A Hierarchical Trusted Third-party System for Secure Peer-to-peer Transactions

A HIERARCHICAL TRUSTED THIRD-PARTY SYSTEM FOR SECURE PEER-TOPEER TRANSACTIONS by Khoi Vu Nguyen A peer-to-peer (P2P) network is a distributed network of peer computers loosely connected through the Internet. Transactions in a P2P network are often conducted on a no-security basis. Moreover, peer anonymity is often highly desirable, which makes security even more difficult to achieve. In most cases, a peer executes a transaction solely based on the faith that the other peer plays by the rules. Here we propose a hierarchical Trusted Third-Party (TTP) system that facilitates secure transactions between peers in an existing P2P network. This system is designed to provide mutual authentication by using public key cryptography for peers to authenticate the TTP system and by using symmetric key cryptography for the TTP system to authenticate peers. After logging into the system, two peers can obtain a shared secret key from the TTP system to form a secure channel over which all transactions are encrypted using the secret key. The TTP system is designed to operate as an independent entity that peers can choose to join independently of their P2P network and can remain anonymous among each other. In addition, a reputation scheme, in which peers rate each other, is employed in the TTP system. This self-policing system provides a relative measure of trust among peers so that a peer can decide whether to allow a transaction based on another peer’s rating. The anonymity of peers in P2P systems creates many difficulties for establishing an accurate rating system. However, we believe this is still achievable to a degree.