CN102916928A - Method for protecting safety of nodes in P2P (peer-to-peer) system - Google Patents
Method for protecting safety of nodes in P2P (peer-to-peer) system Download PDFInfo
- Publication number
- CN102916928A CN102916928A CN2011102184881A CN201110218488A CN102916928A CN 102916928 A CN102916928 A CN 102916928A CN 2011102184881 A CN2011102184881 A CN 2011102184881A CN 201110218488 A CN201110218488 A CN 201110218488A CN 102916928 A CN102916928 A CN 102916928A
- Authority
- CN
- China
- Prior art keywords
- node
- nodes
- trust value
- network
- credit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for protecting the safety of nodes in a P2P (peer-to-peer) system. The method includes steps that safety protection servers and database servers in a network are initialized, each database server records information of nodes surrounding a node corresponding to the database server, and during data interaction, trust values which are generated by users or automatically to evaluate the connected nodes are received by the database servers; the nearest safety protection server is connected with a certain node at first when the certain node needs to be subjected to data interaction with the network, and the safety protection server inquires the information of the nodes surrounding the certain node in the network via the corresponding database server, selects multiple nodes with the trust values lower than or equal to a threshold value and notifies the certain node; and the multiple nodes are respectively entrusted and certified by a certificate authority CA, and if the nodes are certified successfully, the certain node is subjected to data association with the multiple nodes certified successfully.
Description
Technical field
The present invention relates to the security of network and information field, the method for protection node security in a kind of P2P system.
Background technology
P2P is the abbreviation of English Peer-to-Peer (equity), and " point-to-point " is otherwise known as." equity " technology is a kind of new network, relies on computing capability and the bandwidth of participant in the network, rather than all is gathered on less several station servers relying on.P2P becomes rapidly one of hot issue that computer circle pays close attention to, and Fortune Magazine is more classified P2P as one of four science and technology that affect Internet future.
The P2P technical transmission has great advantages, and high such as resource utilization, the network that increases of node can be more stable, and information is directly exchange between peer node, at a high speed in time, reduces the transfer cost.Thereby so that the P2P technology is shared at network file, have huge application prospect aspect Distributed Calculation, cooperative system, ecommerce etc.
But anything all is the two sides body of contradiction, and the P2P technology also has the problem aspect a lot of information securities really in reality.
Current, the P2P business of Internet-based often lacks effective identification and information management, causes the flames such as a large amount of reactions, illegal, harassing and wrecking to propagate in network.The thing followed be family, society, government for the worry of broadband network development, business development has brought disadvantageous negative influence to P2P.
In addition because P2P often allows any computer interconnected, must there be some unique people to utilize the P2P operation system or the idiophrenic leak of electricity is invaded user computer, obtain important information or destroy, cause loss difficult to the appraisal to the user.In addition, many viruses, wooden horse also overflow by the P2P system, the fail safe of heavy damage user terminal.At present, have file 20% or more in the file of downloading by P2P at least all with virus, thereby affected P2P in the in the eyes of image of user, cause a lot of enterprises to limit even ban use of P2P.
Summary of the invention
The invention provides the method for protection node security in a kind of P2P system, in order to reducing the information security issues such as virus, wooden horse and privacy compromise, thereby reach the fail safe that improves communication, the purpose of protection node security.
For achieving the above object, the invention provides the method for protection node security in a kind of P2P system, the method may further comprise the steps:
Safeguard protection service device and database server in the initialization network, near the nodal information in the database server record network each node, and when interaction data, accept user or automatic trust value evaluation to connected node;
When certain node need to be with the network interaction data, connect first from its nearest safeguard protection service device, this safeguard protection service device is selected trust value to be no more than a plurality of nodes of setting threshold, and is notified this node by near the nodal information this node in the database server requester network;
Respectively a plurality of nodes are carried out Entrusted authentication by the ca authentication center, if authentication success carries out data interconnection with the node of authentication success in this node and a plurality of node.
Better, recorded information comprises distance and node trust value size between this node IP, the node.
Better, the number of a plurality of nodes is no more than the setting amount threshold.
Better, the formula of nodes belief updating is: Credit (pi)=[2*Credit (pij)+(n-1) * Credit (pi) ']/(n+1), wherein, the trust value size of Credit (pi) node i, n is behind this node success identity and the number of times of the mutual the transmission of data of other node.Credit (pi) ' is the trust value that has the node i last time, the arbitrary node that the j representative is connected with node i, and Credit (pij) is after finishing connection between node i and the arbitrary node j, the trust value by node j evaluation that node i obtains.
The middle effect of security server in the middle of above-described embodiment is taked, and utilize the node trust value to distinguish trusted node and safe node.A visible part trusted node between the node that request connects.Also needed authentication before node and internodal the connection, and authentication is the mode of the Entrusted authentication by the ca authentication center.More than these measures increased greatly Security of the system, reduced the information security hidden danger that P2P system in the past exists.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art, apparently, accompanying drawing in the following describes only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is one embodiment of the invention P2P network system schematic diagram;
Fig. 2 is the method flow diagram of protection node security in the P2P system according to an embodiment of the invention;
Fig. 3 is the method schematic diagram that improves the node security protection in the P2P system of a preferred embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not paying the every other embodiment that obtains under the creative work prerequisite.
Fig. 1 is one embodiment of the invention P2P network system schematic diagram.As shown in Figure 1, in the present embodiment, the main thought that improves the method for node security in the P2P system is to dispose safety protective coverall affair device in the P2P network.When each Peer wants to carry out data interaction with network; remove first to connect safeguard protection service device; after safeguard protection service device carries out corresponding computing through the Query Database server; return that the some that is no more than setting threshold can connect and the reliable information of Peer node, this Peer removes to connect the reliable Peer node that these return again.When Peer and Peer are interconnective simultaneously, also carry out the Entrusted authentication work by the ca authentication center.
Fig. 2 is the method flow diagram of protection node security in the P2P system according to an embodiment of the invention.As shown in Figure 2, the method may further comprise the steps:
S102, safeguard protection service device and database server in the initialization network, near the nodal information in the database server record network each node, and when interaction data, accept user or automatic trust value evaluation to connected node;
S104, when certain node need to be with the network interaction data, connect first from its nearest safeguard protection service device, this safeguard protection service device is by near the nodal information this node in the database server requester network, select trust value to be no more than a plurality of nodes of setting threshold, and notify this node;
S106 carries out Entrusted authentication to a plurality of nodes respectively by the ca authentication center, if authentication success carries out data interconnection with the node of authentication success in this node and a plurality of node.
In the present embodiment; after initialization safeguard protection service device and corresponding database server; the action of safeguard protection service device and corresponding database server is; safeguard protection service device is according to the information of the node around this requesting node that returns of respective database servers; thereby calculating this requesting node should be connected with the node which has accumulated certain trust value; these nodes that added up certain trust value can be thought the safe node that can be attached thereto; these that return simultaneously possess the number of nodes of certain trust value; can be set as less than some threshold values; purpose is exactly that this P2P network is incomplete open to this node; this requesting node is seen part Peer node only for whole P2P network, and the part that can see is through calculating the node that possesses certain safe trust value condition that gets behind safeguard protection service device and the database server interaction data.These nodes possess certain trust value, can think node believable and that can be attached thereto.The quantity of these nodes can be set as the amount threshold that is not more than setting simultaneously.
The information of the database server stores that is connected with safeguard protection service device comprises this P2P topology of networks, the distance between the IP of each node, each node, the information such as the trust value of node.These information are constantly updated, such as have newly added node in the network, and when perhaps certain node was removed away, this database was all wanted upgrading of real-time or timing.Database server can carry out initialization in initial, and add to advance the information of some nodes, then at every turn after certain node and certain node successful connection are complete, new trust value after will connecting specifically after estimating mutually again and trust value in the past are through after certain computing, calculate new trust value, then upgrade in the database.
The formula of nodes belief updating is: Credit (pi)=[2*Credit (pij)+(n-1) * Credit (pi) ']/(n+1), wherein, the trust value size of Credit (pi) node i, n is behind this node success identity and the number of times of the mutual the transmission of data of other node.Credit (pi) ' is the trust value that has the node i last time, the arbitrary node that the j representative is connected with node i, and Credit (pij) is after finishing connection between node i and the arbitrary node j, the trust value by node j evaluation that node i obtains.
The mechanism of estimating mutually can be automatic or manual evaluation.The mechanism of evaluation is such, after the mutual evaluation of two nodes is finished, manually estimates mutually by both party marking first, and range of value is-10 to 10 minutes.If manually do not give a mark, system is automatically according to following rule marking so:
Success connect and the middle situation that does not have a disconnection reconnecting under finish transmission, made so 10 scores;
Successfully connection, and the transmission of data is finished, but occurs the disconnection reconnecting phenomenon in the transmission course, and this mark is 10-20* (x/N) so, and wherein x is actual broken string number of times, and N is the broken string number of times of permitted maximum.If x numerical value surpasses N, then last marking is for-10;
If successfully do not connect, then marking-10;
If successfully connect, but do not transfer, then system default is not given a mark, and can manually be given a mark voluntarily or not given a mark by the user.
Safeguard protection service device finds near this node and node that possess certain trust value after receiving certain node request, then returns these nodes.In the time of the initial launch system, the trust value of setting each node all is 0 value, in the process of selecting so not with reference to trust value.
When this node connects with the trusted node that is connected, need to carry out certification work between node and the node.The certification work here is because will consider the reason of information security, so take the method by the Entrusted authentication at ca authentication center.
The digital certificate that the ca authentication center will comprise the PKI of distributing to this node and this node identity information when initial is issued each node in the network.
Entrusted authentication is that the first node is when needing to be connected with the second node, the first node will be issued the very high ca authentication center of trust value to the digital signature of own identity information first, the ca authentication center is by the PKI decrypted digital signature of first node, if the identity information in the certificate of this node that preserve at the information that separating signs obtains and ca authentication center is consistent, the identity of first node has just been confirmed at the ca authentication center so.After the certification work that has carried out the first node, the ca authentication center authenticates the second node with same procedure again at the ca authentication center.All behind the authentication success, proved that after the identity of the first and second nodes, first and second liang of nodes communicate again.By the middle Entrusted authentication work at ca authentication center, degree of safety has just increased greatly like this.
And because connect the node of P2P network here for certain request, only need this node to see and be connected the node that can connect that is no more than setting threshold, so between the node of these limited quantities, use Entrusted authentication, its impact for efficient is smaller, and can increase greatly degree of safety.
Fig. 3 is the method schematic diagram that improves the node security protection in the P2P system of a preferred embodiment of the invention, and as shown in Figure 3, it may further comprise the steps:
1) at first the system manager disposes safety protective coverall affair device in the P2P network; and the nodal information in database server in this P2P network of typing, this P2P topology of networks information; and the trust value of each node of initialization is 0, sets simultaneously each threshold value (maximum return node number, maximum broken string number of times, the minimum trust value of node etc. of allowing).The digital certificate that simultaneously ca authentication center will comprise each node PKI and identity information sends to each interior legal node of network.
2) when certain node in the network system need to carry out data interaction, send first connection request and serve device to safeguard protection.
3) first connection data storehouse server, the information of this node and trust value in the Query Database server are served in safeguard protection.If but this requesting node trust value less than the trust value of connected node, then disapproves the connection request of this node.
4) if but this requesting node trust value is not less than the trust value of connected node; then safeguard protection service device is through after inquiry and calculating; obtain being no more than the security node information of the some of setting amount threshold and returning to this requesting node, connect for this requesting node.
When 5) node connects, take the method for Entrusted authentication.Be that the first node will be issued the very high ca authentication center of trust value to the digital signature of own identity information first, the ca authentication center is by the PKI decrypted digital signature of first node, if the identity information in the certificate of this node of preserving with the ca authentication center of separating that signature gets information is consistent, the identity of first node has just been confirmed at the ca authentication center so.After the certification work that has carried out the first node, the ca authentication center authenticates the second node with same procedure again at the ca authentication center.
6) behind whole authentication successs, first and second liang of nodes carry out data interconnection communication again, otherwise interrupt this time connecting, and the result is informed safeguard protection service device.
7) after communication is finished; both sides manually comment the trust value of current connection mutually; if manually do not estimate then system's automaton evaluation marking; and the trust value that will newly add sends safeguard protection service device to, and safeguard protection service device sends it to the renewal that database server carries out node trust value data again.
Need to prove that the present invention has taked the middle effect of middle security server, and utilized the node trust value to distinguish trusted node and safe node.A visible part trusted node between the node that request connects.Also needed authentication before node and internodal the connection, and authentication is the mode of the Entrusted authentication by the ca authentication center.More than these measures increased greatly Security of the system, reduced the information security hidden danger that P2P system in the past exists.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, and the module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the device among the embodiment can be described according to embodiment and be distributed in the device of embodiment, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of above-described embodiment can be merged into a module, also can further split into a plurality of submodules.
The invention described above embodiment sequence number does not represent the quality of embodiment just to description.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that previous embodiment is put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of embodiment of the invention technical scheme.
Claims (4)
1. the method for protection node security in the P2P system is characterized in that, may further comprise the steps:
Safeguard protection service device and database server in the initialization network, near the nodal information in the described database server record network each node, and when interaction data, accept user or automatic trust value evaluation to connected node;
When certain node need to be with the network interaction data, connect first from its nearest safeguard protection service device, this safeguard protection service device is selected trust value to be no more than a plurality of nodes of setting threshold, and is notified this node by near the nodal information this node in the database server requester network;
Respectively described a plurality of nodes are carried out Entrusted authentication by the ca authentication center, if authentication success carries out data interconnection with the node of authentication success in this node and the described a plurality of node.
2. the method for claim 1 is characterized in that, described recorded information comprises distance and node trust value size between this node IP, the node.
3. the method for claim 1 is characterized in that, the number of described a plurality of nodes is no more than the setting amount threshold.
4. the method for claim 1, it is characterized in that, the formula of nodes belief updating is: Credit (pi)=[2*Credit (pij)+(n-1) * Credit (pi) ']/(n+1), wherein, the trust value size of Credit (pi) node i, n is behind this node success identity and the number of times of the mutual the transmission of data of other node.Credit (pi) ' is the trust value that has the node i last time, the arbitrary node that the j representative is connected with node i, and Credit (pij) is after finishing connection between node i and the arbitrary node j, the trust value by node j evaluation that node i obtains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110218488.1A CN102916928B (en) | 2011-08-01 | 2011-08-01 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110218488.1A CN102916928B (en) | 2011-08-01 | 2011-08-01 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102916928A true CN102916928A (en) | 2013-02-06 |
| CN102916928B CN102916928B (en) | 2015-04-08 |
Family
ID=47615162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110218488.1A Active CN102916928B (en) | 2011-08-01 | 2011-08-01 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102916928B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014173357A1 (en) * | 2013-08-30 | 2014-10-30 | 中兴通讯股份有限公司 | Authentication method and device for use in ubiquitous terminal networks |
| CN105812359A (en) * | 2016-03-04 | 2016-07-27 | 四川长虹电器股份有限公司 | Method for realizing Internet anonymity by using distributed multiple-proxy encryption network |
| CN115277717A (en) * | 2022-07-29 | 2022-11-01 | 蚂蚁区块链科技(上海)有限公司 | Method and device for discovering communication pillar node and preventing network attack |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345753A (en) * | 2008-08-12 | 2009-01-14 | 中国科学院软件研究所 | Resource-oriented trust appraisement method in P2P network |
| CN101860574A (en) * | 2010-07-02 | 2010-10-13 | 中国人民解放军国防科学技术大学 | Credit-based service matching method in P2P memory resource sharing network |
-
2011
- 2011-08-01 CN CN201110218488.1A patent/CN102916928B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345753A (en) * | 2008-08-12 | 2009-01-14 | 中国科学院软件研究所 | Resource-oriented trust appraisement method in P2P network |
| CN101860574A (en) * | 2010-07-02 | 2010-10-13 | 中国人民解放军国防科学技术大学 | Credit-based service matching method in P2P memory resource sharing network |
Non-Patent Citations (2)
| Title |
|---|
| SEPANDAR D.KAMVAR,等: "The EigenTrust Algorithm for Reputation Management in P2P Networks", 《WWW INTERNATIONAL WORLD WIDE WEB CONFERENCE》, 20 May 2003 (2003-05-20) * |
| 张光华,等: "P2P网络信任管理研究综述", 《计算机科学》, vol. 37, no. 9, 15 September 2010 (2010-09-15) * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014173357A1 (en) * | 2013-08-30 | 2014-10-30 | 中兴通讯股份有限公司 | Authentication method and device for use in ubiquitous terminal networks |
| CN105812359A (en) * | 2016-03-04 | 2016-07-27 | 四川长虹电器股份有限公司 | Method for realizing Internet anonymity by using distributed multiple-proxy encryption network |
| CN115277717A (en) * | 2022-07-29 | 2022-11-01 | 蚂蚁区块链科技(上海)有限公司 | Method and device for discovering communication pillar node and preventing network attack |
| CN115277717B (en) * | 2022-07-29 | 2024-05-31 | 蚂蚁区块链科技(上海)有限公司 | Method, apparatus, electronic device and computer readable storage medium for discovering communication strut node and preventing network attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102916928B (en) | 2015-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109246211B (en) | Resource uploading and resource requesting method in block chain | |
| CN102100032B (en) | System from reputation shaping a peer-to-peer network | |
| CN109522735B (en) | Data permission verification method and device based on intelligent contract | |
| CN111698228B (en) | System access authority granting method, device, server and storage medium | |
| CN101901315B (en) | Security isolation and monitoring management method of USB mobile storage media | |
| CN104823196B (en) | Hardware based device authentication | |
| CN109413000B (en) | Anti-stealing-link method and anti-stealing-link network relation system | |
| EP3171571B1 (en) | Method and system for managing access control lists in a networked application environment | |
| CN101540755B (en) | Method, system and device for recovering data | |
| CN104580395B (en) | A kind of cloudy collaboration Storage Middleware Applying system based on existing cloud storage platform | |
| CN202663444U (en) | Cloud safety data migration model | |
| CN109271802A (en) | A kind of user information management method, system, equipment and computer storage medium | |
| CN113901505B (en) | Data sharing method and device, electronic equipment and storage medium | |
| CN104184713A (en) | Terminal identification method, machine identification code registration method, and corresponding system and equipment | |
| CN103795530B (en) | A kind of method, device and the main frame of cross-domain controller certification | |
| JP2008141581A (en) | Secret information access authentication system and method thereof | |
| CN112861172B (en) | Symmetric searchable encryption method based on PBFT (public domain representation) consensus mechanism | |
| CN108449348B (en) | Online authentication system and method supporting user identity privacy protection | |
| CN112950201A (en) | Node management method and related device applied to block chain system | |
| CN102916928A (en) | Method for protecting safety of nodes in P2P (peer-to-peer) system | |
| Seneviratne | Augmenting the web with accountability | |
| CN109903046A (en) | User data management and device based on block chain | |
| CN106130968A (en) | A kind of identity identifying method and system | |
| CN113938477B (en) | Cross-domain picture spreading access control method and system based on block chain | |
| CN105871749A (en) | Network access control method and system based on router, and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |