Certificate-based access control in pure P2P networks

Abstract

Pure Peer-to-Peer (P2P) networks are characterized as being extremely decentralized and self-organized, properties which are essential in a number of environments, including teamwork, collaborative, and ad-hoc systems. One of the features offered by P2P networks is the possibility of having several replicas of the same content distributed among multiple nodes. Despite its advantages (e.g. robustness and fault tolerance), it is crucial to guarantee content authenticity, as well as to enforce appropriate access control policies. However the extremely decentralized nature of these environments makes impossible to apply classic solutions that rely on some kind of fixed infrastructure, typically in the form of on-line trusted third parties. In a previous work, we presented a protocol for content authentication based on public key certificates that does not rely on the existence of a public key infrastructure. In this paper we show how these certificates can be extended to provide authorization capabilities. In our scheme, each peer classifies her contents according to several security labels. Peers allowed to access a given content must have a security clearance of at least the same level that the content's. These security clearances, which take the form of attributes in public key certificates, can be discretionally issued by the content provider.