P2P网络鲁棒访问控制模型研究
文献类型:学位论文
| 作者 | 张艳霞 |
| 学位类别 | 博士 |
| 答辩日期 | 2007-05-25 |
| 授予单位 | 中国科学院声学研究所 |
| 授予地点 | 声学研究所 |
| 关键词 | P2P网络 访问控制 动态结点组 门限签名机制 期望与信任 |
| 其他题名 | Research on P2P Network Robust Access Control Model |
| 学位专业 | 信号与信息处理 |
| 中文摘要 | 近年来,资源共享型P2P网络的发展引发人们对P2P网络安全、管理、计费等问题的关注。访问控制是应用级网络安全服务中重要的一种,它保证了在系统访问控制策略约束下,合法结点获得同其身份相应的权限,非法结点不会获得任何权限。P2P网络没有中心服务器,传统上由中心服务器完成的访问控制任务需要由持有资源的结点自主完成,访问控制模型在一定数目的恶意结点的攻击和欺骗下,依然可以成功地为良结点分配角色,阻止恶意结点使用网络资源。这给P2P网络访问控制模型设计带来很多挑战和难题。 针对资源共享型P2P网络,本文采用安全服务合作思想,将拥有相同资源的对等结点组成动态结点组,结合基于门限密码机制的分布式签名算法与基于声望的信任机制,围绕下述问题展开研究:1)如何安全地扩展组:在高度动态的P2P网络环境下认证访问结点身份,为它颁布组签名证书,并根据组访问控制策略为其分配角色;2)如何规范组内结点行为:结点彼此约束、联合管理动态结点组秩序。研究成果为P2P网络的管理与计费提供了辅助手段。 本文主要创新性贡献如下: 1. 提出一种鲁棒的基于深度验证门限DSS签名机制的分布式签名模型 本模型改进了重要的门限乘法原子协议,每个结点都可以验证它收到的乘积值分享数据块的真实性。同基线模型相比,本模型可以对抗最优门限值的静态攻击者。乘积值分享多项式降幂机制的引入,减少了参与协议所需结点数目,使得本文鲁棒模型的计算效率同基线模型相差无几。性能分析与实验结果佐证了这一点。 2. 设计了提高分布式签名效率的算法 从避免复杂的模幂运算和减少通信回合角度设计快速分布式签名模型,提高分布式签名算法效率。各种快速算法的性能对比实验表明,不进行追溯验证的双变量方法计算效率最高。 3. 根据流媒体文件共享P2P网络的服务要求提出满意度度量方法以及根据满意度计算声望的信任模型。并提出了声望的实时估计算法。本文信任模型充分考虑广义推荐信息,使得根据声望对结点进行身份认证更为客观,对结点的行为约束更为有力。该模型具有良好的激励机制,促使结点行为良好。 4. 提出一种安全的信任数据分布式存储与获取方法,保证了信任模型相关数据的真实性与可靠性 本文将交互对方给予的满意度评价以秘密满意度数据链形式保存在结点本地。结点无法有选择地留下高满意度评价,或者去除低满意度评价。这种方式避免了重要信息被任何一方(结点本身、交互对方、任意第三方)篡改,也避免了声望查询可能带来的通信量。 5. 在本文鲁棒模型与快速模型基础上,提出一种鲁棒的融和访问控制模型,解决了对于没有交互历史的结点的身份认证问题,减少良结点被恶意结点欺骗次数,进一步提高了访问控制模型的鲁棒性。 6. 访问控制模型具有量化的安全强度 单纯采用基于信任机制的方法控制和管理P2P网络,虽然是目前研究热点问题和管理P2P结构网络秩序最主要的方法,但是这种方法只能通过经验或者模拟实验来确定模型的安全强度。本文提出的融合访问控制模型具有可证明的安全强度和鲁棒性。 |
| 英文摘要 | Recently,dramatic development of content sharing P2P network stimulates much attention in P2P network security research,management and account.Access control is one of the most important network security issues,which guarantees well-behaved peer obtain rights matched with its role under the constrain of acess control police and protects system resources from the access of malicious peers.However,lack of a centralized authority requires the system peer who own resources to fulfill access control autonomously,which prompts many security-related challenges. The access control model should still work out and assign the matched role to well-behaved peer in the face of some malicious peers with certain corrupt and fraudulent capability,blocking the corrupted peers from the system. The dissertation explores security function sharing to design access control model for content sharing P2P system by alignning distributed signature scheme based on threshold cryptography with reputation-based trust scheme.Following problems are considered essentially in this dissertation: 1) How to securely extend the DPG:how to authenticate the peers,compute certificate and assign matched roles to peers according to the access control policy;2) How to manage the behaviour of peers in DPG.:peers manage the order of DPG in an associated way.To fulfill the design goal,partition content sharing P2P system into DPG(Dynamic Peer Group) which consists of peers with same resourses should be done first.The model provides an auxiliary method for management and account in P2P network application. The contributions of this dissertation are summarized as follows: l An robust distributed signature model based on deep-verification threshold DSS scheme is proposed.The main improvement of the model is to ameliorate threshold multiplication protocol.Every peer taking part in the protocol can verify the authenticity of multiplication shares.Compared with the baseline mode,the model can resist optimized threshold static adversary.Degree reduction scheme reduces the number of participating peers and the computational cost.Performance analyse and experiments verify it. l Algorithms to improve the efficiency of distributed signature are designed. Modular exponentiation is avoided using in the efficiently distributed signature algorithm.The reduction of communication run is also considered as an important way to improve efficiency.Performance experiments indicate that the bi-variate method without trace verification is the most efficient one. l A trust model based on interaction satisfaction is proposed.According to the requirement of flow-media sharing P2P application,a method to evaluate the satisfaction is proposed,and trust model to compute the reputation based on interaction satisfaction is designed as well.Approximate computation of reputation is discussed in the thesis.The trust model has some virtues,such as more objective and incentive because of the use of global recommendation. l Design a secure and distributed method to save and obtain the trust data. Interaction satisfaction a peer received is saved as encrypted data chain locally. The method guarantees the authenticity and reliability of the trust data,protects those important information from being modified by any peers. l A robust compatible model is proposed.The model is capable of recognizing a totally unknown access peer,reducing the possibility of being deceived and fixing the limitation of the pure distributed signature model proposed in chapter 3 and chapter 4. l A clear and comparable criterion for the security degree of the P2P network access control model is provided.Though managing P2P network through trust-based scheme gains much attention,the method can only prove its security degree by simulation and experimental analysis.The security degree of the model in this thesis is provable. |
| 语种 | 中文 |
| 公开日期 | 2011-05-07 |
| 页码 | 165 |
| 源URL | [http://159.226.59.140/handle/311008/40]  |
| 专题 | 声学研究所_声学所博硕士学位论文_1981-2009博硕士学位论文 |
| 推荐引用方式 GB/T 7714 | 张艳霞. P2P网络鲁棒访问控制模型研究[D]. 声学研究所. 中国科学院声学研究所. 2007. |
入库方式: OAI收割
来源:声学研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。