https://homeostasis.scs.carleton.ca/wiki/api.php?action=feedcontributions&feedformat=atom&user=Wahmed2Soma-notes - User contributions [en]2026-06-02T20:30:56ZUser contributionsMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9143DistOS-2011W Reputation2011-04-09T16:54:30Z<p>Wahmed2: /* Issues & Solutions */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problem Domain===<br />
<br />
This portion of a reputation system answers the core question of how reputation information being exchanged is guaranteed to be authentic.<br />
<br />
*How do we ensure the information exchanged between peers authentic, and not tampered with?<br />
<br />
*How to we attribute information exchanged?<br />
<br />
*How do we do this in a highly decentralized, distributed system?<br />
<br />
*How can we make sure the information is timely?<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. <br />
<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===PKI===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
PKI provides mean of guaranteeing the authenticity by issuing digital signature. In order to ensure that electronic document is authentic , which means knowing the person who created the document and it hasn't been modified. They are commonly used for software distribution, financial transaction or to detect forgery or tampering. Further to ensure the authentication digital signature relies on certain type encryption. Digital certificate is mode of encryption on large scale for example secure web server. Digital certificate are validated by PKI by verifying the authenticity of certificate , the validity of certificate and that the certificate is trustworthy. They are issued by an authority referred as Certification Authority. The certificate authority act as the middleman that both computer trust. This helps in avoiding man in the middle attack , certificate authority confirms that computer is in fact who they say they are and the provides the public key of each computer to the other. The digital certificate contains the public key of the entity identified in certificate , it matches a public to a particular individual, and that certificate's authenticity is guaranteed by the issuer, thus digital certificate provides solution to the problem of how to find user's public key and know that its valid.These problems are solved by a user obtaining another user's public key from the digital certificate. The user knows it is valid because a trusted certification authority has issued the certificate. For their own authentication digital certificate rely on public key cryptography. The certification authority signs the certificate with its own private as digital certificate is issued. To validate the authenticity of a digital certificate, a user can obtain that certification authority's public key and use it against the certificate to determine if it was signed by the certification authority.<br />
<br />
===Issues Faced by DoD using PKI===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011<br />
<br />
*"Understanding Digital Certificate" by Microsoft : http://technet.microsoft.com/en-us/library/bb123848%28EXCHG.65%29.aspx date accessed 3rd April 2011<br />
<br />
*"How digital certificate works" by IBM: http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzas.doc/sy10580_.htm date accessed 3rd April 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9142DistOS-2011W Reputation2011-04-09T16:53:56Z<p>Wahmed2: /* References */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problem Domain===<br />
<br />
This portion of a reputation system answers the core question of how reputation information being exchanged is guaranteed to be authentic.<br />
<br />
*How do we ensure the information exchanged between peers authentic, and not tampered with?<br />
<br />
*How to we attribute information exchanged?<br />
<br />
*How do we do this in a highly decentralized, distributed system?<br />
<br />
*How can we make sure the information is timely?<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. <br />
<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===PKI===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
PKI provides mean of guaranteeing the authenticity by issuing digital signature. In order to ensure that electronic document is authentic , which means knowing the person who created the document and it hasn't been modified. They are commonly used for software distribution, financial transaction or to detect forgery or tampering. Further to ensure the authentication digital signature relies on certain type encryption. Digital certificate is mode of encryption on large scale for example secure web server. Digital certificate are validated by PKI by verifying the authenticity of certificate , the validity of certificate and that the certificate is trustworthy. They are issued by an authority referred as Certification Authority. The certificate authority act as the middleman that both computer trust. This helps in avoiding man in the middle attack , certificate authority confirms that computer is in fact who they say they are and the provides the public key of each computer to the other. The digital certificate contains the public key of the entity identified in certificate , it matches a public to a particular individual, and that certificate's authenticity is guaranteed by the issuer, thus digital certificate provides solution to the problem of how to find user's public key and know that its valid.These problems are solved by a user obtaining another user's public key from the digital certificate. The user knows it is valid because a trusted certification authority has issued the certificate. For their own authentication digital certificate rely on public key cryptography. The certification authority signs the certificate with its own private as digital certificate is issued. To validate the authenticity of a digital certificate, a user can obtain that certification authority's public key and use it against the certificate to determine if it was signed by the certification authority.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011<br />
<br />
*"Understanding Digital Certificate" by Microsoft : http://technet.microsoft.com/en-us/library/bb123848%28EXCHG.65%29.aspx date accessed 3rd April 2011<br />
<br />
*"How digital certificate works" by IBM: http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzas.doc/sy10580_.htm date accessed 3rd April 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9141DistOS-2011W Reputation2011-04-09T16:50:58Z<p>Wahmed2: /* Uses and Need of PKI */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problem Domain===<br />
<br />
This portion of a reputation system answers the core question of how reputation information being exchanged is guaranteed to be authentic.<br />
<br />
*How do we ensure the information exchanged between peers authentic, and not tampered with?<br />
<br />
*How to we attribute information exchanged?<br />
<br />
*How do we do this in a highly decentralized, distributed system?<br />
<br />
*How can we make sure the information is timely?<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. <br />
<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===PKI===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
PKI provides mean of guaranteeing the authenticity by issuing digital signature. In order to ensure that electronic document is authentic , which means knowing the person who created the document and it hasn't been modified. They are commonly used for software distribution, financial transaction or to detect forgery or tampering. Further to ensure the authentication digital signature relies on certain type encryption. Digital certificate is mode of encryption on large scale for example secure web server. Digital certificate are validated by PKI by verifying the authenticity of certificate , the validity of certificate and that the certificate is trustworthy. They are issued by an authority referred as Certification Authority. The certificate authority act as the middleman that both computer trust. This helps in avoiding man in the middle attack , certificate authority confirms that computer is in fact who they say they are and the provides the public key of each computer to the other. The digital certificate contains the public key of the entity identified in certificate , it matches a public to a particular individual, and that certificate's authenticity is guaranteed by the issuer, thus digital certificate provides solution to the problem of how to find user's public key and know that its valid.These problems are solved by a user obtaining another user's public key from the digital certificate. The user knows it is valid because a trusted certification authority has issued the certificate. For their own authentication digital certificate rely on public key cryptography. The certification authority signs the certificate with its own private as digital certificate is issued. To validate the authenticity of a digital certificate, a user can obtain that certification authority's public key and use it against the certificate to determine if it was signed by the certification authority.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9140DistOS-2011W Reputation2011-04-09T16:18:25Z<p>Wahmed2: /* Uses and Need of PKI */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problem Domain===<br />
<br />
This portion of a reputation system answers the core question of how reputation information being exchanged is guaranteed to be authentic.<br />
<br />
*How do we ensure the information exchanged between peers authentic, and not tampered with?<br />
<br />
*How to we attribute information exchanged?<br />
<br />
*How do we do this in a highly decentralized, distributed system?<br />
<br />
*How can we make sure the information is timely?<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. <br />
<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===Uses and Need of PKI===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
PKI provides mean of guaranteeing the authenticity by issuing digital signature.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9130DistOS-2011W Reputation2011-04-08T23:32:03Z<p>Wahmed2: /* Uses and Need */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problem Domain===<br />
<br />
This portion of a reputation system answers the core question of how reputation information being exchanged is guaranteed to be authentic.<br />
<br />
*How do we ensure the information exchanged between peers authentic, and not tampered with?<br />
<br />
*How to we attribute information exchanged?<br />
<br />
*How do we do this in a highly decentralized, distributed system?<br />
<br />
*How can we make sure the information is timely?<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. <br />
<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===Uses and Need of PKI===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9129DistOS-2011W Reputation2011-04-08T23:15:29Z<p>Wahmed2: /* Problems */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problem Domain===<br />
<br />
This portion of a reputation system answers the core question of how reputation information being exchanged is guaranteed to be authentic.<br />
<br />
*How do we ensure the information exchanged between peers authentic, and not tampered with?<br />
<br />
*How to we attribute information exchanged?<br />
<br />
*How do we do this in a highly decentralized, distributed system?<br />
<br />
*How can we make sure the information is timely?<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. <br />
<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9128DistOS-2011W Reputation2011-04-08T23:13:18Z<p>Wahmed2: /* Introduction */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problems===<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. <br />
<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9125DistOS-2011W Reputation2011-04-08T19:52:27Z<p>Wahmed2: /* Introduction */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problems===<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. Today over the internet different kind of activities take place ranging from access to information to entertainment, financial services, product services and even socializing. The frequent usage of internet as an important business tool led to a major increase in deliberate abuse and criminal activities. All the organization operating electronically and trading expose their own information and IT systems to a wide range of security threats. The most common protocols like IP/TCP/UDP are the main targets of potential hackers. Its all because of IPs on which attacks are possible and don't have proper authentication mechanism for any incoming data over internet. In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9124DistOS-2011W Reputation2011-04-08T19:26:53Z<p>Wahmed2: /* Introduction */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0ASS7kj9hfc1aZGRiMjMzOHJfNGhnNzhuamRr&hl=en&authkey=CMHi3KAD<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problems===<br />
<br />
===Introduction===<br />
In past few years, Internet has provided platform for a global market place and both business and private users realizes that the revolutionary communications opportunities provided by it will give way to large spectrum of business and private applications.Today online users face multitude of problems and issues like vulnerability to viruses , worms , exposure to sniffers, spoofing their private sessions not only this but also they are also subjected to invasion of privacy with multitude of spy ware available for monitoring how they behave. In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.<br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
==Problem domain:==<br />
<br />
This portion of a reputation system answers the core question of how reputation is generated from the information exchanged between systems and how/where it is stored.<br />
<br />
Problem domain:<br />
<br />
• Emerge vs. Impose reputation on the system?<br />
• Probably both, how do we account for both systems?<br />
• Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
• Where do you store the data?<br />
• Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
• Who do we trust for this information?<br />
• Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
• Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
• Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations<br />
<br />
<br />
Existing systems<br />
• Peer-based systems (emerge)<br />
• eBay - positive/negative rating system<br />
• Youtube - like/dislike/spam comment system<br />
• Policy-based systems (impose)<br />
• Java - policy based security<br />
• Android - policy based security<br />
These two systems are on opposite ends of the Emerge-Impose spectrum.<br />
EigenTrust system<br />
The EigenTrust system utilizes a numerical scale for reputation storage.<br />
Advantages:<br />
• Numerical values are easy to compare.<br />
• Little required storage space.<br />
Disadvantages:<br />
• Information is lost in the abstraction process.<br />
o No concrete data<br />
• Ambiguity<br />
Storing concrete data<br />
Hence, with the given information from the reputation system, we cannot generate an accurate profile of the entity.<br />
We need a system that represents reputation in a concrete form<br />
“If principal p gains access to resource r at time t, then the past behavior of p up until time t satisfies requirement ψr.”<br />
Advantages<br />
• A sufficient amount of information is available to come up with a profile of an entity<br />
Disadvantages<br />
• Storage space<br />
Shmatikov and Talcott<br />
Histories are sets of time-stamped events. Reputation is based on ability to adhere to licenses.<br />
Licenses might permit certain actions OR require certain actions from being performed.<br />
Advantages:<br />
• Store data in concrete form<br />
Disadvantages:<br />
• No notion of sessions (logically connected set of events)<br />
Representation of reputation<br />
If we consider reputation information to encompass the events and actions of an entity, then we can model reputation as a set of events.<br />
An interesting new problem is how to re-evaluate policies efficiently when new information becomes available.<br />
This problem is known as “dynamic model-checking”. <br />
Dynamic model-checking<br />
We want a way of summarizing past reputations.<br />
A solution here is to use: Havelund and Rosu, based on the technique of dynamic programming, used for runtime verification<br />
• Given some information on an entity, how do we convert/abstract this to reputation? <br />
• Is all the information necessary to maintain? <br />
• Now that we have the reputation information, what can we do with it?<br />
o What can we compare it with?<br />
Implementation<br />
Desired functionality of the system:<br />
new()<br />
- Append new reputation information<br />
update()<br />
- Update and summarize past behavior<br />
- This is a reduce function<br />
check()<br />
- Analyze whether the given reputation satisfies the criteria of the policy<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=9013DistOS-2011W Reputation2011-03-31T16:36:08Z<p>Wahmed2: /* Guaranteeing Authenticity/Public Key Infrastructure */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0AbY-UrFwVEEVZHgyZmJoel8yMmhkZzI3aGM1&hl=en&authkey=CIDatKoH<br />
<br />
==Our Paper==<br />
<br />
Our final paper can be found here: [[Distributed OS: Winter 2011 Reputation Systems Paper]]<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problems===<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
===What are the solution to these problems?===<br />
<br />
*Identity Based Encryption:enables senders to encrypt messages for recipients w/o requiring that a recipients key first be established, certified, and published.<br />
<br />
*Certificate-based encryption:it incorporates IBE methods, but uses double encryption so that its CA cant decrypt on behalf of the user.<br />
<br />
*Certificateless Public Key Cryptography:it incorporates IBE methods, using partial private keys so PKG cant decrypt on behalf of the user.<br />
<br />
*Distributed Computation:There exists methods that distribute cryptographic operations so that the cooperative contribution of a number of entities is required in order to perform an operation such as a signature or decryption. It helps in tighter protection at servers vs clients, but implies that the users mist fully trust servers to apply keys appropriately.<br />
<br />
