secure and resilient peer-to-peer email: design and
TRANSCRIPT
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
1
Secu
re a
nd R
esili
ent
Peer
-to-
Peer
Em
ail:
Des
ign
and
Impl
emen
tati
on
Keit
h W
. Ro
ssBr
ookl
yn P
olyt
echn
icJu
ssi K
anga
shar
juTU
Dar
mst
adt D
avid
A.
Turn
erCS
U S
an B
erna
rdin
o
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
2
Cont
ribu
tion
•Ar
chit
ectu
re f
or p
eer-
to-p
eer
emai
l–
Elim
inat
es n
eed
to r
ely
on s
ingl
e se
rver
–Bo
ost
resi
lienc
e of
em
ail a
gain
st a
ttac
ks–
Prov
ides
con
fide
ntia
l com
mun
icat
ions
•Re
liabi
lity
anal
ysis
of
P2P
stor
age
–Ca
uses
of
unav
aila
bilit
y in
DH
T st
orag
e–
Deg
ree
of r
eplic
atio
n
•Pr
otot
ype
impl
emen
tati
on
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
3
Wha
t is
Wro
ng w
ith
Curr
ent
Emai
l?
•Em
ail i
s m
issi
on c
riti
cal f
or m
any
inst
itut
ions
/peo
ple
–Re
liabl
e se
rver
s ex
pens
ive
•Si
ngle
-ser
ver
arch
itec
ture
vul
nera
ble
–D
istr
ibut
ed c
lust
ers
expe
nsiv
e, s
till
vuln
erab
le
•Se
rver
-cen
tric
has
oth
er p
robl
ems
–St
orag
e st
ress
(bi
g at
tach
men
ts)
–Ad
diti
onal
pro
cess
ing
(spa
m &
vir
uses
)
•N
eigh
borh
ood
com
mun
itie
s?
•Pe
er-t
o-pe
er a
rchi
tect
ure
alle
viat
es p
robl
ems
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
4
Assu
mpt
ions
•Co
mm
unit
y of
pee
rs (
node
s)–
Peer
s up
/dow
n, p
eers
inde
pend
ent
•W
hat
we
assu
me
to h
ave:
–D
istr
ibut
ed H
ash
Tabl
e (D
HT)
is a
vaila
ble
(e.g
., C
hord
)–
DH
T gi
ves
kcl
oses
t no
des
to g
iven
key
(cu
rren
tly
up)
–N
oP2
P st
orag
e la
yer
(e.g
., C
FS,
PAST
)
•St
ore-
and-
forw
ard
emai
l arc
hite
ctur
e–
Onl
y m
essa
ge d
eliv
ery;
per
man
ent
stor
age
loca
lly–
Assu
me
user
has
ded
icat
ed c
ompu
ter
(rev
isit
late
r)
•An
alyz
e re
quir
emen
ts o
f P2
P em
ail a
rchi
tect
ure
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
5
Enti
ties
•Pe
ers
in D
HT-
spac
e•
Syst
em n
odes
sto
re d
ata
•U
ser
agen
ts a
cces
s da
ta–
UA
and
SN c
an b
e sa
me
or
diff
eren
t
•U
sers
:–
Addr
ess
cert
ific
ate
–In
box
•M
essa
ges
–H
eade
rs s
tore
d in
inbo
x–
Mes
sage
bod
ies
sepa
rate
ly–
Mes
sage
-ID
hea
der
as k
ey
•Si
mila
r to
PO
P-em
ail
alic
e-ce
rt
bob-
cert
alic
e-in
box
bob-
inbo
x
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
6
Serv
ice
Prim
itiv
es
•St
ore
–St
ores
obj
ects
on
ksy
stem
no
des
clos
est
to o
bjec
t’s
iden
tifi
er–
List
of
auth
oriz
ed p
erso
ns
•Fe
tch
–Re
trie
ves
obje
cts
from
any
or
all
of k
syst
em n
odes
•D
elet
e–
Rem
ove
obje
ct f
rom
nod
es–
Chec
k au
thor
ity
–D
elet
ion
not
guar
ante
ed
ga
rbag
e co
llect
ion
•Ap
pend
-inb
ox–
Appe
nd h
eade
rs t
o in
box
–In
boxe
s no
t co
nsis
tent
Fo
rm s
uper
set
whe
n re
adin
g
•Re
ad-i
nbox
–Re
ad f
rom
all
kno
des
–Re
turn
all
head
ers
from
inbo
x–
Clea
rs in
box
atom
ical
ly
•N
ote:
No
need
to
enfo
rce
cons
iste
ncy
betw
een
copi
es
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
7
Alic
e Se
nds
a M
essa
ge t
o Bo
b
•Al
ice
fetc
hes
Bob’
s ce
rtif
icat
e•
Alic
e w
rite
s m
essa
ge
–Al
ice
pick
s se
ssio
n ke
y –
Encr
ypt
mes
sage
wit
h se
ssio
n ke
y–
Encr
ypt
sess
ion
key
wit
h Bo
b’s
publ
ic k
ey
•St
ore
mes
sage
•Ap
pend
hea
ders
to
Bob’
s in
box
–H
eade
rs e
ncry
pted
•Sa
me
view
to
user
!
