| Recently,P2P-based applications have developed rapidly.The download software represented by BT,eMule and thunder and the video software represented by PPLive and PPStream cannot operate without the support of the P2P technology.The most important feature of P2P is to change the status of server-centric,leaving the resource sharing rights to the user;thus it has aroused great repercussions in common Internet users.According to the topology,P2P network can be divided into centralized P2P network,structured distributed P2P network,non-structured distributed P2P network and hybrid P2P network.And structured distributed P2P network(DHT network)has been a hot topic in P2P network research because of its efficient search algorithm.Efficient as it is,DHT network faces very serious security problems.The main three common threats are Sybil attacks,Eclipse attacks,routing and access attacks.Sybil attack refers to multiple identities forged onone DHT network node.It can weaken data redundancy mechanismsand create favorable conditions for other types of attacks.The current defense schemes include the centralized CA authentication scheme,distributed nodes registration scheme,physical-feature-based defense programs,social-information-based prevention programs and computing-challenge-based defense programs,etc.Yet,these defensive programs still have various problems.On studying the centralized CA authentication scheme,the thesis finds that the program has the problem ofthe single point failure.To solve this problem,the thesis proposes a distributed PKI in DHT network to defend Sybil attack.Here the threshold-signature-based distributed PKI authentication model will be used.Through the distributed PKI infrastructure,it issues a trusted certificate for each node of the DHT network.Then,based on trusted certificate,it transforms the DHT network from the node id distribution,message forwarding and routing table maintenance,so as to defend Sybil attacks.Under normal conditions,the DHT network transmits routing messages by plain text between nodes.But in this way,attacker can easily intercept the routing messages and then obtain the network topology.To solve this problem,the thesis proposes a key managementmechanism,DH distributed key tree,which is applied in DHT network.Using DH for key negotiationto ensure DHT network nodes maintain a limited number of keys,it encrypts the routing messages in the whole network.It provides the secure shared keys in data encryption between DHT nodesand maintain a high degree of consistency with DHT network topology.Therefore,it has broad application prospects.Finally,the thesis combines the PKI and DH algorithm key tree together to design a DHT security system.Applying distributed PKI in the DHT network can realize authentication between nodes and defend Sybil attacks.DH algorithm-based key management mechanism,distributed key tree,can achieve the encrypted communication between DHT nodes in the network,thereby preventing DHT internal data network access to external malicious attackers.In this paper,the framework of the DHT security system is designed,with a part pf codes provided. |
PDF Full Text Request