Disclosure of Invention
The technical problem is as follows: the invention provides an anonymous communication method based on a distributed hash table network, aiming at the problem of how to realize anonymous communication among user nodes in a P2P network. A probability forwarding mechanism and a symmetric key encryption mechanism are introduced in the message forwarding process of the P2P node, so that the anonymity of the user nodes in a resource searching stage, a resource publishing stage and a resource transmission stage in the DHT network is realized.
The technical scheme is as follows: the anonymous communication scheme among the user nodes in the P2P network considers the anonymous communication of the whole DHT network from three aspects, namely, the resource publishing phase, the resource searching phase and the resource downloading and transmitting phase of the user. The combination of the three can achieve sender anonymity, recipient anonymity, and anonymity of the communication relationship.
An anonymous mapping path construction method is adopted in the resource release stage of a user, construction of the anonymous mapping path is realized through a next hop path selection strategy based on a probability forwarding mechanism, and finally a mapping node is established; in the searching stage of the user for the resource, a method of forwarding a request packet backwards or forwarding a response packet forwards based on probability is adopted; and in the resource downloading and transmitting stage, a method of transmitting data by using the mapping node as a relay node and combining the data with the encrypted data of the session key is adopted.
1. Architecture
The invention realizes anonymous communication among user nodes in a Distributed Hash Table (DHT) network, wherein each node in the DHT network is a peer node and belongs to a fully distributed P2P network without a central server.
The basic operation of each user node in the DHT network is of three types: 1. a resource issuing operation, wherein a user issues resources owned by the node to the DHT network for other nodes to search and download; 2. searching resources, namely searching required resources from other nodes in the network by a user according to the self requirement; 3. and the user downloads and transmits a specific resource or some resources according to the searched resource information list.
Starting from the three types of basic operations, in the resource publishing stage, the resource searching stage and the resource downloading and transmitting stage, the related anonymity mechanism and the related security mechanism are respectively introduced to realize the anonymous communication among the user nodes, namely, the anonymity of the three types of basic operations is realized, so that the protection of the user privacy is realized.
2. Method flow
In the DHT network, the node performs an anonymous issuing operation of the resource, an anonymous searching operation of the resource, and an anonymous transmitting operation of the resource in sequence, and the following describes in detail different operation modules.
1. Anonymous release phase of resources
In the conventional resource distribution in the DHT network, a distribution node distributes a message packet containing resource information and local node information (IP, port) to other nodes for storage, so that the node information of a distributor is exposed in the whole network and is easily utilized by a malicious node, and the normal operation of the DHT network is affected. The anonymous issuing operation of the introduced resource can hide the issuing node information to the maximum extent to realize the anonymous issuing of the resource, and the specific steps are as follows:
step 1, in the DHT network, the user node P carries out hash operation on the resource File to be issued:
Hash(File)=FID
the ID of the resource is set to FID. The node P selects a neighbor node I with the longest survival time from the routing table 1 The resource mapping message M _ REQ (Map Request) containing the FID is sent to the node I 1 ,I 1 After receiving the M _ REQ message, the probability P is selected f1 ∈[0,1]Continue forwarding backwards, or with probability (1-P) f1 ) The terminating forwarding becomes the mapping node E of the node P, so that a mapping path L is formed between the publishing node P and the mapping node E. Wherein for any node I on the path i The following binary functional relationship is satisfied:
wherein P is f1 Is set by the network publisher, P (I) i ) Is node I i A value between 0 and 1 is randomly generated after receiving the M _ REQ message whenThen continue to the subsequent node I i+1 Forwarding, otherwise node I i It is the mapping node E of P. Each node I on the mapping path i A mapping table is also needed to be created for storing the resource ID and the message triplets of the previous node and the subsequent node<FID,I i-1 ,I i+1 &And (d) drying the steel. And after the mapping node E is established, returning a mapping Response message M _ RES (Map Response) to the resource publishing node P according to the mapping table. The M _ RES message contains the IP and Port information of node E.
The mapping table is used for forwarding the resources in the anonymous transmission process of the resources, the mapping path is established by adopting a random probability strategy, namely a next hop path selection strategy, so that the mapping has anonymity, and other nodes on the path except the publishing node P do not know whether the relay node is a publisher of the resources.
And 2, when the mapping path is constructed, the node P starts to release the resource information. The node P forms a five-tuple from the FID, the information related to the resource (such as file name, type, size, etc.), the session key SecK, and the IP and Port information of the mapping node E:
<FID,Info,SecK,IP E ,Port E >
since the hash algorithm for generating the node ID and the resource ID in the DHT network is consistent, the node P can select the neighbor node Neig which is closer to the FID in the routing table P ={N 1 ,N 2 ,N 3 ,…,N n And transmitting a resource issuing message P _ REQ (Publish Request). The neighbor node receiving the P _ REQ message first transmits the quintuple information<FID,Info,SecK,IP E ,Port E >, stored, then continuously searching its routing table to find out the routing table closer to FIDAnd the neighbor nodes continue to iteratively send the P _ REQ message, and if the neighbor nodes closer to the FID are not found, the P _ REQ message is stopped being issued.
2. Anonymous search phase of resources
In the traditional resource search in the DHT network, keyword hash search is adopted, the keyword is hashed and then subjected to search operation, the whole search process is iterative search, namely, each operation is initiated by a search node, and node information (IP, port) of the search node is necessarily exposed in the network in the search process, so that anonymity and safety are avoided. The method for realizing the anonymous search of the resources comprises the following specific steps:
step 1, a user node S firstly hashes keywords to be searched:
Hash(Keyword)=KID
thus, the hash value KID of the key is obtained, and then S selects ALPHA nodes neighbor with the nearest distance to KID from the routing table S ={N 1 ,N 2 ,…,N ALPHA And sending a resource Search Request S _ REQ (Search Request), wherein ALPHA is the dimension of synchronous Search, and the value of ALPHA is set by the user node.
Step 2. Neighbor node N i After receiving the S _ REQ message from the node S, the probability P is selected f2 ∈[0,1]Forward backward, i.e. find out the node closer to KID from its routing table, and then continue to send S _ REQ message to it, or with probability (1-P) f2 ) And returning a Response message S _ RES (Search Response) of the Search request to the previous node. Path = { J } for a certain search Path 1 ,J 2 ,J 3 ,…,J n On any node J i The following binary functional relationship is satisfied:
wherein P (J) i ) Is node J i A value between 0 and 1 randomly generated after receiving the resource mapping message whenWhen, J i Finding out the node J more adjacent to KID from its routing table i+1 Then to J i+1 Continue sending S _ REQ message, otherwise J i Will comprise J i+1 Node J is relayed to the S _ RES message of the node information i-1 And returning until the iteration returns to the resource search initiator S. And then starting the resource searching process of the next round by S until the searching is finished.
3. Anonymous transfer phase of resources
The resource transfer operation in a conventional DHT network is a point-to-point transfer, such that both parties of the transfer are exposed to each other, and neither the sender nor the receiver is anonymous. The anonymous transmission of the resources well solves the problem and realizes the anonymous transmission of the resources, and the method comprises the following specific steps:
step 1. Node S prepares to download a certain resource FID, S will get the information already obtained<FID,Info,SecK,IP E ,Port E &And the mapping node E contained in the step (b) sends a resource downloading Request message D _ REQ (Download Request):
when E receives the D _ REQ message from S, it will inquire its mapping table T according to FID in the message, and then forward the message to its previous node until the node P.
And 2, after receiving the forwarded D _ REQ message, the node P encrypts a resource File corresponding to the FID:
SK(File)=Efile
and then P puts the profile into a resource downloading Response message D _ RES (Download Response), sends the Response message to a mapping node E through a mapping path L, and sends the Response message to a node S through the mapping path E. S, decrypting the resources according to the session key SecK obtained in the anonymous searching process of the resources to obtain the original resources.
The method comprises the following specific steps:
the anonymous communication method based on the distributed hash table network constructs a mapping path in a resource publishing stage to generate a mapping node, so that the information of the anonymous communication method is effectively hidden when the resource is published; in the resource searching stage, a strategy based on a probability forwarding mechanism is adopted, so that the nodes on the searching path can not clearly determine who the initial inquirer is; in the resource transmission stage, the mapping node is used as a relay and encrypts data to realize the anonymity of both communication sides and the safety of the data, and the method specifically comprises the following steps:
step 1, at an initial moment, in a DHT (distributed hash table) network, a user node P has a certain resource File and hashes the resource File to obtain an identity ID of the resource, wherein the identity ID is set as a File identity FID;
step 2, the node P selects a neighbor node I with the longest survival time from the routing table 1 Sending the resource mapping message M _ REQ containing the FID to the node I 1 Node I 1 After receiving the M _ REQ message, the probability P is selected f1 ∈[0,1]Continue forwarding backwards, f 1 Forwarding events in the process of constructing the mapping path; or with probability (1-P) f1 ) Terminating forwarding to form a mapping node E of the node P, so that a mapping path L is formed between the issuing node P and the mapping node E; wherein for any node I on the path i The following binary functional relationship is satisfied:
each node I on the mapping path i A mapping table is also needed to be created for storing the resource ID and the message triplets of the previous node and the subsequent node<FID,I i-1 ,I i+1 &When a mapping node E is established, a mapping response message M _ RES is returned to a resource publishing node P according to a mapping table, wherein the M _ RES message comprises a network layer address IP and Port information of the node E;
step 3, when mapping the route structureAfter the building is completed, the node P starts to release the resource information; the node P forms a quintuple by the FID, the related information of the resource, the session key SecK and the IP and Port information of the mapping node E:<FID,Info,SecK,IP E ,Port E >;N 1 ,N 2 ,…,N n all P neighbor nodes from their neighbor node set Neig P ={N 1 ,N 2 ,N 3 ,…,N n Selecting a neighbor node closer to the FID to send a resource release message P _ REQ, storing the quintuple by the neighbor node receiving the P _ REQ message, then continuously searching a routing table of the neighbor node, finding out the neighbor node closer to the FID, continuously and iteratively sending the P _ REQ message, and stopping releasing the message if the neighbor node closer to the FID is not found;
step 4, when the user node S is ready to search resources by keywords, S firstly hashes the keywords input by the user to obtain a keyword hash value KID, and then S selects ALPHA nodes neighbor with the closest distance to KID from the routing table S ={N 1 ,N 2 ,…,N ALPHA Sending a resource search request S _ REQ, wherein ALPHA is the dimension of synchronous search;
step 5, after the neighbor node Ni receives the S _ REQ message sent by the node S, the probability P is used f2 ∈[0,1](f 2 For a forwarding event in the resource anonymous search process), i.e. find out the node closer to KID from its routing table and then continue to send S _ REQ message to it, or with probability (1-P) f2 ) And returning a response message S _ RES of the search request to the previous node. Path = { J) for a certain search Path 1 ,J 2 ,J 3 ,…,J n Any one of the nodes J on the i The following binary functional relationship is satisfied:
after a certain node returns the S _ RES message, the round of search is finished, and after the S _ RES message returns to the node S, the S starts the next round of search according to the content in the S _ RES message until the required resource information is searched, and the whole search process is finished;
step 6. The node S prepares to download a certain resource FID, S sends the obtained information<FID,Info,SecK,IP E ,Port E &The mapping node E contained in the node B sends a resource downloading request D _ REQ, when the D _ REQ message from the S is received by the node B, the mapping table T of the D _ REQ message is inquired according to the FID in the message, and then the message is forwarded to the previous node of the D _ REQ message until the node P;
and 7, after receiving the forwarded D _ REQ message, the node P encrypts a resource File corresponding to the FID to obtain an Profile, then the P puts the Profile into a resource download response message D _ RES, sends the profile to a mapping node E through a mapping path L, and sends the profile to the node S through the node E, and the S decrypts the resource according to a session key SecK obtained in the anonymous resource searching process to obtain original data.
Has the advantages that: the invention provides an anonymous communication method based on a distributed hash table network, which is mainly used for solving the problem of how to realize anonymous communication among user nodes in a DHT network environment, thereby achieving the purposes of user privacy protection and even normal operation of the whole network.
In general, due to the fact that the P2P network is designed without considering the hiding of node information and the hiding of communication relationships between nodes, the node information and traffic in the network are often tampered by malicious nodes, so that the privacy of a user is revealed, and even the normal operation of the whole network is threatened. On the basis of in-depth research and discussion of the problems, the invention provides an anonymous communication method based on a distributed hash table network, which is used for protecting the anonymity of communication among users from three operation layers of a DHT (distributed hash table) network, so that the utilization of malicious nodes on node information and flow in the network can be avoided, and the privacy protection of the users and the safe and stable operation of the network are realized.
Detailed Description
An overall block diagram of an anonymous communication scheme based on a Distributed Hash Table (DHT) network is shown in fig. 1, and the scheme includes an anonymous publishing process of resources, an anonymous searching process of resources and an anonymous transmission process of resources. Specifically, the anonymous publishing process of the resource is shown in fig. 2, and the specific steps are as follows:
step 1, at an initial moment, in a DHT network, a user node P owns a certain resource File and hashes the resource File:
Hash(File)=FID
the ID of the resource is set to FID. The node P selects a neighbor node I with the longest survival time from the routing table 1 Sending the resource mapping message M _ REQ (Map Request) to the node I 1 ,I 1 After receiving the M _ REQ message, the M _ REQ message is selected with a probability P f1 ∈[0,1]Forward on, or with probability (1-P) f1 ) The terminating forwarding becomes the mapping node E of the node P, so that a mapping path L is formed between the publishing node P and the mapping node E. Wherein for any node I on the path i The following binary functional relationship is satisfied:
wherein P is f1 Is set by the network publisher, P (I) i ) Is node I i A value between 0 and 1 is randomly generated after receiving the M _ REQ message whenThen continue to the subsequent node I i+1 Forward, noThen node I i It is the mapping node E of P. Each node I on the mapping path i A mapping table T is also required to be created for storing the message triplets of the resource ID and the previous nodes and the subsequent nodes thereof<FID,I i-1 ,I i+1 >:
Resource ID
|
Information of a relay node
|
Successor node information
|
FID 1 |
<IP i-1 ,Port i-1 >
|
<IP i+1 ,Port i+1 >
|
FID 2 |
<IP k-1 ,Port k-1 >
|
<IP k+1 ,Port k+1 >
|
…
|
…
|
…
|
FID n |
<IP n-1 ,Port n-1 >
|
<IP n-1 ,Port n-1 > |
When the mapping node E is established, a mapping Response message M _ RES (Map Response) is returned to the resource publishing node P according to the mapping table. The M _ RES message contains the IP and Port information of node E.
The mapping table is used for forwarding the resources in the anonymous transmission process of the resources, the mapping path is established by adopting a random probability strategy, namely a next hop path selection strategy, so that the mapping has anonymity, and other nodes except the publishing node P on the path do not know whether the previous node is a publisher of the resources.
Length expectation value of mapping path LWill follow P f1 Changes in the value of (a), which satisfies the following formula:
as can be seen from the above derived equations, the mapping path length expectationOnly with probability P f1 Related to, control P f1 The value can be controlled to a certain extentTo achieve a balance between efficiency and anonymity in DHT networks.
Step 2, the release process of the resources: when the anonymous mapping process of the resource is completed, the resource publishing node P starts to publish the resource information. The node P forms a five-tuple from the FID, the information related to the resource (such as file name, type, size, etc.), the session key SecK, and the IP and Port information of the mapping node E:
<FID,Info,SecK,IP E ,Port E >
due to the fact thatThe hash algorithm for generating the node ID and the resource ID in the DHT network is consistent, so the node P can select the neighbor node neighbor closer to the FID in the routing table P ={N 1 ,N 2 ,N 3 ,…,N n And transmitting a resource release message P _ REQ (Publish Request). The neighbor node receiving the resource release message will first send the five-tuple information<FID,Info,SecK,IP E ,Port E &And gt, storing, then continuously searching the routing table, finding out the neighbor node closer to the FID, continuously and iteratively transmitting the P _ REQ message, and stopping issuing the P _ REQ message if the neighbor node closer to the FID is not found.
The anonymous search process of resources is shown in fig. 3, and the specific steps are as follows:
step 3, when the user node S prepares to search resources by using the keywords, the S firstly hashes the keywords input by the user:
Hash(Keyword)=KID
thus, hash value KID of the key is obtained, and then S selects ALPHA nodes Neigh nearest to KID from the routing table S ={N 1 ,N 2 ,…,N ALPHA The Search Request for synchronization, that is, the resource Search Request S _ REQ (Search Request) is sent, where ALPHA is the dimension of the synchronization Search, and the balance between the Search efficiency and the control of network congestion can be achieved by setting the value of ALPHA.
Step 4. Neighbor node N i After receiving the S _ REQ message from the node S, the probability P is given f2 ∈[0,1]Forward backwards, i.e. finding a node closer to KID from its routing table, and then continue to send S _ REQ messages to it, or with probability (1-P) f2 ) And returning a Response message S _ RES (Search Response) of the Search request to the previous node. Path = { J) for a certain search Path 1 ,J 2 ,J 3 ,…,J n On any node J i The following binary functional relationship is satisfied:
wherein P (J) i ) Is node J i A value between 0 and 1 is randomly generated after receiving the resource mapping message, when P (J) i )∈[0,P f2 ]When, J i Finding out the node J more adjacent to KID from its routing table i+1 Then to J i+1 Continue to send S _ REQ message, otherwise J i Will comprise J i+1 Node J is relayed to the S _ RES message of the node information i-1 And returning until the iteration returns to the resource search initiator S. And starting the next round of resource searching process by S, wherein the searching takes the node information in the returned S _ RES message as a starting node.
Through the method, the node P which has the resources required by the source node S is finally searched n The work on this search path is thus completed. P is n A response message S _ RES _ F (SearchResponseFinal) eventually owning the resource information required by the source node S is returned to its predecessor nodes in the same manner. The information contained in the S _ RES _ F message is<FID,Info,SecK,IP E ,Port E &And gt, resource information issued in the anonymous issuing process of the resources.
The anonymous transmission process of the resource is shown in fig. 4, and the specific steps are as follows:
step 5, the node S obtains the result after the keyword search after the anonymous search process of the resource, if the S prepares to download a certain resource FID, the S will obtain the obtained information<FID,Info,SecK,IP E ,Port E >, sending a resource downloading Request message D _ REQ (Download Request) by the mapping node E contained in the step (b):
when E receives the resource D _ REQ message from S, the mapping table T is inquired according to the FID in the D _ REQ message, and then the D _ REQ message is forwarded to the previous node until the node P.
And 6, after receiving the forwarded D _ REQ message, the node P encrypts a resource File corresponding to the FID:
SK(File)=Efile
and then P puts the profile into a resource downloading Response message D _ RES (Download Response), sends the Response message to a mapping node E through a mapping path L, and sends the Response message to a node S through the mapping path E. S, decrypting the resources according to the session key SecK obtained in the anonymous searching process of the resources to obtain the original resources.