Abstract
We describe a system, which we call a Peer-to-Peer Information Preservation and Exchange (PIPE) network, for protecting digital data collections from failure. A significant challenge in such networks is ensuring that documents are replicated and accessible despite malicious sites which may delete data, refuse to serve data, or serve an altered version of the data. We enumerate the services of PIPE networks, discuss a threat model for malicious sites, and propose basic solutions for managing these malicious sites. The basic solutions are inefficient, but demonstrate that a secure system can be built. We also sketch ways to improve efficiency.