P2P环境下文件共享的声誉系统研究
|
摘要
由于P2P网络具有开放性、匿名性等特点,P2P网络中资源的质量很难保证,有些恶意节点利用P2P网络大肆传播病毒、木马等。为此,本文通过信任和声誉系统的方法来解决P2P网络中资源提供节点的可信问题,从而避免节点盲目地下载资源。
论文重点分析了现有的一些P2P环境下的声誉系统,如Xrep、PeerTrust、Pablano等,并设计了一种增强型声誉系统。该声誉系统由信任评估模块和安全传输协议组成。与典型的声誉系统相比,该声誉系统除了评估信任时考虑的因素更全面外,还提出了将信任分为若干个状态,处于不同状态时评估信任的算法会有所区别,这样,所得出的信任值更加精确合理。论文对所设计的声誉系统的安全性进行了分析,并使用Java编程模拟了该系统。从模拟的结果可以看出,使用本文声誉系统时节点的交互成功率不仅较未使用声誉系统时大大提高,而且比Pablano声誉系统也有所改进,尤其是在恶意节点比较多的情况下。
最后,在声誉系统应用中,本文引入了自动信任协商,即将基于信任计算的方法与基于证书的方法结合起来,并就如何结合做了一些探讨。可以看出,自动信任协商的引入降低了单纯依靠声誉系统时存在的风险,保证了敏感信息传输的高可靠。
The resources in P2P networks are not dependable because of the open and anonymity nature of P2P networks, some malicious peers may propagate viruses and Trojan horses via P2P networks. In this paper, the approach of trust and reputation systems is used to solve the trustworthiness problems of resource providers in P2P networks, so as to avoid downloading resources blindly.
In this paper, some reputation systems in P2P environment at present are analyzed, such as Xrep、 PeerTrust、 Pablano, etc, and an enhanced reputation system is designed. The designed reputation system consists of a trust evaluation module and a secure transport protocol. Contrast to most reputation systems, not only more comprehensive factors are considered on evaluating trust, but also divides trust into a few states, the algorithm of evaluating trust is different at different trust state. So, the trust value is more precise and reasonable. In this paper, we analyze the security of the designed reputation system, and simulate the system by java programs. From the result of simulation, it can be proved that the success rate of peers' interactions with our reputation system is not only greatly improved contrast to without, but also better than Pablano reputation system, especially when there are a lot of malicious peers.
Finally, automated trust negotiation is introduced to the application of reputation system, in other words, the method based on trust evaluation and the method based on credentials are integrated, then the approaches of integration are discussed. It is concluded that the introduction of automated trust negotiation has reduced the risk of depending on reputation systems only, so the dependability of sensitive information transportation is guaranteed.
论文重点分析了现有的一些P2P环境下的声誉系统,如Xrep、PeerTrust、Pablano等,并设计了一种增强型声誉系统。该声誉系统由信任评估模块和安全传输协议组成。与典型的声誉系统相比,该声誉系统除了评估信任时考虑的因素更全面外,还提出了将信任分为若干个状态,处于不同状态时评估信任的算法会有所区别,这样,所得出的信任值更加精确合理。论文对所设计的声誉系统的安全性进行了分析,并使用Java编程模拟了该系统。从模拟的结果可以看出,使用本文声誉系统时节点的交互成功率不仅较未使用声誉系统时大大提高,而且比Pablano声誉系统也有所改进,尤其是在恶意节点比较多的情况下。
最后,在声誉系统应用中,本文引入了自动信任协商,即将基于信任计算的方法与基于证书的方法结合起来,并就如何结合做了一些探讨。可以看出,自动信任协商的引入降低了单纯依靠声誉系统时存在的风险,保证了敏感信息传输的高可靠。
The resources in P2P networks are not dependable because of the open and anonymity nature of P2P networks, some malicious peers may propagate viruses and Trojan horses via P2P networks. In this paper, the approach of trust and reputation systems is used to solve the trustworthiness problems of resource providers in P2P networks, so as to avoid downloading resources blindly.
In this paper, some reputation systems in P2P environment at present are analyzed, such as Xrep、 PeerTrust、 Pablano, etc, and an enhanced reputation system is designed. The designed reputation system consists of a trust evaluation module and a secure transport protocol. Contrast to most reputation systems, not only more comprehensive factors are considered on evaluating trust, but also divides trust into a few states, the algorithm of evaluating trust is different at different trust state. So, the trust value is more precise and reasonable. In this paper, we analyze the security of the designed reputation system, and simulate the system by java programs. From the result of simulation, it can be proved that the success rate of peers' interactions with our reputation system is not only greatly improved contrast to without, but also better than Pablano reputation system, especially when there are a lot of malicious peers.
Finally, automated trust negotiation is introduced to the application of reputation system, in other words, the method based on trust evaluation and the method based on credentials are integrated, then the approaches of integration are discussed. It is concluded that the introduction of automated trust negotiation has reduced the risk of depending on reputation systems only, so the dependability of sensitive information transportation is guaranteed.
引文
[1] Alfarez Abdul-Rahman, Stephen Hailes. A Distributed Trust Model[C]. In Proceedings of New Security Paradigms 97 Workshop, 1997.
[2] Alfarez Abdul-Rahman, Stephen Hailes. Supporting trust in virtual communities[C]. In Proceedings of 33rd Hawaii International Conference on System Sciences. 2000.
[3] Alfarez Abdul-Rahman. A Framework for Decentralized Trust Reasoning. Ph.D thesis. University of London. 2004.
[4] Alfarez Abdul-Rahman. The PGP Trust Model. EDI-Forum, 1997. Available at http://www.cs.ucl.ac.uk/staff/F.AbdulRahman/docs/.
[5] Blaze M, Feigenbaum J, Lacy J. Decentralized Trust Management[C]. In Proceedings of 17th Symposium on Security and Privacy. 1996.
[6] Blaze M, Feigenbaum J, Keromytis A. KeyNote: Trust Management for Public-Key Infrastructures[C]. In Proceedings of the 1998 Cambridge Security Protocols International Workshop, pages 59-63. Springer, LNCS vol.1550. 1999.
[7] S. Marsh. Formalizing Trust as a Computational Concept. PhD thesis, Uni. of Stirling. 1994.
[8] Josang.A. and S.J.Knapskog. A metric for trusted systems[C]. In 21st National Security Conference. 1998. Available at http://www.idt.ntnu.no/-ajos/papers.html
[9] Josang.A. An Algebra for Assessing Trust in Certification Chains[C]. In Network and Distributed Systems Security Symposium (NDSS). San Diego, California: The Internet Society. 1999.
[10] Josang.A. The right type of trust for distributed systems[C]. In ACM New Security Paradigms Workshop. 1996. Available at http://www.idt.ntnu.no/-ajos/papers.html
[11] Josang. A. A subjective metric of authentication[C]. In 5th European Symposium on Research in Computer Security (ESORICS'98). 1998: Available at http://www.idt.ntnu.no/-ajos/papers.html
[12] Josang.A, Keser.C and Dimitrakos.T. Can We Manage Trust[C]. In Proceedings of the 3rd International Conference on Trust Management. Paris. 2005.
[13] Josang.A and Tran.N. Trust Management for e-Commerce[C]. In VirtualBanking2000. Virtual Conference hosted at http://virtualbanking2000.com. 2000.
[14] T.Grandison and M.Sloman. A Survey of Trust in Internet Applications[J]. IEEE Communications Surveys and Tutorials, Vol4(4). Pages2-16. 2000. Available at http://www.comsoc.org/pubs/surveys/, http://www-dse.doc.ic.ac.uk/~tgrand/
[15] T.Grandison. Trust Management for Internet Applications. PhD thesis, Imperial College London,2003.
[16] Thomas Beth, Malte Borchedring and Birgit Klein. Valuation of trust in open networks[C]. In Proceedings of the European Symposium on Research in Computer Science. 1994.
[17] ITU-T. ITU-T Recommendation X.509. The Directory: Authentication Framework. 1997.
[18] Deutsch, Morton. Cooperation and Trust: Some Theoretical Notes[C]. Nebraska Symposium on Motivation. Nebraska University Press. 1962.
[19] Diego Gambetta. Can we trust trust? In Diego Gambetta, editor, Trust: Making and Breaking Cooperative Relations. University of Oxford. 1988(chapter 13): 213-237. Available at http://www.sociology.ox.ac.uk/papers/gambetta213-23 7.pdf.
[20] D.Harrison MgKnight and Norman L.Chervany. The meanings of trust. Technical Report 94-04. University of Minnesota, Management Information Systems Research Center. 1996. Available at http://misrc.umn.edu/wpaper/.
[21] Compaq, Hewlett-Packard, IBM, Intel and Microsoft, Building a Foundation of Trust in the PC. The Trusted Computing Platform Alliance. 2000. http://www.trustedpc.org/.
[22] Against TCPA. Against-TCPA[EB/OL]. Available at http://www.againsttcpa.com/, 2003.
[23] Seth Schoen. Trusted Computing: Promise and Risk. Comments LT policy. pages33-61. 2004. Available at http://www.eff.org/Infra/trusted computing
[24] Carl Ellison. SPKI/SDSI and the Web of Trust.2001. Available at http://world.std.com/-cme/html/web.html.
[25] Y.H.Chu. REFEREE: Trust Management for Web Applications. AT&T Research Labs. 1997.
[26] IBM. IBM Trust Establishment Policy Language. Available at http://www.haifa.il.ibm.com/projects/software/e-Business/TrustManager/PolicyLanguage.html
[27] Glenn Mahoney. A Survey of Trust in Distributed Systems (Distributed Trust). Term Paper Presentation for CSC562. 2002.
[28] Farag Azzedin. Trust Modeling for Peer-to-Peer based Computing[C]. In Proceedings of International Parallel and Distributed Processing Symposium. 2003.
[29] Lars Rasmusson, Sverker Jansson. Simulated Social control for Secure Internet Commerce[C]. In Proceedings of New Security Paradigms Workshop. 2002.
[30] K.Aberer and Z.Despotovic. Managing trust in a peer-to-peer information system[C]. In Proceedings of 10th International Conference on Information and Knowledge Management. ACM Press. pages310-317. 2001.
[31] Karl Aberer and Manfred Hauswirth. An overviewon peer-to-peer information systems[C]. In Workshop on Distributed Data and Structure(WDAS-2002). 2002.
[32] R.Chen and W.Yeager. Pablano: A distributed trust model for peer-to-peer networks. Available at http://security.jxta.org. 2001.
[33] L.Xiong and L.Liu, Building trust in decentralized peer-to-peer communities[C]. In International Conference on Electronic Commerce Research(ICECR-5). 2002.
[34] Li.Xiong and L.Liu. A reputation-based trust model for peer-tp-peer ecommerce communities[C]. In IEEE International Conference on Electronic Commerce. 2003.
[35] S.Ye, F.Makedon and J.Ford. Collaborative automated trust negotiation in peer-to-peer system[C]. In 4th International Conference on Peer-to-Peer Computing. 2004.
[36] H.William, Winsborough and Ninghui Li. Towards practical automated trust negotiation[C]. In Proceedings of the 3rd Intemational Workshop on Policies for Distributed Systems and Networks. 2002.
[37] Ting Yu, Xiaosong Ma and Marianne Winslett. PRUNES: an efficient and complete strategy for automated trust negotiation over the interne[C]t. In Proceedings of the 7th ACM conference on Computer and communications security. 2000.
[38] Dejan S.Milojicic, Vana Kalogeraki, Rajan Lukose, etc. Peer-to-Peer Computing. HP Laboratories Palo Alto. 2003
[39] NyikSan.T. A Generic Peer-to-Peer Network Simulator. University of Saskatchewan. 2003.
