Población al final del período de diseño

Lookups are initiated by methods in the Kademlia class and its base class BaseOverlay. They create an IterativeLookup class instance for every Lookup that performs and con- trols the actual Lookup operation. Lookups are required by Put and Get operations and by routing table maintenance processes. The number of nodes that shall be returned by the

5 Implementation

5.5 Behavior of the Nodes 69

Lookup is determined by the respective operation for which the Lookup is performed, e.g., it depends on the number of replicas from which the content item shall be retrieved. However, in order to cope with untrusted nodes, a Lookup attempts to identify twice as many nodes as requested. For the simulations for this thesis, four replicas of a content item are stored and retrieved, so the number of nodes returned by the IterativeLookup class instance is eight. This way, half of the nodes can be untrusted without impeding the operation, enabling the node to handle networks with about 50% of malicious nodes. As shown in Figure 23, at the beginning of a Lookup, the temporary Lookup list is filled with the nodes that the querying node has in its routing table and that are closest to the target ID. Due to the fact that the routing table may contain untrusted nodes, the Lookup list is filtered so that it only contains nodes that are trustworthy for routing. If no trust- worthy candidate nodes are known, the Lookup is cancelled.

For the evaluations, the Kademlia parameter  that denotes the number of parallel que- ries is set to Kademlia’s default of 3. When 3 requests have been sent, the next requests are sent out when all 3 responses have been received or the requests have timed out. The trustworthiness of the nodes contained in the responses is evaluated and only trustwor- thy nodes are inserted into the sorted Lookup list. In several configurations, the fake nodes generated by malicious nodes with the invalidNodesAttack parameter enabled are

Figure 23: Flowchart of the Lookup operation Kademlia class creates

IterativeLookup instance

Fill temporary Lookup list with known trusted nodes close to the target ID

Send up to  parallel Lookup requests Temporary Lookup list empty? Lookup fails Reaction

Remove node from Lookup list

Evaluate nodes in Lookup response message

Insert trustworthy nodes into sorted Lookup list

More requests pending?

Top numLookup- Result nodes have

been queried?

Return top numLookupResult nodes Yes

No

Timeout _{Lookup response}Reception of

Wait for other responses Yes No

Yes

No

Send result to Kademlia class

5 Implementation

70 5.5 Behavior of the Nodes

regarded as trustworthy during the simulations. This way, it can be analyzed whether TrustedKad can counter the attack even if the attacker is able to fake the trust infor- mation as described in Section 4.8.3.

OverSim stores twice as many nodes in the Lookup list as shall be identified for the opera- tion for which the Lookup is performed. So, the list contains four times the number of nodes requested by the calling method. As eight nodes shall be returned in the simula- tions for this thesis (numReplica = 4), the Lookup list contains up to 16 nodes. Information about more nodes than required is maintained in order to cope with non-answering nodes.

When the first eight nodes have all been queried and do not change anymore, the Lookup terminates and returns these nodes. OverSim’s default timeouts for the whole Lookup process and single requests are 10 and 1.5 seconds, respectively, which are used for this thesis as well.

If a Lookup fails, it is impossible to tell whether it fails due to not enough trustworthy nodes or due to not enough nodes at all, as the route to the target nodes can differ from the start depending on the trust values of the nodes, so it is not possible to differentiate between “not enough nodes” and “not enough trustworthy nodes” in the statistics. 5.5.3.1 Rating Procedure for the Lookup Operation

For the rating procedure, two lists are maintained during a Lookup:

 Source list: Contains information about which node has informed about which other node.

 Temporary rating list: Contains the ratings that are given to the involved nodes at the end of the Lookup.

When a response is received from another node, this node is added to the temporary rating list with a default negative rating. All the nodes it informs about are added to the source list (if not already contained in it), and the node is added as a source for those nodes. Additionally, the temporary ratings of the nodes that have informed about the responding node are changed to positive, as they have informed about an existing and responding node (see “bottom-up rating” explanation in Section 4.10.3).

At the end of a Lookup, the source list is used to change the temporary ratings of the nodes that have informed about the result nodes to positive. According to the “top- down” rating approach, this is repeated until the node that gives the ratings reaches itself in the hierarchy. Finally, the temporary rating list is used to give the ratings to all involved nodes.