Accountability
--------------

0.  Example of failed system: ebay users not getting accountability
    DDoS (trinity 3)
    tragedy of the commons: mp3 (artist property)
    

I.  Overview:  why we need it

    A. Problem:  flood control and resource management
       1. Tragedy of the Commons
       2. Difficulties in paying for public goods (Mancur Olson)

    B. Types of attacks 
       1. Flooding storage space
       2. DoS on communication link (bandwidth)

    C. Preventions/protections from attacks

II. Difficulties:  why it's not easy

    A. Anonymity

    B. Need for dynamic-ness in decentralized system
       1. Easy to join and leave the system
       2. No centralized / few static server points
          of attack

    C. Comparison to real world identification
       1. Non-static/permanent IDs (nyms)
       2. Difficulty in binding negative attributes
          (users can just take on a new nym?), unlike
          rl where SSN are bound to "permanent files"
          in centralized databases (credit history,
          law enforcement, etc.) 
       3. Comparison to "spot" checking in rl:  make
          penalty prohibitively large to prevent people
          from taking "risk."  This model does not extend
          as easily to non-static ids.

    D. Judging behavior v. intent
       1. The importance of differentiating these
          two aspects: do we only care if data is 
          present / protocol has been followed
          properly, or is it important to differentiate
          those who maliciously break protocol?
       2. The need for automated decision-making,
          and the difficulties that entails (hard
          to judge "intent")

    E. The balance between gaining positive and 
       negative attributes.  
       1. If positive attributes are too easy to gain, 
          attackers can more quickly and easily damage 
          system.  
       2. If negative attributes are too easy to gain,
          "good" nodes can too quickly lose "reputation" 
          do to behavioral problems (not intent).

    F. Methods to minimize damage that adversaries 
       (intentional or not) can inflict on the system


III.Historical examples of accountability requirements

    A. Non peer-to-peer / centralized servers
       1. TTP models
       2. PGP Keyservers -- web of trust does not scale
       ebay, reputation servers

usenet, seti@home, distributed.net
       gnutella
    B. System successes/failures
    C. What we've learned


IV. Peer-to-Peer models
          
    A. Projects and accountability systems used
       
       Freenet, Gnutella, Publius, FreeHaven, MojoNation,
       Blocks, Eternity USENET, Intermemory, Eternity, ...

    [actually, we'll integrate A and B together, rather than presenting
     them separately]

    B. Accountability methods

       1. Micropayments:  
         "Pricing via Processing", Moni Naor et al, 1991

          a. ecash (Chaum, Brands)
          b. hashcash (Adam Back), Payword (Rivest and Shamir)
             Poly the paranoid question from 857 midterm

          c. client puzzles (Brainard and Juels)
          d. b-money (Wei Dai)
          e. bread pudding (Jakobsson and Juels)

       2. Reputation and Trust networks

       3. Etc:
          Caching (only storage)
          Akamai and Freenet style
          SYN cookies (only bandwidth)
          micropayments for bandwidth use (network-layer)

VI. Open problems, Future Directions, ...