From: "Yu Hu" To: "Adriana Iamnitchi" Subject: Evaluation ( YU HU ) Date: Friday, May 24, 2002 12:06 AM The Cocaine Auction Protocol: On The Power Of Anonymous Broadcast [Frank Stajano and Ross Anderson] Main contributeion of the paper: I think this paper's main contribute is that it described a detailed studying of an anonymous auction between mistrustful principals with no trusted arbitrator and introduce a interesting new protocol "anonymous broadcast". All these will help us to get more clear view of cryptographic protocols and helpful for design. Critique the main contribution: Significance : 3(modest contribution) Methodology: I like the method used in this paper. Authors make use of a concrete instance to show us a lot of issues. The method can help us to understand quickly and correctly. Most interesting ideas: The anonymous broadcast is really interesting to me , which is worthy of more attention on it. Weakness&Questions: The paper mentioned a lot of issues and some possible resolutions. Is there some similar implementation of this kind of protocol ? In implementation , is there some other important problem waiting for resolve or is there some tradeoff in it ? Comments: Anyway, this is a good paper, I like it. Its anonymous broadcast and the methodare the most interestion parts. Security Considerations for Peer-to-Peer Distributed Hash Tables [Emil Sit and Robert Morries] Main contributeion of the paper: This paper looked into the security problems that are inherent in large peer-to-peer systems based on distributed hash lookup systems. Authors described theseproblems , their types, and gave some design principles for detecting and preventing these problems. Critique the main contribution: Significance : 3(modest contribution) Methodology: This paper has not a very interesting method. It just introduced problems based on two types. But at least , the introdcution is somewhat clear. The most important limitation of the approach: I think the paper's focus is on showing us security attacks for peer-to-peer distributed hash tables. Maybe authors can give more analysis of them and give more resolve methods. Weakness&Questions: After reading this paper , I have an intuition that every system is dangerous. So is there some realistic peer-to-peer system that has the "best" security? Comments: This paper is normal one to introduce some security for peer-to-peer distributed hash tables. I can learn some from it. ################################### From: "Xinghua Shi" To: "Adriana Iamnitchi" Subject: Sum14 Date: Friday, May 24, 2002 12:16 AM Hey,Anda Thanks! Reading14: Paper1: The Cocaine Auction Protocol: On The Power of Anonymous Broadcast Contribution: The paper introduces anonymous broadcast based on a case study of an anonymous auction between mistrustful principles with no trusted arbitrator (eBay model). They examine the anonymity layer on which the auction protocol is built and proposes for it a provocative implementation technique that does not use any cryptography. They then argue some attacks which can't be dealt with at the protocol level and give corresponding resolutions. Then they conclude the strength or weakness of broadcast anonymity. Rate: a. 3 in significance: This paper has moderate contribution because it provides a detailed survey in the Cocaine Auction Protocol but is too plain and no further research. b. 3 in convincing of methodology: The argument is rarely based on explanations without formal proof. c. The most important limitation of the approach is that the whole explanations are too straightforward and have no sound theoretical proof. The strongest and/or most interesting ideas in the paper: a. The security of this model using no cryptography is essentially equivalent to that of a cryptographically strong alternative as long as realistic threat models are used. b. The tricks to resist attacks such as seller not selling to highest bidder. c. The anonymous broadcast technique is not applicable to the wide area case, so the more efficient version of the auction protocol presented here can only be run locally. The most striking weaknesses in the paper: a. The research doesn't dig into the profound things in the protocol and doesn't give some suggestions on building such protocols. b. Many proofs begin with the observation from intuition which may be misleading. Questions: a. What are other auction protocols besides this eBay one? b. What are other applicatioins of anonymous broadcast based on physics? How do they work in real world? c. What's the most difficult issue in the real implementation of auction protocols? Paper2: Security Considerations for Peer-to-peer Distributed hash Tables Contribution: This paper examines what sorts of security problems are inherent in large p2p systems based on distributed hash lookup systems. Based on this, it presents the basic attacks that p2p hash lookup systems should be aware of which threaten the liveness of the system. They also suggest some defenses in certain cases of some specific systems. Then they extract a set of general design principles from the above defenses. This is pretty inspiring in building such systems. Rate: a. 4 in significance: This paper has significant contribution because it deal with the issue of how to handle misbehaving nodes since most research is focused on the trusted nodes. b. 3 in convincing of methodology: The argument is based on the results of detailed explanations. But the argument lacks formal proof or analysis on models. The strongest and/or most interesting ideas in the paper: a. In CAN, a querier simply can't verify forward progress. b. The method to fix the problem that a key is stored on an incorrect node or prevent the key from being found. The most striking weaknesses in the paper: a. Lack formal proof of its arguments. b. Don't present the comparisons of different p2p hash lookup algorithms which are more interesting. Questions: a. Which distributed hash algorithms are widely used in the real world? b. Does the set of design principles they present have been followed in the real design field? How well does it work? c. Topics with relation to the CAN paper we've read.