对等网络安全匿名和文件真实性问题的研究
|
摘要
对等网络(P2P)是近年来计算机网络领域研究与关注的一个焦点。对等网络系统中的文件搜索和下载机制一直是该领域的研究热点。由于对等网络系统的开放性和自治性,使得该技术产生了一系列急需研究和解决的安全问题。在这些问题中,匿名隐私问题和文件真实性确认问题受到的关注相对比较少,本文主要针对对等网络系统的这两个问题进行了研究。
首先,本文简要介绍了对等网络安全与匿名的研究现状,讨论了对等网络的由来和应用领域。对集中式、分布式和混合式三个P2P模型的搜索和下载机制和匿名性进行了详细地分析和对比。比较传统C/S模式与P2P模式,归纳和描述了对等网络模型的主要特征。
第二,本文归纳和讨论了对等网络系统的七个方面的安全问题,重点分析了匿名隐私问题和相关技术。简要介绍了匿名技术之一——IP组播技术,并且利用该技术改进了Freenet模型的搜索下载机制,改进后的机制在消除了原机制的两大缺点的同时,保证发起者和接收者的匿名。
第三,本文列举目前四个主要的确认对等网络文件真实性的标准。详细分析研究一个最具代表性的对等网络文件真实性确认协议XREP的搜索下载机制。然后基于洋葱路由和无权重简单投票的思想设计了一个对等网络文件真实性确认方案,对该方案查询、投票和下载过程中的每一个步骤都进行了详细分析,最后对该方案进行了各方面的分析,该方案的最大特点是能够确保发起者、投票者、代理节点和文件提供者的匿名。
Peer-to-Peer Network is very popular in the recent years. The searching and downloading mechanism for files is always the hot spot on this technology.But a series of security problems that need to resovle urgently appeared because of the openness and autonomy of Peer-to-Peer Network.Among these problems,anonymity and file authentication receive less attention relatively.This dissertation lays the emphases on the issues of anonymity and file authentication in Peer-to-Peer system.
Firstly, this dissertation introduces the background and application fields of Peer-to-Peer, illuminates research sitiuation of security in Peer-to-Peer.Then the searching and downloading mechanisms of there typical Peer-to-Peer models are compared and analyzed.This dissertation also analyzes the advantages of Peer-to-Peer model compared to Client/Server model and sums up main characteristics of Peer-to-Peer model.
Secondly, seven aspects of security problems in Peer-to-Peer are discussed, especially the anonymity issue and its related technologies. Then, this dissertation improves searching and downloading mechanism of Freenet by IP multicast.After improving, the mechanism eliminated two shortcomings of original mechanism.Meanwhile,it ensures the anonymity of sender and receiver.
Thirdly, four main criterias of authenticating files are displayed. Then,searching and downloading mechanism of the most typical file authentication protocol for Peer-to-Peer——XREP is minutely analyzed and researched.After that,a Peer-to-Peer file authentication mechanism based on Onion Routing and simple poll with on value is designed.The process of searching,polling and downloading in this mechanism is analyzed in detail. The most important feature of this mechanism is that it can provide anonymity of initiator, anonymity of voter, anonymity of agent node and anonymity of file supplier.
