Defending a P2P digital preservation system

The LOCKSS (Lots Of Copies Keep Stuff Safe) system allows users to store and preserve electronic content through a system of inexpensive computers arranged in an ad hoc peer-to-peer network. These peers cooperate to detect and repair damage by voting in "opinion polls." We develop a more accurate view of how the network will perform over time by simulating the system\´s behavior using dynamic models in which peers can be subverted and repaired. These models take into account a variety of parameters, including the rate of peer subversion, the rate of repair, the extent of subversion, and the responsiveness of each peer\´s system administrator. These models reveal certain systemic vulnerabilities not apparent in our static simulations: a typical adversary that begins with a small foothold within the system (e.g., 20 percent of the population) will completely dominate the voting process within 10 years, even if he only exploits one vulnerability each year. In light of these results, we propose and evaluate countermeasures. One technique, ripple healing, performs remarkably well. For models in which all system administrators are equally likely to repair their systems, it eliminates nearly systemic levels of corruption within days. For models in which some administrators are more likely to repair their systems, ripple healing limits corruption, but proves less effective, since these models already demonstrate superior performance