CN115314491B - Directory service method and system for directory server cluster based on distributed structure - Google Patents

Directory service method and system for directory server cluster based on distributed structure Download PDF

Info

Publication number
CN115314491B
CN115314491B CN202210672968.3A CN202210672968A CN115314491B CN 115314491 B CN115314491 B CN 115314491B CN 202210672968 A CN202210672968 A CN 202210672968A CN 115314491 B CN115314491 B CN 115314491B
Authority
CN
China
Prior art keywords
directory
information
server
directory server
common
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210672968.3A
Other languages
Chinese (zh)
Other versions
CN115314491A (en
Inventor
时金桥
马争
王学宾
高悦
王东滨
石瑞生
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202210672968.3A priority Critical patent/CN115314491B/en
Publication of CN115314491A publication Critical patent/CN115314491A/en
Application granted granted Critical
Publication of CN115314491B publication Critical patent/CN115314491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a directory service method and a directory service system of a directory server cluster based on a distributed structure, wherein the method comprises the following steps: after receiving a catalog request sent by a common node, a common catalog server in a catalog server cluster with a distributed structure returns a locally stored catalog information block to the common node to provide catalog service for the common node; the common node calculates the identification value of the directory information block stored by the directory server according to the system parameter and the serial number of the directory server, and verifies the identification value of the directory information block acquired from the common directory server by using the calculated identification value; directory information is obtained from the verified directory information block. The invention has better expansibility on the basis of the directory server cluster with the distributed structure, and can ensure the safety and the effectiveness of the provided directory service.

