CN102916928B - Method for protecting safety of nodes in P2P (peer-to-peer) system - Google Patents
Method for protecting safety of nodes in P2P (peer-to-peer) system Download PDFInfo
- Publication number
- CN102916928B CN102916928B CN201110218488.1A CN201110218488A CN102916928B CN 102916928 B CN102916928 B CN 102916928B CN 201110218488 A CN201110218488 A CN 201110218488A CN 102916928 B CN102916928 B CN 102916928B
- Authority
- CN
- China
- Prior art keywords
- node
- nodes
- trust value
- network
- credit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a method for protecting the safety of nodes in a P2P (peer-to-peer) system. The method includes steps that safety protection servers and database servers in a network are initialized, each database server records information of nodes surrounding a node corresponding to the database server, and during data interaction, trust values which are generated by users or automatically to evaluate the connected nodes are received by the database servers; the nearest safety protection server is connected with a certain node at first when the certain node needs to be subjected to data interaction with the network, and the safety protection server inquires the information of the nodes surrounding the certain node in the network via the corresponding database server, selects multiple nodes with the trust values lower than or equal to a threshold value and notifies the certain node; and the multiple nodes are respectively entrusted and certified by a certificate authority CA, and if the nodes are certified successfully, the certain node is subjected to data association with the multiple nodes certified successfully.
Description
Technical field
The present invention relates to security of network and information field, in a kind of P2P system, protect the method for node security.
Background technology
P2P is the abbreviation of English Peer-to-Peer (equity), and be otherwise known as " point-to-point "." equity " technology is a kind of new network, relies on computing capability and the bandwidth of participant in network, instead of dependence is all gathered on less several station servers.P2P becomes rapidly one of hot issue that computer circle is paid close attention to, and P2P is more classified as one of four science and technology affecting Internet future by Fortune Magazine.
P2P technical transmission has great advantages, and as resource utilization is high, the network that increases of node can be more stable, and information directly exchanges between peer node, at a high speed in time, reduces transfer cost.Thus make that P2P technology is shared at network file, Distributed Calculation, cooperative system, there is huge application prospect in ecommerce etc.
But anything is all the two sides body of contradiction, P2P technology really also has the problem in a lot of information security in reality.
Current, the P2P business based on the Internet often lacks effective identification and information management, causes the flames such as a large amount of reaction, illegal, harassing and wrecking to propagate in a network.The worry that the thing followed is family, society, government develop for broadband network, brings disadvantageous negative influence to P2P business development.
In addition because P2P often allows any computer interconnected, some unique people must be had to utilize P2P operation system or user computer is invaded to the idiophrenic leak of electricity, obtain important information or destroy, causing loss difficult to the appraisal to user.In addition, much virus, wooden horse are also overflowed by P2P system, the fail safe of heavy damage user terminal.At present, have the file of more than 20% in the file downloaded by P2P at least all with virus, thus have impact on P2P in the in the eyes of image of user, cause a lot of enterprise to limit and even prohibit the use P2P.
Summary of the invention
The invention provides a kind of method protecting node security in P2P system, in order to reduce the information security issues such as virus, wooden horse and privacy compromise, thus reach the fail safe improving communication, the object of protection node security.
For achieving the above object, the invention provides a kind of method protecting node security in P2P system, the method comprises the following steps:
Safeguard protection service device in initialization network and database server, the nodal information of each near nodal in database server record network, and user or the trust value evaluation automatically to connected node is accepted when interaction data;
When certain node needs with network interaction data, first connect from its nearest safeguard protection service device, this safeguard protection service device, by the nodal information of this near nodal in database server requester network, is selected trust value to be no more than multiple nodes of setting threshold, and is notified this node;
Respectively Entrusted authentication is carried out to multiple node by ca authentication center, if authentication success, the node of authentication success in this node and multiple node is carried out data interconnection.
Preferably, recorded information comprises Distance geometry node trust value size between this node IP, node.
Preferably, the number of multiple node is no more than setting amount threshold.
Preferably, the formula of nodes belief updating is: Credit (pi)=[2*Credit (pij)+(n-1) * Credit (pi) ']/(n+1), wherein, the trust value size of Credit (pi) node i, n is after this node success identity and the number of times of other node alternating transmission data.Credit (pi) ' is the trust value had the node i last time, and j represents the arbitrary node be connected with node i, and Credit (pij) is after completing connection between node i and arbitrary node j, the trust value evaluated by node j that node i obtains.
Above-described embodiment takes the middle effect of middle security server, and utilizes node trust value to distinguish trusted node and safe node.A visible part trusted node between the node that request connects.Node also needs certification with before internodal connection, and certification is the mode of the Entrusted authentication by ca authentication center.These measures add the fail safe of system greatly above, the information security hidden danger that the P2P system in the past that decreases exists.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is one embodiment of the invention P2P network system schematic diagram;
Fig. 2 is the method flow diagram protecting node security according to an embodiment of the invention in P2P system;
Fig. 3 is the method schematic diagram improving node security protection in the P2P system of a preferred embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not paying the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Fig. 1 is one embodiment of the invention P2P network system schematic diagram.As shown in Figure 1, in the present embodiment, the main thought improving the method for P2P system interior joint fail safe is in P2P network, dispose safety protective coverall business device.Time each Peer wants to carry out data interaction with network; first go to connect safeguard protection service device; safeguard protection service device carries out after corresponding computing through Query Database server; return the some being no more than setting threshold can connect and the information of reliable Peer node, this Peer goes to connect these reliable Peer nodes returned again.Time Peer and Peer is interconnective simultaneously, also carry out the Entrusted authentication work by ca authentication center.
Fig. 2 is the method flow diagram protecting node security according to an embodiment of the invention in P2P system.As shown in Figure 2, the method comprises the following steps:
S102, the safeguard protection service device in initialization network and database server, the nodal information of each near nodal in database server record network, and user or the trust value evaluation automatically to connected node is accepted when interaction data;
S104, when certain node needs with network interaction data, first connect from its nearest safeguard protection service device, this safeguard protection service device is by the nodal information of this near nodal in database server requester network, select trust value to be no more than multiple nodes of setting threshold, and notify this node;
S106, carries out Entrusted authentication to multiple node respectively by ca authentication center, if authentication success, the node of authentication success in this node and multiple node is carried out data interconnection.
In the present embodiment, after initializing secure protection server and corresponding database server, the action of safeguard protection service device and corresponding database server is, safeguard protection service device is according to the information of the node around this requesting node returned of respective database servers, thus calculate this requesting node and should be connected with the node which have accumulated certain trust value, these nodes having added up certain trust value can think the safe node that can be attached thereto, these simultaneously returning possess the number of nodes of certain trust value, some threshold values can be set smaller than, object is exactly by incomplete for this P2P network open to this node, this requesting node sees part Peer node only for whole P2P network, and the part that can see calculates the node possessing certain safe trust value condition got after being through safeguard protection service device and database server interaction data.These nodes possess certain trust value, can think node that is believable and that can be attached thereto.The quantity of these nodes can be set as the amount threshold being not more than setting simultaneously.
This P2P topology of networks is comprised, the distance between the IP of each node, each node, the information such as the trust value of node with the information that the database server that is connected of safeguard protection service device stores.These information constantly update, such as newly add node in network, or time certain node is removed away, this database is all wanted in real time or the carrying out of timing upgrades.Database server can carry out initialization in initial, and the information added into some nodes, then at every turn after certain node and certain node successful connection, after evaluating mutually again by the new trust value after connecting specifically and trust value in the past after certain computing, calculate new trust value, then upgrade in database.
The formula of nodes belief updating is: Credit (pi)=[2*Credit (pij)+(n-1) * Credit (pi) ']/(n+1), wherein, the trust value size of Credit (pi) node i, n is after this node success identity and the number of times of other node alternating transmission data.Credit (pi) ' is the trust value had the node i last time, and j represents the arbitrary node be connected with node i, and Credit (pij) is after completing connection between node i and arbitrary node j, the trust value evaluated by node j that node i obtains.
The mechanism of mutual evaluation can be automatic or manual evaluation.The mechanism of evaluation is such, and after two nodes have been evaluated mutually, first manually evaluate marking mutually by both party, range of value is-10 to 10 points.If manually do not given a mark, so system is automatically according to following rule marking:
Success connects and centre does not have to complete transmission when disconnection reconnecting, so makes 10 scores;
Success connects, and transmits data and complete, but occurs disconnection reconnecting phenomenon in transmitting procedure, and so this mark is 10-20* (x/N), and wherein x is actual broken string number of times, and N is the broken string number of times of permitted maximum.If x numerical value is more than N, then last marking is for-10;
If unsuccessful connection, then give a mark-10;
If successfully connect, but do not transfer, then system default is not given a mark, and can manually be given a mark voluntarily by user or not give a mark.
Safeguard protection service device after receiving certain node request, find this near nodal and possess the node of certain trust value, then return these nodes.When initial launch system, the trust value setting each node is all 0 value, not with reference to trust value in the process so selected.
When this node is connected with the trusted node returned time, need between node and node to carry out certification work.Here certification work is because will consider the reason of information security, so take the method for the Entrusted authentication by ca authentication center.
Time initial, the digital certificate comprising the PKI and this node identity information of distributing to this node is issued each node in network by ca authentication center.
Time Entrusted authentication and first node need to be connected with second node, first node first will issue the very high ca authentication center of trust value to the digital signature of oneself identity information, ca authentication center is by the public key decryptions digital signature of first node, if the identity information separated in the certificate of the signature information obtained and this node that ca authentication center is preserved is consistent, so ca authentication center just confirms the identity of first node.At ca authentication center after the certification work having carried out first node, ca authentication center carries out certification by same procedure to second node again.After whole authentication success, after demonstrating the identity of the first and second nodes, first and second liang of nodes communicate again.Like this by the middle Entrusted authentication work at ca authentication center, degree of safety just considerably increases.
And because connect the node of P2P network here for certain request, only need this node to see and be connected the node that can connect being no more than setting threshold, so use Entrusted authentication between the node of these limited quantities, its impact for efficiency is smaller, and can increase degree of safety greatly.
Fig. 3 is the method schematic diagram improving node security protection in the P2P system of a preferred embodiment of the invention, and as shown in Figure 3, it comprises the following steps:
1) first system manager disposes safety protective coverall business device in P2P network; and the nodal information in database server in this P2P network of typing, this P2P topology of networks information; and the trust value of each node of initialization is 0, set each threshold value (maximum return node number, maximum permission broken string number of times, the minimum trust value of node etc.) simultaneously.The digital certificate comprising each node public key and identity information is sent to each legitimate node in network by ca authentication center simultaneously.
2) when certain node in network system needs to carry out data interaction time, first send connection request and serve device to safeguard protection.
3) first connection data storehouse server is served in safeguard protection, the information of this node and trust value in Query Database server.Can the trust value of connected node if this requesting node trust value is less than, then disapprove the connection request of this node.
4) if be not less than can the trust value of connected node for this requesting node trust value; then safeguard protection service device is through inquiry with after calculating; obtain the security node information of the some being no more than setting amount threshold and return to this requesting node, connecting for this requesting node.
5), time node connects, the method for Entrusted authentication is taked.Namely first node first will issue the very high ca authentication center of trust value to the digital signature of oneself identity information, ca authentication center is by the public key decryptions digital signature of first node, if separate signature to get the consistent with the identity information in the certificate of this node that ca authentication center is preserved of information, so ca authentication center just confirms the identity of first node.At ca authentication center after the certification work having carried out first node, ca authentication center carries out certification by same procedure to second node again.
6) after whole authentication success, first and second liang of nodes carry out data interconnection communication again, otherwise interrupt this time connecting, and result are informed safeguard protection service device.
7) after having communicated; both sides manually comment the trust value of current connection mutually; if manually do not evaluated, the evaluation of system automaton is given a mark; and the trust value newly added is sent to safeguard protection service device, safeguard protection service device is sent to the renewal that database server carries out node trust value data again.
It should be noted that the middle effect that this invention takes middle security server, and make use of node trust value to distinguish trusted node and safe node.A visible part trusted node between the node that request connects.Node also needs certification with before internodal connection, and certification is the mode of the Entrusted authentication by ca authentication center.These measures add the fail safe of system greatly above, the information security hidden danger that the P2P system in the past that decreases exists.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the device in embodiment can describe according to embodiment and be distributed in the device of embodiment, also can carry out respective change and be arranged in the one or more devices being different from the present embodiment.The module of above-described embodiment can merge into a module, also can split into multiple submodule further.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in previous embodiment, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of embodiment of the present invention technical scheme.
Claims (3)
1. protect a method for node security in P2P system, it is characterized in that, comprise the following steps:
Safeguard protection service device in initialization network and database server, the nodal information of each near nodal in described database server record network, and user or the trust value evaluation automatically to connected node is accepted when interaction data;
When certain node needs with network interaction data, first connect from its nearest safeguard protection service device, this safeguard protection service device, by the nodal information of this near nodal in database server requester network, is selected trust value to be not less than multiple nodes of setting threshold, and is notified this node;
Respectively Entrusted authentication is carried out to described multiple node by ca authentication center, if authentication success, the node of authentication success in this node and described multiple node is carried out data interconnection;
The formula of nodes belief updating is: Credit (pi)=[2*Credit (pij)+(n-1) * Credit (pi) ']/(n+1), wherein, the trust value size that Credit (pi) is node i, n is after this node success identity and the number of times of node j alternating transmission data, Credit (pi) ' is the trust value had the node i last time, j represents the arbitrary node be connected with node i, Credit (pij) is after completing connection between node i and arbitrary node j, the trust value evaluated by node j that node i obtains.
2. the method for claim 1, is characterized in that, described nodal information comprises this node IP, Distance geometry node trust value size between this node and requesting node.
3. the method for claim 1, is characterized in that, the number of described multiple node is no more than setting amount threshold.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110218488.1A CN102916928B (en) | 2011-08-01 | 2011-08-01 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110218488.1A CN102916928B (en) | 2011-08-01 | 2011-08-01 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102916928A CN102916928A (en) | 2013-02-06 |
| CN102916928B true CN102916928B (en) | 2015-04-08 |
Family
ID=47615162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110218488.1A Active CN102916928B (en) | 2011-08-01 | 2011-08-01 | Method for protecting safety of nodes in P2P (peer-to-peer) system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102916928B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426874B (en) * | 2013-08-30 | 2019-01-29 | 中兴通讯股份有限公司 | A kind of authentication method and device for ubiquitous terminal network |
| CN105812359A (en) * | 2016-03-04 | 2016-07-27 | 四川长虹电器股份有限公司 | Method for realizing Internet anonymity by using distributed multiple-proxy encryption network |
| CN115277717A (en) * | 2022-07-29 | 2022-11-01 | 蚂蚁区块链科技(上海)有限公司 | Method and device for discovering communication pillar node and preventing network attack |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345753A (en) * | 2008-08-12 | 2009-01-14 | 中国科学院软件研究所 | Resource-oriented trust appraisement method in P2P network |
| CN101860574A (en) * | 2010-07-02 | 2010-10-13 | 中国人民解放军国防科学技术大学 | Credit-based service matching method in P2P memory resource sharing network |
-
2011
- 2011-08-01 CN CN201110218488.1A patent/CN102916928B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345753A (en) * | 2008-08-12 | 2009-01-14 | 中国科学院软件研究所 | Resource-oriented trust appraisement method in P2P network |
| CN101860574A (en) * | 2010-07-02 | 2010-10-13 | 中国人民解放军国防科学技术大学 | Credit-based service matching method in P2P memory resource sharing network |
Non-Patent Citations (2)
| Title |
|---|
| The EigenTrust Algorithm for Reputation Management in P2P Networks;Sepandar D.Kamvar,等;《WWW international world wide web conference》;20030520;全文 * |
| 张光华,等.P2P网络信任管理研究综述.《计算机科学》.2010,第37卷(第9期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102916928A (en) | 2013-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109246211B (en) | Resource uploading and resource requesting method in block chain | |
| CN104823196B (en) | Hardware based device authentication | |
| CN102100032B (en) | System from reputation shaping a peer-to-peer network | |
| CN101901315B (en) | Security isolation and monitoring management method of USB mobile storage media | |
| CN109413000B (en) | Anti-stealing-link method and anti-stealing-link network relation system | |
| CN104813328A (en) | Trusted container | |
| CN105991595A (en) | Network security protection method and device | |
| CN202663444U (en) | Cloud safety data migration model | |
| Puri et al. | Smart contract based policies for the Internet of Things | |
| CN110489486A (en) | Generate method, seed node and the medium of block chain network | |
| CN109600366A (en) | The method and device of protection user data privacy based on block chain | |
| CN109271802A (en) | A kind of user information management method, system, equipment and computer storage medium | |
| CN110545285B (en) | Internet of things terminal security authentication method based on security chip | |
| CN112861172B (en) | Symmetric searchable encryption method based on PBFT (public domain representation) consensus mechanism | |
| Camilo et al. | AutAvailChain: Automatic and secure data availability through blockchain | |
| CN113553615A (en) | Matching query method of private data sharing system | |
| CN104601602A (en) | Terminal device network security enhanced access and authentication method | |
| CN113901505A (en) | Data sharing method and device, electronic equipment and storage medium | |
| CN102916928B (en) | Method for protecting safety of nodes in P2P (peer-to-peer) system | |
| Rani et al. | Blockchain technology novel prospective for cloud security | |
| Yamada et al. | Access control for security and privacy in ubiquitous computing environments | |
| CN109783456A (en) | Go weight structure building method, De-weight method, file retrieval methods, machining system | |
| KR20210058784A (en) | Method for providing virtual asset service based on dicentralized identity and virtual asset service providing server using them | |
| Cindhamani et al. | An enhanced data security and trust management enabled framework for cloud computing systems | |
| Astudillo | Wireless Hacking 101 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |