基于P2P网络模型的开放业务环境下的信任管理研究

【作者】 姜怡；

【导师】 陈俊亮；

【作者基本信息】 北京邮电大学 ， 通信与信息系统， 2008， 博士

【摘要】 随着当今互联网规模的迅猛发展和互联互通技术的进步,P2P网络技术逐渐得到越来越多的应用,成为计算机领域的研究热点。P2P是英文Peer-to-Peer的缩写,称为对等网络。对等网络是一种网络模型,在这种网络模型中所有网络节点都是对等的,具有相同的能力和义务,称为对等点。对等点之间通过直接连接共享资源,而且无需中心服务器的控制就能够实现对等点之间的协同工作。P2P应用的出现使得基于网络的业务环境从面向封闭的、熟识用户群体和相对静态的形式向开放的、公共可访问的和高度动态的服务模式转变。这种转变使得Web应用系统的安全分析复杂化,同时使许多基于传统软件系统形态的安全技术和手段,不再适用于解决P2P应用系统的安全问题。因此需要新的思路和方法来解决P2P带来的安全挑战。信任管理是近来提出的一种提供P2P业务环境下安全框架的新技术。但是其研究目前还存在一些问题。因此本论文的主要研究思路是在现有的信任管理的基本思想下,提出一套具有一定系统性的信任管理模型,包括基于证书的验证,信任模型及信任协商分析模型等内容。论文的主要创新工作概括如下:论文首先对P2P网络技术的应用现状和安全需求进行了总结和分析。对P2P网络模型进行分类并与服务器/客户端网络模型进行了比较。列举了P2P网络技术的应用,并总结了基于P2P网络模型的开放业务环境下的安全需求。论文的第二部分引入了信任管理的概念。首先给出信任管理的定义和模型,随后详细概述并分析几个有代表性的信任管理系统和信任度评估模型,最后讨论当前信任管理研究存在的问题以及今后的研究方向。论文的第三部分对PKI在P2P网络模型中的应用进行了深入研究。在具备基于证书验证的能力的P2P环境下,引入PKI将能够很大程度上提高P2P网络模型的安全性。通过对PKI信任模型的分析,针对PKI证书路径构造和证书路径验证的问题,提出了一种新的证书路径自动构造和自动验证的方法。论文的第四部分对信任模型进行了深入研究。提出了基于用户行为的分布式信任模型,信任模型使用实体在网络中的行为作为模型的反馈信息,对实体行为进行量化得到关键属性和关键级别向量,并选择适当的算法进行计算,得到实体的信任度。信任模型所需的实体行为信息分布存储在网络中的实体内。信任模型在算法中引入了修正因子。还引入评价准确度反馈系统,能有效抑制欺骗行为和惩罚欺骗者。论文的第五部分研究了信任协商技术。对信任协商和信任协商系统的要素进行了定义。对信任协商策略做了形式化描述,并对不同协商策略分别证明了其充分性和有效性。提出了基于Petri网的建模分析方法,通过和基于树的生成的建模分析方法的比较表明其更优的性能。更多还原

【Abstract】 Uder the development of scale of the Internet and fast progress of inter-connection technologies, P2P network technology, which becomes a hot topic of computer science, eventually are used in many applications. P2P is the abbreviation of Peer-to-Peer, which is called peer network. Peer network is a tyoe of network model, in which model all the nodes are peer entities. The nodes, called as peer nodes, have the same capabilities and duties. The peer nodes can share resources through direct connections, without any control from any central server.P2P applications bring changes to the web based service environment. The service environment changes from a close, static mode to a open, public and highly dynamic mode. This kind of changes complicates the security analysis for web based applications. Security technologies for traditional softwares are no longer applicable to P2P applications. There is a requirement for new methods to solve these challenges.Trust management is a new technology to provide security framework in P2P service environment recently. But there are some problem unsolved during the research of this technology. Therefore, the aim of this thesis is to propose a set of trust management models, including certificate based authentication, trust model and trust negotiation model.The main innovations of the thesis are summarized as follows:The first part of the thesis summarizes and analyses the applications and security requirements of P2P technology. The thesis sort P2P network models and compare them with Client/Server network model. The applications of P2P technology is listed in the thesis. Then the thesis summarizes the security requirements of open service environment based on P2P network model.The second part introduces the concepts of trust management. Firstly the definition and model of trust management are given. Then the thesis analyses several representative trust management systems and trust evaluation models. At last the existing problems and the research directions of trust management.The third part studies the application of PKI in P2P network model. PKI can improve the security of P2P network model if the P2P environment can provide the capability of certificate authentication. After analysis of PKI trust model, a new method of automaticly creating and validating certificate paths is proposed.The forth part of the thesis studies the trust model. The thesis brings forward a entity-behavior based distributed trust model. This trust model uses the behavior of the entities in the network as feedback information, evaluates key attributes and class vectors, and calculates trust level of entities by proper algorithms. The model distributes entity behaviors information into all the entities in the network. The model also introduces amendatory factors and feedback system for evaluation veracity, which can effectively restrain cheatings.The fifth part studies trust negotiation technology. This part defines concept of trust negotiation and factors of trust negotiation. Then introduces formal description of trust negotiation policy, with the provement of its sufficiency and efficiency. Then a Petri-net based modeling method is proposed. The compare with modeling methods based on tree evolution shows that the new mdeling method has better performance.更多还原