对等网络信任机制的研究
|
摘要
对等网络(Peer-to-Peer,简称P2P)是一种分布式网络,具有自组织、可扩展、容错及负载均衡等优点,近年来在文件共享、分布式计算、电子商务等领域得到广泛的应用。但是P2P网络本身的匿名性和开放性容易导致网络中节点传播病毒、提供虚假文件等恶意行为,这些恶意行为严重影响了P2P网络的安全性。
利用信任机制解决P2P网络安全问题已经成为研究焦点。向P2P网络中引入信任机制,可以在一定程度上提高P2P网络的安全性,有利于P2P网络的良性发展,但是容易造成热点问题。此外,在目前的信任机制中,计算、通讯的开销过大也是一个不可忽视的问题。
针对上述问题,本文提出了基于Chord的负载均衡信任模型。该信任模型根据节点历史交易的信息进行可信度计算,避免全网迭代的方式造成的大量开销;节点的信任值存储于其索引节点,索引节点负责信任信息的存储、管理和维护;信任查询利用哈希计算进行索引节点定位,并通过Chord协议找到索引节点,使得查询的开销降低。
同时,模型利用节点的信任值、负载情况及通信中的时延信息对节点进行综合评分,选择评分高的节点进行交易。当网络中出现热点资源时,动态地创建资源副本,利用副本分担负载;当热点资源请求频率降低时,撤销部分副本,从而避免形成热点、保证P2P网络良性运行。
对模型的仿真实验结果表明当网络中恶意节点数超过10%或对系统中10%的少数资源进行集中访问时,该模型明显的提高了下载的成功率,提升了P2P网络的可靠性。
Peer-to-Peer network (Peer-to-Peer, referred to as P2P) is a distributed network with the advantage of self-organization, scalability, fault tolerance and load balancing, etc.,which has been widely used on file sharing, distributed computing, e-commerce and other fields recent years.But the anonymity and the openness characteristic of P2P network itself easily cause malicious acts of nodes within the network,such as spreading the virus, providing false documents which seriously affect the security of P2P networks.
Currently,the utilization of trust mechanisms for solving security issues has been a research focus. The introduction of the trust mechanism can partly improve the security of P2P networks and beneficial to well development of P2P networks.However,this is likely to cause hotpot issues. In addition, in present trust mechanisms excessive computing and communications overheads is also a problem can not be ignored.
According to the issues above,this paper propose a load balancing trust model based on Chord.The model computes the trust value of a node based on the information of its trade history in order to avoid the excessive overhead caused by iteration through the whole network. The trust value of a node is stored in its index node,and its index node is responsible for the storage,management and maintenance of trust information.It uses hash computping to locate index node when querying trust information and finds the index node by Chord protocol making the overheah of query lower.
Meanwhile the model marks grades of nodes with trust value of nodes, load condition and communication delay and chooses node with the highest grade to trade with.When hotpot resources appear in the network,the model creates duplication dynamically to share load.The model revokes part of the duplication when request frequency of hotpot resources decreases so as to avoid hotpot issues and ensure excellent running condition of P2P networks.
The model simulation results show that when malicious nodes in the network is over 10% or the access only concentrate on only 10% resources of the system,it obviously improves the success rate of transactions and enhance the reliability of P2P networks.
