Passwords in Peer-to-Peer
2012 (English)In: Peer-to-Peer Computing (P2P), 2012 IEEE 12th International Conference on, IEEE , 2012, 167-178 p.Conference paper (Refereed)
One of the differences between typical peer-to-peer (P2P) and client-server systems is the existence of user accounts. While many P2P applications, like public file sharing, are anonymous, more complex services such as decentralized online social networks require user authentication. In these, the common approach to P2P authentication builds on the possession of cryptographic keys. A drawback with that approach is usability when users access the system from multiple devices, an increasingly common scenario. In this work, we present a scheme to support logins based on users knowing a username-password pair. We use passwords, as they are the most common authentication mechanism in services on the Internet today, ensuring strong user familiarity. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as resetting a forgotten password via e-mail or security questions. Together, these allow P2P systems to emulate centralized password logins. The results of our performance evaluation indicate that incurred delays are well within acceptable bounds.
Place, publisher, year, edition, pages
IEEE , 2012. 167-178 p.
, IEEE International Conference on Peer-to-Peer Computing, ISSN 2161-3567
Authentication mechanisms, Client-server systems, Complex services, Cryptographic key, File Sharing, Multiple devices, Online social networks, P2P applications, P2P system, Peer to peer, Performance evaluation, User authentication, Users access
Computer Science Telecommunications
IdentifiersURN: urn:nbn:se:kth:diva-107785DOI: 10.1109/P2P.2012.6335797ISI: 000312674500024ScopusID: 2-s2.0-84870369349ISBN: 978-146732862-3OAI: oai:DiVA.org:kth-107785DiVA: diva2:578167
IEEE 12th International Conference on Peer-to-Peer Computing, P2P 2012; Tarragona;3 September 2012 through 5 September 2012
FunderSwedish Foundation for Strategic Research , SSF FFL09-0086Swedish Research Council, VR 2009-3793ICT - The Next Generation
QC 201301112012-12-172012-12-172015-06-02Bibliographically approved