Description

Directory service method and system for directory server cluster based on distributed structure
Technical Field
The invention relates to the technical field of computers, in particular to a directory service method and a directory service system for a directory server cluster based on a distributed structure.
Background
A user of an anonymous network needs to request existing node information in the network from nodes in the network when joining the network, this request being called a directory request. The node that provides directory services for the entire network node is called a directory server. Node information in the entire network is called directory information.
The Tor's directory service protocol requires the client to obtain up-to-date information for all relays in the network maintained by the authoritative directory server. An authoritative directory server is a set of trusted servers managed by the Tor community core members. Each cycle (one hour in Tor) of relay will upload its own information to the authoritative directory server, which then votes for the relayed information. From these votes, the authoritative directory server computes a multi-signed consensus directory file representing their conclusions. The entire directory information is sent to each client in the Tor.
For the existing anonymous network directory service architecture, the whole can be divided into two categories: one type is a central structure, and the other type is a distributed structure. The central structure takes a central directory server as a core, provides directory service, and has better security. However, the scalability bottleneck of the central architecture is that the consumption of bandwidth resources increases dramatically with increasing node size. The distributed structure takes the routing table of the distributed hash table as the basis for providing directory service, and has better expandability. However, its security analysis and protection against attacks is weak.
Disclosure of Invention
Therefore, the invention aims to provide a directory service method and a directory service system based on a directory server cluster with a distributed structure, which not only have better expansibility on the basis of the directory server cluster with the distributed structure, but also can ensure the security and the effectiveness of the provided directory service.
Based on the above object, the present invention provides a directory service method for a directory server cluster based on a distributed structure, including:
after receiving a catalog request sent by a common node, a common catalog server in a catalog server cluster with a distributed structure returns a locally stored catalog information block to the common node to provide catalog service for the common node;
the common node calculates the identification value of the directory information block stored by the directory server according to the system parameter and the serial number of the directory server, and verifies the identification value of the directory information block acquired from the common directory server by using the calculated identification value; acquiring directory information from the verified directory information block;
wherein, the system parameters are obtained from the authoritative directory server after the common node is registered and authenticated with the authoritative directory server; the directory information block is formed by dividing the information of all registered and authenticated common nodes into a plurality of directory information blocks by the authoritative directory server, and distributing the information to the common directory server after calculating the identification value of the directory information block according to the system parameters.
Preferably, the authority directory server is a plurality of authority directory servers; and
after the common directory server receives the directory request sent by the common node, before returning the locally stored directory information block to the common node, the method further comprises:
the authority directory server realizes registration, authentication and collection of common node information in the anonymous network; generating consensus directory information according to the collected common node information, and splitting the consensus directory information into a plurality of directory information blocks; and then
And after calculating the identification value of the directory information block according to the system parameter, distributing the directory information block with the identification value to each common directory server.
Preferably, the system parameters include: the total number B of directory information blocks split by the consensus directory information, the bit number X of key values in the distributed hash table and the total number m of authoritative directory servers; and
after calculating the identification value of the directory information block according to the system parameter, distributing the directory information block with the identification value to each common directory server, which specifically comprises the following steps:
the authority directory server obtains the identification value D of the 1 st directory information block of the authority directory server according to the step product of the serial number of the authority directory service and the identification value 1 The method comprises the steps of carrying out a first treatment on the surface of the Wherein step= (2) X -1)/(B-1);
Sequentially increasing the product of the number m and step of the common directory servers on the basis of the identification value of the 1 st directory information block to sequentially obtain the identification values of other directory information blocks of the authoritative directory server;
for each directory information block, the authoritative directory server calculates the distance between the identification value of the directory information block and the serial number of each common directory server, and distributes the directory information block to the nearest common directory server.
Preferably, the common node calculates an identification value of a directory information block stored in the directory server according to a system parameter and a sequence number of the directory server, and specifically includes:
the common node determines the identification values of all directory information blocks according to the system parameters;
calculating the distance between the identification value of each directory information block and the serial number of the directory server;
and taking the identification values of a plurality of directory information blocks closest to the directory server as the calculated identification values of the directory information blocks stored by the directory server.
The invention also provides a directory service system of the directory server cluster based on the distributed structure, which comprises: authoritative directory servers, directory server clusters of distributed structures, and common nodes; wherein, the directory server cluster of the distributed structure is composed of a plurality of common directory servers; wherein the method comprises the steps of
The common directory server is used for returning the locally stored directory information block to the common node to provide directory service for the common node after receiving the directory request sent by the common node;
the common node is used for calculating the identification value of the directory information block stored by the directory server according to the system parameter and the serial number of the directory server, and verifying the identification value of the directory information block acquired from the common directory server by using the calculated identification value; acquiring directory information from the verified directory information block;
wherein, the system parameters are obtained from the authoritative directory server after the common node is registered and authenticated with the authoritative directory server; the directory information block is characterized in that the authority directory server divides the information of all the registered and authenticated common nodes into a plurality of directory information blocks, calculates the identification value of the directory information block according to the system parameters and the serial numbers of the common directory server, and distributes the identification value to the common directory server.
In the technical scheme of the invention, after a common directory server in a directory server cluster of a distributed structure receives a directory request sent by a common node, a locally stored directory information block is returned to the common node to provide directory service for the common node; the common node calculates the identification value of the directory information block stored by the directory server according to the system parameter and the serial number of the directory server, and verifies the identification value of the directory information block acquired from the common directory server by using the calculated identification value; acquiring directory information from the verified directory information block; wherein, the system parameters are obtained from the authoritative directory server after the common node is registered and authenticated with the authoritative directory server; the directory information block is formed by dividing the information of all the registered and authenticated common nodes into a plurality of directory information blocks by the authoritative directory server, calculating the identification value of the directory information block according to the system parameters and distributing the identification value to each common directory server. The distributed structure directory server cluster has better expansibility, meanwhile, the directory information which is authenticated and distributed to each common directory server in the distributed structure directory server cluster by the authoritative directory server can ensure the safety, after the common node acquires the directory information block from the common directory server, the common node can calculate the identification value of the directory information block according to the system parameter and the serial number of the directory server, and verify the identification value of the directory information block acquired from the common directory server by using the calculated identification value, and discard the directory information block with the wrong identification value, so that the node can verify the acquired directory information, resist various attacks and ensure the effectiveness of the provided directory service.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of node classification according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a directory service system based on a directory server cluster with a distributed structure according to an embodiment of the present invention;
FIG. 3 is a flowchart of a directory service method for a directory server cluster based on a distributed structure according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method for an authoritative directory server to generate and issue directory information blocks according to an embodiment of the present invention.
Detailed Description
The present invention will be further described in detail below with reference to specific embodiments and with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present invention should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present disclosure pertains. The terms "first," "second," and the like, as used in this disclosure, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
In the technical scheme of the invention, the distributed structure directory server cluster is adopted, so that the distributed structure directory server cluster has better expansibility, meanwhile, the directory information of each common directory server in the distributed structure directory server cluster can be authenticated and distributed to ensure the safety, after the common node acquires the directory information block from the common directory server, the identification value of the directory information block stored by the common directory server can be calculated according to the system parameter and the serial number of the common directory server, the identification value of the directory information block acquired from the common directory server is verified by using the calculated identification value, and the directory information block with the wrong identification value is abandoned, so that the node can verify the acquired directory information and resist various attacks such as routing poisoning attack, thereby ensuring the effectiveness of the provided directory service.
Preferably, in order to uniformly distribute the identification values of the directory information blocks in the whole key value space of the distributed hash table, and meanwhile, the common node can calculate the identification values of the directory information blocks according to system parameters in a network, the invention designs an identification value generation algorithm of the directory information blocks as follows.
The following describes the technical scheme of the embodiment of the present invention in detail with reference to the accompanying drawings.
In the anonymous network of the invention, the classification of the nodes is shown in figure 1, and comprises common nodes and a directory server; wherein, the directory server includes: authoritative directory servers and generic directory servers. For ease of description, a common node will be referred to herein simply as a node.
The invention provides a directory service system based on a distributed structure directory server cluster, the architecture is shown in figure 2, and the directory service system comprises: authoritative directory server 101, directory server clusters of distributed architecture, and common node 103;
wherein a distributed architecture directory server cluster includes a scalable number of generic directory servers 102.
The common directory server 102 is configured to return, after receiving a directory request sent by the common node 103, a locally stored directory information block to the common node to provide a directory service for the common node;
the common node 103 is configured to calculate, according to the system parameter and the serial number of the directory server, an identification value of a directory information block stored in the directory server, and verify, with the calculated identification value, the identification value of the directory information block obtained from the common directory server; acquiring directory information from the verified directory information block;
wherein the system parameter is obtained from the authoritative directory server after the common node is registered and authenticated with the authoritative directory server 101; the directory information block is formed by dividing the information of all the registered and authenticated common nodes into a plurality of directory information blocks by the authoritative directory server, calculating the identification value of the directory information block according to the system parameters and distributing the identification value to each common directory server.
As a more preferable embodiment, the authoritative directory server 101 may be plural, in a set number; the plurality of authoritative directory servers 101 constitute a directory server cluster of a centralized architecture. That is, the directory server cluster of the central structure includes a set number of authoritative directory servers 101;
the authoritative directory server 101 is specifically configured to implement registration, authentication and collection of common node information in the anonymous network; generating consensus directory information according to the collected common node information, and splitting the consensus directory information into a plurality of directory information blocks; and after calculating the identification value of the directory information block according to the system parameter, distributing the directory information block with the identification value to each common directory server.
