JXTA下P2P点组认证的设计与实现
|
摘要
P2P网络是近年来业界研究与关注的一个焦点,它在很多领域都得到了应用,未来发展空间很大。但是,P2P网络发展过程中,也产生了一系列急需研究和解决的问题,安全就是其中最重要的问题之一。如何合理的利用P2P网络,如何把P2P网络构建成为可信的,安全的平台是现在业界迫切需要解决的难题。
JXTA (Juxtapos的缩写,即并行)是Sun公司于2001年四月份提出的开放性对等网研究项目,它的主要目的是建立一整套的泛型P2P基础协议,整合P2P应用、标准化P2P服务。JXTA只是一套协议,它与实现平台无关、语言无关。目前的开放性课题己经有七十多个,协议版本为2.0。
本文通过分析JXTA平台的点组认证协议,发现虽然JXTA平台提供了成员协议来验证Peer加入点组,但他没有提供认证要求的修改,以及在申请过程中没有组内成员的参与。因此本论文在原有的成员协议上进行了扩展,给出了更加灵活、更加安全的、基于投票机制的点组认证协议,根据组内成员的投票结果来决定节点是否加入点组,加入点组的要求以及由组内那些成员来决定申请节点的加入点组都可以根据事先点组内部的讨论来决定,决定加入的阀值也是根据组内成员的投票来决定其值;通过认证该协议的正确性以及可行性之后,本论文在JXTA平台上实现了该扩展协议,并且通过实例对点组认证协议的可行性、正确性进行了验证。
Peer-to-Peer network is a network model rising in recent years, and is now the focus of researches and attentions. Security is a critical and central concern for all network models. How to provide the secure environment is discussed extensively. Peer-to-Peer system and applications are full distributed systems without any centralized control or hierarchical organization.
JXTA(the abbreviation of Juxtapose) is an open P2P project of Sun beginning at Apr. 2001. The target is providing whole general base protocols of P2P, which try to aggregate all kinds of P2P using model and standardize the P2P Services. It’s just a suite of protocol without any relationship with OS and language. Today there’re more than 70 open projects and the edition is 2.0.
This paper analyzes the Peer Group Authentication Protocol in JXTA and finds that there is a Peer Membership Protocol that used to validate Peer which is joining Peer Group in JXTA, but it doesn’t support to modify the demand of authentication and other peers don’t participate in the application. So we extend the original protocol and propose a novel Peer Group Authentication Protocol which is based on voting and securer and more flexible. The voting result of the Peers in the group decides whether the applicant could participate the group or not. The qulification of the group, voting Peers and value of the group are determined by the result of the discussion of the Peers in the group. This paper implements the extended protocol in JXTA platform after authentication the validity and feasibility of the protocol and the validity and feasibility of Peer Group Authentication Protocol is validated in an experiment.
JXTA (Juxtapos的缩写,即并行)是Sun公司于2001年四月份提出的开放性对等网研究项目,它的主要目的是建立一整套的泛型P2P基础协议,整合P2P应用、标准化P2P服务。JXTA只是一套协议,它与实现平台无关、语言无关。目前的开放性课题己经有七十多个,协议版本为2.0。
本文通过分析JXTA平台的点组认证协议,发现虽然JXTA平台提供了成员协议来验证Peer加入点组,但他没有提供认证要求的修改,以及在申请过程中没有组内成员的参与。因此本论文在原有的成员协议上进行了扩展,给出了更加灵活、更加安全的、基于投票机制的点组认证协议,根据组内成员的投票结果来决定节点是否加入点组,加入点组的要求以及由组内那些成员来决定申请节点的加入点组都可以根据事先点组内部的讨论来决定,决定加入的阀值也是根据组内成员的投票来决定其值;通过认证该协议的正确性以及可行性之后,本论文在JXTA平台上实现了该扩展协议,并且通过实例对点组认证协议的可行性、正确性进行了验证。
Peer-to-Peer network is a network model rising in recent years, and is now the focus of researches and attentions. Security is a critical and central concern for all network models. How to provide the secure environment is discussed extensively. Peer-to-Peer system and applications are full distributed systems without any centralized control or hierarchical organization.
JXTA(the abbreviation of Juxtapose) is an open P2P project of Sun beginning at Apr. 2001. The target is providing whole general base protocols of P2P, which try to aggregate all kinds of P2P using model and standardize the P2P Services. It’s just a suite of protocol without any relationship with OS and language. Today there’re more than 70 open projects and the edition is 2.0.
This paper analyzes the Peer Group Authentication Protocol in JXTA and finds that there is a Peer Membership Protocol that used to validate Peer which is joining Peer Group in JXTA, but it doesn’t support to modify the demand of authentication and other peers don’t participate in the application. So we extend the original protocol and propose a novel Peer Group Authentication Protocol which is based on voting and securer and more flexible. The voting result of the Peers in the group decides whether the applicant could participate the group or not. The qulification of the group, voting Peers and value of the group are determined by the result of the discussion of the Peers in the group. This paper implements the extended protocol in JXTA platform after authentication the validity and feasibility of the protocol and the validity and feasibility of Peer Group Authentication Protocol is validated in an experiment.
引文
[1]Napster, http://www.napster.com
[2]Guntella, http:// www.gnutella.com
[3]Kazaa, http:// www.kazaa.com/
[4]JXTA,http://www.jxta.org
[5] btcomet,http://wiki.bitcomet.com
[6] skype, http://www.skype.com
[7] pplive, http://www.pplive.com/zh-cn/index.html
[8] coolstream, http://www.coolstream.it/
[9] sun, http://www.sun.com/
[10] edonkey, http://www.edonkey2000.cn
[11] emule, http://www.emule.org.cn
[12] SETI@home, http://setiathome.berkeley.edu
[13] avail, http://www.avaki.com
[14]Dehua Zhang, Yuqing Zhang, and Yiyu Zhou. Research of security architecture for P2P network based on trust management system. Proc. of GCC 2005, LNCS 3795,pp.184-189,Springer-Verlag, 2005.
[15]C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, T.Ylonen. SPKI Certificate Theory RFC 2693 September 1999
[16]D.Clarke,J.Elien,C.Ellison,M.Fredette,A.Morcos,and R.L.Rivest.Certificate chain discovery in SPKI/SDSI.Journal of Computer Sceurity,2001.
[17]D. Kato. GISP: Global Information Sharing Protocol --- A Distributed Index for Peer-to-Peer Systems. In Proceedings of 2nd International Conference on Peer-to-Peer Computing, Sweden, 2002
[18]S.Ajmani,D.Clarke,C.H.Moh,and S.Richman.Conchord:Cooperative SDSI Certificate storage and name resolution.In Proceedings International Workshop on Peer-to-Peer Systems(IPTP),Mar.2002
[19] Karlo Berket, Abdelilah Essiari, Artur Muratas: PKI-Based Security for Peer-to-Peer Information Sharing. ... Inf. Syst. Secur. 6(4): 566-588 (2003). 1
[20] A. Datta, M. Hauswirth, R. John, R. Schmidt, and K. Aberer. Range queries in trie-structured overlays. Technical Report IC/2004/111, Ecole Polytechnique Federalede Lausanne (EPFL), 2004
[21] J. Gao and P. Steenkiste. Efficient Support for Range. Queries in DHT-based Systems. Technical Report CMU-. CS-03-215, Carnegie Mellon University, Dec. 2003.
[22] Pascal A. Felber, Ernst W. Biersack, Luis Garces-Erice, Keith W. Ross, and Guillaume Urvoy-Keller. Data indexing and querying in DHT peerto -peer networks. In Proceedings of ICDCS 2004.
[23] HV Jagadish, Beng Chin Ooi, Quang Hieu Vu: BATON: A Balanced Tree Structure for Peer-to-Peer Networks. VLDB 2005: 661-672. 150
[24] Adina Crainiceanu , Prakash Linga , Johannes Gehrke , Jayavel Shanmugasundaram, Querying peer-to-peer networks using P-trees, Proceedings of the 7th International Workshop on the Web and Databases: colocated with ACM SIGMOD/PODS 2004,
[25] M. Harren, JM Hellerstein, R. Huebsch, BT Loo, S. Shenker, and I. Stoica. Complex queries in dht-based peer-to-peer networks. In Proceedings of IPTPS02, Cambridge, USA, March 2002. http://www.cs.rice.edu/Conferences/IPTPS02/.
[26] Matt Blaze, Joan Feigenbaum and Jack Lacy. Decentralized Trust Management. In Proceedings of the IEEE Symposium on Security and Privacy, pp.164-173, IEEE Computer Society Press, 1996.
[27] Anwitaman Datta, Manfred Hauswirth, Renault John, Roman Schmidt, Karl Aberer: Range Queries in Trie-Structured Overlays. Peer-to-Peer Computing 2005: 57-66
[28] Brett McLaugblin 著,刘基诚 译,Java 与 XML,中国电力出版社,2004 年 2 月
[29] Bruce Eckel 著,Java 编程思想,机械工业出版社,2005 年 1 月
[30] Joshua Bloch 著,Effective Java Programming Language Guide,机械工业出版社,2004 年 1 月
[31] Martin Fowler 著,徐家福 译,UML 精粹:标准对象语言简明指南(第 3 版,清华大学出版社,2005 年 5 月
[32] Changxi Zheng, Guobin Shen, Shipeng Li, and Scott Shenker, “Distributed Segment Tree: Support of Range Query and Cover Query over DHT,” The 5th International Workshop on Peer-to-Peer Systems (IPTPS-2006), Feb 27-28, 2006, Santa Barbara,
[33] Scott Oaks,Bernard Traversat,Li Gong 著,技桥 译, JXTA 技术手册,清华大学出版社,2004 年 4 月
[34] Li Gong,Gary Ellison,Mary Dageforde 著,朱岱 译,深入 Java 2 平台安全,电子工业出版社,2004 年 9 月
[35] Jon Bentley 著,谢君英 石朝江 译,编程珠玑 ,中国电力出版社,2004 年 4 月
[36] 张玉清,肖国镇. 《计算机密码学及其应用》. 国防工业出版社, 2001.7
[37] 张玉清,陈建奇等译. 《公开密钥基础设施 PKI》.清华大学出版社,2002,12.
[38] 张玉清,吴溥峰等译. 《JAVA2 参考大全》.清华大学出版社,2001,11.
[39] JSDSI,http://jsdsi.sourceforge.net/
[40] GISP,http://gisp.jxta.org
[41] 高岭,刘红,周兆确等译. 《Java P2P 技术内幕》,人民邮电出版社,2003,10.
[42] 许斌. 《JXTA——Java P2P 网络编程技术》,清华大学出版社. 2003,6.
[2]Guntella, http:// www.gnutella.com
[3]Kazaa, http:// www.kazaa.com/
[4]JXTA,http://www.jxta.org
[5] btcomet,http://wiki.bitcomet.com
[6] skype, http://www.skype.com
[7] pplive, http://www.pplive.com/zh-cn/index.html
[8] coolstream, http://www.coolstream.it/
[9] sun, http://www.sun.com/
[10] edonkey, http://www.edonkey2000.cn
[11] emule, http://www.emule.org.cn
[12] SETI@home, http://setiathome.berkeley.edu
[13] avail, http://www.avaki.com
[14]Dehua Zhang, Yuqing Zhang, and Yiyu Zhou. Research of security architecture for P2P network based on trust management system. Proc. of GCC 2005, LNCS 3795,pp.184-189,Springer-Verlag, 2005.
[15]C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, T.Ylonen. SPKI Certificate Theory RFC 2693 September 1999
[16]D.Clarke,J.Elien,C.Ellison,M.Fredette,A.Morcos,and R.L.Rivest.Certificate chain discovery in SPKI/SDSI.Journal of Computer Sceurity,2001.
[17]D. Kato. GISP: Global Information Sharing Protocol --- A Distributed Index for Peer-to-Peer Systems. In Proceedings of 2nd International Conference on Peer-to-Peer Computing, Sweden, 2002
[18]S.Ajmani,D.Clarke,C.H.Moh,and S.Richman.Conchord:Cooperative SDSI Certificate storage and name resolution.In Proceedings International Workshop on Peer-to-Peer Systems(IPTP),Mar.2002
[19] Karlo Berket, Abdelilah Essiari, Artur Muratas: PKI-Based Security for Peer-to-Peer Information Sharing. ... Inf. Syst. Secur. 6(4): 566-588 (2003). 1
[20] A. Datta, M. Hauswirth, R. John, R. Schmidt, and K. Aberer. Range queries in trie-structured overlays. Technical Report IC/2004/111, Ecole Polytechnique Federalede Lausanne (EPFL), 2004
[21] J. Gao and P. Steenkiste. Efficient Support for Range. Queries in DHT-based Systems. Technical Report CMU-. CS-03-215, Carnegie Mellon University, Dec. 2003.
[22] Pascal A. Felber, Ernst W. Biersack, Luis Garces-Erice, Keith W. Ross, and Guillaume Urvoy-Keller. Data indexing and querying in DHT peerto -peer networks. In Proceedings of ICDCS 2004.
[23] HV Jagadish, Beng Chin Ooi, Quang Hieu Vu: BATON: A Balanced Tree Structure for Peer-to-Peer Networks. VLDB 2005: 661-672. 150
[24] Adina Crainiceanu , Prakash Linga , Johannes Gehrke , Jayavel Shanmugasundaram, Querying peer-to-peer networks using P-trees, Proceedings of the 7th International Workshop on the Web and Databases: colocated with ACM SIGMOD/PODS 2004,
[25] M. Harren, JM Hellerstein, R. Huebsch, BT Loo, S. Shenker, and I. Stoica. Complex queries in dht-based peer-to-peer networks. In Proceedings of IPTPS02, Cambridge, USA, March 2002. http://www.cs.rice.edu/Conferences/IPTPS02/.
[26] Matt Blaze, Joan Feigenbaum and Jack Lacy. Decentralized Trust Management. In Proceedings of the IEEE Symposium on Security and Privacy, pp.164-173, IEEE Computer Society Press, 1996.
[27] Anwitaman Datta, Manfred Hauswirth, Renault John, Roman Schmidt, Karl Aberer: Range Queries in Trie-Structured Overlays. Peer-to-Peer Computing 2005: 57-66
[28] Brett McLaugblin 著,刘基诚 译,Java 与 XML,中国电力出版社,2004 年 2 月
[29] Bruce Eckel 著,Java 编程思想,机械工业出版社,2005 年 1 月
[30] Joshua Bloch 著,Effective Java Programming Language Guide,机械工业出版社,2004 年 1 月
[31] Martin Fowler 著,徐家福 译,UML 精粹:标准对象语言简明指南(第 3 版,清华大学出版社,2005 年 5 月
[32] Changxi Zheng, Guobin Shen, Shipeng Li, and Scott Shenker, “Distributed Segment Tree: Support of Range Query and Cover Query over DHT,” The 5th International Workshop on Peer-to-Peer Systems (IPTPS-2006), Feb 27-28, 2006, Santa Barbara,
[33] Scott Oaks,Bernard Traversat,Li Gong 著,技桥 译, JXTA 技术手册,清华大学出版社,2004 年 4 月
[34] Li Gong,Gary Ellison,Mary Dageforde 著,朱岱 译,深入 Java 2 平台安全,电子工业出版社,2004 年 9 月
[35] Jon Bentley 著,谢君英 石朝江 译,编程珠玑 ,中国电力出版社,2004 年 4 月
[36] 张玉清,肖国镇. 《计算机密码学及其应用》. 国防工业出版社, 2001.7
[37] 张玉清,陈建奇等译. 《公开密钥基础设施 PKI》.清华大学出版社,2002,12.
[38] 张玉清,吴溥峰等译. 《JAVA2 参考大全》.清华大学出版社,2001,11.
[39] JSDSI,http://jsdsi.sourceforge.net/
[40] GISP,http://gisp.jxta.org
[41] 高岭,刘红,周兆确等译. 《Java P2P 技术内幕》,人民邮电出版社,2003,10.
[42] 许斌. 《JXTA——Java P2P 网络编程技术》,清华大学出版社. 2003,6.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |