Efficient Content Authentication in Peer-to-Peer Networks

Peer-to-Peer (p2p) networks provide the basis for the design of fully decentralized systems, where data and computing resources are shared among participating peers. Properties of p2p networks include scalability, self-stabilization, data availability, load balancing and efficient searching. As p2p networks become more mature and established and new applications emerge for them, the need increases for their security. This paper studies data authentication in p2p networks, where a data set originated at a trusted source is shared and dispersed over the nodes of a p2p network and is queried and retrieved by users through the API exported by the network. The paper focuses the study on the basic put-get functionality that is realized by any distributed data structure built over overlay p2p networks, including the important class of distributed hash tables. Current authentication techniques for data stored in p2p networks are static and centralized. Also, several authentication methods based on signatures on a per-object basis are vulnerable to replay attacks, where an old, out-of-date or invalid, data object is returned as the answer to a get operation. By using only the basic operation of object location, the technique achieves generality and can be applied to a broad class of p2p architectures. Authentication scheme is based on the design of an efficient distributed Merkle tree - the first distributed version of Merkle's authentication tree.