CN115277054B - Directory service method and system in anonymous network - Google Patents
Directory service method and system in anonymous network Download PDFInfo
- Publication number
- CN115277054B CN115277054B CN202210647925.XA CN202210647925A CN115277054B CN 115277054 B CN115277054 B CN 115277054B CN 202210647925 A CN202210647925 A CN 202210647925A CN 115277054 B CN115277054 B CN 115277054B
- Authority
- CN
- China
- Prior art keywords
- information
- directory
- node
- directory server
- common
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000010586 diagram Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a directory service method and a directory service system in an anonymous network, wherein the directory service system comprises the following steps: authoritative directory server clusters of a central structure and common directory server clusters of a distributed structure; the authority directory server in the authority directory server cluster is used for realizing registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of copies and distributing the copies to each common directory server; and the common directory server in the common directory server cluster is used for storing the directory information locally after receiving the directory information distributed by the authoritative directory server, and providing directory service for the nodes in the anonymous network according to the locally stored directory information. The invention can ensure the security of the directory service of the anonymous network while having expandability.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a directory service method and a directory service system in an anonymous network.
Background
A user of an anonymous network needs to request existing node information in the network from nodes in the network when joining the network, this request being called a directory request. The node that provides directory services for the entire network node is called a directory server. Node information in the entire network is called directory information.
The Tor's directory service protocol requires the client to obtain up-to-date information for all relays in the network maintained by the authoritative directory server. An authoritative directory server is a set of trusted servers managed by the Tor community core members. Each cycle (one hour in Tor) of relay will upload its own information to the authoritative directory server, which then votes for the relayed information. From these votes, the authoritative directory server computes a multi-signed consensus directory file representing their conclusions. The entire directory information is sent to each client in the Tor.
For the existing anonymous network directory service architecture, the whole can be divided into two categories: one type is a central structure, and the other type is a distributed structure. The central structure takes a central directory server as a core, provides directory service, and has better security. However, the scalability bottleneck of the central architecture is that the consumption of bandwidth resources increases dramatically with increasing node size. The distributed structure takes the routing table of the distributed hash table as the basis for providing directory service, and has better expandability. However, its security analysis and protection against attacks is weak.
Disclosure of Invention
Therefore, the present invention is directed to a method and a system for providing a directory service in an anonymous network, which combines a central structure and a distributed structure, so that the directory service of the anonymous network has expandability and ensures the security thereof.
Based on the above object, the present invention provides a directory service system in an anonymous network, comprising: authoritative directory server clusters of a central structure and common directory server clusters of a distributed structure; wherein the method comprises the steps of
The authority directory server in the authority directory server cluster is used for realizing registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of copies and distributing the copies to each common directory server;
and the common directory server in the common directory server cluster is used for storing the directory information locally after receiving the directory information distributed by the authoritative directory server, and providing directory service for the nodes in the anonymous network according to the locally stored directory information.
Preferably, the authoritative directory server specifically includes:
the node information collection module is used for realizing registration, authentication and collection of node information in the anonymous network;
the consensus information generating module is used for generating consensus directory information according to the node information collected by the node information collecting module;
and the catalog information distribution module is used for splitting the common catalog information into a plurality of copies and distributing the copies to each common catalog server.
The node information collection module is specifically configured to authenticate node information after receiving node information signed by a private key of the node in the anonymous network; after the authentication is passed, the registration and collection of the node information of the node are completed.
The consensus information generation module is specifically configured to generate, for each node in the collected node information, voting information of the node according to hash values of key information in the node information of the node and all information of the node; integrating voting information of all nodes to form votes of the authoritative directory server; and exchanging votes with other authoritative directory servers in a time period of calculating consensus agreed by each authoritative directory server in each period, and after duplicate removal is detected, forming consensus of node information of the anonymous network to generate consensus directory information.
The catalog information distribution module is specifically configured to split the consensus catalog information generated in the present period into multiple copies, and distribute the copies to each common catalog server in the present period.