[40] Eyton Adar and Bernardo Huberman. Free riding on Gnutella. First Monday5(10), 2000. Available at http://www.firstmonday.dk.
[41] Paul Resnick, Richard Zeckhauser, Eric Friedman, Ko Kuwabara. Reputation Systems. Communications of the ACM, 43(12): 45-48, 2000.
[42] Sepandar D.Kamwar, Mario T.Schlosser, Hector Garcia-Molina. The EigenTrust Algorithm for Reputation Management in P2P networks[C]. In the Proceedings of the twelfth international conference on World Wide Web, Budapest, Hungary. 2003.
[43] EBay website, http://www.ebay.com.
[44] L.Page, S.Brin, R.Motwani and T.Winograd. The PageRank Citation Ranking: Bringing Order to the Web. Technical Report, Stanford Digital Library Technologies Project. 1998.
[45] Arvind Arasu, J.Novak, A.Tomkins and J.Tomlin. PageRank Computation and the Structure of the Web: Experiments and Algorithms. Technical Report. IBM Almaden Research Center. 2001.
[46] Vishwas V.Bhat. Reputation Management in P2P systems. University of Texas. 2004.
[47] E.Damiani, D.C.di Vimercati, S.Paraboschi, P.Samarati, and F.Violante, A reputation-based approach for choosing reliable resources in peer-to-peer networks[C], In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press. p207-126. 2002.
[48] Aameek Singh, Ling Liu. TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems[C]. In the Proceedings of the third IEEE International Conference on P2P Computing. Sweden. 2003.
[49] Burrows, M. Abadi and R.M. Needham. A Logic of Authentication. ACM Transactions on Computer Systems. 8(1): pages 18-36.1990.
[50] S.Jajodia, P. Samarati and V. Subrahmanian. A Logical Language for Expressing Authorizations[C]. In Security and Information Privacy. 1997.
[51] 刘鹏,刘欣,陈钟.信任管理研究综述[J].计算机工程与应用.2004.32 39~43
[52] 吴慧良.对等网络计算平台JXTA研究.硕士论文.浙江大学计算机学院.2003.
[53] 罗文杰.P2P综述.中科院计算技术研究所.2005.Available at http://www.huihoo.com/p2p/1/.
[54] 秦大力.基于路径代数的信任关系评估算法设计与改进.硕士论文.湖南大学计算机与通信学院.2004.
[55] Peter van der Linden.Java2教程(第五版).电子工业出版社.2003.
[56] Bruce Ecke.Thingking in Java.机械工业出版社.2002.
[57] 王沫然.MATLAB与科学计算(第二版).电子工业出版社.2004.
[2] Alfarez Abdul-Rahman, Stephen Hailes. Supporting trust in virtual communities[C]. In Proceedings of 33rd Hawaii International Conference on System Sciences. 2000.
[3] Alfarez Abdul-Rahman. A Framework for Decentralized Trust Reasoning. Ph.D thesis. University of London. 2004.
[4] Alfarez Abdul-Rahman. The PGP Trust Model. EDI-Forum, 1997. Available at http://www.cs.ucl.ac.uk/staff/F.AbdulRahman/docs/.
[5] Blaze M, Feigenbaum J, Lacy J. Decentralized Trust Management[C]. In Proceedings of 17th Symposium on Security and Privacy. 1996.
[6] Blaze M, Feigenbaum J, Keromytis A. KeyNote: Trust Management for Public-Key Infrastructures[C]. In Proceedings of the 1998 Cambridge Security Protocols International Workshop, pages 59-63. Springer, LNCS vol.1550. 1999.
[7] S. Marsh. Formalizing Trust as a Computational Concept. PhD thesis, Uni. of Stirling. 1994.
[8] Josang.A. and S.J.Knapskog. A metric for trusted systems[C]. In 21st National Security Conference. 1998. Available at http://www.idt.ntnu.no/-ajos/papers.html
[9] Josang.A. An Algebra for Assessing Trust in Certification Chains[C]. In Network and Distributed Systems Security Symposium (NDSS). San Diego, California: The Internet Society. 1999.
