1. Field
Various features disclosed herein pertain generally to peer-to-peer overlay networks, and at least some features pertain to facilitating access controls in peer-to-peer overlay networks while maintaining user privacy.
2. Background
Peer-to-peer (P2P) overlay networks are designed for low-cost scalability and easy deployment of applications. In a P2P network, each user is connected to the rest of the network via a set of peers. Furthermore, each user may have a set of identities (e.g., membership information, email addresses, group memberships, account identifiers, and/or other form of membership/account identifiers) that form a discrete set. This set of identities can be considered a discrete set in the mathematical sense, which refers to a collection of elements of the same nature. A problem arises when two peers, A and B, want to find out the intersection of their identity sets. For example, Peer A may include the identities (“Yahoo-A”, “gmail-A”, “fb-A”, “ebay-A”, etc.) and Peer B may include the identities (“gmail-B”, “LinkedIn-B”, “bank-B”, etc.). Identity matching may happen when A and B are trying to find out whether they belong to the same group (thus having the same group credential); or when one party is performing access control on an object, which requires an identity from a set of allowed identities, and the other party is trying to access the object. For example, only peers having an eBay™ account (“ebay-n”) can be granted access to a particular object.
In a peer-to-peer network, the two identity sets must be transported to the same peer to perform the operation (e.g. Peer A sends his identity set to Peer B). An insecure solution is for one peer to send the entire set stored on its machine to the other peer of the P2P network (e.g., Peer A sends all its identities—“Yahoo-A”, “gmail-A”, “fb-A”, “ebay-A”, etc.—to Peer B). The receiving peer can then perform set operations, and sends back the result of the operations. That is, the set operations may determine whether a peer includes an identity that gives it access to a particular digital object (e.g., data, keys, passwords, executable, application, etc.). When the set involved in the operations are large, such a solution incurs significant overhead in terms of messaging and computation. Furthermore, such an operation may reveal all of Peer A's identities or memberships to Peer B and potentially all nodes in the routing path, which could violate Peer A's privacy. For instance, if a peer were to send an identity set with its identities, this may allow receiving peers and/or intermediary peers to ascertain some or all of the identities or related information, thereby potentially revealing private information (e.g. Peer A may send an identity set that may reveal a membership in a medical group of rare disease which indicate that Peer A has the disease).
Therefore a way is needed to preserve the privacy (e.g., identities, memberships, etc.) of a peer while still being able to perform access control in a peer-to-peer network.