*Alternative Validation Strategies:Hash tree:it offers compact protected representations of the status of large number of certiticates.Highly valued if PKI is operated large scale more benifical than Certificate Revovation List. CRL reflect ststus information at fixed intervals.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
* What assumptions will we make?<br />
* Privacy issues? What will we reveal? Will centralized systems have a know-all mentality?<br />
** Fine grained information will never be revealed (privacy concerns and user rights)<br />
* Which history should I maintain? What to take as important, what to disregard?<br />
* Immutable data structure. Who could add data? Who could remove data? Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=8947DistOS-2011W Reputation2011-03-27T19:59:12Z<p>Wahmed2: /* Common Issues With PKI Implementation */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==Our presentation==<br />
Our current presentation can be viewed at the following link: https://docs.google.com/present/edit?id=0AbY-UrFwVEEVZHgyZmJoel8yMmhkZzI3aGM1&hl=en&authkey=CIDatKoH<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
In our paper we must explain why PKI/Authentication fits into reputation. Why must it be handled by both Attribution and Reputation systems?<br />
<br />
===Problems===<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs) and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs and thus do not solve the problem of time lag as outlined above.<br />
<br />
*Availability and storage of reliable user information : For an identity certificate scheme, names in certificates need to be unique, meaningful - and correct. Few large user communities have all their member details in a central and accurate database or directory, and the exercise of consolidating, checking and updating all user data can turn into a massive and expensive exercise.<br />
<br />
*Archiving/historic verification : Digital signatures need to be verifiable even after the keys used to sign have expired. Likewise, we need to be able to verify that the certificate was valid at the time the datawas signed. This means we would need to archive: the signed file,the public key certificate of the signer, the CRL that was valid at the time of signing, a reliable timestamp to prove the accuracy of the time of signing and, the hardware environment that can run the software that was used at the time<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
===Problem domain===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
*** Do we maintain records based on a fixed set of imposed rules? Or do we build rules as the system emerges and reputations are formed?<br />
* Where do you store the data?<br />
** Distributed storage systems. Reputation in real-life is stored in interactions that an entity has with others. Reputation is not stored centrally. Reputation is most often a shared view of an entity by the masses, but sometimes an entities reputation can be disjoint among the masses: many different entities having differing views of reputation for the same entity.<br />
* Where is the data queried from?<br />
** (should I mention this?)<br />
* What defines good/bad reputation?<br />
** (should I mention this?)<br />
* Who provides the good/bad reputation?<br />
** Impose/Emerge problem: reputation for an interaction can be calculated immediately or can be a function of time.<br />
* Who do we trust for this information?<br />
** Trusting the masses is generally a good way of ensuring trustworthiness. Imposed rules will not always fit every situation well - could potentially set bad reputation to a "good" entity.<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
** Do we maintain an ever-growing set of history items for interactions between entities? Do we look focus on the bad reputations?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
Which history should I maintain? What to take as important, what to disregard?<br />
<br />
Immutable data structure<br />
Who could add data?<br />
Who could remove data?<br />
Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Implementation Requirements==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=8631DistOS-2011W Reputation2011-03-17T15:37:54Z<p>Wahmed2: /* References */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
===Problems===<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs)<br />
and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly<br />
after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in<br />
most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs<br />
and thus do not solve the problem of time lag as outlined above.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
Problem domain:<br />
Which history should I maintain? What to take as important, what to disregard?<br />
<br />
Immutable data structure<br />
Who could add data?<br />
Who could remove data?<br />
Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011<br />
<br />
*SANS Institute InfoSec Reading Room, Common issues in PKI implementations - climbing the Slope of Enlightenment : http://www.sans.org/reading_room/whitepapers/authentication/common-issues-pki-implementations-climbing-slope-enlightenment_1198 date accessed 15th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=8630DistOS-2011W Reputation2011-03-17T15:36:03Z<p>Wahmed2: /* Common Issues With PKI Implementation */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard (nick.lessard @t gmail.com / nlessard @t carleton.connect.ca)<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
* Who provides the good/bad reputation?<br />
* Who do we trust for this information?<br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
* What entities are able to contribute to reputations?<br />
* How do we access reputation about entities?<br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Guaranteeing Authenticity/Public Key Infrastructure==<br />
<br />
===Problems===<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs)<br />
and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :In order to use certificates for S/MIME signed/encrypted email, the users’ email address must be in the certificate. Most people change their email addresses more frequently than the certificate. Unless a solution is built which allows users to keep the same email address over a long period, certificates would have to be re-issued every time a user changes email address. S/MIME v.3 stipulates that the receiving application must check the From: or Sender: field in the mail header and compare it to an email address in the sender’s certificate. If the check does not match, the mail application should perform another explicit check to ensure that the person who signed the message is indeed the person who sent it. As usual, the ‘devil is in the detail’ when it comes to implementation.<br />
<br />
*Certificate Validity Checking:CRLs have been the conventional method of providing certificate validity checking. CRLs do not scale very well as discussed earlier, but are usually kept for backward compatibility, archiving/historical verification and for use in off-line mode. The other issue with CRLs is that they are generally issued at certain intervals of 6, 12 or 24 hours, causing a time lag from the time a certificate is revoked until it appears on the published CRL. This may present a security risk, as a certificate may verify correctly<br />
after it has been reported as compromised and revoked; (however some would argue that the time from actual compromise until the discovery and reporting of it would in<br />
most cases be a more significant lag). The Online Certificate Status Protocol (OCSP) (RFC2560) allows a client to query an OCSP responder for the current status of a certificate. This saves searching through a large CRL and can save bandwidth if the CRL would normally be downloaded - although it may increase network traffic. Most OCSP responders are based on CRLs<br />
and thus do not solve the problem of time lag as outlined above.<br />
<br />
==Dissemination==<br />
<br />
===The Problem Domain===<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
Publish/Subscribe?<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
Problem domain:<br />
Which history should I maintain? What to take as important, what to disregard?<br />
<br />
Immutable data structure<br />
Who could add data?<br />
Who could remove data?<br />
Authority<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
==Querying Reputation==<br />
<br />
=== Problems ===<br />
<br />
* Emerge vs. Impose reputation on the system?<br />
** Probably both, how do we account for both systems?<br />
***If you want to know someone's reputation, you either need to start asking around for it, imposing yourself. Or you need the data to be sent around, so you already have access to it; emergent. <br />
* Where do you store the data?<br />
***You need to know who has the data to ask them for it, or to go get it yourself. <br />
* Where is the data queried from?<br />
***First you need to know who's storing it. then you need to know if you're allowed to ask that node directly, do you ask a intermediary keeper of data. Will you even need to Query-- that is, do you already have all you need to know on hand? you need not get the latest updates on a node if every other node who's ever talked to it got DDOSed. (or do you?)<br />
* What defines good/bad reputation?<br />
***Should I make my own definition for bad reputation, and query if someone engaged in activities I consider bad, or should their be a global agreed upon reputation?<br />
* Who provides the good/bad reputation?<br />
***Who should I ask for information from? <br />
* Who do we trust for this information?<br />
***Whoever you trust, presumably their opinion on a given node is more important then a node you trust less. <br />
* Should reputation be mutable? Can we be pardoned, or can reputations be reversed?<br />
***topically, would you bother asking for 10 year old reputation data on a node, if it's been a model citizen for the last 9?<br />
* What entities are able to contribute to reputations?<br />
***Should I ask everyone I trust for an opinion on a given node, or just certain keepers of trust data? <br />
* How do we access reputation about entities?<br />
***You query someone in the know who you trust and are allowed to query. <br />
***you could say, ask everyone you know and trust, and ask them to ask people they know and trust, (and so on...if they're willing) until you find a node with the information you need.<br />
***in a more centralized system you need to ask some kind of keeper of information for the information you want, and that keeper may or may not provide you with the reputation info you want. <br />
* Who is authorized to access particular reputations? How much to reveal? (Information flow)<br />
***The ability to control this would depend on how centralized a system you have. In a truly distributed system where every node has an opinion on any other node they've talked to you'll be able to find somebody who can tell you about the CIA node, but in a more centralized system the keepers of information might be less...willing to give Joe 6 cores information on who Iran is DDOSing. <br />
<br />
===Maybe References===<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=8521DistOS-2011W Reputation2011-03-15T14:36:50Z<p>Wahmed2: /* Public-key infrastructure */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
* Michael Du Plessis<br />
* Nicolas Lessard<br />
<br />
==The problem==<br />
* Emerge vs. Impose reputation on the system<br />
* Where do you store the data?<br />
* Where is the data queried from?<br />
* What defines good/bad reputation?<br />
<br />
==What technologies currently exist?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
<br />
* Black hole- email, spam,<br />
* Google - search reputation<br />
* Credit bureaus<br />
* Yellow pages<br />
* Better business bureau<br />
* CRC - criminal records<br />
<br />
== What technologies don't currently exist?==<br />
<br />
==Public-key infrastructure==<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
<br />
===Common Issues With PKI Implementation===<br />
<br />
*Commercial Off-The-Shelf (COTS) versus Customised applications : The choice between COTS or customised products is usually one of cost versus usability. In case of usability the thing to be focused should be error messages. If PKI is built int o applications (transparent to users) than its fine if not than user will require to have some understanding of the use of keys, certificates, Certificate Revocation Lists (CRLs)<br />
and directories/certificate repositories so that they can make informed decisions.<br />
<br />
*Token Logistics (smart card): The point where keys and certificates are linked to their owner is a very critical point in a PKI. If a fraudulent certificate is issued by a registration officer and the certificate holder uses the certificate to commit a crime or prank, trust in the whole PKI hierarchy may be lost. The physical security requirements are high, and the registration officer, whether a person or a smartcard bureau, must be subject to strict security polices and practices. As it was problem with DoD mentioned in section above.<br />
<br />
*Network issues - Traffic : There is no doubt that the implementation of PKI will add to the network load, although just how much depends on the system architecture. Potential additional traffic that should be considered includes: Certificate issuance, Email usage, CRLs , and Directory Replication<br />
<br />
*Network issues - Encryption : Many organisations implement anti-virus software and content inspection on servers at the perimeter of their networks. Some have security policies that rejects or quarantines encrypted traffic. To provide user-to-user confidentiality, messages will traverse networks with their payload hidden from inspection by virus and content checking.<br />
<br />
*Email address in certificate :<br />
<br />
==Dissemination==<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
====Abstract====<br />
Reputation systems are meta systems that record, aggregate and distribute information about principals’ behaviour in distributed applications. Similarly, history-based access control systems make decisions based<br />
on programs’ past security-sensitive actions. While the applications are<br />
distinct, the two types of systems are fundamentally making decisions<br />
based on information about the past behaviour of an entity.<br />
A logical policy-centric framework for such behaviour-based decisionmaking is presented. In the framework, principals specify policies which<br />
state precise requirements on the past behaviour of other principals that<br />
must be fulfilled in order for interaction to take place. The framework consists of a formal model of behaviour, based on event structures; a declarative logical language for specifying properties of past behaviour; and<br />
efficient dynamic algorithms for checking whether a particular behaviour<br />
satisfies a property from the language. It is shown how the framework can<br />
be extended in several ways, most notably to encompass parameterized<br />
events and quantification over parameters. In an extended application, it<br />
is illustrated how the framework can be applied for dynamic history-based<br />
access control for safe execution of unknown and untrusted programs.<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
====Abstract====<br />
<br />
* Bolton, G. et al. How Effective are Electronic Reputation Mechanisms? (March 10, 2011) [http://ccs.mit.edu/dell/reputation/BKOMSsub.pdf]<br />
<br />
====Abstract====<br />
<br />
Electronic reputation or “feedback” mechanisms aim to mitigate the moral hazard problems <br />
associated with exchange among strangers by providing the type of information available in <br />
more traditional close-knit groups, where members are frequently involved in one another’s <br />
dealings. In this paper, we compare trading in a market with electronic feedback (as <br />
implemented by many Internet markets) to a market without, as well as to a market in which the <br />
same people interact with one another repeatedly (partners market). We find that, while the <br />
feedback mechanism induces quite a substantial improvement in transaction efficiency, it also <br />
exhibits a kind of public goods problem in that, unlike the partners market, the benefits of trust <br />
and trustworthy behavior go to the whole community and are not completely internalized. We <br />
discuss the implications of this perspective for improving these systems.<br />
<br />
==Querying Reputation==<br />
<br />
Since this won't be the actual page the paper is written on, I'm going to dump possibly relevant links here. If they actually get used I'll make them into proper references. <br />
<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=8380DistOS-2011W Reputation2011-03-10T17:17:17Z<p>Wahmed2: /* References */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
** Current Status: Snowed-in somewhere in the outskirts of Orleans...<br />
* Michael Du Plessis<br />
* Nicolas Lessard<br />
<br />
==The problem==<br />
Emerge vs. Impose reputation on the system<br />
==What currently exists?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
==Public-key infrastructure==<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
==Dissemination==<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
==Querying Reputation==<br />
<br />
Since this won't be the actual page the paper is written on, I'm going to dump possibly relevant links here. If they actually get used I'll make them into proper references. <br />
<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011<br />
<br />
*Electronic Commerece Conference , PKI Sub-Group , Issue Paper : http://www.defense.gov/dodreform/ecwg/pki.pdf date accessed 5th March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=8379DistOS-2011W Reputation2011-03-10T17:15:49Z<p>Wahmed2: /* Public-key infrastructure */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
** MSN: Gelowt@gmail.com<br />
** E-Mail: tgelowsk@sce.carleton.ca<br />
** Current Status: Snowed-in somewhere in the outskirts of Orleans...<br />
* Michael Du Plessis<br />
* Nicolas Lessard<br />
<br />
==The problem==<br />
Emerge vs. Impose reputation on the system<br />
==What currently exists?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
==Public-key infrastructure==<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
===Issues & Solutions===<br />
I found out there are many different implementations of PKI , and they all focuses on their own issues and solutions. For example PKI used in DoD have following issues<br />
<br />
*Lack of PKI-enabled eCommerce applications and lack of interoperability among PKI applications<br />
<br />
*DoD is developing a single high assurance PKI<br />
<br />
*Very High Cost Impact to the EC/EB community.<br />
<br />
*The PKI community lacks metrics for mapping of trust models between the DoD :”high assurance” C2 and EC/EB domains<br />
<br />
*Education of everyone (policy maker through user) to a common level of understanding is a huge challenge.<br />
<br />
*While the purpose of using PKI in EC/EB is to provide additional trust to allow the Internet to serve as a vehicle for legally binding transactions , problems still exist with the methodologies associated with establishing a long-term burden of proof. Specifically, there are no widely adopted industry standards for maintenance of electronic signatures or for authenticated timestamps for record maintenance that have stood the test of time. These processes are untried and the case law has not yet been established to convince users that there are no issues with enforcement of these new processes. An additional barrier to EC/EB within this space is the current DoD Certificate policy in which DoD accepts<br />
<br />
==Dissemination==<br />
<br />
===Random Ramblings on Reputation Management and Distribution===<br />
<br />
This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.<br />
<br />
To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.<br />
<br />
For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.<br />
<br />
Any solution would assume that the problems of attribution are solved.<br />
<br />
===Current Examples of Reputation Dissemination===<br />
<br />
The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.<br />
<br />
Here's a nice overview:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4537308 "Reputation management in distributed systems"<br />
<br />
Examples are as follows:<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4228013 "Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=5569965 "Improving Accuracy and Coverage in an Internet-Deployed Reputation Mechanism"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4459326 "GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks"<br />
* http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=4777496 "Adaptive trust management in P2P networks using gossip protocol"<br />
<br />
Another possibility is using "Reputation chains"<br />
* http://dx.doi.org.proxy.library.carleton.ca/10.1109/TKDE.2009.45 "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains"<br />
<br />
==Maintaining History==<br />
<br />
===Reputation systems===<br />
* record, aggregate, distribute information about an entity's behaviour in distributed applications<br />
<br />
* reputation might be based on the entity's past ability to adhere to a license agreement (mutual contract between issuer and licensee)<br />
<br />
===History-based access control systems===<br />
* make decision based on an entity's past security-sensitive actions<br />
<br />
===Examples of reputation systems (trust-informing technologies)===<br />
* eBay - Feedback forum (positive, neutral, negative)<br />
<br />
===Do reputation systems have some validity?===<br />
<br />
Resnick et al. argue that reputation systems<br />
foster an incentive for principals to well-behave because of “the expectation of<br />
reciprocity or retaliation in future interactions<br />
<br />
Abstractions are used to model the aggregated information of each entity. These abstractions may not encompass the full details of transactions and provide context to specific issues relating to feedback. In turn we can end up with ambiguous values.<br />
<br />
So we need a system that provides sufficient information in order to verify the precise properties of a past behaviour.<br />
<br />
* Krukow, K. A Logical Framework for Reputation Systems and History-based Access Control. School of Electronics and Computer Science University of Southampton, UK. (March 3, 2011) [http://www.brics.dk/~krukow/research/publications/online_papers/concrete-jcs.pdf]<br />
<br />
* Khosrow-Pour, M. Emerging trends and challenges in information technology management (March 7, 2011) [http://books.google.ca/books?id=ybzS-yylJfAC&lpg=PA822&ots=V7hn_RzqXA&dq=maintaining%20history%20in%20reputation%20systems&pg=PA822#v=onepage&q=maintaining%20history%20in%20reputation%20systems&f=false]<br />
<br />
==Querying Reputation==<br />
<br />
Since this won't be the actual page the paper is written on, I'm going to dump possibly relevant links here. If they actually get used I'll make them into proper references. <br />
<br />
http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - ''Trust Among Strangers in Internet Transactions:<br />
Empirical Analysis of eBay’s Reputation System'' (maybe not too relevant)<br />
<br />
http://portal.acm.org/citation.cfm?id=544741.544809 - ''An Evidential Model of Distributed Reputation Management''<br />
<br />
http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- ''The EigenTrust Algorithm for Reputation Management in<br />
P2P Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- ''A Robust Reputation System for Mobile Ad-hoc<br />
Networks''<br />
<br />
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- ''EigenRep: Reputation Management in P2P Networks''<br />
<br />
http://www.chennaisunday.com/ieee%202010/Reputation%20Estimation%20and%20Query%20in%20Peer-to-Peer%20Networks.pdf -- ''Reputation Estimation and Query in Peer-to-Peer Networks''<br />
<br />
Here is another paper that might be interesting for you. -- Lester<br />
http://dcg.ethz.ch/publications/netecon06.pdf<br />
<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=7884DistOS-2011W Reputation2011-03-03T16:22:21Z<p>Wahmed2: /* Uses and Need */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
* Michael Du Plessis<br />
* Nicolas Lessard<br />
<br />
==The problem==<br />
Emerge vs. Impose reputation on the system<br />
==What currently exists?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
==Public-key infrastructure==<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
===Uses and Need===<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
==Dissemination==<br />
==Maintaining History==<br />
==Querying Reputation==<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=7883DistOS-2011W Reputation2011-03-03T16:21:50Z<p>Wahmed2: /* References */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
* Michael Du Plessis<br />
* Nicolas Lessard<br />
<br />
==The problem==<br />
Emerge vs. Impose reputation on the system<br />
==What currently exists?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
==Public-key infrastructure==<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
====Uses and Need====<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
==Dissemination==<br />
==Maintaining History==<br />
==Querying Reputation==<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011<br />
<br />
* Mattila, Anssi; and Mattila, Minna "What is the Effect of Product Attributes on Public-Key Infrastructure adoption? " http://internetjournals.net/journals/tir/2006/January/Paper%2003.pdf Accessed on 2nd March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=7882DistOS-2011W Reputation2011-03-03T16:13:55Z<p>Wahmed2: /* References */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
* Michael Du Plessis<br />
* Nicolas Lessard<br />
<br />
==The problem==<br />
Emerge vs. Impose reputation on the system<br />
==What currently exists?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
==Public-key infrastructure==<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
====Uses and Need====<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
==Dissemination==<br />
==Maintaining History==<br />
==Querying Reputation==<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==<br />
* Joel Weise : "Public Key Infrastructure Overview " http://www.sun.com/blueprints/0801/publickey.pdf Accessed 2nd March 2011<br />
<br />
* Security Glossary : http://www.cafesoft.com/support/security-glossary.html Accessed on 2nd March 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_Reputation&diff=7881DistOS-2011W Reputation2011-03-03T16:09:53Z<p>Wahmed2: /* Public-key infrastructure */</p>
<hr />
<div>==Members==<br />
* Waheed Ahmed<br />
* Trevor Gelowsky<br />
* Michael Du Plessis<br />
* Nicolas Lessard<br />
<br />
==The problem==<br />
Emerge vs. Impose reputation on the system<br />
==What currently exists?==<br />
* Digital signatures<br />
** Certificates signed by trusted organizations<br />
==Public-key infrastructure==<br />
<br />
===Introduction===<br />
In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications. <br />
<br />
====Uses and Need====<br />
With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.<br />
<br />
==Dissemination==<br />
==Maintaining History==<br />
==Querying Reputation==<br />
==Possible implementations==<br />
==Conclusion==<br />
<br />
==References==</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7877DistOS-2011W NTP2011-03-03T15:44:48Z<p>Wahmed2: /* References */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
== Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
== Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
== Server==<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
== Client==<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
== Daemon client and server==<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
== Marzullo’s algorithm and function marzullo(long []) ==<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future I guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work. The most important feature of NTP relevant to this paper is its scalability: its phase lock loop clock discipline is designed for small scale networks so that NTP can maintain low offsets among clocks, even if propagation delays increase significantly. <br />
<br />
They main problem of NTP is under heavy load, constantly changing offsets may cause frequent clock re-adjustments by NTP. Each time it re-adjust, packets transmitted at later time may have smaller time stamps than packets transmitted earlier resulting in interfere with path monitoring. Future plan is to Global Positioning System receivers for clock synchronization among edge routers.<br />
<br />
Whether its traffic in air or ground or buying selling things carefully coordinated , reliable and accurate time is vital. In some cases ill-gotten time might cause DNS caches to to expire and entire internet to implode on the root servers , which was one of the threat on the eve of millennium in 1999. Critical data files might expire before they are created, and an electronic message might arrive before it was sent. Reliable and accurate computer time is necessary for any real-time distributed computer application, which is what much of our public infrastructure has become.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011<br />
<br />
*Linux Home Networking : "How To : NTP Server" : http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch24_:_The_NTP_Server Accessed on 15 Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7650DistOS-2011W NTP2011-03-01T05:19:07Z<p>Wahmed2: /* Conclusion */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
== Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
== Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
== Server==<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
== Client==<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
== Daemon client and server==<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
== Marzullo’s algorithm and function marzullo(long []) ==<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future I guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work. The most important feature of NTP relevant to this paper is its scalability: its phase lock loop clock discipline is designed for small scale networks so that NTP can maintain low offsets among clocks, even if propagation delays increase significantly. <br />
<br />
They main problem of NTP is under heavy load, constantly changing offsets may cause frequent clock re-adjustments by NTP. Each time it re-adjust, packets transmitted at later time may have smaller time stamps than packets transmitted earlier resulting in interfere with path monitoring. Future plan is to Global Positioning System receivers for clock synchronization among edge routers.<br />
<br />
Whether its traffic in air or ground or buying selling things carefully coordinated , reliable and accurate time is vital. In some cases ill-gotten time might cause DNS caches to to expire and entire internet to implode on the root servers , which was one of the threat on the eve of millennium in 1999. Critical data files might expire before they are created, and an electronic message might arrive before it was sent. Reliable and accurate computer time is necessary for any real-time distributed computer application, which is what much of our public infrastructure has become.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7531DistOS-2011W NTP2011-02-28T19:45:25Z<p>Wahmed2: /* Conclusion */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
== Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
== Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
== Server==<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
== Client==<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
== Daemon client and server==<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
== Marzullo’s algorithm and function marzullo(long []) ==<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future I guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work. The most important feature of NTP relevant to this paper is its scalability: its phase lock loop clock discipline is designed for small scale networks so that NTP can maintain low offsets among clocks, even if propagation delays increase significantly. <br />
<br />
They main problem of NTP is under heavy load, constantly changing offsets may cause frequent clock re-adjustments by NTP. Each time it re-adjust, packets transmitted at later time may have smaller time stamps than packets transmitted earlier resulting in interfere with path monitoring. Future plan is to Global Positioning System receivers for clock synchronization among edge routers.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7321DistOS-2011W NTP2011-02-22T18:38:30Z<p>Wahmed2: /* 3.2 Client */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
== Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
== Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
== Server==<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
== Client==<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
== Daemon client and server==<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
== Marzullo’s algorithm and function marzullo(long []) ==<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7320DistOS-2011W NTP2011-02-22T18:38:05Z<p>Wahmed2: /* Development Details */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
== Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
== Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
== Server==<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
==3.2 Client==<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
== Daemon client and server==<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
== Marzullo’s algorithm and function marzullo(long []) ==<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7319DistOS-2011W NTP2011-02-22T18:35:25Z<p>Wahmed2: /* 2.5 Level 3 client */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
== Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
== Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7318DistOS-2011W NTP2011-02-22T18:35:17Z<p>Wahmed2: /* 2.4 Level 2 server and client */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
== Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
==2.5 Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7317DistOS-2011W NTP2011-02-22T18:35:04Z<p>Wahmed2: /* 2.3 Level 1 server */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
== Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
==2.4 Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
==2.5 Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7316DistOS-2011W NTP2011-02-22T18:34:55Z<p>Wahmed2: /* 2.2 Structure */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
== Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
==2.3 Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
==2.4 Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
==2.5 Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7315DistOS-2011W NTP2011-02-22T18:34:45Z<p>Wahmed2: /* 2.1 NTP timestamps */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
== NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
==2.2 Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
==2.3 Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
==2.4 Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
==2.5 Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7314DistOS-2011W NTP2011-02-22T18:34:30Z<p>Wahmed2: /* Detailed context/background information */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
==2.1 NTP timestamps==<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
==2.2 Structure==<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
==2.3 Level 1 server==<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
==2.4 Level 2 server and client==<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
==2.5 Level 3 client==<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7313DistOS-2011W NTP2011-02-22T18:33:38Z<p>Wahmed2: /* 1.5 Outline of the report */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7312DistOS-2011W NTP2011-02-22T18:33:20Z<p>Wahmed2: /* Introduction */</p>
<hr />
<div><br />
=Introduction:Context/Background=<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==1.5 Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7311DistOS-2011W NTP2011-02-22T18:32:15Z<p>Wahmed2: /* 1.2 Importance */</p>
<hr />
<div>=Introduction=<br />
<br />
<br />
== Context/Background==<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
== Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
== Definition of the problem ==<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
== Summary of the result ==<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
==1.5 Outline of the report==<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7310DistOS-2011W NTP2011-02-22T18:31:28Z<p>Wahmed2: /* 1.1 Context/Background */</p>
<hr />
<div>=Introduction=<br />
<br />
<br />
== Context/Background==<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
==1.2 Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7309DistOS-2011W NTP2011-02-22T18:31:08Z<p>Wahmed2: /* Introduction */</p>
<hr />
<div>=Introduction=<br />
<br />
<br />
==1.1 Context/Background==<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
==1.2 Importance==<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7308DistOS-2011W NTP2011-02-22T18:30:35Z<p>Wahmed2: /* Introduction */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
==1.1 Context/Background==<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
*1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7307DistOS-2011W NTP2011-02-22T18:29:13Z<p>Wahmed2: /* 4. List of files */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
*1.1 Context/Background<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
*1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
= List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7306DistOS-2011W NTP2011-02-22T18:28:28Z<p>Wahmed2: /* 3.1 Server */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
*1.1 Context/Background<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
*1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
*3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
*3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
*3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
*3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
=4. List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7305DistOS-2011W NTP2011-02-22T18:27:14Z<p>Wahmed2: /* 3. Development Details */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
*1.1 Context/Background<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
*1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
= Development Details=<br />
<br />
=3.1 Server=<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
=4. List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7304DistOS-2011W NTP2011-02-22T18:25:10Z<p>Wahmed2: /* 2. Detailed context/background information */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
*1.1 Context/Background<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
*1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
= Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
*2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
*2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
*2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
*2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
*2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
=3. Development Details=<br />
<br />
3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
=4. List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7303DistOS-2011W NTP2011-02-22T18:24:03Z<p>Wahmed2: /* Introduction */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
*1.1 Context/Background<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
*1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
*1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
*1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
*1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
=2. Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
=3. Development Details=<br />
<br />
3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
=4. List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7301DistOS-2011W NTP2011-02-21T21:05:37Z<p>Wahmed2: /* 3. Development Details */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
1.1 Context/Background<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
=2. Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
=3. Development Details=<br />
<br />
3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
=4. List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS-2011W_NTP&diff=7300DistOS-2011W NTP2011-02-21T21:03:05Z<p>Wahmed2: /* Conclusion */</p>
<hr />
<div>=Introduction=<br />
<br />
1. Introduction:<br />
<br />
1.1 Context/Background<br />
<br />
Network Time Protocol (NTP) synchronizes clocks of hosts and routers. According to NIST estimates there are 10-20 million NTP servers and clients deployed in the internet and its tributaries all over the world. NTP software has been ported to almost every workstation and server platform available today – from PCs to Cray’s – UNIX, Windows, VMS and embedded systems, even home routers and battery backup systems.<br />
<br />
NTP provides nominal accuracies of low tens of milliseconds on WANs, sub milliseconds on LANs and sub microseconds using a precision time source such as cesium oscillator or GPS receiver. Our time protocol was designed over the LAN and our goal was to achieve sub milliseconds of accuracy.<br />
<br />
1.2 Importance<br />
<br />
Precision of time is very important in the computer world. Following are some example why it is so important to maintain a precise and accurate time.<br />
<br />
Network monitoring, measurement and control, Distributed database transaction journaling and logging, Secure document timestamps with cryptographic certification, Radio and TV programming lunch and monitoring, Stock market buy and sell orders, Distributed network gaming and training, etc.<br />
<br />
1.3 Definition of the problem<br />
<br />
My goal was to acquire time accuracy in the Linux lab assuming that all the computers do not have internet connection. To time synchronize all the computers I had to build our own hierarchy of NTP servers and clients.<br />
<br />
1.4 Summary of the result<br />
<br />
An efficient hierarchy of NTP server and client has been implemented. Precision of<br />
Sub milliseconds were achieved.<br />
<br />
1.5 Outline of the report<br />
Detailed background information and the structure of our time protocol are provided in Section<br />
2. The development setup and code explanation is reviewed in Section 3. Details of which server/client contains which files are given in section 4. My contributions in this implementation are described in Section 5.<br />
<br />
=2. Detailed context/background information=<br />
<br />
In this section the background information of Network Time protocol and the hierarchical model and the comparison with the original NTP designed by Dave Mills is reviewed. For unambiguity I will call the protocol as Linux lab time protocol (LLTP) and the original Network time protocol as NTP.<br />
<br />
2.1 NTP timestamps<br />
<br />
The 64-bit timestamps used by NTP consist of a 32-bit second part and a 32-bit fractional second part. I followed the same time structure for our LLTP which gives us a time scale of 232 seconds (136 years) and a theoretical resolution of 2-32 seconds (233 picoseconds).<br />
<br />
2.2 Structure<br />
<br />
NTP uses a hierarchical, semi-layered system of levels of clock sources; each level of this hierarchy is termed a stratum and assigned a layer number starting with 0 at the top. The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in hierarchy.<br />
<br />
My target is to develop a time synchronizing software for a small office or lab with a large number of computer where a very few computer has internet connectivity but all the computers are connected together in a local network. As a result not all the computer is able to connect to internet for time accuracy. LLTP uses similar hierarchical, semi-layered sources as NTP. Each layer of this hierarchy is termed as level and assigned a layer number starting with 1.<br />
<br />
2.3 Level 1 server<br />
<br />
<br />
Computers with internet connectivity are the level 1 server for our LLTP<br />
<br />
Level 1 server<br />
<br />
synchronizes its system clock with the NTP servers on the internet. In this hierarchy, only a fixed (5) number of level 1 servers are used. Unlike NTP we don’t have the privilege to use a 10 of thousands of level 1 and level 2 servers, and unlike NTP our LLTP has only 3 level structures.<br />
<br />
Picture below shows the connectivity and the hierarchy of LLTP<br />
<br />
[[File:LTTPHireachy.jpg]]<br />
<br />
2.4 Level 2 server and client<br />
<br />
Level 2 servers run two different programs. A client program to synchronize its system clock with the level1 servers and a server program that waits for any level 3 client for time request. Upon the request it sends its synchronized system time to the client. Level 2 servers also synchronize its system clock with the other level2 servers.<br />
<br />
Each level2 server is connected to 4 level1 servers. It polls time from each level1 server and chooses the best time and synchronizes its system clock. How the best time is achieved is described in the section 3 below with code explanation. There are maximum 5 level2 servers with our LLTP model. Each level2 server is connected to 4 different level1 servers. None of the level2 server has the same level1 server set.<br />
<br />
2.5 Level 3 client<br />
<br />
Bottom of the LLTP hierarchy is level3 client. It only runs a client program that polls time from the level2 servers. It can only connect/request time from one of our level2 servers at a time. It also requires the knowledge of the IP address of the level2 server. For the load management purpose level 3 clients are not able to connect to a Level1 servers.<br />
<br />
=3. Development Details=<br />
<br />
3.1 Server<br />
<br />
As it is mentioned in section-2, there are two servers in our LLTP model. One is level 1 and the other is level 2. Both servers wait for a client with time requests and upon receiving one send the time string. Code structure for both the servers is almost similar with minor technical differences which are explained later in this section. Both servers use a infinite for loop for waiting for the<br />
client. They use a fixed but different port number for the client connection.<br />
<br />
[[File:Z:\clientntp.jpg]]<br />
<br />
Time requests sent to Level 1 server have to contain a message no more than 1 character and it has to be an integer which is sent by the level2 client to distinguish the level1 servers from one another. Level1 server will take that message received from the client and add that at the end of the time string sent to the client. If the level1 server receives a time request message with greater size of 1than it will not return any time value. For the level2 server the maximum message size is<br />
128 characters and it do not have to be an integer. Level2 server discards the message sent from the level3 client. A unique feature of level2 server is that a level3 client time request with “exit” message can shut down the level2 server. This feature is not implemented in level1 servers.<br />
<br />
[[File:level1servercode.jpg]]<br />
<br />
[[File:level2servercode.jpg]]<br />
<br />
Both servers send time as a string which handles the problem with big and little Endean.<br />
<br />
<br />
3.2 Client<br />
<br />
There are also two clients for our LLTP, level2 client and level3 client. Level3 client is very straight forward where the level3 is a bit more complicated.<br />
<br />
Level3 client sends a time request to the level2 server. It cannot send time request to a level1 server as the port number for both server are different and the port numbers are hard coded for both the client (leve3 client/level2 server uses port 123 where level2 client/level1 server uses port 4003). Level2 server also has a restriction over the message sent by the client which is explained above in the server section. Upon receiving the time string back from the server which contains the seconds and milliseconds part together as a string separated by a comma (‘,’), it separates this two parts and checks for the latency and calls function named set_time(long[] ) which sets the system clock time with the new time.<br />
<br />
[[File:level3clientcode.jpg]]<br />
<br />
Level2 client dose almost the same things but in a broader and sophisticated way. It polls time from four different levle1 time server at the same time. When it sends the time request, it sends a unique message as the server ID to identify the time received from different level1 server which helps to fix the latency later.<br />
<br />
[[File:level2clientcode.jpg]]<br />
<br />
Level2 client also uses a time out of 1 second. If it dose not receive the time string back from the server then it will ignore the time from that server and choose the best time from the ones it received from the other servers. Received time strings from the different servers also have the server id added at the end of the time string. Using that information level2 client saves the received time in order and fixes the latency accordingly. It keeps all the latency fixed time in an array with the invalid time being -1. Then it calls a different function called marzullo(long []), which takes the array of latency fixed times and returns the best time depending on the Marzullo’s algorithm. Function marzullo() is explained in the section 3.4. Then it uses the set_time(long []) method to set the system clock time.<br />
<br />
[[File:level2clientcode2.jpg]]<br />
<br />
3.3 Daemon client and server<br />
<br />
The level2 client and server runs as a daemon process to give them the privilege to run continuously in the background. As both the client and server in level2 does not need any user interference and need to run all the time to update the system clock of the running computer from the level1 server.<br />
<br />
As it is mentioned above the client process for level2 run continuously and it updates its system clock every 1 minute (polls time from the level1 server every 60 seconds). Server daemon process is built in the same manner but unlike the client process it does not have a waiting time.<br />
<br />
[[File:codefordaemon.jpg]]<br />
<br />
3.4 Marzullo’s algorithm and function marzullo(long [])<br />
<br />
Marzullo’s algorithm, invented by Keith Marzullo, is an agreement algorithm used to select sources for estimating accurate time from a number of noisy time sources. A modified version of his algorithm, intersection algorithm, is use in NTP. We used the simplified version of this algorithm to choose the best possible time from our time sources (level1 servers).<br />
<br />
Our function long* marzullo (long []) takes an array of four times from four different level1 servers and return a pointer to an array with the best seconds and milliseconds. First it takes the given array of times and makes two entries for each time as ±2 milliseconds. For each entry it also adds a type of -1 for -2millisecons and +1 for +2 milliseconds. As a result for 4 time entry it produces an array of 8 time entries with type as ±1. For our LLTP we took ±2milliseconds as our error range. After adding the type the entry will look like <entry – 2, -1> for the beginning of the range and <entry+2, +1> for the end of the range [entry±2].<br />
<br />
[[File:IntersectionMarzullasalg.jpg]]<br />
<br />
The description of the algorithm uses the following variables: best (largest number of overlapping intervals found), cnt (current number of overlapping intervals), best_start and<br />
<br />
best_end (the beginning and end of best interval found so far). We used a two dimensional array to keep the second, millisecond and type of the range. The structure of the array is as follows:<br />
<br />
time_entry [i][0] = second part of the time <br />
entry time_entry [i][1] = millisecond part of the time <br />
entry time_entry [i][2] = type of the range (i.e. ±1)<br />
<br />
Here ‘Time_entry is the name of the array and ‘i’ is used as an index to traverse the array. After creating the array it follows the following step to determine the accurate time. Then it sends back the best chosen time to the level2 client program.<br />
<br />
[[File:section3last.jpg]]<br />
<br />
=4. List of files=<br />
<br />
Level1 server:<br />
<br />
DieWithError.c <br />
get-time.c <br />
L1Server.c<br />
<br />
<br />
Level2 server:<br />
<br />
daemon_server.c <br />
DieWithError.c <br />
get-time.c <br />
L2Server.c<br />
<br />
Level2 client:<br />
<br />
daemon_client.c <br />
DieWithError.c <br />
get-time.c <br />
L2Client.c <br />
marzullo.c<br />
print-time.c <br />
selection_sort.c <br />
set-time.c<br />
<br />
<br />
Level3 client:<br />
<br />
DieWithError.c <br />
get-time.c<br />
print-time.c <br />
set-time.c <br />
UDPTimeClient.c<br />
<br />
=Discussion/Output=<br />
<br />
The most intresting part of testing this was to see how distrubted architect of NTP client-server works and how could it be improved. I learnt alot by setting up and running them and seeing the results. It was fun improving little bit on exsisting implementation of NTP.<br />
<br />
Output form different levels of clients and servers are given in this section. Output from level1 server:<br />
<br />
[[File:output1.jpg]]<br />
<br />
[[File:output2.jpg]]<br />
<br />
[[File:output3.jpg]]<br />
<br />
[[File:output4.jpg]]<br />
<br />
=Conclusion=<br />
<br />
Overall, there has been lots of work going on NTP , due to high demand of distributed clinet-server architect based application. This was carried on a very small linux based lab , in future i guess there will be need to test on large industry based scale , where many systems can be connected and than test to see how the delay from clients to server causes disturbance in algorithm. There will be issues for sure since as the information travels it takes time and that delayed time will need to be adjusted more and will be focus of future work.<br />
<br />
=References=<br />
<br />
*Ntp home page: http://ntp.org Acessed on 13th Feb 2011<br />
<br />
*Wikipedia for network time protocol: http://en.wikipedia.org/wiki/Network_Time_Protocol Accessed on 13th Feb 2011<br />
<br />
*Wikipedia for Marzullo’s algorithm: http://en.wikipedia.org/wiki/Marzullo's_algorithm Accessed on 13th Feb 2011</div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=File:Section3last.jpg&diff=7299File:Section3last.jpg2011-02-21T20:59:25Z<p>Wahmed2: </p>
<hr />
<div></div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=File:Level3clientcode.jpg&diff=7298File:Level3clientcode.jpg2011-02-21T20:58:45Z<p>Wahmed2: </p>
<hr />
<div></div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=File:Level2servercode.jpg&diff=7297File:Level2servercode.jpg2011-02-21T20:58:35Z<p>Wahmed2: </p>
<hr />
<div></div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=File:Level2clientcode2.jpg&diff=7296File:Level2clientcode2.jpg2011-02-21T20:58:22Z<p>Wahmed2: </p>
<hr />
<div></div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=File:Level2clientcode.jpg&diff=7295File:Level2clientcode.jpg2011-02-21T20:58:13Z<p>Wahmed2: </p>
<hr />
<div></div>Wahmed2https://homeostasis.scs.carleton.ca/wiki/index.php?title=File:Level1servercode.jpg&diff=7294File:Level1servercode.jpg2011-02-21T20:58:04Z<p>Wahmed2: </p>
<hr />
<div></div>Wahmed2