Title :
Beyond "Web of trust": enabling P2P e-commerce
Author :
Datta, Anwitaman ; Hauswirth, Manfred ; Aberer, Karl
Author_Institution :
Distributed Inf. Syst. Lab, Ecole Polytech Fed. de Lausanne, Switzerland
Abstract :
The huge success of eBay has proven the demand for customer-to-customer (C2C) electronic commerce. eBay is a centralized infrastructure with all its scalability problems (network bandwidth, server load, availability, etc.). We argue that C2C e-commerce is an application domain that maps naturally onto the emergent field of P2P systems simply by its underlying interaction model of customers, i.e., peers. This offers the opportunity to take P2P systems beyond mere file sharing systems into interesting new application domains. The long-term goal would be to design a fully functional decentralized system which resembles eBay without eBay\´s dedicated, centralized infrastructure. Since security (authenticity, non-repudiation, trust, etc.) is key to any e-commerce infrastructure, our envisioned P2P e-commerce platform has to address this adequately. As the first step in this direction we present an approach for a completely decentralized P2P public key infrastructure (PKI) which can serve as the basis for higher-level security service. In contrast to other systems in this area, such as PGP which uses a "Web of trust" concept, we use a statistical approach which allows us to provide an analytical model with provable guarantees, and quantify the behavior and specific properties of the PKI. To justify our claims we provide a first-order analysis and discuss its resilience against various known threats and attack scenarios. In support of our belief that C2C E-commerce is one of the potential killer applications of the emerging structured P2P systems, we provide a layered model for P2P E-commerce, demonstrating the dependencies of various security related issues that can be built on top of a decentralized PKI.
Keywords :
client-server systems; data privacy; decentralised control; distributed memory systems; electronic commerce; internetworking; public key cryptography; security of data; C2C electronic commerce; P2P e-commerce enabling; P2P e-commerce platform; P2P system field mapping; PGP; PKI; PKI behavior quantification; PKI property quantification; PKI resilience; Pretty Good Privacy; Web of trust; analytical model; application domain; attack scenario; authenticity; availability; centralized infrastructure; customer interaction model; customer-to-customer computing; decentralized P2P public key infrastructure; dedicated infrastructure; e-commerce infrastructure; eBay; file sharing system; first order analysis; fully functional decentralized system; higher level security service; layered model; network bandwidth; nonrepudiation; peer interaction model; scalability problem; security; security related issue; server load; statistical approach; structured P2P system; threat scenario; Bandwidth; Business; Communication system security; Distributed information systems; Electronic commerce; National security; Network servers; Public key; Scalability; Switches;
Conference_Titel :
E-Commerce, 2003. CEC 2003. IEEE International Conference on
Print_ISBN :
0-7695-1969-5
DOI :
10.1109/COEC.2003.1210265