基于声望的信任管理关键技术研究

【作者】 李凤银；

【导师】 刘培玉；

【作者基本信息】 山东师范大学 ， 网络与网络资源管理， 2014， 博士

【摘要】 新型的互联网应用系统给人们带来了极大的便利，但同时，也带来了巨大的安全性挑战。因为网络应用系统中的各节点大部分互不相识，他们以匿名的方式进行交流和资源共享。网络中的用户在任何时间、任何地点都可以匿名地发布和共享消息、出售或者购买商品，完善的信任管理机制的缺失导致了在线网络应用系统中的用户之间可以相互欺骗，甚至进行恶意攻击。因此，对网络系统中用户之间的信任关系进行研究，建立和完善信任管理机制，降低交互用户的风险，提高系统的鲁棒性、安全性和可靠性，具有非常重要的理论价值和现实意义。近年来，国内外众多的学者，针对信任管理技术，特别是针对基于声望的信任管理技术展开了大量的研究工作，取得了丰硕的研究成果。但是，由于信任管理本身所特有的动态性、复杂性和多变性，导致信任管理研究中仍然存在以下问题有待解决：(1)现存的集中式信任管理系统缺乏信任激励机制集中式的信任管理架构下，已经实现的信任管理主流系统只是实现了评价次数的简单累积，没有解决信任的激励、惩罚以及时间衰减方面的问题，无法对抗恶意用户的共谋攻击和小额交易刷声望的攻击。(2)现存分布式信任管理系统未提供信任数据的完整性保护机制在信任数据的存储方面，当前已经实现的信任数据存储方案中，未提供信任数据在存储过程中的完整性保护机制，既无法确保信任数据不被非法用户更改，也无法确保信任数据不被存储方更改。而在信任数据的传输方面，为了实现信任数据传输过程中的完整性保护，当前的解决方案是基于PKI证书机制来实现的，无法解决证书的存储和管理开销大的问题。(3)分布式的信任管理系统中现存的信任激励机制不够完善分布式的信任管理架构下，在声望信任值的有效度量和推理演化方面，当前的信任模型比较好地解决了信任值的推理演化过程中信任的长期累积问题，但推荐节点的可靠性和可信度难以区分，信任模型难以精确反映信任值的动态性和主观不确定性。针对现存的信任管理系统中存在的问题，本文展开深入的研究工作，基于双向激励和信任衰减机制，建立集中式的信任管理模型，完善集中式架构下信任管理的激励机制；提出一个基于双线性映射的无证书签名方案，并将其引入到信任管理领域，建立分布式的信任数据安全存储方案，保护信任数据在存储和传输过程中的完整性；基于推荐可信度和信任激励机制，构建分布式的信任管理模型，完善分布式架构下信任管理的激励机制。本文的主要研究内容包括以下四个方面：(1)提出基于双向激励和信任衰减的集中式信任管理模型针对现存的集中式信任管理系统中信任激励机制不够完善的问题，本文设计双向激励机制和信任衰减机制，并将其应用于集中式的信任管理模型中，提出基于双向激励和信任衰减的集中式信任管理模型，实现高效的信任管理，完善集中式架构下信任管理的激励机制。(2)提出基于无证书签名的分布式信任数据安全存储方案针对现存的分布式信任数据存储方案中未提供有效的完整性保护机制的问题，本文设计一个基于双线性映射的无证书签名方案，并将其应用于信任数据存储方案中，提出基于无证书签名的分布式信任数据安全存储方案，保护信任数据在存储和传输过程中的完整性，提高信任管理系统的安全性。(3)提出基于推荐可信度和信任激励的分布式信任管理模型针对现存的分布式信任管理系统中节点的推荐可信度与可靠性难以区分、信任激励机制不够完善等问题，本文设计了推荐可信度机制和信任激励机制，并将其应用于分布式的信任管理模型中，提出基于推荐可信度和信任激励的分布式信任管理模型，有效地区分节点的推荐可信度与可靠性，并且对不活跃的节点在全局迭代过程中的信任值进行衰减惩罚，完善信任管理的激励机制，提高了分布式环境下信任管理的效率。(4)实现了一个信任管理的原型系统基于前面的研究内容，本文设计并实现了一个信任管理的原型系统，并给出了其在分布式环境下的一个应用举例。更多还原

【Abstract】 The new network application systems bring us great convenience and at the same timethe huge challenges. In these network application systems, the user nodes are all strangers toeach other, and they communicate and share file resources anonymously. Users in the networkcan anonymously publish and share information, sell or buy goods at any time and any place.The lack of reasonable trust management mechanism causes cheats on each other or evenmalicious attacks in the network application system.For these reasons, it is very important in theory and in practice to study on theestablishment of rational trust relationship between users in the open network. It could helpsystem users to reduce their iteration risk when making decisions, and help to promote therobustness, security and reliability of the online network application systems.In recent years, more and more research institutions and individuals have carried out theresearch on the reputation-based trust management technology, and they have achieved lots ofvaluable experiences. However, due to inherent characteristics of dynamic, complexity andvariability of trust values, trust management still has several problems need to be solved asfollows:(1) The current centralized trust management system is incomplete in incentivemechanism.Under the centralized architecture, in the aspect of measure and evolution reasoning ofreputation trust values, the current solutions implement the trust accumulation by simplesummation of the evaluation times. They do not solve such problems as the trust incentive,trust penalty, and trust decline by time. So they can not resist the collusion attack and theattack of obtaining high trust value by multiple small transactions.(2) The existing distributed trust management systems did not provide the trustintegrity protection mechanism.In the aspect of trust data storage and transmission, the current trust data storage schemesdid not considering the integrity protection of trust data in storage process. Furthermore, thepresent solution of the security protection of trust data in transmission process is realized onPKI certificates, which can not solve the problem of high overhead in certificates storage andcertificates management.(3) The incentive mechanism of current decentralized trust management systems isincomplete. Under the decentralized architecture, in the aspect of measure and evolution reasoning ofreputation trust values, current trust management models implemented the long accumulationprocess of trust values, but they could not distinguish the reliability and credibility ofrecommendation nodes. And so, they could not reflect the dynamic character and thesubjective uncertainty of trust values.In this paper, researches on the existing key problems were carried out, and acertificateless based signature scheme was proposed and was introduced into the trustmanagement field to implement the decentralized secure trust data storage. At the same time,based on the bidirectional-incentive and trust-decline mechanism, a centralized trustmanagement model was proposed, and based on recommendation-credibility andtrust-incentive mechanism, a decentralized trust management model was proposed. The mainresearch contents in this paper were summarized in the following four aspects:(1) This paper proposed a bidirectional-incentive and trust-decline basedcentralized trust management model.To solve the problem of trust incentive mechanisms in current centralized trustmanagement systems, a bidirectional-incentive and trust-decline based trust managementmodel was proposed to implement the efficient trust management in centralized architecture,to complete the trust incentive mechanism in small scale network application systems.(2) This paper proposed a decentralized trust data secure storage scheme based onthe certificateless signature technology.To solve the problem of lack of integrity protection in trust data storage scheme, abilinear mapping based certificateless signature scheme was proposed and applied into trustdata storage scheme to implement the integrity protection of trust data in storage andtransmission process, and further to promote the system security of trust management.(3) This paper proposed a recommendation-credibility and trust-incentive baseddecentralize trust management model.To solve the problem of the distinguishability between the recommendation-credibilityand the reliability of recommendation nodes and the problem of the incompleteness of theincentive mechanism in current decentralized trust models, this paper designed therecommendation credibility scheme and the trust decline scheme, and applied them intodecentralized trust management system, to distinguish the recommendation credibility and thereliability of recommendation nodes, and to give the inactive nodes decline punishment, andfurther to improve the efficiency of trust management in large scale network applicationsystems. (4) This paper realized a trust management system based on the trust managementtechnologies discussed above.Based on previous research contents, a prototype system of trust management wasdesigned and implemented in this paper. An application example in the decentralizedenvironment was also given at last.更多还原