Research On Security Issues Of Peer-to-Peer Network Based On Trust Management System

Research on P2P (Peer-to-Peer) network plays a significantly important part in the security of P2P applications. P2P network is dynamic, independent and discrete. These features make the security solutions of P2P network confronted with new challenges. Some traditional security solutions are not adapted to P2P network. For this reason, this thesis starts the study of the security problems of P2P network with the trust management system. Thesis researches consist of four main parts, including: how to define the trust relationships in P2P network from the security requirements of P2P applications, how to enhance the expression ability to fit the features of P2P network and how to implement, how to give a provable analyse of the trust relationship and how to use the trust management system in P2P network.This thesis studies the research of security issues of P2P network with network attacks and security requirements of P2P applications, pointing out the fundamental causes of P2P network attack which are related with trust relationship like security requirements. This thesis analyses it necessary to solve the security issues of P2P network using trust management system, and gives the definition of trust relation in P2P network according to the security requirement.This thesis emphasizes the research of the design, implement and usage of trust management system, presenting the trust management system named ExSPKI based on the extension of SPKI. This thesis defines the forms of ExSPKI certificates, description of trust relationship and implementation framework. ExSPKI gives the definition of bound-naming which amend the security hidden trouble in the extended naming operation in SPKI; ExSPKI introduces the standard forms of request and response, which make the certificate data related with trust relationship to be deal with uniformly in ExSPKI; ExSPKI add the condition field in the authorization and delegation certificate, which enhance the agility and ability of description of ExSPKI.To study the characters of ExSPKI deeply and give the formalization analyzing of trust relation of a system, we give the semantic analyse based on modal logic in ExSPKI. We give the limited-delegation logic predication and the semantic of it. We also design the new naming semantic based on the mend of research by Abadi on authorization computation and SDSI's naming semantic. We design the logic system of ExSPKI, and give the logic reconstructing of ExSPKI. We give the proof the correctness of the logic system and proof of the deducing rule in ExSPKI to be the theorem, which providing the logic foundation of the analyzing of the trust relation of a system. This thesis presents the security routing protocol SRP2P and security architecture SAP2P. To make the implementation and formalization analyzing of trust relationship easily, we design the security channel protocol. The security channel protocol provides the security channel transporting the messages and ExSPKI certificates.Based on ExSPKI, the security routing protocol SRP2P is presented. SRP2P using the trust relationship definition and trust management service looks through the qualification of joining the routing peers, which guarantees the routing message exchange between trusted peers.To fit the requirement of P2P applications, the new security architecture SAP2P is designed. The concept of user agent is using in SAP2P, which separates the user from the P2P application and satisfy the features of P2P network. Using user agent, the exposure of user's information and the usage of user's key is cut down. The authentication and resource access control are fit the restriction of trust relation, using the protocol in SAP2P.To validate the validity and the efficiency of ExSPKI, this thesis gives the implementation of ExSPKI in the circumstance of JAVA using RMI and SSL interface. Through the analyzing of the implementation result, we validate the validity of ExSPKI and draw the conclusion that the cache technology can improve the efficiency of ExSPKI. And the implementation of SRP2P and SAP2P based on JXTA is also presented.To summarize, researching results in this thesis have promoted researches of security issues of P2P network and provide a good way for the development of secure P2P network applications.