[10] Josang.A. The right type of trust for distributed systems[C]. In ACM New Security Paradigms Workshop. 1996. Available at http://www.idt.ntnu.no/-ajos/papers.html
[11] Josang. A. A subjective metric of authentication[C]. In 5th European Symposium on Research in Computer Security (ESORICS'98). 1998: Available at http://www.idt.ntnu.no/-ajos/papers.html
[12] Josang.A, Keser.C and Dimitrakos.T. Can We Manage Trust[C]. In Proceedings of the 3rd International Conference on Trust Management. Paris. 2005.
[13] Josang.A and Tran.N. Trust Management for e-Commerce[C]. In VirtualBanking2000. Virtual Conference hosted at http://virtualbanking2000.com. 2000.
[14] T.Grandison and M.Sloman. A Survey of Trust in Internet Applications[J]. IEEE Communications Surveys and Tutorials, Vol4(4). Pages2-16. 2000. Available at http://www.comsoc.org/pubs/surveys/, http://www-dse.doc.ic.ac.uk/~tgrand/
[15] T.Grandison. Trust Management for Internet Applications. PhD thesis, Imperial College London,2003.
[16] Thomas Beth, Malte Borchedring and Birgit Klein. Valuation of trust in open networks[C]. In Proceedings of the European Symposium on Research in Computer Science. 1994.
[17] ITU-T. ITU-T Recommendation X.509. The Directory: Authentication Framework. 1997.
[18] Deutsch, Morton. Cooperation and Trust: Some Theoretical Notes[C]. Nebraska Symposium on Motivation. Nebraska University Press. 1962.
[19] Diego Gambetta. Can we trust trust? In Diego Gambetta, editor, Trust: Making and Breaking Cooperative Relations. University of Oxford. 1988(chapter 13): 213-237. Available at http://www.sociology.ox.ac.uk/papers/gambetta213-23 7.pdf.
[20] D.Harrison MgKnight and Norman L.Chervany. The meanings of trust. Technical Report 94-04. University of Minnesota, Management Information Systems Research Center. 1996. Available at http://misrc.umn.edu/wpaper/.
[21] Compaq, Hewlett-Packard, IBM, Intel and Microsoft, Building a Foundation of Trust in the PC. The Trusted Computing Platform Alliance. 2000. http://www.trustedpc.org/.
[22] Against TCPA. Against-TCPA[EB/OL]. Available at http://www.againsttcpa.com/, 2003.
[23] Seth Schoen. Trusted Computing: Promise and Risk. Comments LT policy. pages33-61. 2004. Available at http://www.eff.org/Infra/trusted computing
[24] Carl Ellison. SPKI/SDSI and the Web of Trust.2001. Available at http://world.std.com/-cme/html/web.html.
[25] Y.H.Chu. REFEREE: Trust Management for Web Applications. AT&T Research Labs. 1997.
[26] IBM. IBM Trust Establishment Policy Language. Available at http://www.haifa.il.ibm.com/projects/software/e-Business/TrustManager/PolicyLanguage.html
[27] Glenn Mahoney. A Survey of Trust in Distributed Systems (Distributed Trust). Term Paper Presentation for CSC562. 2002.
[28] Farag Azzedin. Trust Modeling for Peer-to-Peer based Computing[C]. In Proceedings of International Parallel and Distributed Processing Symposium. 2003.
[29] Lars Rasmusson, Sverker Jansson. Simulated Social control for Secure Internet Commerce[C]. In Proceedings of New Security Paradigms Workshop. 2002.
[30] K.Aberer and Z.Despotovic. Managing trust in a peer-to-peer information system[C]. In Proceedings of 10th International Conference on Information and Knowledge Management. ACM Press. pages310-317. 2001.
[31] Karl Aberer and Manfred Hauswirth. An overviewon peer-to-peer information systems[C]. In Workshop on Distributed Data and Structure(WDAS-2002). 2002.
[32] R.Chen and W.Yeager. Pablano: A distributed trust model for peer-to-peer networks. Available at http://security.jxta.org. 2001.
[33] L.Xiong and L.Liu, Building trust in decentralized peer-to-peer communities[C]. In International Conference on Electronic Commerce Research(ICECR-5). 2002.
[34] Li.Xiong and L.Liu. A reputation-based trust model for peer-tp-peer ecommerce communities[C]. In IEEE International Conference on Electronic Commerce. 2003.
[35] S.Ye, F.Makedon and J.Ford. Collaborative automated trust negotiation in peer-to-peer system[C]. In 4th International Conference on Peer-to-Peer Computing. 2004.
[36] H.William, Winsborough and Ninghui Li. Towards practical automated trust negotiation[C]. In Proceedings of the 3rd Intemational Workshop on Policies for Distributed Systems and Networks. 2002.
[37] Ting Yu, Xiaosong Ma and Marianne Winslett. PRUNES: an efficient and complete strategy for automated trust negotiation over the interne[C]t. In Proceedings of the 7th ACM conference on Computer and communications security. 2000.
[38] Dejan S.Milojicic, Vana Kalogeraki, Rajan Lukose, etc. Peer-to-Peer Computing. HP Laboratories Palo Alto. 2003
[39] NyikSan.T. A Generic Peer-to-Peer Network Simulator. University of Saskatchewan. 2003.
[40] Eyton Adar and Bernardo Huberman. Free riding on Gnutella. First Monday5(10), 2000. Available at http://www.firstmonday.dk.
[41] Paul Resnick, Richard Zeckhauser, Eric Friedman, Ko Kuwabara. Reputation Systems. Communications of the ACM, 43(12): 45-48, 2000.
[42] Sepandar D.Kamwar, Mario T.Schlosser, Hector Garcia-Molina. The EigenTrust Algorithm for Reputation Management in P2P networks[C]. In the Proceedings of the twelfth international conference on World Wide Web, Budapest, Hungary. 2003.
[43] EBay website, http://www.ebay.com.
[44] L.Page, S.Brin, R.Motwani and T.Winograd. The PageRank Citation Ranking: Bringing Order to the Web. Technical Report, Stanford Digital Library Technologies Project. 1998.
[45] Arvind Arasu, J.Novak, A.Tomkins and J.Tomlin. PageRank Computation and the Structure of the Web: Experiments and Algorithms. Technical Report. IBM Almaden Research Center. 2001.
[46] Vishwas V.Bhat. Reputation Management in P2P systems. University of Texas. 2004.
[47] E.Damiani, D.C.di Vimercati, S.Paraboschi, P.Samarati, and F.Violante, A reputation-based approach for choosing reliable resources in peer-to-peer networks[C], In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press. p207-126. 2002.
[48] Aameek Singh, Ling Liu. TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems[C]. In the Proceedings of the third IEEE International Conference on P2P Computing. Sweden. 2003.
[49] Burrows, M. Abadi and R.M. Needham. A Logic of Authentication. ACM Transactions on Computer Systems. 8(1): pages 18-36.1990.
[50] S.Jajodia, P. Samarati and V. Subrahmanian. A Logical Language for Expressing Authorizations[C]. In Security and Information Privacy. 1997.
[51] 刘鹏,刘欣,陈钟.信任管理研究综述[J].计算机工程与应用.2004.32 39~43
[52] 吴慧良.对等网络计算平台JXTA研究.硕士论文.浙江大学计算机学院.2003.
[53] 罗文杰.P2P综述.中科院计算技术研究所.2005.Available at http://www.huihoo.com/p2p/1/.
[54] 秦大力.基于路径代数的信任关系评估算法设计与改进.硕士论文.湖南大学计算机与通信学院.2004.
[55] Peter van der Linden.Java2教程(第五版).电子工业出版社.2003.
[56] Bruce Ecke.Thingking in Java.机械工业出版社.2002.
[57] 王沫然.MATLAB与科学计算(第二版).电子工业出版社.2004.