CN108199866B - Social network system with strong privacy protection - Google Patents

Social network system with strong privacy protection Download PDF

Info

Publication number
CN108199866B
CN108199866B CN201711342942.8A CN201711342942A CN108199866B CN 108199866 B CN108199866 B CN 108199866B CN 201711342942 A CN201711342942 A CN 201711342942A CN 108199866 B CN108199866 B CN 108199866B
Authority
CN
China
Prior art keywords
user
module
network
data
chat
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711342942.8A
Other languages
Chinese (zh)
Other versions
CN108199866A (en
Inventor
周洁
赵序琦
何凌云
洪良怡
陈湃卓
谢宇明
刘功申
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CN201711342942.8A priority Critical patent/CN108199866B/en
Publication of CN108199866A publication Critical patent/CN108199866A/en
Application granted granted Critical
Publication of CN108199866B publication Critical patent/CN108199866B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/044Network management architectures or arrangements comprising hierarchical management structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/52User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail for supporting social networking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Abstract

The invention provides a social network system with strong privacy protection, which comprises: the system comprises a P2P network layer, an API layer and an APP application layer, wherein the API layer is connected with the P2P network layer and the APP application layer; the P2P network layer establishes decentralized peer-to-peer connection of the social network system; the API layer determines an application interface and provides a service function of the social network system; and the APP application layer generates an application interface and calls the application interface of the API layer to provide interface response and user interaction functions. The invention realizes a social network structure based on P2P, and has the functions of user information dispersed storage, network link encryption protection, issued content policy control and the like. The invention guarantees the safety requirements of privacy, integrity and usability in the social network, protects the privacy information from being invaded on the premise of guaranteeing the moderate convenience of the social network users, and achieves harmonious unification of applicability and safety.

