Disclosureof Invention
The technical problem is as follows: the invention aims to provide a forming scheme of a service network security architecture based on peer-to-peer computing, which is used for solving the security problem in the field of distributed computing. Compared with other service network architectures, the scheme focuses on realizing the safety and reliability of the service network architecture on the premise of finishing the network function.
The technical scheme is as follows: the method of the invention emphasizes the communication and the security in the network, introduces various extensible markup language security specifications and various specifications such as access control based on the policy, and aims to solve the problems of confidentiality, integrity, resistance to denial, availability and the like in the network.
One, architecture
A security service network system structure based on peer-to-peer computing is a security realization for guaranteeing the network purpose, and manages and shares various resources on the network by taking a service as a center through a uniform standard interface. The system structure establishes a hierarchical security protection mechanism on the basis of realizing the basic functions of the network. Figure 1 shows a service-oriented security network hierarchy, which is a detailed planning and design of the various layers in combination with the currently proposed service-oriented network hierarchy, and introduces the concept of security, especially in the service agreements and standards layers and the basic service layer. The whole secure network hierarchical structure sequentially comprises a physical layer, an international internet layer, a secure service protocol and standard layer, a basic service layer, a special service layer and a network application layer from bottom to top.
In the following we give specific description of the various levels in the structure:
physical layer: the lowest layer of the hierarchical structure is provided with abstract interfaces of various distributed resources at the bottom layer, the details of the resources in the network are hidden to the higher layer, and the distributed resources are used simply and easily by the higher layer.
Internet layer: and establishing a communication basis for the connection of the distributed resources by utilizing the existing internet protocol, and carrying upper-layer services.
Security service protocol and standards layer: the system structure ensures safe and reliable network interactive communication, and realizes confidentiality, integrity and non-repudiation of sensitive data needing to be ensured in communication. The layer is the core in the system structure, the security is required to be layered, and different levels of security guarantee are required to be provided for different layers. The security service protocol and standard layer is therefore further divided into three major sub-layers: network protocols, web services security standards, extensible markup language security specifications. The network protocol also abstracts the bottom layer resources once, issues and represents the network service through various network protocols such as uniform description, discovery and integration, web service description language and the like, the basic representation format is an extensible markup language format, and the format of network message interaction and transmission is specified; the safety standard of the world wide web service is a basic safety specification which must be used in a network service environment, is used as a specification of the safety level of simple object access control protocol message transmission communication, provides a guarantee for the confidentiality, the integrity and the resistance to the repudiation of a message, and also provides an optional function of identity authentication and authorization; at the sub-layer of the security specification of the extensible markup language, the extensible markup language is used for encryption and signature, and because the representation form of the upper layer data is also in the extensible markup language format, the extensible markup language can encrypt and sign a certain part of an extensible markup language document according to needs.
Basic service layer: basic functions are provided for the network, and key management, user management, access control management and single sign-on are mainly provided. Wherein the access control management employs resource access control based on extensible access control markup language (XACML) open standards, determining whether access should be granted to a resource based on policies defined by a set of rules.
A special service layer: some security services that are an upper layer of the basic service, such as integrating Public Key Infrastructure (PKI) functionality, interacting with upper layer peer-to-peer network applications, etc.
Peer-to-peer computing network application layer: and handing over the computing task to a peer-to-peer computing network for processing at a network application layer.
Second, the method flow
The network service provider needs to deploy peer-to-peer network service, and before two parties carry out simple object access protocol message transmission, we need to obtain the keys of two communication parties required by encryption and digital signature through a certification Center (CA). For the access control of resources, a plurality of access control methods exist at present, and the strategy access control based on extensible access control markup language is proposed to ensure that network resources are not illegally used and accessed.
The main working process comprises the following steps:
(1) application and issuance of certificates
The application and issuance of a simple single-key certificate are taken as an example to illustrate that a network user GC and a network service end GP respectively generate a key CA authentication center to issue a certificate to the network user GC and the network service end GP, and in order to enable safe communication in the future, the GC and the GP need to communicate with each other to obtain a public key signed and encrypted by the other side.
(2) Network user generation of communication messages
Data communicated by two parties inevitably contains sensitive data, and the sensitive data can be divided into a resource access control strategy document and normal communication data. For the resource access control policy document, which is expressed in the format of extensible markup language, in the network manager, the policy enforcement point submits the access control policy set cps (access control policy set) of the lower layer. cps must describe: access subject (access subject), access resource (r), access authority (p), access permission (p), environment access time (t), and supplemental extension (extension). Among the network managers is a policy manager, which contains a set of resource-allowed access control policies CPS, which must also describe: access subject s, (access subject), access resource r, (access resource), access authority p, (access permission), environment access time t, (environment time), and supplemental extension e (extension).
Wherein r ═ { r ═ riDenotes a number of resources that can be accessed;
s={sjdenotes a plurality of access subjects;
cps={cpkthe expression indicates that the access control strategy set consists of a plurality of access control strategies;
p ═ { r | w | m }, r denotes read-only, w denotes writeable, and m denotes modifiable;
t ═ bt, et], bt denotes the start time (begin time) of the resource access, et denotes the end time (end time) of the resource access;
cpk=ri∧sjΛ p t e represents an access control strategy.
The context handler will compare CPS with CPS by means of policy decision points, which will need to do the following:
match(cps,CPS)={dec
1,dec
2,...,dec
i}
if and only if
(cp
k∈CPS,r
i∈cp
k),dec
i=true;
And for normal communication data, the access strategy is handed to an upper application service layer for task processing only after meeting the condition.
(3) Secure communication between two parties
The network user GE sends its job request to the network service provider GP:
wherein req (inf o) is subjected to the following operations
req(inf o)=Encry(Sign(inf o,GCprkey),key)+Encry(key,keypbkey)
Where info ═ data, cp) denotes a normal communication data and resource access control policy, GCprkeyRepresented as the private key of the network user, and key represented as the symmetric key of the encryption info, keypbkeyDenoted as the public key used to encrypt the key, Encry is the encryption function and Sign is the signature function.
After receiving the signed and encrypted job request, the network service provider GP restores the original communication data inf o, which needs to go through the following operations:
inf o=Verify(Decry(req,Decry(req-Encry,keyprkey)),GCpbkey)
wherein, keyprkeyDenoted as private key, GC, used to decrypt out the keypbkeyExpressed as the public key of the network user, Verify is the verification signature function, and Decry is the decryption function.
Similarly, the GP of the network service provider processes the response resp like the GC, and processes the response resp like the GP of the GC.
(4) The network manager provides data and processes the data respectively
The Peer-to-Peer network application layer maps to the Peer Peer corresponding to the resource according to the matching result of the access control strategyiThe method comprises the following steps:
map(deci,Peeri)=send(taski,Peeri),while(decitrue); where send (a, B) indicates moving a to node B.
The forming scheme of the service network security architecture based on peer-to-peer computing introduces the network and web service security concepts into the security architecture, and is formed by combining network security specifications, which specifically comprises the following steps: the network user requests job processing:
1) the network user starts the network client program, opens the user interface of the network application layer, at this time, the background starts to start the daemon process of the network user end,
2) a network user enters a job request and access control policy in a user interface,
3) the daemon process at the network user end converts the access control strategy submitted by the network user into the format of extensible markup language,
4) the daemon process at the network user end encrypts the access control strategy according to the encryption flow of the extensible markup language,
5) the daemon process on the network user side combines the access control strategy encryption file and the job request into a simple object access protocol request message,
6) a daemon process at the network user end generates a symmetric key,
7) the daemon process at the network user end uses the symmetric key generated in the step 6) to symmetrically encrypt the whole file generated in the step 5) by using the simple object access protocol,
8) the symmetric key is asymmetrically encrypted and,
9) transmitting the encryption key generated in the step 8) and the ciphertext generated in the step 7) to a network server side through a simple object access protocol;
the network service terminal processes the user job request:
10) the network server receives the simple object access protocol message request to obtain an encryption key and a ciphertext,
11) the network service end carries out asymmetric decryption on the encrypted key to obtain a symmetric key, once decryption fails, the execution result of the operation request of the network user is that 'asymmetric decryption of the symmetric key fails, the sent message is tampered' and the step 18 iscarried out,
12) the network server side symmetrically decrypts the ciphertext by using the symmetric key, refuses the processing request and writes the processing request into the security log once the communication message is found to be tampered, the execution result of the operation request of the network user is 'the symmetric decryption of the key fails, the message is sent to be tampered' and the process goes to the step 18),
13) the network server decrypts the encrypted access control strategy by using the extensible markup language to obtain the access control strategy,
14) the network server side obtains the access control strategy in the step 13) to carry out strategy matching with the access control strategy set, if the access control strategy is not accordant with the access control set, the execution result of the operation request of the network user is 'the access control strategy is not accordant', the step 18) is carried out,
15) the network server starts a peer-to-peer computing client,
16) the network server side sends the job request and the resource matching result to the peer-to-peer network client side for processing,
17) the peer-to-peer network client sends the result of the executed job to the network server,
18) the network server generates a simple object access protocol message response to the network user operation request, selects whether security is required for the execution result, and can encrypt the simple object access protocol message response if security is required; and if high security is not needed, directly returning the execution result to the network client.
Has the advantages that: the method provides a forming scheme of a service network security architecture based on peer-to-peer computing, and aims to solve the problem of distributed computing by combining a peer-to-peer computing technology and a network technology of a new computing technology and to emphasize the security in the implementation process of the whole architecture. The method provided by the invention is not a simple listing of safety standards, but arranges the safety standards logically and hierarchically to realize various safety guarantees in the network. Specific explanations are given below.
Safety guarantee of communication messages: this is done based on web services security standards. One of the biggest drawbacks of the currently used transport level security protocols, such as the secure socket layer, is performance, especially when only a portion of the simple object access protocol messages need to be encrypted, and transport layer encryption does not allow secure routing of the messages through the web service as an intermediary, since the messages need to be decrypted by the intermediary before it can be delivered to the final recipient in a new encrypted stream. In the method of the invention, the web service security of the emerging security standard is adopted, which describes the improvement of simple object access protocol messages, provides protection capability through message integrity, message confidentiality and single message authentication, and simultaneously provides a general mechanism for the association of a security token and a message. The goal of web services security is to enable applications to build secure simple object access protocol message exchanges, achieving end-to-end message-level security (more than transport-level security).
Resource access control based on extensible access control markup language: compared with other policy description languages, the extensible access control markup language is based on the characteristics of the extensible markup language that the proposed access control policy has platform independence and can be recognized by a user and a computer at the same time. The readability of the document is improved by representing the resource access control strategy proposed by the user by using an open language of an extensible access control markup language.
Convergence of network services with peer-to-peer networks: the service network connects loosely coupled network services together, and needs to effectively utilize idle resources in each virtual organization domain, so in the proposed system, the network service end is also a client end of peer-to-peer computing. The method for realizing network service in the peer-to-peer computing environment is an ideal solution, which not only efficiently utilizes a large amount of existing idle resources, but also improves the cooperative work capacity and the computing capacity of the network.
Detailed Description
For convenience of description, we have the following application examples:
when a network user (denoted by A) submits a job request (denoted by T) and a resource access control policy (denoted by P) to a network server (denoted by B) and requires to calculate the prime number of an arbitrary number field, the specific implementation is as follows:
the network user A requests job processing:
1.) the network user A starts the network client program, opens the user interface of the network application layer, at this time, the background starts to start the daemon process of the network user,
2.) the network user a enters the job request T and the access control policy P in the user interface,
3.) the daemon process at the network user end converts the access control strategy P submitted by the network user into a format of extensible markup language,
4.) the daemon process at the user end of the network encrypts the access control strategy P according to the encryption flow of the extensible markup language,
5.) the daemon process on the user side of the network combines the access control strategy encryption file and the job request T into a simple object access protocol request message,
6.) a daemon process at the user end of the network generates a symmetric key,
7.) the daemon process at the user end of the network carries out simple object access protocol symmetric encryption on the whole file generated in the step 5) by using the symmetric key generated in the step 6),
8.) the symmetric key is asymmetrically encrypted,
9.) the encryption key generated in the step 8) and the ciphertext generated in the step 7) are transmitted to the network server B together through a simple object access protocol;
the network server B processes the user job request:
10.) the network server B receives the simple object access protocol message request, obtains the encryption key and the ciphertext,
11.) the network service end B asymmetrically decrypts the encrypted key to obtain a symmetric key, and once decryption fails, the execution result of the operation request T of the network user A is that 'asymmetric decryption of the symmetric key fails, sending message is tampered' and goes to step 18),
12.) the network server B decrypts the ciphertext symmetrically by using the symmetric key, refuses the processing request and writes the security log once the communication message is found to be tampered, the execution result of the operation request of the network user a at this time is 'key symmetric decryption failure, sending message is tampered' and goes to step 18),
13.) the network server B decrypts the encrypted access control strategy by using extensible markup language to obtain an access control strategy P,
14.) the network service terminal B obtains the access control strategy P in the step 13) to carry out strategy matching with the access control strategy set, if the access control strategy P does not accord with the access control set, the execution result of the operation request of the network user A at this time is 'access control strategy does not accord' and then the step 18 is carried out),
15.) the network server B starts a peer-to-peer computing client,
16.) the network server B sends the job request T and the resource matching result to the peer-to-peer network client for processing,
17.) the peer-to-peer network client sends the result of the executed job to the network server B,
18.) the network server B generates a simple object access protocol message response to the operation request T of the network user A, selects whether security is required for the execution result, and if security is required, the message response can be encrypted by a simple object access protocol; and if high security is not needed, directly returning the execution result to the network client.