Content distribution systems have been developed to enable data such as software updates and critical patches to be distributed to nodes in a network. Typically these systems comprised many servers which were placed in the network, with nodes connecting directly to one of the servers to download the required file. However, such systems are constrained by the connection bandwidth to the servers and require considerable investment to increase the capacity of the system. Consequently, content distribution systems have been developed which rely on a fully distributed architecture with nodes in the network participating in the distribution process. Such systems may be referred to as peer-to-peer or peer-assisted content distribution systems. In such a system, the server may divide the file to be distributed into a number of blocks and provide these blocks to nodes in the network. As soon as a node has received one or more blocks, the node can act as a source of the received blocks for other nodes whilst concurrently receiving further blocks until they have received all the blocks of the file.
Malicious users can cause problems for such systems in many ways. These include distribution of false content (i.e. content which is not what it purports to be). This false content may include viruses or other harmful programs or may just waste network resources sharing data which is unwanted. Malicious users may distribute corrupted downloaded data which may then be distributed by other peers who are unaware that it is corrupted. This may result in such large scale dissemination of corrupted data that the distribution of a particular piece of data is impossible. Where the content distribution network uses network coding, introduction of a single corrupt block from a piece of content can very rapidly result in the corruption of all the blocks of that piece of content which are being distributed.
In other examples, malicious users may instigate denial of service attacks against particular elements in the network, for example, by making repeated connection attempts which may subsequently be aborted but which consume resources. Depending on where the denial of service attack is directed against, such an attack may cause the entire distribution system to fail or may just affect one or more individual users.
The invention seeks to provide an improved method and apparatus for content distribution and content validation, which mitigate problems of known methods and apparatus.