On the utility of distributed cryptography in P2P and MANETs: the case of membership control

Peer-to-peer systems enable efficient resource aggregation and are inherently scalable since they do not depend on any centralized authority. However, lack of a centralized authority prompts many security-related challenges. Providing efficient security services in these systems is an active research topic which is receiving much attention in the security research community. In this paper, we explore the use of threshold cryptography in peer-to-peer settings (both Internet- and MANET-based) to provide, in a robust and fault tolerant fashion, security services such as authentication, certificate issuance and access control. Threshold cryptography provides high availability by distributing trust throughout the group and is, therefore, an attractive solution for secure peer-groups. Our work investigates the applicability of threshold cryptography for membership control in peer-to-peer systems. In the process, we discover that one interesting proposed scheme contains an unfortunate (yet serious) flaw. We then present an alternative solution and its performance measurements. More importantly, our preliminary work casts a certain degree of skepticism on the practicality and even viability of using (seemingly attractive) threshold cryptography in certain peer-to-peer settings.