stor
e(m
sg,
bob)
fetc
h(bo
b-ce
rtif
icat
e)
appe
nd-i
nbox
(hdr
s)
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
8
Bob
Read
s H
is M
essa
ges
•Bo
b fe
tche
s hi
s in
box
–Re
ad f
rom
all
kno
des,
fo
rm s
uper
set
–In
boxe
s cl
eare
d
•Bo
b fe
tche
s m
essa
ge•
Mes
sage
del
eted
–D
elet
e fr
om a
ll k
–G
arba
ge c
olle
ctio
n
read
-inb
ox(b
ob)
fetc
h(m
sg)
dele
te(m
sg)
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
9
Relia
bilit
y of
Dat
a in
DH
T-St
orag
e
•St
orag
e sy
stem
usi
ng a
dis
trib
uted
has
h ta
ble
(DH
T)•
Peer
Aw
ants
to
stor
e ob
ject
O–
Crea
te k
copi
es o
n di
ffer
ent
peer
s–
kpe
ers
dete
rmin
ed b
y D
HT
for
each
obj
ect
(kcl
oses
t)
•La
ter
peer
Bw
ants
to
read
O–
Wha
t ca
n go
wro
ng?
•Si
mpl
e st
orag
e sy
stem
: O
bjec
t cr
eate
d on
ce,
read
m
any
tim
es,
no m
odif
icat
ions
to
obje
ct•
Assu
me
Ipee
rs,
peer
s ho
mog
eneo
usly
up/
dow
n (p
),
unif
orm
ly d
istr
ibut
ed in
has
h sp
ace
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
10
3 Ca
uses
of
Loss
1.Al
l kpe
ers
are
dow
n w
hen
Bre
ads
2.Re
alk
clos
est
peer
s w
ere
dow
n w
hen
Aw
rote
and
ar
e up
whe
n B
read
s
3.At
leas
t k
peer
s jo
in a
nd b
ecom
e ne
w c
lose
st p
eers
kl
pp
)1(
1−
=
∑ =
≈
N ki
il
IiN
p1
3
∑− =
−
−≈
Ip ki
i
lIp
piI
pp
)1(
2)
1()
1(
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
11
Resu
lts
•Fi
rst
case
dom
inat
es c
lear
ly–
For
case
s 2
and
3 ap
plie
s:Se
arch
mor
e th
an k
node
s
•H
ow t
o im
prov
e?–
Mai
ntai
n st
orag
e in
vari
ant
Oal
way
s at
kcl
oses
t•
Nee
ds a
ddit
iona
l coo
rdin
atio
n•
Poss
ible
if d
own-
even
ts c
ontr
olle
d•
Cras
h ot
hers
nee
d to
det
ect
cras
h (b
efor
e th
ey c
rash
)
–In
crea
se k
was
te s
tora
ge (
may
be n
ot a
pro
blem
?)
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
12
Wha
t th
e U
ser
Sees
?
•Ev
ery
user
’s a
ctio
n ne
eds
to a
cces
s se
vera
l obj
ects
•Fo
r ea
ch a
cces
s: p
s=
1 –
p l1
= 1
–(1
–p)
k
•Re
adin
g an
d se
ndin
g ne
ed 2
obj
ects
•Su
cces
s fo
r us
er:
p t=
(1 –
(1–
p)k )
2
•So
lvin
g fo
r k:
)1
log(
)1
log(
ppk
t
−−=
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
13
How
Lar
ge S
houl
d k
Be?