利用信任机制解决P2P网络安全问题已经成为研究焦点。向P2P网络中引入信任机制,可以在一定程度上提高P2P网络的安全性,有利于P2P网络的良性发展,但是容易造成热点问题。此外,在目前的信任机制中,计算、通讯的开销过大也是一个不可忽视的问题。
针对上述问题,本文提出了基于Chord的负载均衡信任模型。该信任模型根据节点历史交易的信息进行可信度计算,避免全网迭代的方式造成的大量开销;节点的信任值存储于其索引节点,索引节点负责信任信息的存储、管理和维护;信任查询利用哈希计算进行索引节点定位,并通过Chord协议找到索引节点,使得查询的开销降低。
同时,模型利用节点的信任值、负载情况及通信中的时延信息对节点进行综合评分,选择评分高的节点进行交易。当网络中出现热点资源时,动态地创建资源副本,利用副本分担负载;当热点资源请求频率降低时,撤销部分副本,从而避免形成热点、保证P2P网络良性运行。
对模型的仿真实验结果表明当网络中恶意节点数超过10%或对系统中10%的少数资源进行集中访问时,该模型明显的提高了下载的成功率,提升了P2P网络的可靠性。
Peer-to-Peer network (Peer-to-Peer, referred to as P2P) is a distributed network with the advantage of self-organization, scalability, fault tolerance and load balancing, etc.,which has been widely used on file sharing, distributed computing, e-commerce and other fields recent years.But the anonymity and the openness characteristic of P2P network itself easily cause malicious acts of nodes within the network,such as spreading the virus, providing false documents which seriously affect the security of P2P networks.
Currently,the utilization of trust mechanisms for solving security issues has been a research focus. The introduction of the trust mechanism can partly improve the security of P2P networks and beneficial to well development of P2P networks.However,this is likely to cause hotpot issues. In addition, in present trust mechanisms excessive computing and communications overheads is also a problem can not be ignored.
According to the issues above,this paper propose a load balancing trust model based on Chord.The model computes the trust value of a node based on the information of its trade history in order to avoid the excessive overhead caused by iteration through the whole network. The trust value of a node is stored in its index node,and its index node is responsible for the storage,management and maintenance of trust information.It uses hash computping to locate index node when querying trust information and finds the index node by Chord protocol making the overheah of query lower.
Meanwhile the model marks grades of nodes with trust value of nodes, load condition and communication delay and chooses node with the highest grade to trade with.When hotpot resources appear in the network,the model creates duplication dynamically to share load.The model revokes part of the duplication when request frequency of hotpot resources decreases so as to avoid hotpot issues and ensure excellent running condition of P2P networks.
The model simulation results show that when malicious nodes in the network is over 10% or the access only concentrate on only 10% resources of the system,it obviously improves the success rate of transactions and enhance the reliability of P2P networks.
引文
[1] Adar E,Huberman B.Free Riding on Gnutella[J].First Monday,2000,5(10):31-38
[2] Singla A,Rohrs C.Ultrapeers:Another Step Towards Gnutella Scalability[EB/OL],http://rfc-gnutella.sourceforge.net/src/Ultrapeers_1.0.html,2003-11-25/2011-11-03
[3] Yang B,Garcia-Molina H.Improving search in peer-to-peer networks[A].Proceedings of the 22nd International Conference on Distributed Computing Systems(ICDCS’02)[C].Washington:IEEE Computer Society,2002:5-14
[4] Sylvia Ratnasamy, Ion Stoica, Scott Shenker. Routing Algorithms for DHTs: Some Open Questions[A]. IPTPS 2002[C]. Cambridge, MA, USA:Springer,2002: 45-52
[5] Matt Blaze, Joan Feigenbaum, Jack Lacy.Decentralized Trust Management[A].IEEE Symposium on Security and Privacy[C].Oakland, CA, USA: IEEE Computer Society,1996:164-173
[6] Kamvar S D,Schlosser M T.EigenRep Reputation Management in P2P Networks[A].Proceedings of the 12th International World Wide Web Conference[C].Budapest,Hungary:ACM Press,2003:123-134
[7] Yao Wang,Julita Vassileva. Bayesian Network-Based Trust Model[A]. Proceedings of IEEE/WIC International Conference on Web Intelligence[C].Halifax,Canada: IEEE Computer Society,2003:372-378
[8]窦文,王怀民,贾焰,邹鹏.构造基于推荐的Peer-to-Peer环境下的Trust模型[J].软件学报,2004,15(4):571-583
[9]彭冬生,林闯,刘卫东.一种直接评价节点诚信度的分布式信任机制[J].软件学报, 2008, 19(4):946-955
[10]邱洪君,黄佳进.分布式信任评估研究[J].计算机工程与应用,2009,45(25):27-30
[11]王平,邱劲,邱玉辉.对等网络中一种基于概率的信任机制研究[J].计算机科学,2010,37(2):212-215.
[12] Zadeh LA.Review of books:A mathematical theory of evidence[J].AI Magazine,1984,5(3):81-83
[13] Frank Dabek,M. Frans Kaashoek,David R. Karger , Robert Morris,Ion Stoica.Wide-Area Cooperative Storage with CFS[A]. Proceedings of the 18th ACM Symposium on Operating System Principles[C]. Banff, Alberta, Canada:SOSP,2001:202-215
[14] Yingwu Zhu,Yiming Hu.Efficient,proximity-aware load balancing for DHT-based P2P systems[J]. IEEE Transactions on Parallel and Distributed Systems,2005,16(4):349-361
[15] Ion Stoica, Robert Morris, David R. Karger, M. Frans Kaashoek, Hari Balakrishnan.Chord: A scalable peer-to-peer lookup service for internet applications[A]. Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication[C]. San Diego, CA, USA:ACM Press,2001:149-160
[16] Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard M. Karp, Scott Shenker.A scalable content-addressable network[A]. Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication[C]. San Diego, CA, USA:ACM Press,2001:161-172
[17] Antony I. T. Rowstron, Peter Druschel.Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems[A]. Proceedings of IFIP/ACM International Conference on Distributed Systems Platforms(Middleware 2001)[C]. Heidelberg,Germany: ACM Press,2001:329-350
[18] Ben Y. Zhao, Ling Huang, Jeremy Stribling, Sean C. Rhea, Anthony D. Joseph, John Kubiatowicz. Tapestry: a resilient global-scale overlay for service deployment[J]. IEEE Journal on Selected Areas in Communications,2004, 22(1): 41-53
[19] Li Xiong, Ling Liu. PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities[J]. IEEE Transaction Knowledge and Data Engineering,2004,16(7): 843-857
[20]李景涛,荆一楠,肖晓春,王雪平,张根度.基于相似度加权推荐的P2P环境下的信任模型[J].软件学报,2007,18(1):157-167
[21] Jaeyeon Jung,Balachander Krishnamurthy,Michael Rabinovich.Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites[A]. Proceedings of the Eleventh International World Wide Web Conference[C]. Honolulu, Hawaii, USA: ACM Press,2002:293-304
[22] Michael J. Freedman, Eric Freudenthal, David Mazières.Democratizing Content Publication with Coral[A] Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI 2004)[C].San Francisco,California,USA: USENIX,2004:239-252
[23] Sitaram Iyer,Antony I. T. Rowstron, Peter Druschel.Squirrel: a decentralized peer-to-peer web cache[A]. Proceedings of the Twenty-First Annual ACM Symposium on Principles of Distributed Computing[C]. Monterey,California,USA :ACM Press,2002:213-222
[24] Ismail Ari, Bo Hong, Ethan L. Miller, Scott A. Brandt, Darrell D. E. Long.Managing Flash Crowds on the Internet[A]. Proceedings of the 11th International Workshop on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS 2003)[C].Orlando, FL, USA:ACM Press,2003: 246-249
[25] Matt Welsh, David E. Culler, Eric A. Brewer.SEDA: An Architecture for Well-Conditioned, Scalable Internet Services[A]. Proceedings of the 18th ACM Symposium on Operating System Principles[C]. Chateau Lake Louise, Banff, Alberta, Canada:ACM Press,2001: 230-243
[26] Venkata N. Padmanabhan, Kunwadee Sripanidkulchai.The Case for Cooperative Networking[A]. IPTPS 2002[C].Cambridge, MA, USA:Springer,2002:178-190
[27] Venugopalan Ramasubramanian, Emin Gün Sirer.Beehive: O(1) Lookup Performance for Power-Law Query Distributions in Peer-to-Peer Overlays[A]. Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI 2004)[C]. San Francisco, California, USA: USENIX,2004:99-112
[28] Pascal Felber, Tim Kaldewey, Stefan Weiss.Proactive Hot Spot Avoidance for Web Server Dependability[A] Proceedings of the 23rd International Symposium on Reliable Distributed Systems (SRDS 2004)[C]. Florianpolis, Brazil: IEEE Computer Society,2004:309-318
[29] Weibin Zhao, Henning Schulzrinne.DotSlash: handling Web hotspots at dynamic content Web sites[A]. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies[C]. Miami, FL, USA: IEEE Computer Society,2005:2836-2840
[30] Vijay Gopalakrishnan, Bujor D. Silaghi, Bobby Bhattacharjee, Peter J. Keleher. Adaptive Replication in Peer-to-Peer Systems[A] Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS 2004)[C]. Hachioji, Tokyo, Japan: IEEE ComputerSociety,2004:360-369
[31] Ali Aydin Sel?uk, Ersin Uzun, Mark Resat Pariente.A Reputation-based Trust Management System for P2P Networks[J].International Journal of Network Security,2008,6(2): 227-237
[32] Olsen,Robert,A.Trust as risk and the foundation of investment value[J]. The Journal of Socio-Economics,2008,37(6):2189-2200
[2] Singla A,Rohrs C.Ultrapeers:Another Step Towards Gnutella Scalability[EB/OL],http://rfc-gnutella.sourceforge.net/src/Ultrapeers_1.0.html,2003-11-25/2011-11-03
[3] Yang B,Garcia-Molina H.Improving search in peer-to-peer networks[A].Proceedings of the 22nd International Conference on Distributed Computing Systems(ICDCS’02)[C].Washington:IEEE Computer Society,2002:5-14
[4] Sylvia Ratnasamy, Ion Stoica, Scott Shenker. Routing Algorithms for DHTs: Some Open Questions[A]. IPTPS 2002[C]. Cambridge, MA, USA:Springer,2002: 45-52
[5] Matt Blaze, Joan Feigenbaum, Jack Lacy.Decentralized Trust Management[A].IEEE Symposium on Security and Privacy[C].Oakland, CA, USA: IEEE Computer Society,1996:164-173
[6] Kamvar S D,Schlosser M T.EigenRep Reputation Management in P2P Networks[A].Proceedings of the 12th International World Wide Web Conference[C].Budapest,Hungary:ACM Press,2003:123-134
[7] Yao Wang,Julita Vassileva. Bayesian Network-Based Trust Model[A]. Proceedings of IEEE/WIC International Conference on Web Intelligence[C].Halifax,Canada: IEEE Computer Society,2003:372-378
[8]窦文,王怀民,贾焰,邹鹏.构造基于推荐的Peer-to-Peer环境下的Trust模型[J].软件学报,2004,15(4):571-583
[9]彭冬生,林闯,刘卫东.一种直接评价节点诚信度的分布式信任机制[J].软件学报, 2008, 19(4):946-955
[10]邱洪君,黄佳进.分布式信任评估研究[J].计算机工程与应用,2009,45(25):27-30
[11]王平,邱劲,邱玉辉.对等网络中一种基于概率的信任机制研究[J].计算机科学,2010,37(2):212-215.
[12] Zadeh LA.Review of books:A mathematical theory of evidence[J].AI Magazine,1984,5(3):81-83
[13] Frank Dabek,M. Frans Kaashoek,David R. Karger , Robert Morris,Ion Stoica.Wide-Area Cooperative Storage with CFS[A]. Proceedings of the 18th ACM Symposium on Operating System Principles[C]. Banff, Alberta, Canada:SOSP,2001:202-215
[14] Yingwu Zhu,Yiming Hu.Efficient,proximity-aware load balancing for DHT-based P2P systems[J]. IEEE Transactions on Parallel and Distributed Systems,2005,16(4):349-361
[15] Ion Stoica, Robert Morris, David R. Karger, M. Frans Kaashoek, Hari Balakrishnan.Chord: A scalable peer-to-peer lookup service for internet applications[A]. Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication[C]. San Diego, CA, USA:ACM Press,2001:149-160
[16] Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard M. Karp, Scott Shenker.A scalable content-addressable network[A]. Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication[C]. San Diego, CA, USA:ACM Press,2001:161-172
[17] Antony I. T. Rowstron, Peter Druschel.Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems[A]. Proceedings of IFIP/ACM International Conference on Distributed Systems Platforms(Middleware 2001)[C]. Heidelberg,Germany: ACM Press,2001:329-350
[18] Ben Y. Zhao, Ling Huang, Jeremy Stribling, Sean C. Rhea, Anthony D. Joseph, John Kubiatowicz. Tapestry: a resilient global-scale overlay for service deployment[J]. IEEE Journal on Selected Areas in Communications,2004, 22(1): 41-53
[19] Li Xiong, Ling Liu. PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities[J]. IEEE Transaction Knowledge and Data Engineering,2004,16(7): 843-857
[20]李景涛,荆一楠,肖晓春,王雪平,张根度.基于相似度加权推荐的P2P环境下的信任模型[J].软件学报,2007,18(1):157-167
[21] Jaeyeon Jung,Balachander Krishnamurthy,Michael Rabinovich.Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites[A]. Proceedings of the Eleventh International World Wide Web Conference[C]. Honolulu, Hawaii, USA: ACM Press,2002:293-304
[22] Michael J. Freedman, Eric Freudenthal, David Mazières.Democratizing Content Publication with Coral[A] Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI 2004)[C].San Francisco,California,USA: USENIX,2004:239-252
[23] Sitaram Iyer,Antony I. T. Rowstron, Peter Druschel.Squirrel: a decentralized peer-to-peer web cache[A]. Proceedings of the Twenty-First Annual ACM Symposium on Principles of Distributed Computing[C]. Monterey,California,USA :ACM Press,2002:213-222
[24] Ismail Ari, Bo Hong, Ethan L. Miller, Scott A. Brandt, Darrell D. E. Long.Managing Flash Crowds on the Internet[A]. Proceedings of the 11th International Workshop on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS 2003)[C].Orlando, FL, USA:ACM Press,2003: 246-249
[25] Matt Welsh, David E. Culler, Eric A. Brewer.SEDA: An Architecture for Well-Conditioned, Scalable Internet Services[A]. Proceedings of the 18th ACM Symposium on Operating System Principles[C]. Chateau Lake Louise, Banff, Alberta, Canada:ACM Press,2001: 230-243
[26] Venkata N. Padmanabhan, Kunwadee Sripanidkulchai.The Case for Cooperative Networking[A]. IPTPS 2002[C].Cambridge, MA, USA:Springer,2002:178-190
[27] Venugopalan Ramasubramanian, Emin Gün Sirer.Beehive: O(1) Lookup Performance for Power-Law Query Distributions in Peer-to-Peer Overlays[A]. Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI 2004)[C]. San Francisco, California, USA: USENIX,2004:99-112
[28] Pascal Felber, Tim Kaldewey, Stefan Weiss.Proactive Hot Spot Avoidance for Web Server Dependability[A] Proceedings of the 23rd International Symposium on Reliable Distributed Systems (SRDS 2004)[C]. Florianpolis, Brazil: IEEE Computer Society,2004:309-318
[29] Weibin Zhao, Henning Schulzrinne.DotSlash: handling Web hotspots at dynamic content Web sites[A]. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies[C]. Miami, FL, USA: IEEE Computer Society,2005:2836-2840
[30] Vijay Gopalakrishnan, Bujor D. Silaghi, Bobby Bhattacharjee, Peter J. Keleher. Adaptive Replication in Peer-to-Peer Systems[A] Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS 2004)[C]. Hachioji, Tokyo, Japan: IEEE ComputerSociety,2004:360-369
[31] Ali Aydin Sel?uk, Ersin Uzun, Mark Resat Pariente.A Reputation-based Trust Management System for P2P Networks[J].International Journal of Network Security,2008,6(2): 227-237
[32] Olsen,Robert,A.Trust as risk and the foundation of investment value[J]. The Journal of Socio-Economics,2008,37(6):2189-2200