首先,本文简要介绍了对等网络安全与匿名的研究现状,讨论了对等网络的由来和应用领域。对集中式、分布式和混合式三个P2P模型的搜索和下载机制和匿名性进行了详细地分析和对比。比较传统C/S模式与P2P模式,归纳和描述了对等网络模型的主要特征。
第二,本文归纳和讨论了对等网络系统的七个方面的安全问题,重点分析了匿名隐私问题和相关技术。简要介绍了匿名技术之一——IP组播技术,并且利用该技术改进了Freenet模型的搜索下载机制,改进后的机制在消除了原机制的两大缺点的同时,保证发起者和接收者的匿名。
第三,本文列举目前四个主要的确认对等网络文件真实性的标准。详细分析研究一个最具代表性的对等网络文件真实性确认协议XREP的搜索下载机制。然后基于洋葱路由和无权重简单投票的思想设计了一个对等网络文件真实性确认方案,对该方案查询、投票和下载过程中的每一个步骤都进行了详细分析,最后对该方案进行了各方面的分析,该方案的最大特点是能够确保发起者、投票者、代理节点和文件提供者的匿名。
Peer-to-Peer Network is very popular in the recent years. The searching and downloading mechanism for files is always the hot spot on this technology.But a series of security problems that need to resovle urgently appeared because of the openness and autonomy of Peer-to-Peer Network.Among these problems,anonymity and file authentication receive less attention relatively.This dissertation lays the emphases on the issues of anonymity and file authentication in Peer-to-Peer system.
Firstly, this dissertation introduces the background and application fields of Peer-to-Peer, illuminates research sitiuation of security in Peer-to-Peer.Then the searching and downloading mechanisms of there typical Peer-to-Peer models are compared and analyzed.This dissertation also analyzes the advantages of Peer-to-Peer model compared to Client/Server model and sums up main characteristics of Peer-to-Peer model.
Secondly, seven aspects of security problems in Peer-to-Peer are discussed, especially the anonymity issue and its related technologies. Then, this dissertation improves searching and downloading mechanism of Freenet by IP multicast.After improving, the mechanism eliminated two shortcomings of original mechanism.Meanwhile,it ensures the anonymity of sender and receiver.
Thirdly, four main criterias of authenticating files are displayed. Then,searching and downloading mechanism of the most typical file authentication protocol for Peer-to-Peer——XREP is minutely analyzed and researched.After that,a Peer-to-Peer file authentication mechanism based on Onion Routing and simple poll with on value is designed.The process of searching,polling and downloading in this mechanism is analyzed in detail. The most important feature of this mechanism is that it can provide anonymity of initiator, anonymity of voter, anonymity of agent node and anonymity of file supplier.
引文
[1] Peer to Peer Technology: An Overview of Technology and Opportunities[EB/OL]. http://www.cognizant.com/aboutus/wiards/papers/2002 01 13.
[2] Flenner R, Abbott M, Boubez T, Cohen F, Krishnan N, Moffer A, Ramamurti R, Siddiqui B,Sommers F. Java P2P Unleashed. Sams Publishing. 2003: 3~4.
[3] SETI@HOME. http://setiathome.ssl.berkedey.edu.
[4] Marko Boger. Java in Distributed Systems. John Wiley & Oons, Inc. 2001: 1~3.
[5] S. Saroiu, K. P. Gummadi, R. J. Dunn, S. D. Gribble and H. M. Levy. An Analysis of Internet Content Delivery Systems. OSDI '02. 2002.
[6] E.Adar and B.A.Huberman.Free Riding on Gnutella Technical report.Xerox PARC, 10 Aug 2000.
[7] D. S. Milojicic, V. Kalogeraki, R. Lukose, K. Nagaraja, J. Pruyne, B. Richard, S. Rollins and Z. Xu. Peer to Peer Computing. 2002.
[8] R. J. McEliece and D. V. Sarwate. On sharing secrets and Reed-Solomon codes. Communications of the ACM. 1981: 571~589.
[9] R. Sherwood, B. Bhattacharjee and A. Srinivasan. P5: A Protocol for Scalable Anonymous Communication. Proceedings of IEEE Symposium on Security and Privacy. 2002.
[I0] Usenet,http://www.usenet.com,2001.
[11] Fidonet, http://www.fidonet.com,2001.
[12] 李文军,周晓聪,李师贤.分布式对象技术.北京:机械工业出版社.2004.1:338.
[13] Karl Aberer, Manfred Hauswirth.Peer-to-Peer Information Systems:Concepts and Models,State-of-the-art,and Future Systems.18th International Conference on Data Engineering,San Jose,California,2002.
[14] www.buzzpad.com.
[15] www.quazal.com.
[16] 门涛.P2P网络信誉评价体系的设计:[硕士学位论文].成都:电子科技大学,2003.
[17] Clarke, I.,et al.Freenet:A distributed anonymous information storage and retrieval system system.in Proceedings of the ICSI Workshop on Design Issues in Anonymity and Unobservability.2000.
[18] Clarke,I.,et al.Protecting Free Expression Online with Freenet.IEEE Internet Computing,6(1):39-49,January/February 2002.
[19] Dingledine,R.,M .J.Freedman,and D.Molnar. The Free Haven Project:Distributed Anonymous Storage Service.in Proceedings of the Workshop on Design Issues in Anonymity and Unobservability. July 2000.
[20] Mojo Nation,http://www.mojonation.net/.2002.
[21] Marc Waldman, Aviel Rubin,Lorrie Cranor.Publius:Arobust,tamper-evident, censorship-resistant,web publishing system. Proceedings of the USENLX Security Symposium.Denver, Colorado,USA,Aug 2000.
[22] Milgram, S.,The small world problem.Psychology Today, 1967.
[23] H. Chen and K. Cal. Multicast Routing and Load Balancing for QoS-based Networks. 2005.
[24] N.Sarshar,P.Boykin,V.Roychowdhury.Percolation Search in Power Law Networks:Making Unstructured Peer-to-Peer Networks Scalable,2004.
[25] M. Rennhard and B. Plattner. Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection. Proceedings of ACM workshop on Privacy in the Electronic Society. 2002.
[26] I. Stoica, Morris, R., Karger, D., Kaashoek, M. F., Balakrishnan, H. Chord: A scalable peer-to-peer lookup service for internet applications. Proc. ACM SIGCOMM. 2001.
[27] J. Bindel, D. Chen, Y. Czerwinski, S. Eaton, P. Geels, D. Gummadi, R. Rhea, Weatherspoon, H. Weimer, W. Wells and C. Andzhao. OceanStore: An Architecture for Global-Scale Persistent Storage.Proceedings of the Ninth international Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000). 2000.
[28] A.Rowstron, Druschel, P. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. Proc. of the 18th IFIP/ACM Intl. Conf. on Distributed Systems Platforms. 2001.
[29] 张书钦.对等网络中信任管理研究:[博士学位论文].哈尔滨:哈尔滨工程大学,2005.
[30] HEYLIGHEN,F.Principa Cybernetica Web. pespmc1.vub.ac.be/SELFORG..html. 1997.
[31] SearchLing Peer-to-Peer Networking. White Paper. October 2000.
[32] 吕相辰.P2P技术与应用[J].计算机世界,2002.12 (9):13~14.
[33] The Jxta solution to P2P suns new network computing platform establishes a base infrastructure for peer-to-peer application development.
[34] Manoj Parameswearan,Anjana Susarla, Andrew B Whinston.P2P networking:An Information-Sharing Altemative.Computing,2001.34(7):31~38.http://www.jxtaworld.com/javaworld/jw-10-2001/jw-1019-jxta-p.html.
[35] 李乐,侯整风.Peer to Peer网络安全分析.福建电脑,2006.1.
[36] Daswani N,Garcia-Molina H,Yang B.Open Problems in Data-sharing Peer-to-Peer Systems.ICDT2003,2003.
[37] Stefan Kopsell,Sandra Steinbrecher.Modellng Unlinkability, Proceedings of Workshop on Privacy-Enhancing Technologies (PET) 2003,Dresden, Germany, March 2003.
[38] C.Shields,and B.N.Levine.A Protocol for Anonymous Communication Over the Internet, In Proc.7th ACM Conference on Computer and Communication Security(ACM CCS 2000),November 2000.
[39] M.K.Reiter, and A.D.Rubin.Crowds:Anonymity for Web Transactions,ACM Transactions on Information and System Security, 1 (1):66~92,November 1998.
[40] Chaum D.Untraceable electronic mail,return addresses,and digital pseudonyms. Communication of the ACM,1981,24(2):84~88.
[41] Anonymizer, http://www.anonymizer.com.
[42] Berthold,H.Federrath and S.Kopsell.Web MIXes:A system for Anonymous and Unobservable Internet Access.In Hannes Federath(Ed.)Designing Privacy Enhancing Technologies,Lecture Notes in Computer Science, LNCS 2009,Spinger-Verlag,2001:115~129.
[43] 王伟平,杨吉,陈松乔,陈建二.一种新的组播匿名通信协议[J].计算机工程.2005,31(3):72~74.
[44] Fabrizio Cornelli, Emesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati.Choosing Reputable Servents in a P2P Network.
[45] Ernesto Damiani, De Capitani di Vimercati, Stefano Paraboschi.A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks.
[46] Michalis Faloutsos,Petros Faloutsos,and Christos Faloutsos.On power-law relationships of the internet topology.In SIGCOMM, 1999:251~262.
[2] Flenner R, Abbott M, Boubez T, Cohen F, Krishnan N, Moffer A, Ramamurti R, Siddiqui B,Sommers F. Java P2P Unleashed. Sams Publishing. 2003: 3~4.
[3] SETI@HOME. http://setiathome.ssl.berkedey.edu.
[4] Marko Boger. Java in Distributed Systems. John Wiley & Oons, Inc. 2001: 1~3.
[5] S. Saroiu, K. P. Gummadi, R. J. Dunn, S. D. Gribble and H. M. Levy. An Analysis of Internet Content Delivery Systems. OSDI '02. 2002.
[6] E.Adar and B.A.Huberman.Free Riding on Gnutella Technical report.Xerox PARC, 10 Aug 2000.
[7] D. S. Milojicic, V. Kalogeraki, R. Lukose, K. Nagaraja, J. Pruyne, B. Richard, S. Rollins and Z. Xu. Peer to Peer Computing. 2002.
[8] R. J. McEliece and D. V. Sarwate. On sharing secrets and Reed-Solomon codes. Communications of the ACM. 1981: 571~589.
[9] R. Sherwood, B. Bhattacharjee and A. Srinivasan. P5: A Protocol for Scalable Anonymous Communication. Proceedings of IEEE Symposium on Security and Privacy. 2002.
[I0] Usenet,http://www.usenet.com,2001.
[11] Fidonet, http://www.fidonet.com,2001.
[12] 李文军,周晓聪,李师贤.分布式对象技术.北京:机械工业出版社.2004.1:338.
[13] Karl Aberer, Manfred Hauswirth.Peer-to-Peer Information Systems:Concepts and Models,State-of-the-art,and Future Systems.18th International Conference on Data Engineering,San Jose,California,2002.
[14] www.buzzpad.com.
[15] www.quazal.com.
[16] 门涛.P2P网络信誉评价体系的设计:[硕士学位论文].成都:电子科技大学,2003.
[17] Clarke, I.,et al.Freenet:A distributed anonymous information storage and retrieval system system.in Proceedings of the ICSI Workshop on Design Issues in Anonymity and Unobservability.2000.
[18] Clarke,I.,et al.Protecting Free Expression Online with Freenet.IEEE Internet Computing,6(1):39-49,January/February 2002.
[19] Dingledine,R.,M .J.Freedman,and D.Molnar. The Free Haven Project:Distributed Anonymous Storage Service.in Proceedings of the Workshop on Design Issues in Anonymity and Unobservability. July 2000.
[20] Mojo Nation,http://www.mojonation.net/.2002.
[21] Marc Waldman, Aviel Rubin,Lorrie Cranor.Publius:Arobust,tamper-evident, censorship-resistant,web publishing system. Proceedings of the USENLX Security Symposium.Denver, Colorado,USA,Aug 2000.
[22] Milgram, S.,The small world problem.Psychology Today, 1967.
[23] H. Chen and K. Cal. Multicast Routing and Load Balancing for QoS-based Networks. 2005.
[24] N.Sarshar,P.Boykin,V.Roychowdhury.Percolation Search in Power Law Networks:Making Unstructured Peer-to-Peer Networks Scalable,2004.
[25] M. Rennhard and B. Plattner. Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection. Proceedings of ACM workshop on Privacy in the Electronic Society. 2002.
[26] I. Stoica, Morris, R., Karger, D., Kaashoek, M. F., Balakrishnan, H. Chord: A scalable peer-to-peer lookup service for internet applications. Proc. ACM SIGCOMM. 2001.
[27] J. Bindel, D. Chen, Y. Czerwinski, S. Eaton, P. Geels, D. Gummadi, R. Rhea, Weatherspoon, H. Weimer, W. Wells and C. Andzhao. OceanStore: An Architecture for Global-Scale Persistent Storage.Proceedings of the Ninth international Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000). 2000.
[28] A.Rowstron, Druschel, P. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. Proc. of the 18th IFIP/ACM Intl. Conf. on Distributed Systems Platforms. 2001.
[29] 张书钦.对等网络中信任管理研究:[博士学位论文].哈尔滨:哈尔滨工程大学,2005.
[30] HEYLIGHEN,F.Principa Cybernetica Web. pespmc1.vub.ac.be/SELFORG..html. 1997.
[31] SearchLing Peer-to-Peer Networking. White Paper. October 2000.
[32] 吕相辰.P2P技术与应用[J].计算机世界,2002.12 (9):13~14.
[33] The Jxta solution to P2P suns new network computing platform establishes a base infrastructure for peer-to-peer application development.
[34] Manoj Parameswearan,Anjana Susarla, Andrew B Whinston.P2P networking:An Information-Sharing Altemative.Computing,2001.34(7):31~38.http://www.jxtaworld.com/javaworld/jw-10-2001/jw-1019-jxta-p.html.
[35] 李乐,侯整风.Peer to Peer网络安全分析.福建电脑,2006.1.
[36] Daswani N,Garcia-Molina H,Yang B.Open Problems in Data-sharing Peer-to-Peer Systems.ICDT2003,2003.
[37] Stefan Kopsell,Sandra Steinbrecher.Modellng Unlinkability, Proceedings of Workshop on Privacy-Enhancing Technologies (PET) 2003,Dresden, Germany, March 2003.
[38] C.Shields,and B.N.Levine.A Protocol for Anonymous Communication Over the Internet, In Proc.7th ACM Conference on Computer and Communication Security(ACM CCS 2000),November 2000.
[39] M.K.Reiter, and A.D.Rubin.Crowds:Anonymity for Web Transactions,ACM Transactions on Information and System Security, 1 (1):66~92,November 1998.
[40] Chaum D.Untraceable electronic mail,return addresses,and digital pseudonyms. Communication of the ACM,1981,24(2):84~88.
[41] Anonymizer, http://www.anonymizer.com.
[42] Berthold,H.Federrath and S.Kopsell.Web MIXes:A system for Anonymous and Unobservable Internet Access.In Hannes Federath(Ed.)Designing Privacy Enhancing Technologies,Lecture Notes in Computer Science, LNCS 2009,Spinger-Verlag,2001:115~129.
[43] 王伟平,杨吉,陈松乔,陈建二.一种新的组播匿名通信协议[J].计算机工程.2005,31(3):72~74.
[44] Fabrizio Cornelli, Emesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati.Choosing Reputable Servents in a P2P Network.
[45] Ernesto Damiani, De Capitani di Vimercati, Stefano Paraboschi.A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks.
[46] Michalis Faloutsos,Petros Faloutsos,and Christos Faloutsos.On power-law relationships of the internet topology.In SIGCOMM, 1999:251~262.