PZP technology and information security

zhaozj2021-02-16  102

Cheng Xueqi Yu Zhihua Lu Tianbo Lu Jianming

Summary P2P (Peer to Peer) Network Structure The most significant feature of the CLIENT / Server structure or browser / server structure is that the entire network does not exist (or center server), and each node (peer) is mostly information consumption. Three aspects of information providers and information communications. With various types of digital terminals, server resources, network bandwidth and other resources continuously maintain the growth of Moore's law, improve communication efficiency through more direct sharing, reduce resources, and ensure information service safety will bring new one for information society. The development of the wheel. P2P is one of the main candidates of this new sharing method. At present, P2P technology provides more flexible and efficient patterns for service sharing, distributed computing and information exchange, and also brings new challenges and new security means for information security. This article will provide a brief introduction to this. P2P Introduction P2P (Peer-to-Peer, That is, the peer network) is a concept that is widely concerned by IT industry in recent years. Due to the vast number of network terminal nodes (the nodes owned by ordinary users, the common sense terminal devices) calculate and the connection bandwidth will greatly increase the utilization of these nodes with the Moore's theorem, using P2P technology. Further enhance the performance of networks, equipment and information services. The reason why P2P attracts is mainly in the following two aspects:

Low cost, highly available large scale computing and storage resource sharing; powerful network Unicom, more direct, more flexible information communication. At present, P2P has fully displayed its powerful technical advantages in strengthening communication, document exchange, distributed computing, service sharing, etc. 1.1 What is that most people of P2P initially know P2P networks from Napster's brands. In this application, the P2P network concept is used to share files. However, P2P is not only for file sharing, but it also includes a lot of aspects of establishing a P2P-based communication network, P2P computing, or other resources. The most fundamental idea of ​​P2P is also the most significant difference between C / S lies in the network's nodes (peer) can get both resources or services of other nodes, but also the providers of resources or services, that is, Client and Server Double identity. The rights and obligations owned by each node in the general P2P network are all right, including communications, services, and resource consumption. P2P is such a distributed network, where participants share some of the hardware resources they have (processing power, storage capabilities, network connection capabilities, printers ...), these shared resources need to provide services and content by the network, can be Other PEERs directly access without the need to pass through an intermediate entity. Participants in this network are both a resource (service and content) provider, but also a resource (service and content) acquisition. P2P can be divided into two modes of pure p2p and hybrid (Hybrid) P2P. There is no central entity or server in pure P2P network, remove any individual, any terminal entity from the network, and will not bring great losses to services in the network. In the hybrid P2P network, there is a need for a central entity to provide some necessary network services, such as saving meta information, providing indexing or routing, providing a safety inspection. 1.2 P2P Development History From the network model, P2P is not a new concept, which can be said to be the foundation of the overall architecture of the Internet. The most basic protocol TCP / IP of the Internet does not have the concept of clients and servers, and all devices are all ends of communication. More than ten years ago, all Internet systems have functions of servers and clients at the same time. However, due to the limitations of early computer performance, resources such as resources, with the rapid expansion of the Internet, ordinary users connected to the Internet have no ability to provide network services, which gradually forms a minority-centric client. / Server (Client / Server) architecture. The popularity of WWW is the embodiment of this application trend. Under the client / server architecture, there is very little resource requirements for the client, so it can be easily connected to the Internet with a very low cost, which promotes the rapid spread of the Internet. However, as the Internet is increasingly related to people's lives, people need more direct and broader information exchange. Ordinary users hopes to be more fully involved in the Internet's information interaction, while the improvement of computer and network performance has also made it a realistic possibility. In this context, P2P has once again received extensive attention. A famous example of bringing P2P into the network world is Napster. The company was established in 1999 that provides services to allow music fans to communicate MP3 files. It is different from providing free music to download mp3.com without a song, Napster provides a new software to share song files on their hard drive, search for other users shared song files, and others Use the Napster service user hard drive to download the song. Napster attracted 50 million users in a short time. In the end, it became the focus of the world by the five major recorders to push the subject in violation of the copyright. The success of NAPSTER prompts people to recognize the possibility of expanding P2P to the entire internet. Another example using P2P mode is the example of calculation resource sharing is seti @ Home. This is a large scientific research project looking for alien civilization.

In order to quickly handle large-scale astronomical data, the project organizes 3 million computers on the Internet through P2P, fully sharing the idle calculation resources (CPUs) of these nodes, which reaches several tens of TFLOPS computing power. In fact, many services on the network can be classified into P2P. Instant communication systems such as ICQ, Yahoo Messenger, MSN Messenger, and OICQ, etc. are all most popular P2P applications. They allow users to communicate and exchange information, exchange files. But these systems lack some features for large amounts of information sharing, such as search. This may be in why instant communication has long been a long time but is not one of the reasons such as Napster. 1.3 Characteristics of P2P network Compared to other network models, P2P has the following features: 1.3.1 DeclingRalization network resources and services in all nodes, information transmission and service implementation are directly between nodes Perform, there is no need to intervene in intermediate links and servers, avoiding possible bottlenecks. Even in the mixed P2P, although the participation of the centralized server is required in the search resource, positioning service, or safety inspection, the main information exchange is finally completed directly in the middle of the node. This greatly reduces the resources and performance requirements for centralized servers. Decentralization is the basic characteristics of P2P, thereby bringing its advantages in scalability, robustness. 1.3.2 Scalability In a conventional C / S architecture, the number of users that can accommodate the user and the ability to provide services are primarily limited by the resource limitations of the server. To support a large number of users on the Internet, there is a need to use a large number of high-performance computers in the server side to lay large bandwidth networks. For this cluster, CLUSTER and other technologies have played. Under this structure, the synchronization between the centralized server, the processing of collaboration has produced a lot of overhead, limiting the scale of the system scale. In the P2P network, as the user's joins, not only the needs of services increases, the overall resources and service capabilities of the system are also expanded in synchronously, and can always meet the needs of users. Even in a hybrid architecture such as Napster, due to most of the processing directly between nodes, it greatly reduces the dependence of the server, and thus can easily scale to millions of users. For pure P2P, the entire system is all distributed, and there is no bottleneck. Theoretically, its scalability can almost considered unlimited. This advantage of P2P scalability has been proved in some applications, such as Napster, Gnutella, Freenet, etc. 1.3.3 Quality in the Internet may have an abnormal situation, network interrupt, network congestion, node failure, etc. will affect the stability and service persistence of the system. In traditional centralized service modes, centralized servers become the key to the entire system, and once an exception will affect all users' use. The P2P architecture has the advantage of attacking attack and high-fault tolerance. Since the service is made between the dispersed between the individual nodes, some nodes or networks have been destroyed to other parts. Moreover, the P2P model typically adjusts the overall topology when the part node is expired, and the connectivity of other nodes is maintained. In fact, the P2P network is usually established in an organization and allows nodes to be freely added and left. Some P2P models can also constantly do adaptive adjustments based on changes in network bandwidth, node, and load. 1.3.4 Privacy With the spread of the Internet and the rapid growth of the Internet, collecting privacy information is becoming more and more easily. Privacy protection is more and more attention to everyone in terms of network security. The current Internet general agreement does not support the function of hidden communication end addresses. An attacker can monitor the user's traffic characteristics and obtain an IP address. You can even use some tracking software to track from the IP address directly to your personal users. In the P2P network, since the transmission of information is decentralized between the nodes without having to pass a concentration link, the possibility of the user's privacy information is extremely reduced.

In addition, currently solving the INTERNET privacy problem mainly uses technical methods for relay forwarding, thereby hiding communications in numerous network entities. In some of the traditional anonymous communication systems, this mechanism relies on certain relay server nodes. In P2P, all participants can provide relay forwarding features, which greatly improve the flexibility and reliability of anonymous communication, and can provide better privacy protection for users. 1.3.5 High performance performance is an important reason why P2P is widely concerned. With the development of hardware technology, the computing and storage capacity of personal computers and network bandwidth are high-speed in accordance with Moore theorem. On the current Internet, these ordinary users have the nodes only connected to the network in the client's way, only consumers of information and services, free from the edge of the Internet. There is a lot of waste to these marginal nodes. The P2P architecture can effectively utilize a large number of normal nodes spread in the Internet, distribute the computing tasks or storage materials to all nodes. Using the purpose of the idle calculation capacity or storage, high performance calculation and mass storage. This is consistent with the idea of ​​distributed computing in the current high-performance computer. However, by using a large number of free resources in the network, you can provide higher computing and storage capabilities with lower cost. 2. P2P Technology Research Status 2.1 P2P Classification P2P is a relatively underlying technology, and some common problems such as nodes, resource routing, scalability, security, etc. are generally concerned by people. However, due to the different application requirements, the relevant research side focuses on differences. From an application perspective, the current P2P technology research mainly involves the following areas: providing P2P networks shared by files and other content, such as Napster, Gnutella, CAN, Edonkey, Bittorrent, etc .;

Mining P2P peer computing power and storage sharing capabilities, such as SETI @ Home, Avaki, Popular Power, etc .;

Synergistic processing and service sharing platform based on P2P mode, such as JXTA, MAGI, GROOVE, .NET MY Service, etc .;

Instant messaging, including ICQ, OICQ, Yahoo Messenger, etc .;

Safe P2P communication and information sharing, such as Cliquenet, Crowds, or Onion Routing, etc.

The above classification is not absolute. Some systems have multiple functions. A technical report mentioned in the HP Labs [1] also has a better reference value for the classification method for the P2P research system. The specific: Figure 1. P2P Classification Reference System 2.2 P2P Network Community Problem 2.2.1 Resource P2P Networks A resource positioning in the P2P network is first to solve the problem. Generally adopt three ways:

Centralized mode index: Each node can provide you with a shared content to register into one or more centralized directory servers. When you find a resource, you first locate it, and then directly communicate with both nodes. For example, early napster; such networks are simple, but often requires support for large directory servers, and the system is not good.

Broadcasting method: There is no index information, and the content submission and content lookup are directly broadcast through the neighboring node. For example, GNUTELLA. In general, the P2P network taking this method is relatively high for the bandwidth requirements of the participating nodes;

The way the dynamic hash table: DISTRIBUTED HASH TABLE, DHT is the resource positioning method taken by most P2P networks. First assign a virtual address (VID) in each of the networks, and use a keyword (key) to indicate its available shared content. Take a hash function, this function can be converted into a hash value h (key). The definition of nodes in the network is the hash value adjacent. When the information is released, the (key, vid) binary group is published to the node with similar addresses with the H (Key), where the VID indicates the storage location of the document. When the resource is positioned, the binary group (KEY, VID) can be quickly obtained from H (Key) to similar nodes to obtain the storage location of the document. Different DHT algorithms determine the logical topology of the P2P network. For example, the CAN is a n-dimensional vector space, while Chord is a ring topology. TapeStry is a network topology.

The above resource positioning mode can be selected in different P2P applications, but people generally optimize the DHT method. DHT-based P2P networks can directly achieve the positioning of content to a certain extent. A contradictory problem is: If a node provides sharing content, the more complex the hash function, the worse the hash function, the more complicated the topology of the network. And if the content is simple, it will not reach the ability to realize the ability to be positioned according to the content. At present, most DHT mode P2P networks are very simple to represent the shared content of nodes, generally only for file names. 2.2.2 P2P Network and Small World Phenomenon Statistics Discovery, Dynamic Updated P2P Network Topology meets some regularity to a certain extent. If you grasp this law, you will have a very helpfulness, fast query and scalability of the P2P network. This law also exists in the fields of biology, sociology, ecology in recent years. Many scientists refer to this law as "small world" (Small World) [21]. Based on existing experience and theoretical results, complex networks can be divided into two categories, which are based on the connection of networks P (K). P (k) means a probability that a node in the network is connected to other K nodes. The first category is called an exponential networks, refers to the SMALL World model of P (k) into an exponential distribution, such as Watts and Strogatz recommends. Such network nodes have a relatively uniform connection, that is, the coupling number of each node is approximately equal. In this network, the network's separation is small, that is, the length of the connection between two nodes is very small; the second class is called Scale-Free Networks, Refers to the P (k) distribution of power LAW. Many networks, such as World-Wide Web, Internet, Gnutella, etc. belong to this. Most of these networks are not high, and the connection between a few nodes is high. These minority nodes can be viewed as a central node. Such network connectivity and scalability are very good, and very robust and reliable, even if some nodes have failed, they will not have excessive impact on the entire network. However, its anti-aggressiveness is not good. Attackers can cause a small number of nodes that are highly connected to cause the network's paralysis. However, this kind of attack is very large. Another law of small world phenomena is that the nature of network structure and system comes from self-organization, growth and competition. The distribution of separation and power distribution on the construction and discovery, dynamic update, and content routing of the P2P network topology have a good utilization value. 2.2.3 P2P Security Problem The development of P2P network systems, in addition to the fields involving traditional security: identification certification, authorization, data integrity, confidentiality, and undenny, there is a series of special issues to be resolved: sharing in P2P Intellectual property protection issues in the network.

N How to choose a reliable resource in an unpredable environment, that is, how to build a reputation between nodes;

P2P brings new network virus propagation mode anti-blocking problem;

Inconlined communication and privacy issues based on P2P;

P2P network service robustness and destruction ability, etc.

Specific discussion of related issues is given later.

2.3 P2P file sharing, storage and retrieval content sharing and file exchange are the most striking P2P applications so far. Efficient large-scale content sharing directly promotes the boom of P2P technology research. P2P-based content sharing includes P2P file sharing and retrieval, high speed download, P2P storage, etc. 2.3.1 P2P file sharing This type of application, each peer node provides sharing of file content, and can also retrieve resources stored on other nodes throughout the point network. Such systems can be divided into three categories:

Non-structured P2P system: This type of system is characterized by file issuance and network topology. This type of method includes NAPSTER, Kazaa, Morpheus, Gnutella. NAPSTER is the earliest P2P file sharing system containing the center index server, existence and single point failure issues. GNUTELLA, Morpheus is a pure P2P file sharing system, which is now in front of the front; Kazaa is a hybrid P2P file sharing system containing a super node. Kazaa, Morpheus, Gnutella and other systems use radio or restricted broadcasts for resource positioning, with better self-organizational and scalability, suitable for Internet personal information sharing. A disadvantage is that the recall rate of sparse resources is low. Structured P2P system: This type of system is characterized by file publishing and network topology. Files are exactly distributed in the network according to the logical address in the P2P topology. Such systems include CAN, TapeStry, Chord, Pastry, and research experiment systems based on some other files of these systems. Each node in such systems has a virtual logical address, and all nodes constitute a relatively stable and firing topology according to the address. Construct a distributed hash table DHT of a storage file in this topology, and the file is stored in the hash table according to its own index. Each retrieval is also searching for the corresponding file in DHT according to the index of the file. There are three ways to generate the index of the file: the hash value (Hash) generated according to the information of the file, such as CFS, OceanStore, Past, Mnemosyne et al; generates a keyword index according to the keyword contained in the file; and the content vector according to the file Index, such as PSearch.

Loose structured P2P system: Such systems are structural and non-structuralization. Each node in the system has a virtual logical address allocated, but the entire system is still loose network structure. The distribution of files is assigned to the node of similar addresses based on the index of the file. As the system is used, the file is cached by a node on multiple retrieval paths. Similar systems include Freenet, Freehaven et al. The relevant system emphasizes the robustness (security) of shared services.

2.3.2 P2P distributed storage P2P distributed storage system has functions and constructs similar to the previous type of system, but focus on file system management in distributed systems. Such systems mainly include two types:

Non-Structured P2P System: For example, Farsite is a system. Farsite uses the contents of the key encrypted file and puts the cipher backup to the trusted node. Each node organizes the catalog file system based on the content obtained.

Structured P2P system. Such distributed file systems are based on DHT's idea, publish files to DHT and organize a tree-shaped file system. Each directory is organized into a form of a block. Each describes a HASH value corresponding to a block. Each block contains a HASH value of all subdirectory description blocks. The leaf node is a file description block, all of these descriptions. The block is distributed in DHT for inspection. Such systems include CHORD-based CFS, based on TapeStry OceanStore, etc.

2.3.3 P2P Search Technology P2P file sharing first to resolve the issue of file location. However, P2P-based file search techniques can be independent, and become a strong search tool such as traditional search engines. P2P search technology enables users to depth search documentation. And this search does not need to pass the web server, can also be unparalleled in the traditional directory search engine (20% -30% network resource) unparalleled depth (theory) without the information document format and the restriction of the host device. All open information resources on the network will be included. Search for another pioneer GNUTELLA developed by P2P technology: a GNUTELLA software on a PC sends a user's search request to another 10 PCs on the network. If the search request is not satisfied, each of the 10 PCs forwards the search request to another 10 PCs. In theory, the search range will grow in geometric grade in a few seconds, and can search for some of Millions of PCs in a few minutes. Of course, there is also a need to consider network bandwidth and problem of routing optimization. P2P provides a new solution for the Internet. 2.3.4 The new realm of resource sharing uses P2P to achieve information sharing and high-speed download containing huge business opportunities. Napster is temporarily fell into a trough due to an intellectual property issue, and Gnutella has launched a file service model with a P2P architecture. In order to inspire more people to provide content, subsequent edonkey and emule define more convenient interactive protocols. In order to make full use of network bandwidth distributed around the world, information that realizes large amounts of data can be quickly largely downloaded, and BT (Bittorrent, bit vortex) system developed by San Francisco software engineer Bram Cohen, USA 2003 Once launched, it had a big impact. Some people predict that BT will lead the new trend of P2P resource sharing. The P2P file sharing technology itself is developing rapidly, and the relevant application opportunities will be increasing. Including network content distribution based on various purposes, this new technology is started in line stream media services, games or other software distribution, etc. At the same time, the introduction of new applications will also further promote the innovation of P2P file sharing technology. 2.4 Peer calculation peer calculations are the idea of ​​distributed calculations in the wide area network extension, the purpose is to share the CPU resource on the network, which temporarily uses the computing capabilities in the network in the network, to perform the previous needs The supercomputer to complete the task. In the peer calculation, large-scale computing tasks are decomposed into many small fragments, assigned to nodes in the network independently. In fact, P2P can be viewed as a loosely coupled distributed computing system, which can have a centralized control node, or a pure P2P architecture. Sedimentation and data exchange between its sub-tasks are small, basically independent of each other. Therefore, for those calculating intensive tasks that can decompose, the peer calculation is flexible. In September 2002, the organization of RSA's reward RC5-64 password is the use of peer computing technology to collect 33,1252 computers on the Internet to complete this huge amount of calculation. The power of the peer calculation is thus visible. Many industries that require a lot of data processing can profit from peer computing, such as weather forecasting, animation production, genome research, etc. After the peer calculation, many times no longer need to have a special super computer, which can greatly reduce the calculation cost. Intel also uses peer-to-peer computing techniques to complete the work of CPU design, saving a lot of costs in its office. At the same time, the development of peer-to-peer calculations is the effective utilization of PC resources as the starting point, and naturally, it is also advised by Intel. SETI @ Home uses peer computing technology to complete astronomical operations, is also an example of success. 2.5 Collaborative work and online communication synergies rely on the network. However, it is realized in traditional web ways, often brings great burden to the server and causing expensive cost spending.

The P2P technology can be used to establish real-time contacts and information transmission between the two users on the Internet, avoiding the network and processing delay and performance bottleneck generated by the central server, so it can be more convenient and efficient to implement the cooperation between users. . In recent years, the instant messaging, referred to as IM) is a direct communication between users, and has been greatly welcomed by Internet users. It can be said that it is everywhere. At present, many companies are working hard to apply this way to the enterprise-class collaborative work platform, have launched some products. Since it has excellent productivity such as low cost, high average transaction skills, dynamic expansion, etc., and can effectively improve information exchange and communication efficiency, future P2P technology has a good application prospect in the field of enterprise collaborative work. Another very promising application is based on P2P mode online games. Some companies have begun to focus on research and development work in this area. 3 Several information security issues related to P2P 3.1 P2P Information Sharing and Intellectual Property Protection In the P2P Sharing Network, there is generally in intellectual property protection issues. Although the P2P shared software such as GNUTELA, Kazaa promotes the backup of any content involving property rights protection, but only saves the storage index on the Internet. However, it is undoubtedly, the prosperity of P2P sharing software accelerates the distribution of pirated media, and improves the difficulties of intellectual property protection. The US Record Industry Association Riaa (Recording Industry Association of America) with these shared software launched a long official, the famous Napster is the first prey of this war. Another battlefield involved in the face is RIAA and civilians who use P2P to exchange genuine music. Since January 2004, RIAA has submitted 1,000 parties in relevant parties. Despite this, there are still more than 150,000,000 songs, still free downloads on the network. The P2P shared software in the Napster era is more dispersible than napster, and it is more difficult to control. Even if the operation company of P2P sharing software is closed, the entire network will still survive, at least for a while. On the other hand, the P2P sharing software after Napster is also in urgent to find a symbiotic mutual benefit of the manufacturer. How to apply these sharing software more legally and reasonable, is a new era topic. After all, P2P can share considerable beneficial information in addition to sharing piracy software. The network society is the same as the natural society, and itself has a trend to find balance between disorder and ordered. P2P technology has brought revolutionary improvements to network information sharing, and this improvement must be premised on the basis of the basic interests of the content provider if you want to continue to have benefits for the majority of users for a long time. This requires knowledge protection mechanisms to a certain extent without affecting the performance of the existing P2P sharing software. Currently, some P2P manufacturers and other companies have already studied such problems. This may be one of the challenging technical issues facing next-generation P2P sharing software. 3.2 Honesty to make P2P technology play a role in more business environments, must take into account the trust in network nodes. The centralized node trust management is both complicated and not reliable. Therefore, the peer integrity model should be considered in the P2P network. In fact, integrity may be an inevitable choice for the future network to strengthen trust management due to flexible, targeted and no complex centralized management, may be the inevitable choice for the future network to strengthen trust management, not only to peer networks. A key to equal integrity is the credibility of quantifying nodes. Or need to build a P2P-based credibility model. The credibility model enhances the reliability of the distributed system by predicting the status of the network. An example of a successful credibility application is an online auction system eBay. In eBay's credibility model, the buyer and sellers can improve their credibility after each transaction; a user's total credibility is the sum of these credits in the past six months. eBay relies on a center to manage and store credibility. Similarly, in a distributed system, the right point can also improve the credibility after each transaction, just like it in eBay.

For example, when the peer I downloads files each time, its credibility is increased ( 1) or decrease (-1). If the downloaded file is untrustful or tampered, or the download is interrupted, the peer I will record the credibility of this transaction as a negative value (-1). As in eBay, we can define local credibility as the sum of the credibility of all transactions of the peer I downloaded from the peer J download file. Each peer point i can store its satisfactory number of transactions, as well as unsatisfactory number of transactions, can be defined as: = - Document [2] [3] Discussion on the credibility of the P2P system The method used is similar to a local credibility method. The literature [4] has a more comprehensive consideration of credibility information, but there is no specific algorithm to calculate the credibility value of each peer. Literature [5] discusses how to adopt credit models in the P2P anonymous system to select reliable resources, and give some suggestions for how to apply credit models in anonymous environments. The challenge of credibility mechanism in distributed environments is how to polymerize local credibility without central management. Two problems often appear during the aggregation process, one is if the reputation aggregation of the peer node is limited to a partial range, the node is not obtained, and if the other is within the global Polymerization, since the local credibility of each peer to give each peer, the network congestion is caused. 3.3 P2P The new network virus dissemination issues with the in-depth development of computer network applications, the threat of computer viruses has increased increasing information security. Especially in the P2P environment, the convenient sharing and rapid selection mechanism provides better intrusion opportunities for certain network viruses. Due to the logic adjacent nodes in the P2P network, the geographical location may be very far apart, and the number of nodes participating in the P2P network is very large, so the virus propagating through the P2P system, the wavefrosis is large, the coverage is wide, and the damage caused will be large. . In a P2P network, the ability of each node defensive virus is different. As long as there is a node infectious virus, the virus can be spread to the nearby neighbor nodes through internal sharing and communication mechanisms. In a short period of time, network congestion or even paralysis, shared information loss, confidential information stolen, even through network viruses, can fully control the entire network. A prominent example is a significant increase in the case of instant message software to spread viruses in 2003. High-level technical supervisors including Symantec and McAfee predict that instant messaging software will become one of the main carriers of network virus dissemination and hacker attacks. With the development of P2P technology, there will be a variety of network viruses specifically for P2P systems. Using system vulnerabilities to achieve rapid damage, disintegration, and control system. Therefore, the potential crisis of network viruses has put forward higher requirements for P2P system security and robustness, and it is urgent to establish a complete set of complete, efficient and safe anti-virus systems. 3.4 Internet-based Internet Privacy Protection and Anonymous Communication Techniques Util P2P Done Central Features provide new technical means for privacy protection and anonymous communications. Anonymity and privacy protection is very critical in many application scenarios: people want to hide their true identity or may exist when using cash shopping, or attending no nameless voting elections. In some other scenes, people want to show their identity from other people to show their identity while preventing other unauthorized people, such as witnessing witnesses for the police. In fact, anonymity and privacy protection has become an indispensable mechanism for normal operation of modern society, many countries have legislated protection for privacy. However, in the existing internet world, the user's privacy has always been worrying. The Internet Network Agreement does not support the function of hidden communication address.

An attacker who can access the routing node can monitor the user's traffic characteristics, obtain the IP address, and use some tracking software to track directly from the IP address to your personal users. Encryption mechanisms such as SSL prevent others from obtaining communication, but these mechanisms cannot hide who sends this information. P2P technology has opened a new feasible solution to resolve the INTERNET privacy problem. The P2P system requires every anonymous user and the server is also a server, providing anonymous service for other users. This means that the message through a node may be from the node, or it may be from other nodes, which is difficult to determine which of these two cases. Another feature of the P2P system is that an attacker is not easy to find a clear attack target. In a large-scale environment, any communication may contain many potential users. In addition, the P2P system has better scalability and flexibility, and the load balance can be performed between the nodes, and there is no advantage such as single missing points. But the P2P system is also facing many challenges. The first is to join the control (ADMISSION Control), the system is difficult to know if the added node is a malicious node, whether it is controlled by an attacker. Thus, a strong attacker can insert a large number of nodes that are controlled by their control to perform communication flow analysis. The node of the joining system is authenticated and is contrary to the anonymity. Secondly, the Dynamicity of the P2P system is very dynamic. Many nodes are not long in the network, and they are frequently added and leaving the system. When a node is added to the system, it needs to form anonymous path to other nodes in the system, which may bring some security issues. When a node leaves the system, those users in the anonymous path of the node must wait for the formation of new anonymous paths. Another problem with nodes joining and leaving the system is that nodes must know some other nodes in the network. And the changing anonymous set of P2P systems adds difficulties to this problem. Finally, the performance of each node in the P2P system is different, especially in an open environment. This leads to some problems, for example, a node that is poor performance reduces the efficiency of its anonymous path, even if the performance of other nodes on anonymous path is good. Performance differences may also be conducive to the attacker for time analysis, because the attacker can obtain some relevant information from different delays on a path. At present, researchers have designed a lot of P2P anonymous communication protocols. Cliquenet is an self-organized scalable P2P anonymous communication protocol designed by Cornell University. It uses the idea of ​​grants to improve the DC-NET protocol, and the purpose is to solve the weakness of DC-NET protocol efficiency and poor scalability. However, like DC-NET, CliquenEt also requires reliable broadcast, which is unrealistic on the current Internet. P5 uses the idea of ​​grading broadcast to establish anonymous communication networks, and considers the balance between the user's anonymity and communication efficiency. However, when the number of users is large (approximately 10,000), the protocol is very efficient. The purpose of Crowds is to provide users with anonymous web browsing, which allows users to retrieve information from the web server and unsatisfactory user information from the web server and third party. Crowds' thoughts are "mixed in the crowd" means that they are hidden in groups, and their disadvantage is that the anonymity is not high. FreeNet is a point-to-point anonymous distribution system for the application layer, mainly for anonymous storage and retrieval. Onion Routing, Tarzan, Morphmix is ​​a P2P anonymous communication protocol based on Chaum proposed MIX methods, which are better in anonymity and is suitable for Internet environments. The disadvantage is that scalability and efficiency are not very good in large-scale cases. In addition, anonymous communication technologies will result in many Internet crimes that will not be counted to anonymous users. So the P2P network that provides strong anonymity and privacy protection must be premised on non-violation of the law. Finding balance between anonymous and privacy and legal monitoring will bring new technical challenges. Of course, the premise is that the relevant laws and regulations must be further improved.

3.5 Health Services and Network Destruction P2P Due to its fully distributed architecture, the nodes in the network can obtain other nodes of resources or services, but also the provider of resources or services, not dependent on a few centralized control nodes, with a traditional than tradition The Client / Server network is better robust and destroyed, making it an effective way to build a high-speed network. To build a strong P2P network, you need to solve the following questions: Troubleshooting

In a general P2P network, since there is no centralized control node, the main fault is ultimately attributed to the node failure, the reason for the failure may be that the user exits the network or the route error in the related network. The method of finding node failure is usually relatively simple, can be detected during the initiating communication, or the mechanism for shaking hands with a timed handshake.

Some systems further monitor network communication status, such as communication delays, response time, and the like to guide nodes to adaptively adjust the neighbor relationships and routing, improve system performance.

At a higher case, there is sometimes a security threat such as cyber attacks and malicious nodes. Since the addition of nodes in the P2P network often has great freedom, and lacks a global rights management center or trust center, the detection of malicious nodes is generally implemented by the credibility mechanism.

Fault

After the failure of node failure, network congestion, the system should ensure continuity of communication and services. The easiest way is to retry, which is effective when temporarily network congestion. For frequent node failure issues, you need to adjust the route to bypass the fault nodes and networks. In the Hybrid P2P network, the center index node can provide an alternative node of the failure node; in a broadcast-type P2P network such as GNUTELLA, the failure of some nodes does not affect the entire network; in Chord, Freenet, etc. P2P In the network, there are multiple candidates in each step in its routing. By selecting similar routing, it can easily bypass the fault node. Since it addresses in the N-dimensional space, the choice of the intermediate path does not affect the final arrival Target node.

In addition to communication, some P2P networks also provide services such as content storage and transmission, and the fault tolerance capability of these services guarantees the redundancy of information. Combined with the broadcast mechanism or content routing algorithm, it can be positioned until similar to similar, stored a node with information copies after the target node is faded.

Self-organizing

Self-organizing index system can automatically adapt to changes in the environment and adjust their structure. For P2P networks, the environmental changes include both nodes to join and exit, the size of the system, including the traffic, bandwidth, and faults of the network, and an external attack.

Most of the current P2P systems can adapt to changes in system scale. A typical method is to update the node adjacency table with a certain policy and limit the adjacent table to a certain scale, so that the size of the entire network is not limited by the node.

In some networks that have certain requirements for adjacent relationships, you need to dynamically adjust the system topology with the change of the node. Such as CLIQUENET and HERBIVORE, etc. Based on DC-NET-based anonymous networks, the adjacent nodes are limited to a certain number of ranges to ensure the performance of the system.

3.6 Network Topology Analysis and Information Conversion With the increase in the number of internal nodes in the P2P network, the operation of the system has gradually become the dominant factor affecting the development of network development. Therefore, it is necessary to understand, analyze, analyze, analyze, and analyze the development trend, and evaluate network efficiency and operations based on changes in networks. At present, the active measurement method based on TCP / IP (Transmission Control Protocol / Internet Protocol) protocol is usually used, and the ICMP (Internet Control Message Protocol) data is transmitted, and the network's packet loss rate is observed. RTT (Round Trip Time) value, the average hop number of the path is to study the operation of the network. At the same time, on the basis of analyzing a large number of test data, the topology connection diagram of the P2P system is generated. Establishing a valid network topology through the P2P mode has the following value: an intuitive understanding of the logical connection relationship of each node in the system, the load condition, can provide first-hand information between load balancing between peer nodes, congestion avoidance, etc.

Discover and resist malicious attacks, timely handling levels of faults (cascading failure);

Provide data for active defense.

In this way, the simulation environment is constructed, providing a network information security test platform

It is worth noting that due to the high requirements of the P2P network, the detection frequency is often large, but it must be guaranteed that there is not a large extra load to the target network.

4 Wongoo Introduction Wongoo is a set of P2P technology platforms developed. The platform is primarily information security, mesh computing to support technology and test environments, while Wongoo's basic components will be submitted to the society in the way of open source after development. public. Wongoo mainly includes two features: P2P communication (Wongoo-link) with strong anonymity, Wongoo-Search). You can build a variety of specialized P2P applications on the basis of these two functions, and there is no specific implementation of the currently related applications. Wongoo-Link and Wongoo-Search can be constructed independently and set up their applications. At the same time, Wongoo-Search underground communications can also use Wongoo-Link protocol to achieve more secure applications. 4.1 Wongoo-Link Wongoo-Link Wongoo's underlying is first is an extensible actual point anonymous communication protocol in the Internet Open environment. We call Wongoo-link. It is mainly to achieve strong anonymity and high efficiency communication by layered encryption and random forwarding. Wongoo-Link provides three form anonymous protection to achieve strong anonymous mechanisms, including the sender anonymous, recipient anonymity and relationship anonymity. From an anonymous communication level, WongOo can support communication networks from millions of nodes. In two ways to communicate any two points, the intermediate node is selected in two ways to ensure the efficiency of anonymous communications and communication. The schematic diagram of Wongoo-Link anonymous communication is shown below. When A and B are communicated in the figure, the node of the thick line represents the determined intermediate node, the node of the thin line connection is indicated by the intermediate node that can be randomly selected according to the actual communication situation. Figure 2. Wongoo-link communication Distram 4.2 Wongoo-Search Wongoo-Search is a content search-based P2P network protocol. Its goal is to architecture of a platform for efficient full-text information in a P2P environment. With this platform, each distributed node can be published independently, and can be efficiently retrieved without the need to establish a centralized index. Wongoo-Search is automatically optimized during use, and through the content of the network, the content is intended to be clustered, so that the content of the entire network is more reasonable and ordered, and the efficiency of future content positioning is improved. Wongoo-Search mainly includes the following three phased targets: P2P full-text information retrieval based on content vector representation: This stage needs to complete the extraction and quantization of content features, and define the distance between the feature vectors, through the hash method, will Contents (or mapped maps of different features) have been previously enabled by finding the corresponding P2P address, so that the target content can be obtained by looking for these P2P nodes.

Wongoo content community

Autonomous calculation

About WongOo's specific content can be referred to the relevant internal technical documentation. 5 Connectation P2P technology has been widely received since the emergence. In recent years, P2P technology has developed rapidly. At present, there is a strong technical advantage in the application sector of document sharing, distributed computing, network security, online communication or even enterprise computing and e-commerce. The P2P network and grid can be seen in two aspects of a problem, or the former can see a support technology of the latter. In some new network environments, such as wireless networks, active networks, sensor networks, etc., and P2P are one of the key technical issues to be solved. P2P also plays an increasingly important role in the field of network information security, including new security issues, providing new security methods. As P2P research is further in-depth, P2P technology will bring more opportunities and challenges for information society. The P2P platform we are studying will provide effective support for the R & D of our network information security and grid computing, and will further integrate into the power environment of P2P research and play an important role.

Reference 1. Dejan S. Milojicic, Vana KaloGraki, Rajan Lukose, Etc. Peer-to-Peer Computing, HP Laborator Palo Alto, HPL-2002-572. K. Aberer and Z. Despotovic. Managing Trust In a peer-2 -Peer Information System. In Proceedings of the 10th International Conference on Information and Knowledge Management (ACM CIKM), New York, USA, 2001.3. F. Cornelli, E. Damiani, SDCD Vimercati, S. Paraboschi, and S. Samarati. Choosing Reputable servents in a P2P Network. in Proceedings of the 11th World Wide Web Conference, Hawaii, USA, May 2002.4. L. Eschenauer, VD Gligor, and J. Baras. On Trust Establishment in Mobile Ad-Hoc Networks. Submitted for publication 2002.5 . Roger Dingledine, Nick Mathewson, and Paul Syverson. Reputation in P2P Anonymity Systems. in workshop on economics of p2p systems 20036. David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4 (2), February 1981. 7. David Chaum. The Dining Cryptographs Problem: Unconditional Sender and Recipient Untraceability Journal of Cryptology 1, 1988, pages 65-75.8 Michael Reiter and Aviel Rubin Crowds:..... Anonymity for Web Transactions ACM Transactions on Information and System Security 1 (1), June 1998.9 Michael J. Freedman and robert Morris Tarzan:.. A Peer-to-Peer Anonymizing Network Layer In the Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, November 2002.10 http://www.kazaa-download.de / 11. Http://www.gnutella.com12. Ben Y. Zhao, John Kubiato, And Anthony D. Joseph., Tapestry:

转载请注明原文地址:https://www.9cbs.com/read-11358.html

New Post(0)