NETSEC

Protected Client-to-Client Data Sharing

Conventionally, a client needs to directly request data from a server. A new trend of data service over the Internet is to allow multiple clients, such as thousands of clients of a web server, to share data among themselves in a peer-to-peer fashion. This mechanism can potentially prevent a server from being overwhelmed when serving large audiences, and enable even an under-provisioned site to provide scalable data service. Accompanying this trend, however, are new security challenges that conventional client-server approaches such as SSL (secure socket layer) cannot address.

Our mSSL research addresses these challenges. Clients can securely obtain data when needed, whether the data is from a server or other peer clients. Among the variety of security services that mSSL can provide are the following:

• Access control. Only authenticated data clients can obtain data, no matter where the data originates.
• Data integrity. An authenticated data client can verify the integrity of data.
• Data confidentiality. Data can be encrypted so that only authenticated clients can decrypt them.
• Proof of service. A client that has obtained data from another peer client C cannot deny the data service that he received from C.

Documents:

• Jun Li, "Security protocols for hybrid peer-to-peer file sharing networks," Patent pending.

Revere

• Jun Li, Peter Reiher, Gerald Popek. Disseminating Security Updates at Internet Scale, Kluwer Academic Publishers, Boston, November 2002, 174 pages, ISBN 1-4020-7305-4.
• Jun Li, Peter Reiher, and Gerald Popek. "Resilient self-organizing overlay networks for security update delivery," IEEE Journal on Selected Areas in Communications, Special Issue on Service Overlay Networks, vol. 22, no. 1, pp. 189-202, January 2004.
• Jun Li, Revere--Delivering Security Updates At Internet Scale, Ph.D. thesis, UCLA Computer Science Department, June 2002.
• Adam Rosenstein, Jun Li, and Siyuan Tong. "MASH: The multicasting archie server hierarchy," ACM SIGCOMM Computer Communication Review, vol. 27, no. 3, pp. 5-13, July 1997.
• Jun Li, Peter L. Reiher, and Gerald J. Popek, "Securing information transmission by redundancy," in ACM New Security Paradigms Workshop, Ontario, Canada, September 1999, pp. 112-117, acceptance rate 35%. A best paper and selected for 22nd National Information Systems Security Conference.
• Jun Li, Mark D. Yarvis, and Peter L. Reiher. "Securing distributed adaptation," Computer Networks, Special Issue on Programmable Networks, vol. 38, no. 3, pp. 347-371, February 2002.
• Jun Li, Mark D. Yarvis, and Peter L. Reiher, "Securing distributed adaptation," in the Fourth IEEE Conference on Open Architectures and Network Programming (OPENARCH 2001), Anchorage, Alaska, April 2001, pp. 71-82, acceptance rate 21%. A best paper and its extended version selected for journal publication.
• Peter Reiher, Jun Li, and Gerald Popek, "Securing information transmission by redundancy," in The 22nd National Information Systems Security Conference, Washington D.C., October 1999, Presentation at the panel "Themes and Highlights of the New Security Paradigms Workshop 1999."

mSSL

• Jun Li, "A framework for trusted and motivated peer-to-peer data sharing between distrusted and selfish clients," ACM Transactions on Information and System Security, 2007, Under Review.
• Jun Li and Xun Kang, "mSSL: Extending SSL to support data sharing among collaborative clients," in Annual Computer Security Applications Conference, Tucson, Arizona, December 2005, pp. 357-368, acceptance rate 22.8% (45/197).
• Jun Li, "Data integrity and proof of service in Bittorrent-like P2P environments," IAnewsletter, Information Assurance Technology Analysis Center, vol. 9, no. 4, pp. 16-19, Winter 2006.
• Jun Li and Xun Kang, "mSSL: Securely sharing data from a server among clients," in Workshop on Information Security Applications, August 2004, pp. 567-570 (short paper).
• Jun Li and Xun Kang, "Proof of service in a hybrid P2P environment," in Springer LNCS 3759 of the International Workshop on Applications and Economics of Peer to Peer Systems, November 2005, pp. 64-73, acceptance rate 8% (10/125).