The invention also provides a directory service method in the anonymous network, which comprises the following steps:
an authoritative directory server in an authoritative directory server cluster of a central structure realizes registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of parts and distributing the parts to all the common directory servers in the common directory server cluster of the distributed structure;
the common directory server receives the directory information distributed by the authoritative directory server, stores the directory information in the local place, and provides directory service for nodes in the anonymous network according to the locally stored directory information.
The invention also provides an authoritative directory server, comprising:
the node information collection module is used for realizing registration, authentication and collection of node information in the anonymous network;
the consensus information generating module is used for generating consensus directory information according to the node information collected by the node information collecting module;
and the catalog information distribution module is used for splitting the common catalog information into a plurality of copies and distributing the copies to each common catalog server.
In the technical scheme of the invention, an authoritative directory server in an authoritative directory server cluster of a central structure realizes registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of parts and distributing the parts to all the common directory servers in the common directory server cluster of the distributed structure; the common directory server receives the directory information distributed by the authoritative directory server, stores the directory information in the local place, and provides directory service for nodes in the anonymous network according to the locally stored directory information. On one hand, authentication of node information and consensus of directory information are realized through an authoritative directory server of a central structure, so that the security of the directory information can be ensured; on the other hand, the common directory information is split into a plurality of parts, each common directory server of the distributed structure stores the common directory information, and the common directory server provides directory services according to the stored directory information, namely, the common directory server only serves as a storage party and a distribution party of node information and is equivalent to an agent of an authoritative directory server, so that the bandwidth consumption of the authoritative directory server can be reduced, and the expandability of the centralized directory service for node scale growth is improved; and the node information stored and distributed by the common directory server is authenticated by the authoritative directory server, thereby improving the security for providing directory services only by the distributed structure.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a directory service system in an anonymous network according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of node classification according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for directory services in an anonymous network, according to an embodiment of the present invention;
FIG. 4 is a block diagram illustrating an internal structure of an authoritative directory server according to an embodiment of the present invention.
Detailed Description
The present invention will be further described in detail below with reference to specific embodiments and with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present invention should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present disclosure pertains. The terms "first," "second," and the like, as used in this disclosure, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
In the technical scheme of the invention, a trusted central authority directory server is responsible for registration, collection and authentication of node information in a network, and is used as a security core to ensure the security of the whole anonymous network directory service; the distributed common directory server provides directory service for the nodes by searching the locally stored directory information, and the distributed common directory server is used as a service core, so that the bandwidth consumption of the authoritative directory server can be reduced, the expandability of the central directory service to the node scale increase is improved, and the reliability of the whole anonymous network directory service is ensured.
The following describes the technical scheme of the embodiment of the present invention in detail with reference to the accompanying drawings.
The invention provides a directory service system in an anonymous network, the architecture of which is shown in figure 1, comprising: authoritative directory server clusters of a central structure and common directory server clusters of a distributed structure;
the authoritative directory server cluster includes a set number of authoritative directory servers 101;
an extensible number of generic directory servers 102 are included in a generic directory server cluster.
In an anonymous network, the classification of nodes is shown in fig. 2, and comprises common nodes and a directory server; wherein, the directory server includes: authoritative directory servers and generic directory servers. For ease of description, a common node will be referred to herein simply as a node.
The authority directory server 101 in the authority directory server cluster is used for realizing registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of copies and distributing the copies to each common directory server;
the general directory server 102 in the general directory server cluster is configured to receive the directory information distributed by the authoritative directory server 101, store the directory information locally, and provide a directory service for the nodes in the anonymous network according to the locally stored directory information.
Specifically, authoritative directory server 101 is a centralized implementation of a hybrid anonymous network directory service architecture. It is generated out-of-band as a trusted node in an anonymous network. The number of authoritative directory servers is set to be, for example, about 10. When a common node joins the network, node information signed by its own private key needs to be reported to the authoritative directory service 101.
The authoritative directory server 101 collects node information, and the node information is signed after being checked to provide a trusted source.
After collecting the nodes, the authoritative directory server 101 takes the key information of the node information and the hash value of all the node information as voting information of one node, and integrates the voting information of all the nodes together to form the votes of the authoritative directory server.
In the period of calculating the consensus, the authoritative directory servers 101 exchange votes, and form the consensus of the whole network node information after checking out duplication, namely generate the consensus directory information. Since computing the consensus requires a time agreed between authoritative directory servers 101, the overall network run-time requires a time division. The architecture takes the time interval of every two calculation of the consensus plus the reservation time of the calculation of the consensus as one period. The authoritative directory server 101 then issues the node information to the generic directory server 102. It is worth noting that in the hybrid anonymous network directory service architecture proposed herein, the authoritative directory server performs random splitting on the entire consensus directory information, and then issues the split consensus information to the common directory server only once in one period, so as to reduce the bandwidth consumption of the authoritative directory server and improve the scalability of the central directory service to node scale increase.
The generic directory server 102 composes a distributed storage network through a structured peer-to-peer protocol, and directory services are then provided to generic nodes by the distributed storage network. The generic directory server 102 is a distributed implementation of a hybrid anonymous network directory service architecture. The distributed storage protocol ensures that global information cannot be lost in the distributed storage network, partial information is stored in the local area of each storage node, and the information of the nodes in the anonymous network can be stored in the distributed ordinary directory server and cannot be lost only by acquiring the information of the nodes in the whole network once from the authority directory server, so that the effect that each ordinary directory server can perform directory service for the ordinary nodes is achieved.
Node information in the network stored by the general directory server 102 is issued by the authoritative directory server 101. That is, the general directory server 102 serves as only a storage party and a distributor of node information, and is equivalent to a proxy of the authoritative directory server 101. The node information stored and distributed by the common directory server is authenticated by the authoritative directory server, thereby improving security for directory services provided only by the distributed architecture.
Based on the above-mentioned directory service system in the anonymous network, the specific flow of the directory service method in the anonymous network provided by the embodiment of the invention, as shown in fig. 3, includes the following steps:
step S301: the authoritative directory server 101 enables registration, authentication and collection of node information in the anonymous network.
In this step, after receiving node information signed by the private key of the authority directory server 101 reported by a node in the anonymous network, authenticating the node information; after the authentication is passed, the registration and collection of the node information of the node are completed.
Step S302: the authoritative directory server 101 generates consensus directory information from the collected node information.
In this step, the authority directory server 101 generates voting information of each node in the collected node information according to hash values of key information in the node information of the node and all information of the node; integrating voting information of all nodes to form votes of the authoritative directory server;
the authoritative directory server 101 exchanges votes with other authoritative directory servers in the time period of calculation consensus agreed by each authoritative directory server in each period, and forms consensus of node information of the anonymous network after duplicate removal (i.e. information of nodes which are missing is checked and repeated information of the nodes is removed) to generate consensus directory information.
Step S303: the authoritative directory server 101 splits the consensus directory information into multiple shares for distribution to the general directory servers.
In this step, the authoritative directory server 101 splits the consensus directory information generated in this period into a plurality of sub-directory information, and distributes the split sub-directory information to each general directory server in this period.
Specifically, the authoritative directory server 101 splits the common directory information into multiple sub-directory information, and the number of split sub-directory information is greater than the number of common directory servers, so that each common directory server can receive at least one split sub-directory information in one period.
Step S304: the general directory server 102 receives the directory information distributed by the authoritative directory server and stores the directory information locally.
In this step, the general directory server 102 distributes the authoritative directory server to at least one piece of sub-directory information of the present server, and stores the sub-directory information as received directory information locally.
Step S305: the generic directory server 102 provides directory services for nodes in the anonymous network based on locally stored directory information.
Specifically, after the generic directory server 102 receives the directory request sent by the node in the anonymous network, it provides a directory service for the node according to the locally stored directory information.
An internal structure of the authoritative directory server 101, as shown in fig. 4, includes: a node information collection module 401, a consensus information generation module 402, and a catalog information distribution module 403.
The node information collection module 401 is configured to implement registration, authentication, and collection of node information in the anonymous network; specifically, after receiving node information signed by the private key of the node in the anonymous network, the node information collection module 401 authenticates the node information; after the authentication is passed, the registration and collection of the node information of the node are completed.
The consensus information generating module 402 is configured to generate consensus directory information according to the node information collected by the node information collecting module 401; specifically, the consensus information generating module 402 generates, for each node in the collected node information, voting information of the node according to hash values of key information in the node information of the node and all information of the node; integrating voting information of all nodes to form votes of the authoritative directory server; and exchanging votes with other authoritative directory servers in a time period of calculating consensus agreed by each authoritative directory server in each period, and after duplicate removal is detected, forming consensus of node information of the anonymous network to generate consensus directory information.
The directory information distribution module 403 is configured to split the consensus directory information generated by the consensus information generation module 402 into multiple shares and distribute the multiple shares to each common directory server. Specifically, the catalog information distribution module 403 splits the consensus catalog information generated in the present period into a plurality of shares and distributes the shares to each general catalog server in the present period.
The method for implementing the functions of each module in the authoritative directory server may refer to the method in each step in the flow shown in fig. 3, and will not be described herein.
In the technical scheme of the invention, an authoritative directory server in an authoritative directory server cluster of a central structure realizes registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of parts and distributing the parts to all the common directory servers in the common directory server cluster of the distributed structure; the common directory server receives the directory information distributed by the authoritative directory server, stores the directory information in the local place, and provides directory service for nodes in the anonymous network according to the locally stored directory information. On one hand, authentication of node information and consensus of directory information are realized through an authoritative directory server of a central structure, so that the security of the directory information can be ensured; on the other hand, the common directory information is split into a plurality of parts, each common directory server of the distributed structure stores the common directory information, and the common directory server provides directory services according to the stored directory information, namely, the common directory server only serves as a storage party and a distribution party of node information and is equivalent to an agent of an authoritative directory server, so that the bandwidth consumption of the authoritative directory server can be reduced, and the expandability of the centralized directory service for node scale growth is improved; and the node information stored and distributed by the common directory server is authenticated by the authoritative directory server, thereby improving the security for providing directory services only by the distributed structure.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the invention, the steps may be implemented in any order and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the invention. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omission, modification, equivalent replacement, improvement, etc. of the present invention should be included in the scope of the present invention.
Claims (10)
1. A directory services system in an anonymous network, comprising: authoritative directory server clusters of a central structure and common directory server clusters of a distributed structure; wherein the method comprises the steps of
The authority directory server in the authority directory server cluster is used for realizing registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of copies and distributing the copies to each common directory server;
and the common directory server in the common directory server cluster is used for storing the directory information locally after receiving the directory information distributed by the authoritative directory server, and providing directory service for the nodes in the anonymous network according to the locally stored directory information.
2. The system according to claim 1, characterized in that said authoritative directory server comprises in particular:
the node information collection module is used for realizing registration, authentication and collection of node information in the anonymous network;
the consensus information generating module is used for generating consensus directory information according to the node information collected by the node information collecting module;
and the catalog information distribution module is used for splitting the common catalog information into a plurality of copies and distributing the copies to each common catalog server.
3. The system of claim 2, wherein the system further comprises a controller configured to control the controller,
the node information collection module is specifically used for authenticating the node information after receiving the node information signed by the private key of the node in the anonymous network; after the authentication is passed, the registration and collection of the node information of the node are completed.
4. The system of claim 3, wherein the system further comprises a controller configured to control the controller,
the consensus information generation module is specifically configured to generate, for each node in the collected node information, voting information of the node according to hash values of key information in the node information of the node and all information of the node; integrating voting information of all nodes to form votes of the authoritative directory server; and exchanging votes with other authoritative directory servers in a time period of calculating consensus agreed by each authoritative directory server in each period, and after duplicate removal is detected, forming consensus of node information of the anonymous network to generate consensus directory information.
5. The system of claim 3, wherein the system further comprises a controller configured to control the controller,
the catalog information distribution module is specifically configured to split the common catalog information generated in the present period into multiple copies, and distribute the copies to each common catalog server in the present period.
6. A method of directory services in an anonymous network, comprising:
an authoritative directory server in an authoritative directory server cluster of a central structure realizes registration, authentication and collection of node information in the anonymous network; after generating consensus directory information according to the collected node information, splitting the consensus directory information into a plurality of parts and distributing the parts to all the common directory servers in the common directory server cluster of the distributed structure;
the common directory server receives the directory information distributed by the authoritative directory server, stores the directory information in the local place, and provides directory service for nodes in the anonymous network according to the locally stored directory information.
7. The method of claim 6, wherein the authoritative directory server enables registration, authentication and collection of node information in the anonymous network, and specifically comprises:
the authority directory server receives node information which is reported by nodes in the anonymous network and signed by the private key of the authority directory server, and then authenticates the node information;
after the authentication is passed, the registration and collection of the node information of the node are completed.
8. The method according to claim 7, wherein generating consensus directory information from the collected node information comprises:
the authority directory server generates voting information of each node in the collected node information according to hash values of key information in the node information of the node and all information of the node; integrating voting information of all nodes to form votes of the authoritative directory server;
and exchanging votes with other authoritative directory servers in a time period of calculating consensus appointed by each authoritative directory server in each period, and after duplicate removal is detected, forming consensus of node information of the anonymous network to generate consensus directory information.
9. The method according to claim 8, wherein the splitting the common directory information into multiple shares is distributed to each common directory server, and specifically comprises:
and splitting the common directory information generated in the period into a plurality of parts, and distributing the parts to each common directory server in the period.
10. An authoritative directory server, comprising:
the node information collection module is used for realizing registration, authentication and collection of node information in the anonymous network;
the consensus information generating module is used for generating consensus directory information according to the node information collected by the node information collecting module;
and the catalog information distribution module is used for splitting the common catalog information into a plurality of copies and distributing the copies to each common catalog server, and the common catalog server provides catalog service for nodes in the anonymous network according to the locally stored catalog information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210647925.XA CN115277054B (en) | 2022-06-08 | 2022-06-08 | Directory service method and system in anonymous network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210647925.XA CN115277054B (en) | 2022-06-08 | 2022-06-08 | Directory service method and system in anonymous network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277054A CN115277054A (en) | 2022-11-01 |
| CN115277054B true CN115277054B (en) | 2023-11-10 |
Family
ID=83759157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210647925.XA Active CN115277054B (en) | 2022-06-08 | 2022-06-08 | Directory service method and system in anonymous network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277054B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6810421B1 (en) * | 1999-01-11 | 2004-10-26 | Hitachi, Ltd. | Communication network system and method for controlling services in a communication network system |
| CN104539598A (en) * | 2014-12-19 | 2015-04-22 | 厦门市美亚柏科信息股份有限公司 | Tor-improved safety anonymous network communication system and method |
| CN108494774A (en) * | 2018-03-26 | 2018-09-04 | 广东工业大学 | A kind of anti-link control attack method for reinforcing anonymous communication system safety |
| CN109962902A (en) * | 2017-12-26 | 2019-07-02 | 中标软件有限公司 | A kind of anti-network trace and the method and system for realizing Anonymous Secure access |
| CN110191153A (en) * | 2019-04-24 | 2019-08-30 | 成都派沃特科技股份有限公司 | Social communication method based on block chain |
| CN111970243A (en) * | 2020-07-20 | 2020-11-20 | 北京邮电大学 | Message forwarding method of multistage routing in anonymous communication network |
| CN112019501A (en) * | 2020-07-20 | 2020-12-01 | 北京邮电大学 | Anonymous communication method and device for user nodes |
| CN112468517A (en) * | 2021-01-25 | 2021-03-09 | 广州大学 | Tracing-resistant anonymous communication network access method, system and device |
| US11088996B1 (en) * | 2021-02-10 | 2021-08-10 | SecureCo, Inc. | Secure network protocol and transit system to protect communications deliverability and attribution |
| CN114449000A (en) * | 2021-12-28 | 2022-05-06 | 北京邮电大学 | Vehicle network data consensus optimization storage method and storage system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040088365A1 (en) * | 2002-10-30 | 2004-05-06 | Sun Microsystems, Inc. | Service information model mapping with shared directory tree representations |
-
2022
- 2022-06-08 CN CN202210647925.XA patent/CN115277054B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6810421B1 (en) * | 1999-01-11 | 2004-10-26 | Hitachi, Ltd. | Communication network system and method for controlling services in a communication network system |
| CN104539598A (en) * | 2014-12-19 | 2015-04-22 | 厦门市美亚柏科信息股份有限公司 | Tor-improved safety anonymous network communication system and method |
| CN109962902A (en) * | 2017-12-26 | 2019-07-02 | 中标软件有限公司 | A kind of anti-network trace and the method and system for realizing Anonymous Secure access |
| CN108494774A (en) * | 2018-03-26 | 2018-09-04 | 广东工业大学 | A kind of anti-link control attack method for reinforcing anonymous communication system safety |
| CN110191153A (en) * | 2019-04-24 | 2019-08-30 | 成都派沃特科技股份有限公司 | Social communication method based on block chain |
| CN111970243A (en) * | 2020-07-20 | 2020-11-20 | 北京邮电大学 | Message forwarding method of multistage routing in anonymous communication network |
| CN112019501A (en) * | 2020-07-20 | 2020-12-01 | 北京邮电大学 | Anonymous communication method and device for user nodes |
| CN112468517A (en) * | 2021-01-25 | 2021-03-09 | 广州大学 | Tracing-resistant anonymous communication network access method, system and device |
| US11088996B1 (en) * | 2021-02-10 | 2021-08-10 | SecureCo, Inc. | Secure network protocol and transit system to protect communications deliverability and attribution |
| CN114449000A (en) * | 2021-12-28 | 2022-05-06 | 北京邮电大学 | Vehicle network data consensus optimization storage method and storage system |
Non-Patent Citations (2)
| Title |
|---|
| 一种Tor匿名通信系统的改进方案;杨伟伟;刘胜利;蔡瑞杰;陈嘉勇;;信息工程大学学报(04);全文 * |
| 多样化的可控匿名通信系统;周彦伟;通信学报;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277054A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114079660B (en) | High-performance distributed storage block data, time stamp, cross-chain communication and data collaboration method | |
| CN109189751B (en) | Data synchronization method based on block chain and terminal equipment | |
| US11102185B2 (en) | Blockchain-based service data encryption methods and apparatuses | |
| CN112491847B (en) | Block chain all-in-one machine and automatic chain building method and device thereof | |
| US20230316273A1 (en) | Data processing method and apparatus, computer device, and storage medium | |
| US20190102163A1 (en) | System and Method for a Blockchain-Supported Programmable Information Management and Data Distribution System | |
| CN113395363B (en) | Data processing method, device and equipment based on block chain and storage medium | |
| CN112085504B (en) | Data processing method and device, computer equipment and storage medium | |
| CN112116349B (en) | High-throughput-rate-oriented random consensus method and device for drawing account book | |
| CN113765675B (en) | Transaction data processing method, device, equipment and medium | |
| CN111694895A (en) | Block chain remote data auditing method and system | |
| CN114567647A (en) | Distributed cloud file storage method and system based on IPFS | |
| Fan et al. | Secure time synchronization scheme in iot based on blockchain | |
| Yao et al. | Sok: A taxonomy for critical analysis of consensus mechanisms in consortium blockchain | |
| CN112291321B (en) | Service processing method, device and system | |
| CN115277054B (en) | Directory service method and system in anonymous network | |
| CN115563591A (en) | Data access method, node and cascade center | |
| CN110071966B (en) | Block chain networking and data processing method based on cloud platform | |
| CN112381599A (en) | Shared charger rental system and method based on block chain technology | |
| Sang et al. | Information-centric blockchain technology for the smart grid | |
| CN115314491B (en) | Directory service method and system for directory server cluster based on distributed structure | |
| CN115001707A (en) | Block chain-based equipment authentication method and related equipment | |
| Al-Mamun et al. | Trustworthy edge computing through blockchains | |
| CN110209666B (en) | data storage method and terminal equipment | |
| CN114254383A (en) | Intelligent networking automobile data safety management system and method based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |