and iProtocol
SecureRealms peer
File Systems
P2P
Virtual Private Realm
Give me this file, please.
I have signed this request.
•Attach policies to file•Encrypt
•Verify Request & Digital •Signature
Distributing Policy Management
SecureRealms peer
SecureRealms peer
b.mp3
d.mp3
c.mp3
a.mp3
Sees *.mp3
Policy Management is distributed!
SecureRealms peer
SecureRealms peer
The Future of Sharing…
www.s-peer.com…
Smart Queries
Information network bus
S-peer
SecureRealms peer
S-peer
“ibm”
“PC”
Q(PC) Q(ibm)
Summary
• P2P empowers the user– Decreasing reliance on client-server computing– Moves us towards the Collaborative Internet– Provides technologies which facilitate c-Commerce
• Problems– Security– Political: control moves from IT department– Standards
Questions?
www.s-peer.com
Services and their importance
• Instant messaging– XML as vehicle for representing everything– Java (C#) as the language of choice for servers, user
presence may be platform specific
• Interoperability– Gateway
• General principle– Self management or– Delegation
• Mobile code as a way of providing services on demand
Hybrid Distributed Content Management
Evolution of Sharing Vision
• Build on architecture, adding personality services, e.g.:– User interface personalities for specific domains; e.g.
biodiversity– Advanced policy management– Sharing of other information, e.g.:
• Personal bookmarks• Dynamically-generated content from databases• Retrieval of information using standard protocols; e.g. HTTP
– Allow for “smart queries”• Support for the semantic web
• Add concept of community to architecture– Create islands of expertise connected by gateways– Allow communities to be hierarchically structured for scaling
s-Peer Functionality
• Users are identifiable– All inter-peer messages are validated using identity– Identity is used to encrypt all private information e.g. policies
• Secure file sharing– Selective sharing of files based upon identity and policy
• Instant messaging– Provides broadcast communication to peer network
members
• Private chat– Point-to-point encrypted communications between members
• s-Peer is extensible– Based upon service-oriented architecture
Connecting Enterprises
s-peer
s-peer
s-peer
i-network bus
Relay Peer
Firewall
SecureRealms peer
s-peer
i-network bus
Relay Peer
Firewall
Relevance Morphing
• Change the structure of the network as we receive information from other peers.
Hybrid Distributed Content Management
Discovers Authorization
Engines
Authenticates with
Authorization Engines
Retrieves Programmable
Policies
Evaluates Programmable
Policies Remotely
Authorization …
1. The users attempts to access a resource.2. The enterprise resource requests authorization from SecureRealms, via the API.3. SecureRealms authorizes the request based on pre-defined business rules and current state information.4. SecureRealms notifies the enterprise resource of the authorization outcome, and the user is granted or denied access.5. SecureRealms creates an entry for the event in the audit log.6. Additional responses and notifications are invoked.
Web/ App. Server, Directory, or DB
Data Abstraction Layer
Persistent Data Store
PDB
CustomerEmployee
Administrator
1
2
SecureRealms SDK
3
4
5
6
Notification System
Audit