Specifically, authoritative directory server 101 is a centralized implementation of a hybrid anonymous network directory service architecture. It is generated out-of-band as a trusted node in an anonymous network. The number of authoritative directory servers is set to be, for example, about 10. When a common node joins the network, node information signed by its own private key needs to be reported to the authoritative directory service 101.
The authoritative directory server 101 collects node information, and the node information is signed after being checked to provide a trusted source.
After collecting the node information, the authoritative directory server 101 uses the key information of the node information and the hash value of all the node information as voting information of one node, and integrates the voting information of all the nodes together to form the vote of the authoritative directory server.
In the period of calculating the consensus, the authoritative directory servers 101 exchange votes, and form the consensus of the whole network node information after checking out duplication, namely generate the consensus directory information. Since computing the consensus requires a time agreed between authoritative directory servers 101, the overall network run-time requires a time division. The architecture takes the time interval of every two calculation of the consensus plus the reservation time of the calculation of the consensus as one period. The authoritative directory server 101 then issues the node information to the generic directory server 102. It is worth noting that in the hybrid anonymous network directory service architecture proposed herein, the authoritative directory server performs random splitting on the entire consensus directory information, and then issues the split consensus information to the common directory server only once in one period, so as to reduce the bandwidth consumption of the authoritative directory server and improve the scalability of the central directory service to node scale increase.
The generic directory server 102 composes a distributed storage network through a structured peer-to-peer protocol, and directory services are then provided to generic nodes by the distributed storage network. The generic directory server 102 is a distributed implementation of a hybrid anonymous network directory service architecture. The distributed storage protocol ensures that global information cannot be lost in the distributed storage network, partial information is stored in the local area of each storage node, and the information of the nodes in the anonymous network can be stored in the distributed ordinary directory server and cannot be lost only by acquiring the information of the nodes in the whole network once from the authority directory server, so that the effect that each ordinary directory server can perform directory service for the ordinary nodes is achieved.
Node information in the network stored by the general directory server 102 is issued by the authoritative directory server 101. That is, the general directory server 102 serves as only a storage party and a distributor of node information, and is equivalent to a proxy of the authoritative directory server 101. The node information stored and distributed by the common directory server is authenticated by the authoritative directory server, thereby improving security for directory services provided only by the distributed architecture.
Based on the directory service system based on the directory server cluster with the distributed structure, the embodiment of the invention provides a specific flow of a directory service method based on the directory server cluster with the distributed structure, as shown in fig. 3, which comprises the following steps:
step S301: the normal directory server 102 receives the directory request transmitted by the normal node 103.
Step S302: the normal directory server 102 returns the locally stored directory information block to the normal node 103, and provides directory services for the normal node.
Step S303: the common node 103 calculates the identification value of the directory information block stored in the directory server according to the system parameter and the serial number of the directory server.
In order to uniformly distribute the identification values of the directory information blocks in the whole key value space of the distributed hash table, and meanwhile, a common node can calculate the identification values according to system parameters in a network, the invention provides a generation algorithm of the identification values of the directory information blocks, which is as follows:
the whole directory information block has an identification value of 0 to 2 in space X -1; x is the number of bits of the key value in the DHT; the authoritative directory server 101 splits the entire consensus directory information into a total number of directory information blocks B;
step= (2) step of identification value of every two adjacent directory information blocks X -1)/(B-1);
The general node 103 may calculate the identification value of each directory information block according to the step size of the identification value of the directory information block: determining that the identification value of the 1 st directory information block is equal to step; sequentially increasing step on the basis of the identification values of the 1 st directory information block to sequentially obtain the identification values of other (2 nd and 3 … … th) directory information blocks; that is, the ordinary node 103 calculates the product of step and 1, 2, 3 … … to obtain the identification value of each directory information block;
further, the ordinary node 103 calculates the distance between the identification value of each directory information block and the serial number of the directory server; and determining a plurality of (threshold block_limit) identification values closest to the serial number of the directory server as the identification values of the directory information blocks stored by the directory server. The threshold block_limit may be set to a fixed value, or may be calculated by the common node 103 according to a ratio of the total number B of directory information blocks to the number of common directory servers.
Wherein B, X is a system parameter obtained from the authority directory server 101 by the common node 103 at the time of registration; the identification value of the directory information block is the key value corresponding to the directory information block in the distributed hash table.
Step S304: the ordinary node 103 verifies the identification value of the directory information block acquired from the ordinary directory server with the calculated identification value.
Specifically, the ordinary node 103 verifies whether the identification value of the directory information block acquired from the ordinary directory server is equal to one of the calculated identification values; if yes, the identification value of the directory information block passes verification; otherwise, the identification value of the directory information block cannot pass verification.
Step S305: the ordinary node 103 acquires directory information from a directory information block whose identification value is verified.
Specifically, the ordinary node 103 determines that the directory information block whose identification value passes the verification is actually transmitted by the ordinary directory server, not by the attacker; the common node 103 acquires the directory information from the directory information block with the identification value passing verification, so that various attacks can be resisted, and the validity of the provided directory service is ensured.