Description

Social network system with strong privacy protection
Technical Field
The invention relates to a social networking system, in particular to a social networking system with strong privacy protection based on a P2P network.
Background
In the information era, online social networks gradually become the main carrier of networks, and the mainstream life style of modern society becomes by using social network software to communicate with other people for chatting, obtaining information and publishing information. In the social network field, due to the characteristics of a complex structure, a large user range and a large data flow of an online social network, how privacy and convenience are balanced is a dilemma.
At present, a mainstream online social network system generally adopts a centralized service mode, so that a server becomes a core component of the whole architecture, personal information data, chat records and social dynamic data of a user are forwarded and stored through a central server, so that the user information is exposed to personnel who have access to the server, the centralized big data mode provides convenience for an attacker, and even if all information of the user is not obtained, the relevant information of the user can be obtained through data mining and cross comparison, so that the security of the data center and the server in the centralized social network architecture becomes a core of security requirements in the whole architecture, and the loss and the consequences caused by mass data loss once invaded by the attacker are difficult to estimate.
Thus, as users' awareness of personal information and privacy protection increases, distributed social networks are also gradually beginning to form. In the development of the distributed social network, the domestic network is widely researched, and the formed models and technologies comprise foreign PeerSon and Safbook, domestic WebService and the like. There may be a classification into structured distributed social networks, unstructured distributed social networks and hybrid online social networks. The structured distributed social network sets nodes with high new energy, large storage space and wide broadband frequency domain of partial computers as super user nodes to maintain data forwarding and storage of other user nodes. The unstructured distributed social network cancels the concept of super user nodes, and all user nodes maintain the storage and operation of social network data together. The hybrid online social network combines the characteristics of centralized type and distributed type, and when a centralized server has a problem, the hybrid online social network is converted into a distributed service method, and a temporary distributed network is established.
In the distributed network, data transmission is not carried out through a central server, but point-to-point communication and data transmission are established among users, so that personal information and private data of the users are stored in a social network in a distributed mode.
Therefore, how to ensure the integrity, confidentiality and availability of user data and non-repudiation while ensuring the non-disclosure and privacy of user personal information through a distributed network is a problem to be solved urgently.
Disclosure of Invention
In view of the above-mentioned shortcomings in the prior art, an object of the present invention is to provide a social network system with strong privacy protection, which provides fine-grained access control, data integrity protection, network structure protection and data non-repudiation protection in distributed storage while separating from a centralized central server and a data center, and improves privacy protection and personal information security of users in a distributed social network system.
In order to achieve the purpose, the invention is realized by the following technical scheme.
According to an aspect of the present invention, there is provided a social networking system with strong privacy protection, including: the system comprises a P2P network layer, an API layer and an APP application layer, wherein the API layer is connected with the P2P network layer and the APP application layer;
wherein:
the P2P network layer establishes decentralized peer-to-peer connection of the social network system;
the API layer determines an application interface and provides a service function of the social network system;
the APP application layer generates an application interface through application development, and calls the application interface of the API layer to provide interface response and user interaction functions.
Preferably, the P2P network layer comprises a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module; wherein:
the data distributed storage module stores the files and the chat data in a scattered network to form the files and the chat data which are stored in a distributed mode;
the access control module ensures confidentiality and integrity of the files and the chat data stored in a distributed mode, protects user privacy in a fine-grained mode, and ensures credibility of connected users;
the network structure protection module is used for ensuring the confidentiality of node information, IP address information and data information used by a user and ensuring the transparency of a network connection structure to the user;
the routing algorithm module efficiently and correctly establishes the connection between users, ensures the establishment of a data downloading link and ensures the availability of distributed storage data.
Preferably, any one or more of the following is also included:
-said distributively stored chat data comprises a chat log copy file in a P2P network and a chat log file stored locally to the user, wherein:
the chat record copy files in the P2P network are stored on a certain number of nodes in a distributed manner, and the part of chat data is not controlled by the user;
the chat record file stored in the local of the user is separated from the P2P network and can be changed or deleted;
when the access control module ensures the confidentiality of the files stored in a distributed way by users, the confidentiality of the files is ensured through symmetric key encryption, and meanwhile, the identity verification before file transmission is carried out through a protocol mode by an asymmetric key.
Preferably, the API layer comprises the following functional modules:
the system comprises a user registration module, a user verification module, a user login and logout module, a user search module, a user connection module, an instant messaging module, a record verification module, a blacklist module, a distributed storage module and a message publishing module;
wherein:
the user registration module fills in and imports user data, establishes a new user, adds the new user into a P2P network layer to become a new node, and informs other nodes of the establishment of the new node;
the user authentication module is used for verifying the user account password, verifying the identity of the friend request and the connection establishment and releasing a public key for the trusted user;
the user login exit module is used for operating addition and deletion of online nodes of the P2P network layer, verifying the online integrity of the distributed storage information of the nodes to be offline and ensuring the availability of the distributed storage information; the distributed storage information includes: files and chat data stored in a distributed manner;
the user searching module is used for iteratively searching the user B in the P2P network after the user A selects the user B to carry out instant messaging, and establishing a link between the user B and the user B after acquiring the address of the user B;
the user connection module establishes connection with the user B after the user A acquires the IP address and the monitoring port information of the user B;
the instant communication module is used for sending and receiving messages after a communication link is established between the user A and the user B;
after the user A and the user B establish connection, the record verification module performs Md5 code verification on the chat record files stored in the local of the user and the chat record duplicate files in the P2P network before the user A and the user B, and compares the integrity of the data of the chat record files with the integrity of the data of the chat record files to ensure the non-repudiation of the chat record;
the blacklist module ensures that the user A can prevent the attempt of the user B to establish the connection with the user A;
the distributed storage module ensures that only authorized users can access and download the distributed storage data stored in the local, and ensures that files and chat data stored in other user machines are encrypted and complete;
the message publishing module is used for carrying out message announcement on a selected object in a set range, wherein the selected object has a specific public and private key pair, the broadcast information is encrypted by using a public key, and only a user who has a corresponding private key can know the real content of the information.
Preferably, any one or more of the following is also included:
the user searching module is used for reserving the friend IP addresses and port information which are not offline for a certain time stamp in the online process, and the related information of friend nodes in all the processes has complete transparency relative to the user, so that the privacy of the node information is ensured;
the user connection module is transparent to the user in the connection process, the IP address and the port information of the opposite node are not public, the program background automatically responds and connects, and the user can not see related information;
the instant messaging module, the information sent and received in the TCP link is encrypted by the public key of the receiving party, and after receiving, the information is decrypted by the private key, so that the confidentiality of the message is guaranteed by transmitting the content in the link.
Preferably, when the user a and the user B are connected and communicate instantly, firstly, the comparison check of the Md5 code is performed in the record verification module for the chat record file stored in the user local before the user a and the user B and the chat record duplicate file in the P2P network, the check is performed for the behavior of the user a and the user B for changing or deleting the chat record, the integrity of the chat record file stored in the user local is detected by the record verification module, and the correctness of the chat record file stored in the user local by the user a and the user B is informed by the interface response.
Preferably, the APP application layer, wherein:
the application development form comprises an ios APP, a mobile phone APP of an android platform, windows application software, ubuntu application software and/or mac application software;
the application form comprises interface operation and terminal input and output;
in the application development, function development and application are carried out by calling each function module of the API layer.
Compared with the prior art, the invention has the following beneficial effects:
by adopting the social network system with strong privacy protection provided by the invention, the traditional social network system of a centralized central server and a data center can be separated, the risk of exposing personal information and private data is greatly reduced, an unauthorized user is ensured not to know or tamper the content of a distributed storage file, the non-repudiation of chat data storage is ensured, the effective management of the user in the distributed social network and the transparency of a network structure are enhanced, and the social network system with strong privacy protection specifically comprises the following steps:
1. traditional centralized social network system
The existing mainstream social network software is based on the architecture of a centralized central server, user data is forwarded and stored through the central server, user information of big data is stored in a data center, interaction information of all users is managed and forwarded by the central server, therefore, the target of an attacker is focused on the data center and the central server in a centralized mode, and data mining and data analysis in the big data era can be used for maximizing the personal information data of the users. Therefore, a distributed social network system is selected, the information data of the user is dispersed in the network, and the risk of data exposure can be greatly reduced.
2. Fine-grained access control
The file stored in a distributed manner by the user is subjected to authority control towards other users, and only authorized users can access or download the file. The chat record file is stored in a scattered and encrypted mode and cannot be seen by others, but the system performs Md5 code calculation to be compared with the local chat record file. And establishing a friend mechanism, and forbidding to establish connection for the users in the blacklist.
3. Network structure transparency
The information of the user node is not published to the outside, the opposite node information acquired in all the connection operations is invisible to the user, and the network connection structure information and the like are transparent to the user.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a block diagram of a system design;
FIG. 2 is a schematic diagram of a routing mechanism;
FIG. 3 is a diagram of a login interface;
FIG. 4 is a diagram of an instant messaging interface;
fig. 5 is a chat data alignment notification diagram.
Detailed Description
The following examples illustrate the invention in detail: the embodiment is implemented on the premise of the technical scheme of the invention, and a detailed implementation mode and a specific operation process are given. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention.
Examples
The embodiment provides a social networking system with strong privacy protection, which comprises: the system comprises a P2P network layer, an API layer and an APP application layer, wherein the API layer is connected with the P2P network layer and the APP application layer;
wherein:
the P2P network layer establishes decentralized peer-to-peer connection of the social network system and comprises a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module;
the API layer determines an application interface and provides a social network system service function, and comprises a user registration module, a user verification module, a user login and logout module, a user search module, a user connection module, an instant messaging module, a recording verification module, a blacklist module, a distributed storage module and a message publishing module;
the APP application layer generates an application interface through application development, and calls the API to provide interface response and user interaction functions.
Further, the P2P network layer includes a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module, wherein:
the data distributed storage module stores the files and the chatting data in a distributed network to form the files and the chatting data which are stored in a distributed mode. In this example, the distributed network is implemented by using a Distributed Hash Table (DHT) technology and using a Kademlia protocol, and various data are accessed by using a key-value pair;
and the access control module ensures confidentiality and integrity of the files and the chat data stored in a distributed manner, protects user privacy at a fine granularity, and ensures credibility of connected users. In this example, the user node first performs authentication when accessing the DHT network. The verification of the identity is performed using an encrypted private key, while the identification ID of each user uses a hash value of the corresponding public key. For some private data, the private data are encrypted by a public key and stored on a DHT network, and only a user with a corresponding private key can obtain and decrypt an original text;
and the network structure protection module ensures the confidentiality of user-related information such as node information, IP address information and the like of the user and ensures the transparency of the network connection structure to the user. In this example, the P2P network is built on the public Internet network, and is represented by NodeID for each node, and the relationship between the nodes can be described logically by binary tree, which is decoupled from the network structure of the Internet;
the routing algorithm module efficiently and correctly establishes the connection between users, ensures the establishment of a data downloading link and ensures the availability of distributed storage data. In this example, the aforementioned logical structure of the P2P network is a binary tree structure, and during routing, the binary tree is split, and subtrees that do not include the binary tree are split one by one from the root node. For each node, n subtrees are obtained after the subtree splitting is completed, and for each subtree, K nodes are selected as representative nodes of the subtree and the information of the nodes is recorded. During routing, recursive query can be performed according to the recorded nodes, and the routing information of each node is obtained.
Further, the API layer includes a user registration module, a user authentication module, a user login exit module, a user search module, a user connection module, an instant messaging module, a record authentication module, a blacklist module, a distributed storage module, and a message publishing module, wherein:
and the user registration module fills in and imports user data, establishes a new user, joins the new user into a P2P network layer to become a new node, and informs other nodes of the establishment of the node. In this example, the joining of the underlying network nodes is completed by an interface provided by the P2P network, and the main completed work is the association between the network nodes and the user account, and it is necessary to record the related account information corresponding to the ID in the network;
and the user verification module verifies the user account password, verifies the identity of the friend request and the connection establishment and issues a public key to the trusted user. In the example, for the identity verification of the main user, each key distributed during registration represents one user, the private key is encrypted by adopting an AES symmetric encryption algorithm, and the identity of the user is verified by providing a decryption password of the private key so as to join the network;
and the user login and exit module is used for operating the addition and deletion of the online nodes of the P2P network, verifying the online integrity of the distributed storage information of the nodes which are about to be offline and ensuring the availability of the distributed storage information. In this example, joining the DHT network requires connecting with any node already in the network, providing a permanently open fixed BOOTSTRAP node to provide access to the network, and joining the network according to the Kademlia protocol after connecting the bootstart node;
and the user searching module is used for iteratively searching the user B in the P2P network after the user A selects the user B for communication, and acquiring the related information of the user B. In this example, the user information is stored in the DHT network, and the information of the corresponding user can be searched through the key value pair in the DHT network;
and the user connection module establishes connection with the user B after the user A acquires the IP address and the monitoring port information of the user B. In this example, the user a and the user B are completed by using the DHT network as an intermediary, and the connection between the users is completed by using the unique key value pair corresponding to each user in the DHT network;
and the instant communication module is used for sending and receiving messages after the user A and the user B establish a communication link. In this example, communication between user a and user B is mediated through the entire DHT network, and each user has a unique key-value pair for receiving information transmitted to it by other users, where the transmitted information includes sender id, information content, and other data. In this way, communication between users is accomplished;
after the user A and the user B establish connection, the record verification module performs Md5 code verification on the chat record local file before the user A and the user B and the chat record duplicate file stored in a distributed mode in the network, and compares the integrity of the data of the chat record local file with the integrity of the chat record duplicate file to ensure the non-repudiation of the chat record. In the embodiment, the chat message content is encrypted and distributed by the key generated by the message receiver and stored on the node corresponding to the key value, when the two parties compare the chat records, the comparison of Md5 codes is carried out on the chat record copy distributed and stored on the corresponding node and the chat record file stored at the message sender and the message receiver, so that whether the two parties of the user falsifies the chat message content can be inferred, and the non-repudiation of the chat data can be achieved;
the blacklist module ensures that the user A can prevent the attempt of the user B to establish the connection with the user A. In this example, a blacklist module having a filtering function is added in front of the user search module, and if the user performing the search is in the blacklist of the searched user, the actual search module is not directly called, but the process is directly returned to the end;
the message publishing module is used for announcing a message to a selected object in a certain range, wherein the object has a specific public and private key pair, the broadcast information is encrypted by using a public key, and only the user who has the corresponding private key can know the real content of the information. In this example, a public-private key pair identifies a group of users, and messages published between them and dynamic are mutually visible, while users outside the group cannot decrypt and see the information.
Further, the application development forms may include ios APP, android platform APP, windows application software, ubuntu application software, and mac application software. The application form can comprise interface operation and terminal input and output. In the application development, function development and application are carried out by calling each function of the API layer.
The present embodiment is further described below with reference to the accompanying drawings.
As shown in fig. 1, the novel social networking system with strong privacy protection provided by the present embodiment includes three layers, namely a P2P network layer, an API layer and an application layer. In the figure, the hierarchy progression from the bottom layer architecture to the APP application use is from the right bottom to the top, and the API layer is the connection of three layers.
And performing user login operation through interface operation, calling a user authentication API, and accessing the P2P network through an interface provided by the DHT after verifying that the decryption private key is correct. Firstly, establishing connection with a preset BOOTSTRAP node, then randomly generating a hash value as a NodeID, sending a query request to the BOOTSTRAP node, and establishing a routing table of the BOOTSTRAP node.
After logging in, the user exists as a node of a P2P network, at this time, operations provided by some applications can be performed, for example, text communication is performed with another user who is in a friend relationship, when a message is sent, an API is called first to perform user authentication, the identity of the user and the friend relationship are authenticated (the information is stored in the DHT network), after the authentication is passed, an API for instant messaging is called, through a content storage function provided by the underlying DHT network, content such as sent text content, the identity of a sender, and a timestamp is recorded on a key value pair of a target user in the DHT network, and the target user monitors content change on the key value pair of the target user all the time, and analyzes the sender, the sent content, and sending time for a newly added record, and then presents the newly added record on a UI of a program.
The modules are described in detail below.
a. Distributed memory module
The distributed data storage module is used for storing files and chatting data in a distributed network, the distributed network is realized by adopting a Distributed Hash Table (DHT) technology and a Kademlia protocol, and various data are accessed in a key-value pair mode.
When a node obtains newly added data (K/V) when saving data, the node calculates the 'distance' between the node and the key of the new data; and then calculates the distance of other nodes it knows from this key. If it is calculated that the distance between itself and the key is minimum, the data is kept in itself, otherwise, the data is forwarded to the node with the minimum distance. The other node, which receives the data, also performs processing (recursive processing) using the above-described procedure.
When a node receives a request (key) for inquiring data, the node calculates the distance between the node and the key; and then calculates the distance of other nodes it knows from this key. If the calculated distance between the key and the self is minimum, the value corresponding to the key is found in the self. If yes, return value, and if no, report error. Otherwise, this data is forwarded to the node with the smallest distance. The other node, which receives the data, also performs processing (recursive processing) using the above-described procedure.
b. Routing algorithm module
The logic structure of the DHT network is a binary tree structure, when a node establishes a routing table, subtrees which do not include the node are split layer by layer from a root node to obtain n subtrees; for each sub-tree, if one node in each sub-tree is known, recursive routing can be performed using the n nodes, so that the entire binary tree can be reached.
Since the distributed network may face the problem of frequent up-and-down-line of nodes, it is obvious that the robustness requirement cannot be met by recording only one node per sub-tree, so that k nodes are recorded for each sub-tree. Note that the number of nodes in a given sub-tree may be less than k, so that there may be less than k nodes for this sub-tree record.
(fine granularity) Access control Module
For data stored in a DHT network, fine access control is required. The access control module is used for ensuring confidentiality and integrity of the files and the chat data stored in a distributed mode, protecting user privacy in a fine-grained mode and ensuring credibility of connected users. When accessing the DHT network, the user node first needs to perform authentication. The verification of the identity is performed using an encrypted private key, while the identification ID of each user uses a hash value of the corresponding public key. For some private data, the private data are encrypted by a public key and stored on a DHT network, and only a user with a corresponding private key can obtain and decrypt an original text; and encrypting the chat records generated by the users using instant messaging by adopting the keys of the users of the respective receivers respectively and storing the encrypted chat records under the corresponding keys.
The novel social network system with strong privacy protection provided by the invention can be separated from the traditional social network system of a centralized central server and a data center, greatly reduces the risk of exposing personal information and private data, ensures that unauthorized users cannot know or tamper the content of a distributed storage file, ensures the non-repudiation of chat data storage, and enhances the effective management of users and the transparency of a network structure in the distributed social network, and has the following advantages:
a. traditional centralized social network system
The existing mainstream social network software is based on the architecture of a centralized central server, user data is forwarded and stored through the central server, user information of big data is stored in a data center, interaction information of all users is managed and forwarded by the central server, therefore, the target of an attacker is focused on the data center and the central server in a centralized mode, and data mining and data analysis in the big data era can be used for maximizing the personal information data of the users. Therefore, a distributed social network system is selected, the information data of the user is dispersed in the network, and the risk of data exposure can be greatly reduced.
b. Fine-grained access control
The file stored in a distributed manner by the user is subjected to authority control towards other users, and only authorized users can access or download the file. The chat record file is stored in a scattered and encrypted mode and cannot be seen by others, but the system performs Md5 code calculation to be compared with the local chat record file. And establishing a friend mechanism, and forbidding to establish connection for the users in the blacklist.
c. Network structure transparency
The information of the user node is not published to the outside, the opposite node information acquired in all the connection operations is invisible to the user, and the network connection structure information and the like are transparent to the user.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes and modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention.

Claims (4)

1. A social networking system with enhanced privacy protection, comprising: the system comprises a P2P network layer, an API layer and an APP application layer, wherein the API layer is connected with the P2P network layer and the APP application layer;
wherein:
the P2P network layer establishes decentralized peer-to-peer connection of the social network system;
the API layer determines an application interface and provides a service function of the social network system;
the APP application layer generates an application interface through application development, and calls the application interface of the API layer to provide interface response and user interaction functions;
the P2P network layer includes: the system comprises a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module; wherein:
the data distributed storage module stores the files and the chat data in a scattered network to form the files and the chat data which are stored in a distributed mode;
the access control module ensures confidentiality and integrity of the files and the chat data stored in a distributed mode, protects user privacy in a fine-grained mode, and ensures credibility of connected users;
the network structure protection module is used for ensuring the confidentiality of node information, IP address information and data information used by a user and ensuring the transparency of a network connection structure to the user;
the routing algorithm module is used for establishing connection among users, ensuring the establishment of a data downloading link and ensuring the availability of distributed storage data;
any one or more of the following is also included:
-said distributively stored chat data comprises a chat log copy file in a P2P network and a chat log file stored locally to the user, wherein:
the chat record copy files in the P2P network are stored on a certain number of nodes in a distributed manner, and the part of chat data is not controlled by the user;
the chat record file stored in the local of the user is separated from the P2P network and can be changed or deleted;
when the confidentiality of the files stored in a distributed way by the users is ensured, the access control module ensures the confidentiality of the files through symmetric key encryption, and meanwhile, the asymmetric keys carry out identity verification before file transmission in a protocol mode;
the API layer comprises the following functional modules:
the system comprises a user registration module, a user verification module, a user login and logout module, a user search module, a user connection module, an instant messaging module, a record verification module, a blacklist module, a distributed storage module and a message publishing module;
wherein:
the user registration module fills in and imports user data, establishes a new user, adds the new user into a P2P network layer to become a new node, and informs other nodes of the establishment of the new node;
the user authentication module is used for verifying the user account password, verifying the identity of the friend request and the connection establishment and releasing a public key for the trusted user;
the user login exit module is used for operating addition and deletion of online nodes of the P2P network layer, verifying the online integrity of the distributed storage information of the nodes to be offline and ensuring the availability of the distributed storage information; the distributed storage information includes: files and chat data stored in a distributed manner;
the user searching module is used for iteratively searching the user B in the P2P network after the user A selects the user B to carry out instant messaging, and establishing a link between the user B and the user B after acquiring the address of the user B;
the user connection module establishes connection with the user B after the user A acquires the IP address and the monitoring port information of the user B;
the instant communication module is used for sending and receiving messages after a communication link is established between the user A and the user B;
after the user A and the user B establish connection, the record verification module performs Md5 code verification on the chat record files stored in the local of the user and the chat record duplicate files in the P2P network before the user A and the user B, and compares the integrity of the data of the chat record files with the integrity of the data of the chat record files to ensure the non-repudiation of the chat record;
the blacklist module ensures that the user A can prevent the attempt of the user B to establish the connection with the user A;
the distributed storage module ensures that only authorized users can access and download the distributed storage data stored in the local, and ensures that files and chat data stored in other user machines are encrypted and complete;
the message publishing module is used for carrying out message announcement on a selected object in a set range, wherein the selected object has a specific public and private key pair, the broadcast information is encrypted by using a public key, and only a user who has a corresponding private key can know the real content of the information.
2. The social networking system with enhanced privacy protection of claim 1, further comprising any one or more of:
the user searching module is used for reserving the friend IP addresses and port information which are not offline for a certain time stamp in the online process, and the related information of friend nodes in all the processes has complete transparency relative to the user, so that the privacy of the node information is ensured;
the user connection module is transparent to the user in the connection process, the IP address and the port information of the opposite node are not public, the program background automatically responds and connects, and the user can not see related information;
the instant messaging module, the information sent and received in the TCP link is encrypted by the public key of the receiving party, and after receiving, the information is decrypted by the private key, so that the confidentiality of the message is guaranteed by transmitting the content in the link.
3. The social networking system with enhanced privacy protection as claimed in claim 1, wherein the record verification module, when user a and user B are connected and communicate instantly, first performs Md5 code comparison check on the chat log files stored locally in the user and the duplicate files of the chat log in the P2P network before user a and user B, performs check on whether there is a behavior of changing or deleting the chat log for user a and user B, and informs the correctness of the chat log files stored locally in the user by detecting the integrity of the chat log files stored locally in the user and by responding through an interface.
4. The social networking system with strong privacy protection as claimed in claim 1, wherein the APP application layer, wherein:
the application development form comprises an ios APP, a mobile phone APP of an android platform, windows application software, ubuntu application software and/or mac application software;
the application form comprises interface operation and terminal input and output;
in the application development, function development and application are carried out by calling each function module of the API layer.
CN201711342942.8A 2017-12-14 2017-12-14 Social network system with strong privacy protection Active CN108199866B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711342942.8A CN108199866B (en) 2017-12-14 2017-12-14 Social network system with strong privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711342942.8A CN108199866B (en) 2017-12-14 2017-12-14 Social network system with strong privacy protection

Publications (2)

Publication Number Publication Date
CN108199866A CN108199866A (en) 2018-06-22
CN108199866B true CN108199866B (en) 2020-06-12

Family

ID=62574321

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711342942.8A Active CN108199866B (en) 2017-12-14 2017-12-14 Social network system with strong privacy protection

Country Status (1)

Country Link
CN (1) CN108199866B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067905B (en) * 2018-09-05 2021-03-16 黄秋琼 Method for realizing decentralized network application
CN110166350B (en) * 2019-06-06 2021-08-03 雷雨 Open social network communication method
CN111092805A (en) * 2019-12-17 2020-05-01 北京众享比特科技有限公司 Instant messaging method, device, equipment and medium based on DHT network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119271A (en) * 2007-07-05 2008-02-06 中国科学技术大学 Structured P2P based application service platform and implementing method thereof
CN101867623A (en) * 2010-07-15 2010-10-20 上海交通大学 Peer-to-peer network service primitive system
CN105590192A (en) * 2015-12-14 2016-05-18 苏州天平先进数字科技有限公司 Screen locking system having console game function
CN106570631A (en) * 2016-10-28 2017-04-19 南京邮电大学 Method and system of facing P2P platform operation risk estimation
CN107360238A (en) * 2017-07-25 2017-11-17 光载无限(北京)科技有限公司 Intelligent contract gateway based on block chain CPOW common recognition algorithms

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10417284B2 (en) * 2013-03-14 2019-09-17 Microsoft Technology Licensing, Llc Available, scalable, and tunable document-oriented storage services

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119271A (en) * 2007-07-05 2008-02-06 中国科学技术大学 Structured P2P based application service platform and implementing method thereof
CN101867623A (en) * 2010-07-15 2010-10-20 上海交通大学 Peer-to-peer network service primitive system
CN105590192A (en) * 2015-12-14 2016-05-18 苏州天平先进数字科技有限公司 Screen locking system having console game function
CN106570631A (en) * 2016-10-28 2017-04-19 南京邮电大学 Method and system of facing P2P platform operation risk estimation
CN107360238A (en) * 2017-07-25 2017-11-17 光载无限(北京)科技有限公司 Intelligent contract gateway based on block chain CPOW common recognition algorithms

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NOYB: Privacy in Online Social Networks;Saikat Guha, Kevin Tang,Paul Francis;《workshop on online social network》;20080818;第1页-第5页 *

Also Published As

Publication number Publication date
CN108199866A (en) 2018-06-22

Similar Documents

Publication Publication Date Title
Schiller et al. Landscape of IoT security
CN112422532B (en) Service communication method, system and device and electronic equipment
US11457018B1 (en) Federated messaging
US20230059173A1 (en) Password concatenation for secure command execution in a secure network device
CN110417790B (en) Block chain real-name system queuing system and method
US20210185026A1 (en) System and method for hierarchy manipulation in an encryption key management system
US11582241B1 (en) Community server for secure hosting of community forums via network operating system in secure data network
US11349659B2 (en) Transmitting an encrypted communication to a user in a second secure communication network
US11784813B2 (en) Crypto tunnelling between two-way trusted network devices in a secure peer-to-peer data network
CN108199866B (en) Social network system with strong privacy protection
US11792186B2 (en) Secure peer-to-peer based communication sessions via network operating system in secure data network
US20190068746A1 (en) Directory Lookup for Federated Messaging
CN106537962B (en) Wireless network configuration, access and access method, device and equipment
US11870899B2 (en) Secure device access recovery based on validating encrypted target password from secure recovery container in trusted recovery device
US11949717B2 (en) Distributed security in a secure peer-to-peer data network based on real-time navigator protection of network devices
US9172711B2 (en) Originator publishing an attestation of a statement
US20220417252A1 (en) Distributed security in a secure peer-to-peer data network based on real-time guardian protection of network devices
US20220399995A1 (en) Identity management system establishing two-way trusted relationships in a secure peer-to-peer data network
US11368442B2 (en) Receiving an encrypted communication from a user in a second secure communication network
US20220400011A1 (en) Anti-replay protection based on hashing encrypted temporal key in a secure peer-to-peer data network
CN112307116A (en) Data access control method, device and equipment based on block chain
US11924229B2 (en) Distributed security in a secure peer-to-peer data network based on real-time sentinel protection of network devices
KR20210049421A (en) Method for processing request based on user authentication using blockchain key and system applying same
CN114615279B (en) Trusted multiparty data collaboration method and system based on blockchain technology
US20240056428A1 (en) Crypto-signed switching between two-way trusted network devices in a secure peer-to-peer data network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant