【作者】 李永昊；

【导师】 何德全； 刘云；

【作者基本信息】 北京交通大学 ， 通信与信息系统， 2011， 博士

【摘要】 当传统的客户机／服务器模式不再适应今天的互联网需求的时候,一种新的分布式技术——对等网络(Peer-to-peer,P2P)很快受到了人们的重视,并成为研究的热点。由于拓扑结构对P2P网络的各方面性能都有重要的影响,因此优化P2P网络拓扑具有十分重要的意义,而其中P2P网络结构化覆盖的负载均衡是关键问题。P2P网络具有参与主体数量规模大、运行环境异构性强、活动目标的动态性及自主性高等特点,在跨多安全域进行授权及访问控制时,传统的信任方法暴露出很多弱点。而自动信任协商的模式,为解决跨域的隐私保护和信任建立等问题提供了新的思路。因此研究如何实现P2P中的自动信任协商具有非常重要的现实意义。本论文从基于公平性的拓扑结构优化、自动信任协商敏感信息保护及攻击防范、自动信任协商效率、多方自动信任协商等方面对P2P的拓扑结构和自动信任协商机制进行了深入的研究,并提出了相应的解决方案。本论文的研究工作得到国家高技术研究发展计划(863)项目(2009AA01Z423)、高等学校重大项目培育基金项目(707006)、北京市教委重大共建项目和北京交通大学校基金(2006XM001)项目的支持。论文的主要研究成果如下：1.提出了一种新的具有递归结构和均匀度分布的P2P协议R-Chord。R-Chord通过递归使用Chord的拓扑构造方法来平衡节点的饱和度,并将节点的度系数控制在节点的最大转发能力范围内,以此来抑制可能出现的超级节点。抑制过程包括4个主要环节,即分裂子环、子环转发、子环扩张和再分裂。R-Chord在避免超级节点的产生、平衡网络负载等方面,具有较好的性能。2.提出了一种分布式公平性优化算法DFO,用于优化使用CAN协议的P2P系统中的搜索功能。算法利用节点输入效率向量来评价P2P网络的整体转发压力,并为节点转发搜索请求与接受搜索请求分别定义成本和效用函数,建立成本-效用模型。结果表明该算法改进了CAN中局部节点转发压力过高的不足,达到整体效用函数最大化,较优地平衡节点的压力,并能够激励节点参与转发其他节点的搜索请求。3.提出了访问控制策略间的继承关系,有效防止了因推理导致敏感信息泄露的问题。提出证书有效性踩点验证函数,要求协商过程中,各证书必须满足相关证书的有效性,避免了证书互斥攻击。提出了抗攻击和敏感信息保护的P2P信任协商框架,用于防止自动信任协商中的敏感信息泄露,同时抵抗各种攻击。4.提出了一个P2P信任协商框架,该框架利用了访问控制策略之间的关系,在传统的策略评估模块中,增加了策略选择算法,能够有效减少协商过程中的交互次数和交换信息量。提出基于费用最小的策略选择算法的目标,是尽可能使得为获取服务费用或权值最小,使得通信和运算时间最小。相比Max-Min策略选择算法和PRUNES策略选择算法,基于费用最小的策略选择算法协商效率最高,由于基于费用最小的策略选择算法能够有效解决策略回环依赖问题,其协商成功率最高。5.提出了扩展的DARCL策略语言,在DARCL策略语言基础上扩展了披露规则运算功能,并增加了敏感信息访问控制策略。提出了基于着色Petri网的多方信任协商建模方法,以适应P2P网络环境下的多方信任协商场景,克服基本Petri网描述能力有限、网规模过于庞大的缺点。针对P2P网络环境下可能存在恶意节点为获取善意节点的服务或资源,伪造证书与善意节点进行信任协商,提出使用Kailar逻辑对多方信任协商协议信息的不可否认性进行分析,使得自动信任协商协议更加健壮。更多还原

【Abstract】 When the traditional client/server model is not adapt to the needs of today’s Internet, a new distributed computing technology Peer-to-peer (P2P) has been taken seriously soon and become a research hotspot. As the topology structure of P2P network has a very significant impact on the various aspects of P2P network, topology structure optimization of P2P network is very meaningful and load-balancing problem is the key to structured P2P overlay. Because of the involvement of large scale peers, heterogeneous operating environment, and dynamic characteristics and autonomy of activity goals, the traditional methods for trust management expose many weaknesses across multiple security domains to authorize and access control in P2P network. The appearance of Automated Trust Negotiation (ATN) technology addresses the privacy protection and trust establishment issues across multiple security domains, which is establishing trust among strangers without prior trust relationship. Therefore, research on ATN in P2P domain is very meaningful.The dissertation is supported by The National High Technology Research and Development Program of China (No.2009AA01Z423), Cultivation Fund of the Key Scientific and Technical Innovation Project, Ministry of Education of China (No.707006), major co-constructive project of Beijing Municipal Education Commission, and Fund of Beijing Jiaotong University (2006XM001). The dissertation focuses on topology structure and ATN mechanism of P2P technologies, including fairness-based topology structure optimization, sensitive information protection and attack prevention of ATN, efficiency of ATN, multi-party trust negotiation. In addition, this thesis presents the corresponding solutions. The main contributions of the dissertation are as follows:1. A new P2P protocol R-Chord is proposed, which has recursive structure and uniform distribution. The basic idea is:in order to suppress the production of super peer, when the network may appear super peer, recursively using the Chord topology network construction method to balance the saturation degree of peer, and controlling saturation degree coefficient of peer within the maximum forwarding capacity. Suppressing process includes four main steps:splitting the sub-ring, sub-ring forward, sub-ring expansion and re-splitting. R-Chord has good performance in restraining the emergence of super peer and making connection distribution equably. 2. Distributed fairly optimal (DFO) algorithm based on CAN protocol is proposed, which uses peer’s up/down bandwidth usage and overlay multicast link efficiency defined by utility function as standard. DFO defines request/response utility function respective and evaluates global transmit overload based on peer input efficiency vector to conform a fire restrict. DFO can reduce average query latency and global bandwidth cost by optimizing global utility. Simulative results and analysis has shown that DFO improved on hot spot problem in CAN, can achieve the purpose of minimum global query latency and maximal transmit overload balance.3. The inheritance relationship between access control policies is presented, which can effectively prevent the reasoning leading to sensitive information leakage problem. The location function which is checking out credential validation is proposed, and it requires each credential must satisfy validity of the relevant credential preventing mutually exclusive attacks from other credentials in the process of ATN. A P2P trust negotiation framework based on anti-attack and sensitive information protection is provided, which is used to prevent sensitive information leakage, and resistance to a variety of attacks in the process of ATN.4. A P2P trust negotiation framework is proposed, which adds Strategy Selection Algorithm into traditional Strategic Assessment Module using the relationship between the access control policies. The Strategy Selection Algorithm can effectively reduce the number of interaction and exchange of information in the process of ATN. A new Minimal-cost-based Strategy Selection Algorithm is provided, which is aimed to make cost or weight of accessing service or running time of communication and computing as minimal as possible. Comparing with Max-Min and PRUNES strategy selection algorithms, the running effiency of this algorithm is highest, and success rate of negotiation is highest because this algorithm can effectively solve cyclic dependency problem.5. An extended DARCL policy language is proposed, which extends operating function of disclosure rules and adds access control policy for sensitive information. A new modeling method of multiparty trust negotiation based on Coloured Petri-net is presented. The method adapts to multi-party trust negotiation scenarios in P2P network environment, and overcomes the deficiency of restricted description ability and too large scale network in the basic Petri net. There may have some malicious peers in P2P network environment forge credentials and process trust negotiation with good peers in order to obtain services or resources of good peers. In response to this situation, Kailar logic is proposed for the use of non-repudiation protocol information analysis of multi-party trust negotiation to make ATN protocol more robust.更多还原