A Distributed P2P Storage Service,

1
A Distributed P2P Storage Service, Adaptive to
Trust Assessment
Marco Casassa Mont (marco_casassa-mont_at_hp.com
) Lorenzo Tomasi (University of Bologna)
Trusted E-Services Laboratory (TESL) Hewlett-Packa
rd Laboratories, Bristol, UK
2
Table of Contents

• Background
• Trust E-Services
• Distributed Long-term Trusted E-Record Storage
• Distributed P2P Storage Service
• Model
• Conclusions some Future Trends

3
Trust E-Services
4
Long-Term Trusted Storage

• Purpose Long-term preservation of electronic
  documents
• Longevity of e-Documents (E-records) and
  Processes
• Survivability
• Long-term identity management and access control
  
• Long-term Renewal of information
• Long term Renewal of signatures time-stamps
• Migration of data through technology
• Accountability
• Integrity
• Privacy Confidentiality
• Non-Repudiation
• Authenticity

5
DERMS Services Distributed E-Records Management
Storage
6
Distributed Long-term Trusted Storage Architecture
Decentralization Distribution
Application Layer

• Randomness
• Portals
• Service Pools
• Services
• Storages

Portal Layer
Portal
Portal
Portal
Diversity
Indexing Management Layer
Service Pool

• Replication
• Stored Documents
• Metadata

Service Pool
Management Service Pool
Lazy transactional behaviour
Service Pool
Service Pool
Physical Storage Layer
Monitoring
Storage Systems
Self healing
7
Current Approach
SAN, NAS, Distributed FSs, for example Focus
on rapid and frequent access to data Dedicated,
expensive solutions Not really Long-termed
8
Objectives
Research on alternative long-term storage service
of e-records (for DERMS Services at the physical
storage layer)

• Basic Requirements
• best-effort preservation a document for a long
  period
• storage, retrieval and deletion of documents

Assumption High performance, rapid and
frequent accesses are not a basic requirement
9
Alternative long-term Storage Service

• PCs geographically distributed
• (survivability)
• Their storage capacity and CPU
• time are not fully used

• Context Medium/Large Enterprise
• Dynamic (in the medium/long term)
• PCs
• employees/people
• Collaborative but unreliable
• not necessary trusted

10
Research Issues
Challenge cope with a dynamic and unreliable
environment
PC obsolescence timeframe 3-4 years
Medium-Large enterprise 15000 people PCs
10000
Percentage of PCs involved in the service
10 Number of PCs
1000 Average
obsolescence of involved PCs (per year) 250
(1/4 1000)
This without considering faults, loss of data,
PCs owner accidental and intentional data
deletion, time zones, etc. .
11
Research Space Choices
Resources distributed

• Control variable
• not fully centralized
• (take advantage of
• distributed resources)
• not fully distributed
• (likely anarchic, need
• for a trusted access point
• for DERMS Services)

• Trust variable
• resources behaviour is very dynamic

Trust belief that someone/something is going
to act and behave as expected
12
Hybrid P2P Model
A
A
DERMS Services
A
Trusted
Not trusted
A
Controller
Peers

• Trusted controller, acting as Gateway with DERMS
  services

• Agents installed on distributed PCs
• (not necessarily trusted, at least initially)

13
Agent Installation (on Peers)
A
A
A
Trusted
Not trusted
A
Agents installed on requests (by PCs users)
14
Storage, Retrieval, Deletion of E-Records
A
A
DERMS Services
A
Trusted
Not trusted
A

• - Replication of stored E-Records
• Integrity Check during E-Record retrieval

15
Tasks Delegation
A
A
DERMS Services
A
Trusted
Not trusted
A
- Delegation of Tasks to Peers (if Authorised)
16
Peer-to-Peer Interaction
A
A
DERMS Services
A
Trusted
Not trusted
A

• Peer-to-Peer interaction triggered by an Agent
• (if Authorised)

17
Is this Sufficient?

• Are distribution and replication sufficient to
  achieve long-term storage?
• It depends
• In case of dynamic environment, peers may
• not be available
• lose data (or data may get corrupted)
• not be able to complete tasks
• ? Blind delegation of tasks to Peers

