Types of Trust Software Tools for the P2P Network
- Internet telephony applications, like Skype, are popular P2P networks with trust verification built in.communicating with her boyfried online. image by Leticia Wilson from Fotolia.com
Peer-to-Peer networks (P2P) allow information sharing between local or distributed computers without going through a third-party server. While this model greatly improves transfer efficiency and conserves network bandwidth, P2P networks also require a distributed trust model as opposed to a centralized client/server trust partition. Distributed data or voice sharing technologies, through P2P technologies such as BitTorrent, Voice-over-IP (VoIP) or custom industry peer-to-peer systems, spread the flow control, security and trust of a traditional network system to peer-based software mechanisms. - In 1978 the RSA algorithm (named for its creators: Rivest, Shamir and Adleman) opened doors for strong encryption and authentication mechanisms in network-based applications by introducing the notion of public versus private encryption keys. With Public-Key Infrastructure (PKI), applications with a known public key of the recipient encrypt data with the public key, and only the corresponding private key will decrypt the data. In P2P network systems, public key cryptography offers the assurance that only the recipient will be able to understand encrypted data, thereby assuring trust between two known clients. In traditional PKI, mutually trusted Certificate Authorities verify and archive the public keys of users, for additional authentication.
- Public-Key Cryptography works well with centralized and trusted authorities, however this defeats the purpose of a P2P network as it opposes the decentralized and dynamic nature of P2P network models. In the early 1990s, proposed modifications to PKI detailed distributing verification and archiving of public keys to peers on a network, creating a Web of Trust (WoT) model where peers on the network verify other users using digital signatures. WoT systems work best in large-scale P2P networks, such as BitTorrent, as they rely on many peer-to-peer interactions to establish a baseline of trust within the network. WoT movements gained popularity from 2000-2009 in traditional client/server-based networks as well, used to verify websites against phishing and other cyber fraud attacks.
- Biometric technologies and two-factor authentication are forms of strong authentication used to verify peer-to-peer connections better than passwords or encryption keys. As of 2010, most governmental information systems require two-factor authentication, of which biometrics are significant contributors. Peer-to-peer information systems most often incorporate biometric or two-factor authentication on each individual client to ensure proper encryption key security, since storing biometric data for authentication on a centralized server would go against the distributed P2P model. One very common example of biometric authentication is video conferencing with VoIP technologies such as Skype. In this model, users can see each other when connecting, thereby simulating facial recognition within a P2P VoIP call.
