CN102065127A - Cross-layer trust certificate group management mechanism-based trusted P2P file sharing service node selection method - Google Patents
Cross-layer trust certificate group management mechanism-based trusted P2P file sharing service node selection method Download PDFInfo
- Publication number
- CN102065127A CN102065127A CN2010105599834A CN201010559983A CN102065127A CN 102065127 A CN102065127 A CN 102065127A CN 2010105599834 A CN2010105599834 A CN 2010105599834A CN 201010559983 A CN201010559983 A CN 201010559983A CN 102065127 A CN102065127 A CN 102065127A
- Authority
- CN
- China
- Prior art keywords
- node
- trust
- group
- resource
- trusted certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a cross-layer trust certificate group management mechanism-based trusted peer-to-peer (P2P) file sharing service node selection method. The effectiveness of node trust values and the reliability of node identities are ensured by a trust certificate issued by an authoritative trust management system; the trust certificate comprises trust values obtained by calculating parameters such as node basic information, intra-domain safety facility reference information, node routing behaviors and the like, and has cross-layer reference significance; participation nodes are grouped according to an issuing mechanism of the trust certificate, and nodes in the same group endow one another with a higher group trust value; resource nodes are selected by referring to the trust values, local trust strategies, local trust histories and group trust values of the resource nodes; and after a downloading service is finished each time, the performance of the resource nodes is fed back and stored, and the trust values of the resource nodes are updated.
Description
Technical field the present invention is to use a kind of based on the management and group mechanism of striding layer trusted certificate, and P2P file-sharing business is improved.Belong to P2P network trust management domain.
Background technology is in recent years along with the fast development of computer network and Internet reaches online use increasing, the P2P network with its flexibly, can expand, characteristics such as convenient and efficient, and go from strength to strength based on the file-sharing business of P2P system, make the P2P network become the research focus of computer realm gradually.But because the essence of P2P network opening, anonymity and dynamic, the risk of concluding the business between node is bigger, be difficult to provide reliable service quality to guarantee that information sharing faces very big safety problem, these have all seriously restricted P2P the network particularly extensive use and the development of shared file system.
In the P2P network, it is spontaneous, autonomous that node participates in network, and each node can arbitrarily be ended service, and different nodes provide service ability and reliability also inequality, caused the enough trust security relationships of shortage between the node.Therefore, there are a large amount of frauds and insecure service quality in the network, greatly reduce the availability of network.For example, in the P2P of resource-sharing network environment, can have some selfish nodes, just utilize or take the resource of other nodes, and any resource is not provided, these nodes are called as Free Rider node.Also may exist some malicious nodes that false malice resource or the modes such as malicious attack by dishonest feedback being provided, conspiring swindle and implement to have strategy are provided, attempt to upset and influence the normal operation of system.
In P2P network shared files system, its target is to make full use of various possible terminal systems participations in the Internet environment, collaborative and finish large-scale resource-sharing apace, its prerequisite is to set up good trusting relationship and download policy efficiently each other.Trusting relationship selects node download/upload resource particularly important for shared service, selects the degree of belief height, finishes fireballing cooperative node and can improve reliability and the success rate that business is finished.
Summary of the invention the objective of the invention is to adopt trusted certificate, the group mechanisms under the P2P network trust management system environments that node selection mode in the file-sharing business is optimized.
The method of selecting at the file-sharing service node in the trust management system of mentioning both at home and abroad at present all can not solve the problem that information is effectively shared well.The comprehensive method of a cover that proposes the comprehensive more current research focuses of the present invention improve the current file shared service safe, reliably reach efficiency.Mainly in conjunction with trusted certificate, group mechanisms and access control policy, and the advantage of Min-Min algorithm, on the basis of original node selection algorithm of BT agreement and blocking algorithm, a kind of system of selection based on the credible P 2 P shared file system service node of striding layer trusted certificate group mechanisms has been proposed.
Some definition of specific implementation process need:
[definition 1]: trusted certificate
Trusted certificate is a kind of of digital certificate, and it has not only comprised the static trust value of node, has also comprised some other abundant trust information, and these trust information can be used as mutual preceding strong reference frame between each main body.The trusted certificate particular content that the present invention adopts comprises: version (Version), sequence number (Serial Number), signature algorithm identifier symbol (Signature Algorithm), issuing unit (Issuer), trust the term of validity (Validity), main body name (Subject), the static trust value (Trust Value) of main body, extension field (Extension).The concrete behavior and the time of trusted certificate and node are closely related, are dynamic changes, and life cycle is very short.Trusted certificate binds together node identification and trust information, and (TMS) examines and sign and issue and manage by trust management system.
What the trusted certificate of mentioning both at home and abroad at present solved is to trust and mistrustful problem, that is has the certificate explanation to trust, and it is mistrustful not having certificate.Stress application among the present invention, promptly solved the problem how group manages, solved the problem of transmission trust value and access control voucher again at trusted certificate.A trust management center is arranged in each territory, only be responsible for the audit of this territory interior nodes trusted certificate and sign and issue, can not sign and issue the trusted certificate of entity in other territory.This has all proposed effective solution for the problem of signing and issuing of trusted certificate in the territory and between the territory.
[definition 2]: the static trust value of main body
Though above-mentioned trusted certificate content is comparatively simple, its important function is the validity of carrying out management and group and guaranteeing node trust value and identity.The static trust value of main body is a numerical value, it is not only trust whether embodiment, but the embodiment of trusting degree, it has not only embodied the mutual situation of P2P file-sharing operation layer, and writing down the relevant information of node according to the route layer, comprise antivirus server in the territory, intruding detection system, safety devices reference informations such as vulnerability scanning system, various parameter situations calculating such as node route behavior form, TMS is according to these situations static trust value in the credentials joint of new node more, the dynamic trust value of coming out in conjunction with the associated information calculation of archives nodes records, carry out service interaction with reference to two numerical value, have higher reference value.
[definition 3]: archives node, dynamic trust value and comprehensive trust value
Node is as the archives node of node P, the related data of its record node P; Check the interactive information that other nodes are submitted to, promptly after downloading service was finished, the record feedback was trusted relevant information, and makes renewal; The dynamic trust value of computing node P.The value of using dynamic trust value and static trust value to calculate according to computation model is comprehensive trust value.
[definition 4]: resource node, conservation of resources node
The node that has required downloaded resources.Node is as the Maintenance Point of resource S, and the information of its maintenance resources node is safeguarded after downloading node finishes resource downloading the evaluation to resource.
[definition 5]: file sheet, blocks of files
A file is divided into a lot of sheets usually in transmission, be that unit of account transmits then with the sheet, and normally 256K a slice is a file sheet.Calculating between the node when having transmitted how many file sheets and calculate with this unit, still when the transmission of reality, usually this a slice is divided into a lot of fritters more again and transmits, is a blocks of files such as the every fritter of 16K.
Group divides with the territory, and promptly all nodes in territory are one group, and the reason of Hua Fening is when carrying out resource lookup like this, and these nodal distances are nearest, and speed of download is the fastest; And they have unified TMS to manage, the administrative standard unanimity; Have unified safety means to control in this territory, rule is consistent, fair management.
Trusted certificate is issued at trust management center by authority, guarantee the authentic and valid of trust value and node identity, in service node is selected, with reference to the trust value that checks out the node that has resource, and in conjunction with local trust history, formulate local trusted policy, decide and choose which node and download, use trusted certificate control negotiation that conducts interviews with it.Preferential selection group interior nodes can be collected recommendation trust so effectively, reduces malice and recommends trusting the influence of calculating.After each downloading service is finished, be that the performance of resource node is fed back and storing history to resource provider, in order to upgrade the trust value of resource node.
In the file-sharing business, use trusted certificate that service node is selected to play critical booster action, improved service success rate effectively.The present invention proposes under the P2P network environment a kind of based on node selecting method in the file-sharing business of trust management system.Use trusted certificate to carry out management and group, wherein carry out the process of service negotiation between node, use trusted certificate to guarantee the authentic and valid of node trust value and identity thereof.And in selecting the download uploading nodes, reference node trust value and local trusted policy are made decision, and have shielded the attack of malicious node effectively, have improved professional success rate.
Description of drawings is below in conjunction with the drawings and specific embodiments, and the present invention is described in further detail.
Fig. 1 is to be the trust management system framework of unit with the group under the P2P shared file system environment that adopts of the present invention;
Fig. 2 is the credible P 2 P shared file system framework that the present invention proposes.
Fig. 3 is the flow process based on the downloading service of credible P 2 P shared file system of trusted certificate management and group mechanism that the present invention proposes.
Fig. 4 be the present invention propose select flow process based on resource node in the credible P 2 P shared file system of trusted certificate management and group mechanism.
Embodiment
It is the trust management system framework of unit that Fig. 1 has represented under the P2P shared file system environment that the present invention adopts with the group.When node initializing adds system, transmit relevant static parameter and give TMS, TMS issues trusted certificate and gives this node, calculates the static trust value of main body by static parameter.Choose group other group names of trust record nodes records and and group in some node malfeasances cause cancelling of trusted certificate to wait behavior and quantity (just with the trust value of these calculating groups, evaluate the quality of group), for group, when transaction takes place group's internal node, whether cooperate according to trust value and the behavior decision of each member in the group; When transaction takes place node between the group, except that the node trust value, whether cooperate in conjunction with the trust information decision of group's trust record nodes records group.
Fig. 2 is the credible P 2 P shared file system framework that the present invention proposes.It is that the archives node is responsible for collector node and is finished professional back provides service to resource owner evaluation that some nodes are arranged in the trust management system, change into trust information, the archives node carries out the data mode processing to it, according to selected calculated with mathematical model trust value, and be stored in the local data base.
Trusted policy plays directive function to the calculating of trust value.Therefore provide the trust negotiation interface to the downloaded resources node.Download node and from conservation of resources node, inquire about the node listing that has resource, obtain the trust value of corresponding node in the node listing with corresponding archives node negotiation.And select the node download of holding consultation according to trust value and local policy.
Considering actual operation flow, is example with a downloading service, operation flow such as Fig. 3, selection flow process such as Fig. 4 of resource node.
1 resource request
Behind the Resources list that the download node of request resource obtains oneself to want by index node, arrange according to estimating height, appended document size after the resource, issuing time, the publisher, download time, the last activity time, favorable comment, difference is commented.
2 nodes are selected
(1) selects after the resource and safeguard that the conservation of resources node of this resource asks for resource node.
(2) obtain the resource node tabulation from conservation of resources node after, check whether to exist and also download the blocks of files of finishing, if having then (in case asked the sub-segment of certain sheet, the remaining sub-segment of this sheet preferentially is requested so according to the priority of strictness.Like this, complete sheet of acquisition that node can be fast as far as possible is so that provide download service to other node as soon as possible) download.
(3) if there is no do not download the blocks of files of finishing, acquisition has the certificate of the resource node of this resource and (asks for to TMS, parameter is the ID of node), obtain the group at its place, if (in each territory, look for two group's trust record points, be similar to the archives node of node, so just can obtain group's trust value).Can obtain the TMS title according to certificate, follow comparing of oneself, the preferential interior node (trust value meets certain interval) of oneself group of selecting, because the nodal distance in oneself organizing is nearest, speed of download is the fastest.And same group node is under the control of identical TMS management and identical equipment, and the group member can effectively share trust information, and the malice recommendation of other group nodes is had resistancing action preferably.
Node is not on the same group taken all factors into consideration its node trust value and group's trust value and is selected to download.Selection meets the interior group of the group exterior node in trust value interval, puts successively to these and sends the request of negotiation of downloading, the node that the selection feedback is the fastest.
(4) if first download, according to the method for top similar selection node, select to have the file fragment that has at certain comprehensive node of trusting in the codomain of this resource at random, in order to obtain first as early as possible, comprehensive trust codomain herein will be low a bit.
(5) if not first, according to minimum priority principle, promptly add up the number of times of the file sheet appearance that download is finished in the node, in the minimum file sheet tabulation of occurrence number, select a file sheet at random, until finishing download.
3 download negotiation
Use trusted certificate to carry out alternately when downloading with the node request that has resource.If resource node allows, just transmit.Resource node can be checked the static trust value of downloading node, just provides upload service between certain trusted domain.
4 service management
Based on the service management of trust management system, different with other service management.Between certain service period, download node except sending resource request, selection resource and node, also need to finish service management work such as business monitoring, service dispatching.When business monitoring, if certain node occurring abnormal conditions such as off-line occur, need time update to find the continuous biography of other node corresponding, promptly consult once more according to identical selection strategy, guarantee that this downloading service can continue to carry out.
5 results feedback
Business is finished each time, after download is finished, downloads node and will carry out the two-stage evaluation to resource and transaction node.Quality user according to resource carries out subjective assessment, feeds back to conservation of resources node, and it is writing down the relevant evaluation of other nodes to this resource.Ease for use, fault-tolerance, operational efficiency and success rate according to the stability of node, honesty, resource reliability of operation, resource, service quality that is obtained during download (response time, speed of download, the network bandwidth) or the like, evaluation to resource node is placed in its archives node, dynamically updates trust information.
Claims (4)
1. one kind based on the credible P 2 P file-sharing service node system of selection of striding layer trusted certificate management and group mechanism, it is characterized in that adopting management and group mechanism to carry out the selection of service node based on the node trust value; The management of group is based on the trusted certificate of node; Trusted certificate is issued by authoritative institution, has the characteristic of striding layer.
2. as the said credible P 2 P file-sharing service node system of selection of claim 1 based on trusted certificate management and group mechanism, it is characterized in that be that trusted certificate is issued and managed to each node of access network by the trust management system in each territory as authoritative institution, this trusted certificate comprises by the node essential information, antivirus server in the territory, intruding detection system, safety devices reference informations such as vulnerability scanning system, the trust value that calculation of parameter such as node route behavior form, have the reference significance of striding layer, guarantee the validity of node trust value and the reliability of node identity.
3. said based on the credible P 2 P file-sharing service node system of selection of striding layer trusted certificate management and group mechanism as claim 1, the node that it is characterized in that participating in P2P file-sharing business divides into groups according to the promulgation mechanism of its trusted certificate, give higher each other group's trust value between same group node, at first selected.
4. as the said credible P 2 P file-sharing service node system of selection of claim 1, it is characterized in that downloading node and select resource owner according to comprehensive trust value based on trusted certificate management and group mechanism.Download node when carrying out the resource node selection, having trust value, place group and resource in the node trusted certificate according to resource has node and participates in this professional historical record other nodes to the evaluation of its behavior, calculate the comprehensive trust value that resource has node with reference to local trusted policy, select the high resource of comprehensive trust value to have node and download.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105599834A CN102065127A (en) | 2010-11-26 | 2010-11-26 | Cross-layer trust certificate group management mechanism-based trusted P2P file sharing service node selection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105599834A CN102065127A (en) | 2010-11-26 | 2010-11-26 | Cross-layer trust certificate group management mechanism-based trusted P2P file sharing service node selection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102065127A true CN102065127A (en) | 2011-05-18 |
Family
ID=44000226
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105599834A Pending CN102065127A (en) | 2010-11-26 | 2010-11-26 | Cross-layer trust certificate group management mechanism-based trusted P2P file sharing service node selection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065127A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051645A (en) * | 2011-10-11 | 2013-04-17 | 电子科技大学 | Packet-based incentive mechanism in P2P (Peer to Peer) network |
| CN105550539A (en) * | 2015-12-14 | 2016-05-04 | 四川九成信息技术有限公司 | Big data resource protection method |
| CN108280178A (en) * | 2018-01-22 | 2018-07-13 | 南京市城市规划编制研究中心 | A kind of multi-platform space information resource cooperated sharing method |
| CN110506413A (en) * | 2017-04-03 | 2019-11-26 | 哈曼国际工业有限公司 | For network equipment safety and trust the determining system and method for score |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1805449A (en) * | 2006-01-13 | 2006-07-19 | 南京邮电大学 | Trusted model based dynamic role access control method |
| CN101094060A (en) * | 2006-06-19 | 2007-12-26 | 上海新纳广告传媒有限公司 | Authorization method for point-to-point network |
| US20080025516A1 (en) * | 2006-07-28 | 2008-01-31 | Nec Infrontia Corporation | Client server distributed system, server apparatus, client apparatus, and inter-client rtp encrypting method used for them |
-
2010
- 2010-11-26 CN CN2010105599834A patent/CN102065127A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1805449A (en) * | 2006-01-13 | 2006-07-19 | 南京邮电大学 | Trusted model based dynamic role access control method |
| CN101094060A (en) * | 2006-06-19 | 2007-12-26 | 上海新纳广告传媒有限公司 | Authorization method for point-to-point network |
| US20080025516A1 (en) * | 2006-07-28 | 2008-01-31 | Nec Infrontia Corporation | Client server distributed system, server apparatus, client apparatus, and inter-client rtp encrypting method used for them |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051645A (en) * | 2011-10-11 | 2013-04-17 | 电子科技大学 | Packet-based incentive mechanism in P2P (Peer to Peer) network |
| CN105550539A (en) * | 2015-12-14 | 2016-05-04 | 四川九成信息技术有限公司 | Big data resource protection method |
| CN110506413A (en) * | 2017-04-03 | 2019-11-26 | 哈曼国际工业有限公司 | For network equipment safety and trust the determining system and method for score |
| US11425133B2 (en) | 2017-04-03 | 2022-08-23 | Harman International Industries, Incorporated | System and method for network device security and trust score determinations |
| CN108280178A (en) * | 2018-01-22 | 2018-07-13 | 南京市城市规划编制研究中心 | A kind of multi-platform space information resource cooperated sharing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Li et al. | Blockchain-based trust management in cloud computing systems: a taxonomy, review and future directions | |
| US11205172B2 (en) | Factom protocol in blockchain environments | |
| Koteska et al. | Blockchain implementation quality challenges: a literature | |
| Huang et al. | When blockchain meets distributed file systems: An overview, challenges, and open issues | |
| CN109726887B (en) | Mobile crowdsourcing data acquisition and processing system and method based on block chain | |
| Wang et al. | Blockchain-based federated learning: A comprehensive survey | |
| Xiong et al. | Peertrust: Supporting reputation-based trust for peer-to-peer electronic communities | |
| Conner et al. | A trust management framework for service-oriented environments | |
| Srivatsa et al. | TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks | |
| Firdhous et al. | Trust management in cloud computing: a critical review | |
| Li et al. | Scalable feedback aggregating (SFA) overlay for large-scale P2P trust management | |
| Hamdaoui et al. | IoTShare: A blockchain-enabled IoT resource sharing on-demand protocol for smart city situation-awareness applications | |
| Huang et al. | Resource allocation and consensus of blockchains in pervasive edge computing environments | |
| SG181929A1 (en) | Method and system for relating network application | |
| CN101136916A (en) | P2P transmission method based on roles and credit access control mechanism | |
| CN102065127A (en) | Cross-layer trust certificate group management mechanism-based trusted P2P file sharing service node selection method | |
| Wang et al. | A fast and secured vehicle-to-vehicle energy trading based on blockchain consensus in the internet of electric vehicles | |
| Gu et al. | Autonomous resource request transaction framework based on blockchain in social network | |
| Khan et al. | Enhanced decentralized management of patient-driven interoperability based on blockchain | |
| Benkerrou et al. | Credit and honesty-based trust assessment for hierarchical collaborative IoT systems | |
| Bellaj et al. | Btrust: A new blockchain-based trust management protocol for resource sharing | |
| Nguyen et al. | Analysis of distributed ledger technologies for industrial manufacturing | |
| Ansari et al. | Score-based Incentive Mechanism (SIM) for live multimedia streaming in peer-to-peer network | |
| CN112463881A (en) | Efficient block chain system and processing method for cloud edge aggregation computing environment | |
| Dorri et al. | Blockchain for Cyberphysical Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110518 |