18
Need for an Adaptive System

• Monitor Distributed Peers
• Learn from Peers behaviour
• Adopt dynamic working criteria
• delegation of tasks to peers depending on
  peers reliability
• Select contextual policies depending on peers
  behaviour and
• environment dynamics

19
Monitoring Learning

• Monitoring Objectives
• control replicas status (survivability)
• observe peers behaviour
• gather information about peers
• trigger reactions

• Learn about
• Peers availability
• Peers reliability
• Correctness of document replicas
• Peers ability to complete tasks with success
• Peers response time

20
Adaptation driven by Trust Rating

• Aggregation of measures of reliability/
  trustworthiness
• in Trust Rating Information
• Usage of Trust Rating Information to dynamically
  adapt service
• by making decision on allocation of storage
  and delegation tasks
• Delegation and Storage Policies driven by
  measures of trust
• Usage of Trust and Reliability Functions to
  define Trust Metrics
• based on measured indicators (parameters)

Trust belief that a Peer/Resource is going to
act and behave as expected
21
High Level Architecture
Intelligent components (Task Mgr, Monitoring,
Rating)
Engines (store, delete, retrieve, etc )
Communication Manager

• Agents are a cut-down version of the centralized
  controller
• Architecture is modular

22
High Level Architecture
DERMS Services
Central Control
Agent
Component
Communication Manager
Secure
Communication Manager
Connections
Task
Monitoring
Rating
Manager
Module
Module
Monitoring
Rating
Module
Module
Task
Agents
Storage Module
Registration
Manager
Secure
Local
Storage Module
Repository
Storage
Scheduler
Secure
Index and
Connections
Registration
Secure Repository
UNTRUSTED
TRUSTED
Enterprise
23
Basic Mechanisms

• Communication authentication based
• on
  secure link (SSL)
• Delegation authorization
  token
• (SPKI
  based)
• Integrity management hash value, digital
  signature
• Confidentiality encryption
• Survivability documents
  replication

24
Conclusions

• Usage of distributed cheap resources and agents
  to underpin
• survivability of data over long time
• P2P architecture viable to decongest central
  control
• Hybrid control as a balance between full
  centralization
• and completely distributed control (anarchism)
• Trust Assessment to underpin adaptability in
• dynamic distributed environment
• Our approach
• reduces risks in very dynamic environments
  (Best Effort)
• introduces overhead need for a real-life
  trial
• requires a sustained number of participants

25
Future Trends on Distributed Systems

• Growing importance of Distributed Web Services
• - within Enterprises and across Enterprises
  (on the Internet)

• Growing importance of Peer-to-Peer based
  environments
• - mobile systems/services, collaborative
  environments,
• dynamic business interactions, resource
  sharing, etc.

• Importance of Adaptability of Systems and
  Services
• to the behaviour of (the involved) resources
• (Reliability and Trustworthiness are crucial
  aspects to be considered)

• Key role for Trust Services to reduce Risks and
  increase
• Accountability

26
Backup Slides
27
Use Cases

• Agents (on PCs) join or leave the Storage
  Service
• DERMS Service initiative store, retrieve,
  delete
• Peers initiative

28
Use Case Join
29
Use Case Store
30
Use Case Retrieve
DERMS Services
5. Return the
1. Request to
document
retrieve a document
Central
3. Retrieve a
Control
Replica
Component
2. Retrieve from the Index a
Peers
list of location where the
document has been stored
4. Decrypt and verify the integrity of the
replica. If the replica is compromised,
repeat step 3.
Collaborative
Enterprise
Environment
31
Use Case Delete
32
Use Case Peer-to-Peer
33
Use Case Monitoring
34
Use Case Delegation of Monitoring Tasks
35
High Level Architecture

• Information base basic information module and
  rating information module
• Monitoring module
• Rating module
• Engines for testing, storage, deletion, and
  retrieval
• Registration module
• keys and identities manager
• Communication manager

36
High Level Architecture
May update
May influence
Policy-based and planning components
Engines
Interaction with peers (via communication manager)
Monitoring
37
Monitoring Module
List of tasks
Tasks manager
From/to engines
requests
Generator
Delegation manager
From/to information base
Scheduler
38
Rating Module
Rating information db
Trust function
Information on peers behaviour
queries
events generator
notifications