Once the P2P application has developed to an extent, trust and security issues will appear. In small applications, trust and security will become a problem in small applications where users understand each other. However, useful P2P applications rarely keep such a small scale. This article will explore trust and security issues in P2P applications, which introduces you to make trust in distributed applications a possible tool. Trust is a problem in each distributed application (including peer applications) with a certain scale. In a distributed application, the level of trust is measured with the degree of our confidentiality, that is, whether the person we are communicating with us is the person we think, and whether the resources we are accessing are those we think. It is easy to build trust in a small network that is familiar with each other in the entity. In a small network, entity is based on familiarity, and trust can be maintained by the same social forces that work in real world. The difficulty of establishing trust will become bigger when a network application extends to regular social power. The exact size of the network is obviously depends on the application, but when any entity in the network is no longer only desired to interact with the entity, the above expansion process will appear. Here we have encountered two problems immediately: peer certification and authorization. First, the entity can no longer assume that other entities are the entities themselves claimed. This is an authentication problem. Second, the entity cannot simply allow other entities to not select the features they provide and their management resources. This is an authorization problem. Before we trust a problem, we met confidential questions. Whether an interaction is between two entities that have never met, or in both old acquaintances, the relevant entities must ensure that their interactions are safe. Regarding trust, in many P2P applications, there is still a decisive aspect that has not been obtained. Elimated certification is undoubtedly important, but it is usually the same as the authentication of shared resources - especially content. There is no guarantee for the integrity and identity of shared content, a P2P application will introduce many security vulnerabilities, so that Microsoft Outlook - never a safe example - compared to Fort Knox. Is trust in P2P applications really important? Although many existing P2P applications seem to be flying but do not strictly treat trust, I still insist that trust in any distributed application is necessary - including P2P applications. The openness of many P2P applications does not exclude trust, and there is no importance of it. "In the Internet, no one knows you is a dog" (Peter Steiner, the New Yorker Magazine), I am sure that many of you are very familiar with the comics of this title. The fact that this statement reflects accurate emphasizes the importance of the first step of building a trust as the interaction between the entity. To facilitate a type of P2P application (electronic trading application is an excellent example) use on a natural anonymous medium (eg, the Internet), the entity involved must be trusted with each other. The anonymous veil must be unveiled, so that the other party is exposed to a dog (or at least a dog without a valid credit card). In the management and release of content - this is the main activity of many P2P applications, trust is also the same. As long as it is based on content composed of relatively unimportant audio and video files (their exchange without authorization, no price), trust is not important - you will get anything you want to pay. However, this is not the case in a publishing system for a paid media or application content. If you pay money, you must wonder the goods - "Let customers cautious" are not good enough. For P2P applications that distribute processing work to distributed computing nodes, the P2P application that collects results can be a serious problem. The evidence is the deception of members in a group in the seti @ Home distributed application.
To ensure trust, a network application and its infrastructure must make some guarantees. First, the connection between the entity must be safe. The infrastructure must also make the following conditions possible: It is impossible to accurately identify other entities, or at least legally asserting this recognition is impossible. Finally, resources manage or exchange resources must also meet the same requirements. Although the P2P area may appear excited and brand new, the elements of safety calculations in a distributed environment are still. Trust is established by integrating the following three standard elements: 1. Certification determines whether certain entities are actually the process of their claims. In practice, there are two forms of certification. The first form involves authenticating themselves in a network (such as the Internet). The second form involves a user of a P2P application to authenticate themselves. In some P2P applications, both are one thing. 2. Authorization to grant a procedure for implementing certain behaviors or accessing certain resources. In a P2P application, a peer may be authenticated as only some of the other resources of another peer. 3. Encryption The process of easy understanding information (plaintext) into a form (ciphertext) that is difficult to understand to unauthorized individuals and systems. Decryption is the inverse process of this process. In a P2P application, encryption can play a lot of roles. An obvious use of encryption is to protect information flow in an unsafe network (such as the Internet). This is combined with each peer-to-equal security authentication to ensure that the exchange data will not be eavesdropped in communication. If the information is signed by a digital or in it, the two sides can determine that the information is not modified. You will see in the example below that these three elements are combined together to create a secure distributed application. Safety in actual use In order to better understand the authentication, authorization and encryption, how to help build trust between the peer-to-peer in a P2P application, let us see the example in Figure 1. Special pay special attention to authentication, authorization, and encrypted roles played. Figure 1. Operation sequence between peer A and peer-equal b
Configure secure communication on the left peer A hopes and the peer-to-right point B: peers connected to the peer B and advertise its identity. The right point B requires the right point A to authenticate itself. Certification can pass many ways. If the peer A and peer-to-peer B can exchange secret messages, or the peer-to-peer point A can use the private key corresponding to the public key holded by the equal b. operating. The right point A requires the alignment B authentication itself. The peer B is authorized to access certain resources by assigning the equal A privilege. These two peer points can negotiate the channel connection between them before further communication occurs. If you don't meet the right point A and the alignment B, then they must rely on a trusted third party, peer C, to arrange a description, as shown in Figure 2:
Figure 2. Tone of the peer C is the peer A and the peer B
