对等系统的安全与激励机制研究-智能与分布计算实验室

对等系统的安全与激励机制研究

姓名	黄保华
论文答辩日期	2006.11.08
论文提交日期	2006.11.16
论文级别	博士
中文题名	对等系统的安全与激励机制研究
英文题名	Research on Security and Incentive Mechanisms of Peer-to-Peer Systems
导师1	卢正鼎
导师2	胡和平
中文关键词	对等系统;信任管理;激励机制;信任自动协商;信任级自动协商;神经网络;承诺
英文关键词	Peer-to-Peer System;Trust Management;Incentive mechanism;Automated Trust Negotiation;Automated Trust Level Negotiation;Neural Networks;Promise
中文文摘	近年来，随着网络带宽的大幅增加和个人计算机性能的不断提高，网络边缘的带宽、计算能力、存储能力等都有了大量富余，为对等（Peer-to-Peer, 简称P2P）系统提供了广阔的发展空间。P2P系统和目前盛行的以少数服务器为中心的客户机/服务器（Client/Server，简称C/S）系统不同，它主要利用网络边缘带宽和众多个人计算机上的计算能力、存储能力等实现对等的相互服务，具有可扩展性和鲁棒性好、价格便宜等优点。但P2P系统同时也具有大规模、高动态、高异构、强异步、参与者组成复杂等特点，给系统的设计、开发和运行管理带来了诸多挑战，特别是在安全与激励机制方面与传统计算机系统有很大差别。目前P2P系统已经成为Internet上占用网络带宽最多的系统，但P2P系统却主要局限于简单的文件共享等安全级别要求不高的应用，这与目前P2P系统缺乏适用的安全和激励机制密切相关。因此，对P2P系统的安全和激励机制进行深入研究具有重要的理论意义和实用价值。声誉(Reputation)系统是P2P安全研究的重点之一，现有P2P声誉系统都高度重视全局信任度的研究，而对局部信任度只给出了基于交易成功与失败次数比例的简单计算方法，不能描述交易成功与失败的时间分布特性。将人工神经网络用于P2P声誉系统，给出了P2P局部信任度的神经网络识别方法。该方法将能够反映交易结果时间分布特性的P2P交易结果序列直接作为神经网络输入来识别局部信任度，可以得出更具代表性的结果。另外，将神经网络引入P2P声誉系统，对声誉系统的智能化研究也有一定参考价值。信任自动协商(Automated Trust Negotiation, 简称ATN)是在P2P系统中实施可靠访问控制的方法之一，现有ATN模型的管理复杂度非常高，导致没有真正实用的ATN系统。提出了P2P系统的信任级自动协商(Automated Trust Level Negotiation, 简称ATLN)模型。ATLN引入信任级来扩展ATN，使资源访问策略不直接依赖于属性证书而依赖于信任级，降低了策略的复杂性，使ATLN较ATN更具灵活性和可管理性。另外，ATLN融合了ATN和传统访问控制技术，对传统安全机制在P2P系统中的应用研究有一定参考价值。保证公平性是P2P系统实施激励的重要方法，借鉴人类社会个体间相互承诺并通过兑现承诺来实现公平交往的原理，提出了基于承诺的P2P资源公平共享协议P-Promise。P-Promise通过定义承诺证书和一套协议原语，在P2P实体间建立公平资源共享环以实现P2P公平资源共享。公平资源共享环的建立过程就是对等实体承诺并不断兑现承诺的过程，不需要可信第三方、认证的身份、货币支付、对称存储关系等条件。承诺证书能够描述不同的资源，所以P-Promise可用于各种资源的公平共享。鉴于P2P数据容灾的广泛应用前景，提出了一个自适应P2P数据容灾模型，并基于JXTA实现了一个P2P数据容灾系统。该系统对本文提出的理论进行了集成和验证。
英文文摘	In recent years, the rapid improvement in bandwidth of computer network and capability of personal computer results in a lot of idle network bandwidth, computing power and storage capacity at the edge of computer network, and brings a wide development space to Peer-to-Peer (P2P) systems. The current widely used Client/Server architectures only use a few servers as the center. In contrast, P2P systems utilize the network bandwidth, computing power and storage capacity of personal computers at the edge of network to serve each other. So P2P systems are scalable, robust and cheap. Because P2P systems are also huge, dynamic, asynchronous, and consisted of complicated partners, there are many challenges in designing, development, and maintenance of them. Especially in security and incentive mechanisms, P2P systems are very different from traditional computer systems. In fact, although P2P systems have been the most bandwidth costing systems in Internet now, P2P systems are only limited to some lower security level applications, such as simple P2P file sharing. This is closely related to the lack of applicable security and incentive mechanisms of P2P systems. So the security and incentive mechanisms of P2P systems are investigated in this paper. Reputation system is a major research area of P2P system security, but the existent reputation models are focused on global trust model. As for local trust value, these models only adopt simple methods based on count of success and failure times of P2P transaction to calculate it. Therefore, the local trust value cannot represent the distribution of success and failure in P2P transaction history. Artificial neural networks are introduced in P2P reputation system, and the method of identifying local trust value of P2P systems with neural networks is proposed. P2P transaction result sequence that can represent the P2P transaction history is used as input of neural networks to identify local trust value directly, so the result can be more representative. In addition, it shows an intelligent method of reputation system to use neural networks. ATN (Automated Trust Negotiation) is one of the methods that can carry out reliable access control in P2P systems. But current ATN model is very complex and hard to manage. In fact, there is no really usable ATN system at present. ATLN (Automated Trust Level Negotiation) is proposed. ATLN introduces trust level to extend ATN, and reduces the complexity of the resource access control policy by define the policy with trust level. ATLN is more flexible and manageable than ATN. ATLN fuses ATN and traditional access control model, so it gives a clue of using traditional security mechanisms in P2P systems. Fair resource sharing is one of incentive mechanisms in P2P systems. Inspiring from society where individuals exchange fairly by promising and acting on it, P-Promise, a promise based P2P fair resource sharing protocol is proposed. P-Promise defines promise certificate and a suit of protocol primitives. By using promise certificate and protocol primitives, fair resource sharing ring can be built, and the goal of fair resource sharing can be achieved in P2P systems. The process of building fair resource sharing ring is a process of promising and carrying it out, so P-Promise does not require trusted third parties, certified identities, monetary payment, and symmetric storage relationships. Promise certificate can describe various kinds of resources, so P-Promise can be applied to a wide range of resource sharing. In view of the value of P2P data disaster tolerance, an adaptive P2P data disaster tolerance model is proposed, and a P2P data disaster tolerance system is designed and implemented based on JXTA. The system integrates and verifies the theories proposed in this paper.