Please use this identifier to cite or link to this item:
標題: 點對點網路安全機制之研究
On the Security Mechanisms for P2P Networks
作者: 邱淑芬
Chiou, Shu-Fen
關鍵字: 點對點網路
mutual authentication
Peer-to-Peer (P2P) networks
P2P recommendation networks
trusted network
出版社: 資訊科學與工程學系所
引用: [1] D. P. Anderson, J. Cobb, E. Korpela, M. Lebofsky, and D. Werthimer, “SETI@home: An experiment in public-resource computing,” Communications of the ACM, vol. 45, no. 11, pp. 56-61, 2002. [2] R. J. Anderson, “Attack on server assisted authentication protocols,” IEE Electronics Letters, vol. 28, no. 16, p. 1473, 1992. [3] P. Andreas and W. Michael, “Networks without user observability,” Computers and Security, vol. 6, no. 2, pp. 158-166, 1987. [4] H. A. Artail, “Peer-assisted carrying authentication (PACA),” Computers and Security, vol. 23, pp. 478-488, 2004. [5] N. Bansod, A. Malgi, B. K. Choi, and J. Mayo, “MuON: Epidemic based mutual anonymity in unstructured P2P networks,” Computer Networks, vol. 52, no. 5, pp. 915-934, 2008. [6] J. S. Beuscart, “Napster users between community and clientele: The formation and regulation of a sociotechnical group,” Sociologie du travail, vol. 47, pp. e1-e16, 2005. [7] S. P. Borgatti, “Centrality and network flow,” Social Networks, vol. 27, pp. 55-71, 2005. [8] A. Boukerche, R. B. Araujo, and M. Laffranchi, “Multiuser 3d virtual simulation environments support in the Gnutella peer-to-peer network,” Journal of Parallel and Distributed Computing, vol. 65, no. 11, pp. 1462-1469, 2005. [9] S. Bowyer, D. Werthimer, C. Donnelly, J. Cobb, D. Ng, and M. Lampton, “Twenty tears of SERENDIP, the berkeley SETI effort: Past results and future plans,” in Astronomical and Biochemical Origins and the Search for Life in the Universe (S. Bowyer C. B. Cosmovici and D. Werthimer, eds.), vol. IAU Colloquium 161, p. 667, 1996. [10] K. R. B. Butler, S. Ryu, P. Traynor, and P. D. McDaniel, “Leveraging identity-based cryptography for node id assignment in structured P2P systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 20, no. 12, pp. 1803-1815, 2009. [11] B. Carlsson and R. Gustavsson, “The rise and fall of napster - an evolutionary approach,” in Proceedings of the 6th International Computer Science Conference on Active Media Technology, vol. LNCS 2252, pp. 347 - 354, 2001. [12] C. C. Chang, C. Y Lin, and K. C. Lin, “Simple efficient mutual anonymity protocols for peer-to-peer network based on primitive roots,” Journal of Network and Computer Applications, vol. 30, pp. 662-676, 2007. [13] E. Damiani, S. D. C. d. Vimercati, S. Paraboschi, P. Samarati, and F. Violante, “A reputationbased approach for choosing reliable resources in peer to peer networks,” in CCS'' 02, pp. 207-216, 2002. [14] Z. Despotovic and K. Aberer, “P2P reputation management: Probabilistic estimation vs. social networks,” Computer Networks, vol. 5, pp. 485-500, 2006. [15] P. Dewan and P. Dasgupta, “P2P reputation management using distributed identities and decentralized recommendation chains,” IEEE Transactions on Knowledge and Data Engineering, vol. 22, no. 7, pp. 1000-1013, 2010. [16] R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The second-generation onion router,” in Proceedings of the 13th USENIX Security Symposium, pp. 303-320, 2004. [17] N. Fedotova and L. Veltri, “Reputation management algorithms for dht-based peer-to-peer environment,” Computer Communications, vol. 32, pp. 1400-1409, 2009. [18] M. Feldman and J. Chuang, “Overcoming free-riding behavior in peer-to-peer systems,” ACM SIGecom Exchanges, vol. 5, no. 4, pp. 41-50, 2005. [19] E. Gabber, P. Gibbons, D. Kristol, Y. Matias, and A. Mayer, “Consistent, yet anonymous, Web access with LPWA,” Communications of the ACM, vol. 42, no. 2, pp. 42-47, 1999. [20] E. Gabber, P. Gibbons, Y. Matias, and A. Mayer, “How to make personalized web browsing simple, secure, and anonymous,” pp. 17-31, 1997. [21] D. Goldschlag, M. Reed, and P. Syverson, “Onion routing for anonymous and private Internet connections,” Communications of the ACM, vol. 42, no. 2, pp. 3-41, 1999. [22] N. S. Good and A. Krekelberg, “Usability and orivacy: A study of Kazaa P2P file-sharing,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 137-144, 2003. [23] M. Gupta, M. H. Ammar, and M. Ahamad, “Trade-offs between reliability and overheads in peer-to-peer reputation tracking,” Computer Networks, vol. 50, pp. 501-522, 2006. [24] E. Halepovic and R. Deters, “The JXTA performance model and evaluation,” Future Generation Computer Systems, vol. 21, no. 3, pp. 377-390, 2005. [25] L. Harn, “Batch verifying multiple DSA-type digital signatures,” Electronics Letters, vol. 34, no. 9, pp. 870-871, 1998. [26] L. Harn, “Batch verifying multiple RSA digital signatures,” Electronics Letters, vol. 34, no. 12, pp. 1219-1220, 1998. [27] B. Huffaker, M. Fomenkov, K. Claffy, and D. Moore, “Macroscopic analyses of the infrastructure: measurement and visualization of internet connectivity and performance,” in Proceedings of the 2001 Workshop on Passive and Active Measurements, 2001. [28] M. S. Hwang, “Cryptanalysis of ycn key assignment scheme in a hierarchy,” Information Processing Letters, vol. 73, pp. 97-101, 2000. [29] M. S. Hwang, I. C. Lin, and K. F. Hwang, “Cryptanlysis of the batch verifying multiple RSA digital signatures,” Informatica, vol. 11, no. 1, pp. 15-19, 2000. [30] D. Ilie and A. Popescu, “Statistical models for Gnutella signaling traffic,” Computer Networks, vol. 51, no. 17, 2007. [31] J. J. Jung, “Trustworthy knowledge diffusion model based on risk discovery on peer-to-peer networks,” Expert Systems with Applications, vol. 36, pp. 7123-7128, 2009. [32] S. Kamvar, M. Schlosser, and H. Garcia-Molina, “The eigentrust algorithm for reputation management in P2P network,” in Proceedings of First Workshop Economic Issues in P2P Systems, 2003. [33] E. Korpela, D. Werthimer, D. Anderson, J. Cobb, and M. Lebofsky, “SETI@home-massively distributed computing for SETI,” Computing in Science and Engineering, vol. 3, no. 1, p. 79, 2001. [34] C. C. Lee, M. S. Hwang, and I. E. Liao, “A server assisted authentication protocol for detecting error vectors,” Operating Systems Review, vol. 38, no. 2, pp. 93-96, 2004. [35] G. Li, “JXTA: A network programming environment,” IEEE Internet Computing, vol. 5, no. 3, pp. 88-95, 2001. [36] I. C. Lin, M. S. Hwang, and C. C. Chang, “A new key assignment scheme for enforcing complicated access control policies in hierarchy,” Future Generation Computer Systems, vol. 19, pp. 457-462, 2003. [37] H. Liu, P. Luo, and D. Wang, “A distributed expansible authentication model based on kerberos,” Journal of Network Computer Applications, vol. 31, no. 4, pp. 472-486, 2008. [38] H. Liu, P. Luo, and D. Wang, “A scalable authentication model based on public keys,” Journal of Network and Computer Applications, vol. 31, pp. 375-386, 2008. [39] H. Liu, P. Luo, and Z. Zeng, “A structured hierarchical P2P model based on a rigorous binary tree code algorithm,” Future Generation Computer Systems, vol. 23, pp. 201-208, 2007. [40] Y. Liu, N. Xiong, Y. Li, K. Xu, J. H. Park, and C. Lin, “A secure model for controlling the hubs in P2P wireless network based on trust value,” Computer Communications, vol. 33, pp. 997-1004, 2010. [41] Y. Liu, N. Xiong, K. Xu, J. H. Park, and C. Lin, “A secure model for controlling the hubs in P2P wireless network based on trust value,” Computer Communications, vol. 33, pp. 997-1004, 2010. [42] J. Luo, X. Wang, and M. Yang, “A resilient P2P anonymous routing approach employing collaboration scheme,” Journal of Universal Computer Science, vol. 15, no. 9, pp. 1797-1811, 2009. [43] X. X. Ma and Z. G. Qin, “Partition and multi-path transmission: An encryption-free reputation sharing,” Computer Communications, vol. 32, pp. 3059-3063, 2008. [44] K. V. Mangipudi and R. S. Katti, “A hash-based strong password authentication protocol with user anonymity,” International Journal of Network Security, no. 3, pp. 205-209, 2006. [45] T. Matsumoto, K. Kato, and H. Imai, “Speeding up secret computations with insecure auxiliary devices,” in Advances in Cryptology, Crypto'' 88, LNCS 403, pp. 497-506, Aug. 1988. [46] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996. [47] J. A. Moreno, K. Matsuo, L. Barolli, and F. Xhafa, “Secure communication setup for a P2P-based jxta-overlay platform,” IEEE Transactions on Industrial Electronics, no. 6, pp. 2086-2096, 2011. [48] D. Palaka, P. Daras, K.Petridis, and M. G. Strintzis, “A novel peer-to-peer payment protocol,” International Journal of Network Security, vol. 4, no. 1, pp. 107-120, 2007. [49] Georgios Pitsilis and Lindsay Marshall. “A proposal for trust-enabled P2P recommendation systems,”. tech. rep., University of Newcastle upon Tyne, School of Computing Science, 2005. [50] L. Ramaswamy and Ling Liu, “Free riding: A new challenge to peer-to-peer file sharing systems,” in Proceedings of the 36th Hawaii International Conference on System Sciences, pp. 1-10, 2003. [51] M. G. Reed, P. F. Syverson, and David M. Goldschlag, “Anonymous connections and onion routing,” IEEE Journal on Selected Areas in Communications, vol. 16, no. 4, pp. 482-493, 1998. [52] M. K. Reiter and A. D. Rubin, “Crowds: Anonymity for Web transactions,” ACM Transactions on Information and System Security, vol. 1, no. 1, pp. 66-92, 1998. [53] P. Resnick and H. R. Varian, “Recommender systems,” Communications of the ACM, vol. 40, no. 3, pp. 56-58, 1997. [54] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems,” Communications of the ACM, vol. 21, pp. 120-126, Feb. 1978. [55] P. Sanderson, “Identifying an existing file via kazaa artefacts,” Digital Investigation, vol. 3, no. 3, pp. 174-180, 2006. [56] V. Scarlata, B. N. Levine, and C. Shields, “Responder anonymity and anonymous peer-to-peer file sharing,” in Proceedings of ninth international conference on network protocols, pp. 272-280, 2001. [57] A. A. Sel»cuk, E. Uzun, and M. R. Pariente, “A reputation-based trust management systemfor P2P networks,” International Journal of Network Security, no. 2, pp. 227-237, 2008. [58] R. Sherwood, B. Bhattacharjee, and A. Srinivasan, “P5: A protocol for scalable anonymous communication,” in Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 58-70, 2002. [59] C. Shields and B. N. Levine, “A protocol for anonymous communication over the Internet,” in Proceedings of 7th ACM Conference on Computer and Communication Securing, pp. 33-42, 2000. [60] S. Subhabrata, S. Oliver, and D. Wang, “Accurate, scalable in-network identification of P2P traffic using application signatures,” in Proceedings of the 13th International Conference on World Wide Webs, pp. 512-521, 2004. [61] A. Takeda, D. Chakraborty, G. Kitagata, K. Hashimoto, and N. Shiratori, “Proposal and performance evaluation of hash-based authentication for P2P network,” Journal of Information Processing, vol. 17, pp. 59-71, 2009. [62] B. C. Wang, A. L. H. Chow, and L. Golubchik, “A comprehensive study of the use of advertisements as incentives in P2P streaming systems,” Peer-to-Peer Networking and Applications, 2012. [63] L.Wang, “Sofa: An expert-driven, self-organization peer-to-peer semantic communities for network resource management,” Expert Systems with Applications, vol. 38, pp. 94-105, 2011. [64] D.Wei, S. B. YANG, and X. Q. Liu, “Artificial immunology based anti-pollution P2P file sharing system,” in The Sixth International Conference on Grid and Cooperative Computing (GCC 2007), pp. 16-18, 2007. [65] L. Xiao, Z. Xu, and X. Zhang, “Low-cost and reliable mutual anonymity protocols in peer-to-peer networks,” IEEE Transactions on Parallel and Distributed Systems, vol. 14, no. 9, pp. 829-840, 2003. [66] L. Xiong and L. Liu, “Peertrust: Supporting reputation-based trust in peer-to-peer communities,” IEEE Transactions on Knowledge and Data Engineering, vol. 16, no. 7, pp. 843-857, 2004. [67] Z. B. Xu and Z. W. Li, “Efficient and secure certificateless authentication and key agreement protocol for hybrid P2P network,” in The 2nd IEEE International Conference on Information Management and Engineering (ICIME), pp. 272- 276, 2010. [68] B. Ye, M. Guo, J. Zhou, and D. Chen, “A multicast based anonymous information sharing protocol for peer-to-peer systems,” IEICE Transactions on Information and Systems, vol. E89-D, no. 2, pp. 581-588, 2006. [69] L. Y. Yeh, W. J. Tsaur, Y. L. Huang, A. D. Joseph, and S. Shieh, “A batch-authenticated and key agreement framework for P2P-based online social networks,” IEEE Transactions on Vehicular Technology, no. 4, pp. 1907-1924, 2012. [70] Q. Zhang and K. L. Calvert, “A peer-based recovery scheme for group rekeying in secure multicast,” International Journal of Network Security, no. 1, pp. 15-25, 2008. [71] Y. Zhang, L. Lin, and J. Huai, “Balancing trust and incentive in peer-to-peer collaborative system,” International Journal of Network Security, no. 1, pp. 73-81, 2007. [72] R. Zhou and K. Hwang, “Powertrust: A robust and scalable reputation system for trusted peer-to-peer computing,” IEEE Transactions on Parallel Distributed Systems, vol. 18, no. 4, pp. 460-473, 2007. [73] R. Zhou, K. Hwang, and M. Cai, “Gossiptrust for fast reputation aggregation in peer-to-peer networks,” IEEE Transactions on Knowledge Data Engineering, vol. 20, no. 9, pp. 203-215, 2008. [74] Y. Zhu and Y. Hu, “Surepath: An approach to resilient anonymous routing,” International Journal of Network Security, no. 2, pp. 201-210, 2008.
摘要: 在點對點網路中,我們使用檔案分享、視訊會議、數位學習、分散式計算、電子商務等應用。然而在點對點網路系統中,仍缺乏安全性的處理而導致會有一些安全性的攻擊。而點對點網路的安全性相關議題有匿名性、認證、可信任模型、安全路由、安全付費機制等等。在本論文中,我們提出四種安全及具效率的機制:(1)一個基於多播之相互匿名點對點檔案分享機制;(2)一個peers之間協助認證機制;(3)可信任點對點推薦系統改進機制(4)一個基於信任值及貢獻度之可任何及避免free riders機制。 在第一個研究主題中,我們針對在要求者及回應者相互匿名需求上,提出一個多播IP為基礎來達到相互匿名之點對點檔案分享機制。為了避免在初始時要求者及回應者就被攻擊並曝光,因此他們會選擇一群可信任的使用者一起加入此次分享。在經過匿名程度、安全性及效率分析後,我們的機制的確可以有效地提供相互匿名的需求。 在第二個研究主題中,我們認為可利用具備高運算能力peers來幫助無法計算複雜處理之低運算能力peers。當低運算能力的使用者需要運算大量資料,如大量的簽章,若有其他的peers來分攤計算花費,將可有效降低其運算時間。因為,在此研究主題,我們提出一peers之間互相協助之認證機制。由具高運算能力的使用者來幫忙分攤低運算能力者的大量簽章運算,藉由我們的機制來加速其運算速度。 在第三個研究主題中,我們著重於安全的點對點推薦系統。點對點推薦系統指得使用者會發送給特定使用者其喜愛的項目推薦值,使用者可參考其值來決定是否要求下載。然而我們無法保證沒有惡意的使用者來偽造、竄改或不正確的資訊來欺騙我們。Jung在2009年提出了一個基於風險發現的可信任機制,但此機制的訊息可能會被不合法的修改或者鄰居之間會有共謀的現象發生。因此我們在此研究主題中,提出一個改進的方法來改進Jung所提出的機制的缺點。除此之外,我們的方法還可以達到不可偽造及不可否認的需求。 我們針對可信任網路及預防freeriders這兩個議題,在最後一個研究主題中,我們提出一個新的可信任點對點網路機制。我們利用貢獻值來確認其使用者是否為freerider。資源要求者及回應者則可利用信任值來決定是否要求下載或者提供檔案。
In P2P networks, people use for files sharing, video conference, digital learning, distributed computing, e-commerce, etc. However, the weak security process of current P2P systems may lead to some security attacks. Thus, we need to cosider the security issues such as anonymous, authentication, trust model, secure routing, secure payment system, etc. In this dissertation, we shall propose four secure and efficient schemes for the following research subjects: (1) a mutual anonymity protocol based on multicast for pure file sharing P2P network systems; (2) a peers assisted authentication protocol on P2P networking systems; (3) an improvement trust P2P recommendation system; and (4) a trust and free riders prevention model for P2P networks based on reputation and contribution values. In the first research subject, we focus the mutual anonymity communications mean both the initiator and responder cannot know each other. Hence, we proposed a pure P2P network system with mutual anonymity for file sharing. We use the multicast IP concept to achieve mutual anonymity. In order to prevent the initiator guessed by adversaries if the router that provides the multicast IP compromised by adversaries, the initiator starting the session, it chooses a number of peers to join this multicast group together at the same time. After the anonymity degree, security, performance analysis, our scheme can provide mutual anonymity while still fulfilling essential requirements. For the second research subject, peers with high computational capacity can vastly improve a network''s ability to handle complex computations or transfer large amounts of data. Large signatures generally require large amounts of time for mobile peers to compute. However, if peers are able to share their computational capacity, this processing time can be reduced. In this subject, we proposed a peer assisted authentication scheme for RSA signatures in decentralized peer to peer networks. Our scheme can speed up computation, while still fulfilling essential requirements. For the third research subject, we focus on the secure P2P recommendation networks. In P2P recommendation networks, the peer propagates the recommendation value of the specific item to her/his neighbor who is interest in this item. However, we could not guarantee that there are no malicious peers to provide fraud or adversarial information to fool us. In 2009, Jung proposed a trustworthy knowledge diffusion model on Peer-to-Peer network based on risk discovery. However, the message can be modified and neighbors can collusive during transmission. In this subject, we proposed an improvement method to improve these drawbacks; in addition, our proposed method can achieve the extra requirements of unforgeability and non-repudiation. For the last research subject, we focus on two important security issues: maintaining trusted network and preventing free riders. In subject, we use contribution value to identity who is a free rider. The requester and responder could use the reputation evaluation to decide whether downloading or providing the request file.
其他識別: U0005-2708201210055900
Appears in Collections:資訊科學與工程學系所



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.