The directory information block stored in the general directory server 102 is issued by the authoritative directory server 101, and the flow of the method for generating and issuing the directory information block is shown in fig. 4, and includes the following flows:
step S401: the authoritative directory server 101 enables registration, authentication and collection of node information in the anonymous network.
In this step, after receiving node information signed by the private key of the authority directory server 101 reported by a node in the anonymous network, authenticating the node information; after the authentication is passed, the registration and collection of the node information of the node are completed.
Step S402: the authoritative directory server 101 generates consensus directory information from the collected node information.
In this step, the authority directory server 101 generates voting information of each node in the collected node information according to hash values of key information in the node information of the node and all information of the node; integrating voting information of all nodes to form votes of the authoritative directory server;
the authoritative directory server 101 exchanges votes with other authoritative directory servers in the time period of calculation consensus agreed by each authoritative directory server in each period, and forms consensus of node information of the anonymous network after duplicate removal (i.e. information of nodes which are missing is checked and repeated information of the nodes is removed) to generate consensus directory information.
Step S403: the authoritative directory server 101 splits the consensus directory information into a plurality of directory information blocks.
In this step, the authoritative directory server 101 splits the consensus directory information generated in this period into a plurality of directory information blocks;
specifically, the authoritative directory server 101 splits the consensus directory information generated in the present period into B directory information blocks; and further calculating the identification value of the directory information block:
the authoritative directory server 101 can obtain the identification value D of the 1 st directory information block of the authoritative directory server according to the product of the serial number k of the authoritative directory server and the step length step 1 As shown in the following formula 1:
D 1 =k×step (formula 1)
Further, on the basis of the identification value of the 1 st directory information block, sequentially increasing the product of the total number m of the authoritative directory servers and the step length step to sequentially obtain the identification values of other (2 nd and 3 … … th) directory information blocks of the authoritative directory servers, as shown in formula 2:
D i+1 =m×step+D i (equation 2)
Wherein D is i An identification value representing an ith directory information block of the authoritative directory server; the identification value of each directory information block of the authoritative directory server can be obtained according to the formula 2. The identification value of the directory information block obtained by calculation is the key value corresponding to the directory information block in the distributed hash table.
For example, assuming that x=8, b=16, the number of authoritative directory servers is 1, and the total number of authoritative directory servers is 3, step= (2) 8 -1)/(16-1) =17, the identification values of the 5 directory information blocks generated by the authoritative directory server are as follows:
bids[0]=1*17=17
bids[1]=3*17+17=68
bids[2]=3*17+68=119
bids[3]=3*17+119=170
bids[4]=3*17+170=221
the binary IDs corresponding to the identification values of the 5 directory information blocks are as follows:
block_id_0=17=00010001 2
block_id_1=68=01000100 2
block_id_2=119=01110111 2
block_id_3=170=10101010 2
block_id_4=221=11011101 2
step S404: the authoritative directory server 101 distributes the split plurality of directory information blocks to the respective general directory servers 102.
Specifically, the authoritative directory server 101 calculates, for each directory information block, a distance between an identification value of the directory information block and a sequence number of each ordinary directory server; and determining the serial number of the common directory server closest to the identification value of the directory information block, thereby distributing the directory information block and the identification value thereof to the common directory server.
In practical application, another embodiment may be that the authoritative directory server 101 distributes the directory information block with the identification value to each common directory server randomly; transmitting the distributed hash table to a catalog information allocation server; for each directory information block, calculating the distance between the identification value of the directory information block and the serial number of each common directory server by the directory information allocating server; after determining the serial number of the common directory server closest to the identification value of the directory information block, further determining whether the directory information block is stored in the common directory server; if not, the catalog information block is allocated to the common catalog server from other common catalog servers for storage.
In the technical scheme of the invention, after a common directory server in a directory server cluster of a distributed structure receives a directory request sent by a common node, a locally stored directory information block is returned to the common node to provide directory service for the common node; the common node calculates the identification value of the directory information block stored by the directory server according to the system parameter and the serial number of the directory server, and verifies the identification value of the directory information block acquired from the common directory server by using the calculated identification value; acquiring directory information from the verified directory information block; wherein, the system parameters are obtained from the authoritative directory server after the common node is registered and authenticated with the authoritative directory server; the directory information block is formed by dividing the information of all the registered and authenticated common nodes into a plurality of directory information blocks by the authoritative directory server, calculating the identification value of the directory information block according to the system parameters and distributing the identification value to each common directory server. The distributed structure directory server cluster has better expansibility, meanwhile, the directory information which is authenticated and distributed to each common directory server in the distributed structure directory server cluster by the authoritative directory server can ensure the safety, after the common node acquires the directory information block from the common directory server, the common node can calculate the identification value of the directory information block according to the system parameter and the serial number of the directory server, and verify the identification value of the directory information block acquired from the common directory server by using the calculated identification value, and discard the directory information block with the wrong identification value, so that the node can verify the acquired directory information, resist various attacks and ensure the effectiveness of the provided directory service.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the invention, the steps may be implemented in any order and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the invention. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omission, modification, equivalent replacement, improvement, etc. of the present invention should be included in the scope of the present invention.

Claims (10)

1. A directory service method for a directory server cluster based on a distributed architecture, comprising:
after receiving a catalog request sent by a common node, a common catalog server in a catalog server cluster with a distributed structure returns a locally stored catalog information block to the common node to provide catalog service for the common node;
the common node calculates the identification value of the directory information block stored by the directory server according to the system parameter and the serial number of the directory server, and verifies the identification value of the directory information block acquired from the common directory server by using the calculated identification value; acquiring directory information from the verified directory information block;
the system parameters are obtained from the authoritative directory server after the common node registers with the authoritative directory server and passes authentication; the directory information block is formed by dividing the information of all registered and authenticated common nodes into a plurality of directory information blocks by the authoritative directory server, and distributing the information to the common directory server after calculating the identification value of the directory information block according to the system parameters.
2. The method of claim 1, wherein the authoritative directory server is a plurality of; and
after the common directory server receives the directory request sent by the common node, before returning the locally stored directory information block to the common node, the method further comprises:
the authority directory server realizes registration, authentication and collection of common node information in an anonymous network; generating consensus directory information according to the collected common node information, and splitting the consensus directory information into a plurality of directory information blocks; and then
And after calculating the identification value of the directory information block according to the system parameter, distributing the directory information block with the identification value to each common directory server.
3. The method according to claim 2, wherein the authoritative directory server implements registration, authentication and collection of common node information in the anonymous network, and specifically comprises:
the authority directory server receives node information which is reported by a common node in the anonymous network and signed by a private key of the authority directory server, and then authenticates the information of the common node;
after the authentication is passed, the registration and collection of the node information of the common node are completed.
4. The method according to claim 2, wherein the generating consensus directory information from the collected node information comprises:
the authority directory server generates voting information of each node in the collected node information according to hash values of key information in the node information of the node and all information of the node; integrating voting information of all nodes to form votes of the authoritative directory server;
and exchanging votes with other authoritative directory servers in a time period of calculating consensus appointed by each authoritative directory server in each period, and after duplicate removal is detected, forming consensus of node information of the anonymous network to generate consensus directory information.
5. The method of claim 2, wherein the system parameters comprise: the total number B of directory information blocks split by the consensus directory information, the bit number X of key values in the distributed hash table and the total number m of authoritative directory servers; and
after calculating the identification value of the directory information block according to the system parameter, distributing the directory information block with the identification value to each common directory server, which specifically comprises the following steps:
the authority directory server obtains the identification value D of the 1 st directory information block of the authority directory server according to the step product of the serial number of the authority directory server and the identification value 1 The method comprises the steps of carrying out a first treatment on the surface of the Wherein step= (2) X -1)/(B-1);
Sequentially increasing the product of the number m of the authoritative directory servers and step on the basis of the identification value of the 1 st directory information block to sequentially obtain the identification values of other directory information blocks of the authoritative directory servers;
for each directory information block, the authoritative directory server calculates the distance between the identification value of the directory information block and the serial number of each common directory server, and distributes the directory information block to the nearest common directory server.
6. The method according to claim 5, wherein the common node calculates the identification value of the directory information block stored in the directory server according to the system parameter and the serial number of the directory server, and specifically includes:
the common node determines the identification values of all directory information blocks according to the system parameters;
calculating the distance between the identification value of each directory information block and the serial number of the directory server;
and taking the identification values of a plurality of directory information blocks closest to the directory server as the calculated identification values of the directory information blocks stored by the directory server.
7. A directory service system based on a distributed architecture directory server cluster, comprising: authoritative directory servers, directory server clusters of distributed structures, and common nodes; wherein, the directory server cluster of the distributed structure is composed of a plurality of common directory servers; wherein the method comprises the steps of
The common directory server is used for returning the locally stored directory information block to the common node to provide directory service for the common node after receiving the directory request sent by the common node;
the common node is used for calculating the identification value of the directory information block stored by the directory server according to the system parameter and the serial number of the directory server, and verifying the identification value of the directory information block acquired from the common directory server by using the calculated identification value; acquiring directory information from the verified directory information block;
wherein, the system parameters are obtained from the authoritative directory server after the common node is registered and authenticated with the authoritative directory server; the directory information block is formed by dividing the information of all the registered and authenticated common nodes into a plurality of directory information blocks by the authoritative directory server, calculating the identification value of the directory information block according to the system parameters and distributing the identification value to each common directory server.
8. The system of claim 7, wherein the authoritative directory server is a plurality of; and
the authority directory server is particularly used for realizing registration, authentication and collection of common node information in an anonymous network; generating consensus directory information according to the collected common node information, and splitting the consensus directory information into a plurality of directory information blocks; and then distributing the directory information blocks with the identification values to all the common directory servers after calculating the identification values of the directory information blocks according to the system parameters.
9. The system of claim 8, wherein the system parameters comprise: the total number B of directory information blocks split by the consensus directory information, the bit number X of key values in the distributed hash table and the total number m of authoritative directory servers; and
the authority directory server is specifically configured to obtain an identification value D of the 1 st directory information block of the authority directory server according to a step product of the serial number and the identification value of the authority directory server 1 The method comprises the steps of carrying out a first treatment on the surface of the Wherein step= (2) X -1)/(B-1); sequentially increasing the product of the number m of the authoritative directory servers and step on the basis of the identification value of the 1 st directory information block to sequentially obtain the identification values of other directory information blocks of the authoritative directory servers; for each directory information block, the authoritative directory server calculates the distance between the identification value of the directory information block and the serial number of each common directory server, and distributes the directory information block to the nearest common directory server.
10. The system of claim 8, wherein the authoritative directory servers comprise a cluster of directory servers in a centralized architecture.
CN202210672968.3A 2022-06-14 2022-06-14 Directory service method and system for directory server cluster based on distributed structure Active CN115314491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210672968.3A CN115314491B (en) 2022-06-14 2022-06-14 Directory service method and system for directory server cluster based on distributed structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210672968.3A CN115314491B (en) 2022-06-14 2022-06-14 Directory service method and system for directory server cluster based on distributed structure

Publications (2)

Publication Number Publication Date
CN115314491A CN115314491A (en) 2022-11-08
CN115314491B true CN115314491B (en) 2023-10-20

Family

ID=83855805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210672968.3A Active CN115314491B (en) 2022-06-14 2022-06-14 Directory service method and system for directory server cluster based on distributed structure

Country Status (1)

Country Link
CN (1) CN115314491B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055644A (en) * 2009-11-11 2011-05-11 中兴通讯股份有限公司 Method, device and system for load management in distributed directory service system
CN104539598A (en) * 2014-12-19 2015-04-22 厦门市美亚柏科信息股份有限公司 Tor-improved safety anonymous network communication system and method
EP3195639A1 (en) * 2014-09-16 2017-07-26 Nokia Technologies Oy Method and apparatus for anonymous access and control of a service node
CN108494774A (en) * 2018-03-26 2018-09-04 广东工业大学 A kind of anti-link control attack method for reinforcing anonymous communication system safety
US10140304B1 (en) * 2015-12-10 2018-11-27 EMC IP Holding Company LLC Distributed metadata servers in a file system with separate metadata servers for file metadata and directory metadata
CN111432025A (en) * 2020-04-10 2020-07-17 中国人民解放军国防科技大学 Cloud edge cooperation-oriented distributed service directory management method and system
CN112468517A (en) * 2021-01-25 2021-03-09 广州大学 Tracing-resistant anonymous communication network access method, system and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11134055B2 (en) * 2018-08-02 2021-09-28 Memverge, Inc. Naming service in a distributed memory object architecture

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055644A (en) * 2009-11-11 2011-05-11 中兴通讯股份有限公司 Method, device and system for load management in distributed directory service system
EP3195639A1 (en) * 2014-09-16 2017-07-26 Nokia Technologies Oy Method and apparatus for anonymous access and control of a service node
CN104539598A (en) * 2014-12-19 2015-04-22 厦门市美亚柏科信息股份有限公司 Tor-improved safety anonymous network communication system and method
US10140304B1 (en) * 2015-12-10 2018-11-27 EMC IP Holding Company LLC Distributed metadata servers in a file system with separate metadata servers for file metadata and directory metadata
CN108494774A (en) * 2018-03-26 2018-09-04 广东工业大学 A kind of anti-link control attack method for reinforcing anonymous communication system safety
CN111432025A (en) * 2020-04-10 2020-07-17 中国人民解放军国防科技大学 Cloud edge cooperation-oriented distributed service directory management method and system
CN112468517A (en) * 2021-01-25 2021-03-09 广州大学 Tracing-resistant anonymous communication network access method, system and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于LDAP的高可用目录服务器的设计与实现;章松;刘春波;;软件(12);全文 *
多样化的可控匿名通信系统;周彦伟;通信学报;全文 *

Also Published As

Publication number Publication date
CN115314491A (en) 2022-11-08

Similar Documents

Publication Publication Date Title
CN109462587B (en) Block chain layered consensus method, block chain network system and block chain node
KR101837169B1 (en) Method for providing secret electronic voting service on the basis of blockchain with merkle tree structure by using zero knowledge proof algorithm, and voting coin minter server, voting token distributor server and voting supporting server using the same
CN110059494B (en) Privacy protection method for block chain transaction data and block chain system
CN108924130B (en) Block data verification method, device, equipment and storage medium
CN111988381B (en) HashGraph-based Internet of vehicles distributed trust system and trust value calculation method
KR101837170B1 (en) Method for providing secret electronic voting service on the basis of blockchain by using zero knowledge proof algorithm, and voting coin minter server, voting token distributor server and voting supporting server using the same
EP3454238A1 (en) Registration and authorization method, device and system
CN110012126B (en) DNS system based on block chain technology
CN110289966A (en) Anti-adaptive attack alliance's chain common recognition method based on Byzantine failure tolerance
CN113395363B (en) Data processing method, device and equipment based on block chain and storage medium
CN111556120A (en) Data processing method and device based on block chain, storage medium and equipment
CN112116349B (en) High-throughput-rate-oriented random consensus method and device for drawing account book
CN114139203B (en) Block chain-based heterogeneous identity alliance risk assessment system and method and terminal
JP2022523447A (en) How to elect a leader node using a role-based consensus protocol in a blockchain network
CN106886722A (en) Big data information processing method and device
US20200220723A1 (en) Validation of Blockchain Activities Based on Proof of Hardware
CN112435020A (en) Block chain based supervised anonymous transaction system
CN109981586B (en) Node marking method and device
CN112448946A (en) Log auditing method and device based on block chain
CN104160651A (en) Byzantine fault tolerance and threshold coin tossing
CN110071966B (en) Block chain networking and data processing method based on cloud platform
CN115314491B (en) Directory service method and system for directory server cluster based on distributed structure
Hegde et al. Hash based integrity verification for vehicular cloud environment
Tang et al. PSSBP: A privacy-preserving scope-query searchable encryption scheme based on blockchain for parking lots sharing in vehicular networks
CN115277054B (en) Directory service method and system in anonymous network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant