Design Considerations for Distributed Storage Networks

This collection of information about peer-to-peer systems and literature focuses on publisher and reader privacy and anonymity, and survivability in the sense of resistance to censorship.

Design Criteria

We draw a distinction between the file-sharing class of application and the more generalized distributed storage-surface services.

File-sharing applications typically focus on:

Examples in this category include Napster, and the FastTrack network based Kazza (and until the recent split also MusicCity's Morpheus client which was licensed from Kazza), and Gnutella. The most successful of these to date has been the FastTrack network with Morpheus being the most widely distributed client. The storage on the FastTrack network grew in it's recent peak to 500Tb of storage.

Storage-surface projects on the other hand are focussing on the the more ambitious problem of replacing web infrastructure, and hence properties such as:

Examples in this category include freenet, and the Intermemory project.

Anonymity, Privacy and Censor Resistance

An interesting set of design criteria that can be considered for file-sharing and storage-surfaces is publisher anonymity, and censor-resistance. Reader anonymity also is related. There have been a number of prototype and experimental systems and papers relating to these aspects of storage-surfaces (and peer-to-peer systems).

The seminal work in this area is Ross Anderson's paper on the hypothetical Eternity Service. Prototype systems and papers include Jim McCoy et al's mojo-nation and descendent project mnet, as well as the less ambitious prototypes: publius and USENET eternity, and David Wagner and Ian Goldberg's TAZ and rewebber; also freenet has some aspects of censor-resistance in it's motivation and design. The freehaven paper focuses also on publisher anonymity and censor-resistance.

Economics and Denial-of-Service

Other design criteria for file-sharing and storage-surfaces include resistance to Denial-of-Service (DoS) attacks (flooding the network with bogus "publications"), and micropayments to address DoS attacks and reward publishers and motivate NSPs (Network Storage Providers).

The design criteria of resistance to DoS and criteria benefitting from mirroring and content pre-distribution: availability, performance, censor-resistance conflict to some extent as a system with aggressive pre-distribution runs the risk that it multiplies the effect of publication so that a rogue publisher with moderate resources could publish volumes of random junk and consume significant storage resources, potentially to the extent of displacing useful content.

One of the few systems which tries to address this issue is mojo-nation, which used it's own private currency -- mojo -- to try to introduce financial incentives for software agents and individuals in it's network to act collaboratively to the net benefit of the community, and to financially discourage disruptive behavior. One interesting property of systems which charge micropayments for many storage, processing and bandwidth resource consuming activities is that the flooding attack is almost defined away. A determined flooder now becomes a valued customer; and the NSPs will upgrade equipment and buy more resources to satisfy the flooders publication interests.

This makes flooding all-but financially impractical -- a flooder would have to match the financial resources of the entire system to even occupy 50% of resources, which load the system would happily support.

DoS resistance without true financial incentives is difficult; some proposals which have attempted to bridge the gap by providing throttling mechanisms with no actual financial value are Adam Back's Hash Cash, and more recently Ari Juels and John Brainard's client-puzzles. Another tack to limiting the scope of and damage done by flooding is distributed ratings, provided by systems such as NoCeMs which at least allow users to in a distributed fashion vote on popularity of publications (NoCeMs were designed for USENET and to a lesser extent mailing lists). Another related concept is distributed content popularity metrics and metering such as Adam Back's Amortizable Hashcash (unfinished draft) and Dahlia Malkhi and Matt Franklin's Auditable Metering with Lightweight Security