•D
efin
e ta
rget
pt
–Th
is is
wha
t us
er s
ees
–Fa
ilure
s te
mpo
rary
•W
hen
peer
s m
ostl
y up
, k
smal
l
•In
crea
se in
pt
smal
l inc
reas
e in
k0.
10.
20.
30.
40.
50.
60.
70.
80.
91
020406080100
120
140
160
180
200
Indi
vidu
al p
eer
up p
roba
bilit
y, p
Number of copies needed, r
p t = 9
9%
p t =
99.
9%
p t = 9
9.99
%
p t = 9
9.99
9%
0.75
0.8
0.85
0.9
0.95
1051015
Zoo
m
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
14
Inte
rope
rabi
lity
and
Mig
rati
on
•O
rgan
izat
ion
X re
plac
es o
ld
emai
l wit
h ou
rs•
How
to
talk
to
othe
rs?
•D
esig
nate
gat
eway
s–
Out
goin
g an
d in
com
ing
•O
utgo
ing
gate
way
can
be
send
ing
peer
•In
com
ing
gate
way
’s a
ddre
ss
mus
t be
in D
NS
(MX-
quer
y)–
Gat
eway
spl
its
mes
sage
s
•M
X-su
ppor
t ne
eded
for
oth
ers
to
send
mai
l to
org.
X
XX
Alic
e’s
mai
lser
ver
Gat
eway
Hea
ders
Mes
sage
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
15
Java
Pro
toty
pe
•Tw
o co
mpo
nent
s:–
Syst
em n
ode
–U
ser
Agen
t
•Pa
ram
eter
s fo
r tu
ning
co
mm
unic
atio
ns–
max
Ops
–m
axCo
nns
•O
bjec
t tr
ansf
er o
ver
HTT
P/1.
1–
Som
e ne
w h
eade
rs
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
16
Dis
cuss
ion
and
Futu
re
Requ
irem
ents
:•
DH
T su
bstr
ate
•N
o ne
ed f
or s
tora
ge s
yste
m•
“No
need
” fo
r co
nsis
tenc
y
No
perm
anen
t st
orag
e•
Turn
off
gar
bage
col
lect
ion?
•En
forc
e re
plic
atio
n in
UA?
•St
ill,
need
10-
20 t
imes
st
orag
e of
cen
tral
ser
ver
•St
orag
e on
pee
rs is
fre
e!
How
abo
ut m
obili
ty?
•In
form
atio
n ab
out
fold
ers
and
read
mes
sage
s?•
Stor
e em
ail m
etad
ata
(fol
ders
, et
c.)
on p
eers
•O
ffer
per
man
ent
stor
age
Full
acce
ss o
n th
e m
ove
•Pr
oble
m:
Nee
d to
acc
ess
priv
ate
key
ofte
n...
Mob
ility
= T
rust
ed a
cces
s
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
17
Rela
ted
Wor
k
•PO
ST b
y A.
Mis
love
et a
l.•
Inde
pend
ent
wor
k in
par
alle
l•
POST
rel
ies
on P
astr
y D
HT,
PAS
T st
orag
e la
yer,
and
Sc
ribe
mul
tica
st s
yste
m (
noti
fica
tion
s)•
Mai
n di
ffer
ence
s:–
POST
use
s co
nver
gent
enc
rypt
ion
(som
e w
eakn
esse
s)–
POST
sto
res
inbo
x on
use
r’s
com
pute
rM
obili
ty r
equi
res
keep
ing
own
com
pute
r on
Still
app
lies:
mob
ility
= t
rust
ed a
cces
s to
ow
n co
mpu
ter
–N
otif
icat
ion
if u
ser
is o
nlin
e vs
. pe
riod
ic p
ollin
g
Dar
mst
adt
Uni
vers
ity
of T
echn
olog
yD
epar
tmen
t of
Com
pute
r Sc
ienc
eTe
leco
oper
atio
n
18
Conc
lusi
on
•D
esig
n an
d im
plem
enta
tion
of
P2P
emai
l•
Stor
e-an
d-fo
rwar
d ar
chit
ectu
re–
Can
be e
xten
ded
•An
alyz
e re
quir
emen
ts–
DH
T, a
bilit
y to
sto
re o
bjec
ts,
no c
onsi
sten
cy
•Re
liabi
lity
anal
ysis
of
P2P
stor
age
–H
ow m
any
copi
es n
eede
d fo
r gi
ven
targ
et q
ualit
y
•Ja
va p
roto
type
impl
emen
tati
on