| Large-scale deployment is still unreachable for IP multicasting, due to the high complexity of route maintenance and the unguaranteed security and reliability. In the meanwhile, the call for multi-point data transferring is ever growing, and this fosters the fast development of application level multicast. Currently, commercial multimedia delivering systems, such as Internet TV, have been practically implemented for years, and the number of subscribers has exceeded 10 million around the world. However, the intrinsic security defects have not been solved for P2P or multicast systems. In 2007, an attack test targeted to a commercial P2P system remarkably demonstrated the vulnerability of the existing applications, in which nearly 80% of the P2P users are affected by the file pollutions in short time. Till now, the security issues of P2P multicast systems have not attained an effective solution, and ad-hoc measures, namely encrypted protocols, anti-hack protection for client software, are employed to tackle security threats.On the basis of analyzing the security risk of IP multicast and application level multicast, the thesis summarizes the methods of attacking against the application level multicast, and addresses the content pollutions attach as a major security concern in P2P systems. On designing and implementing the P2P simulation system, a monitor and analysis study is conducted to tracing the content pollution attack. The study shows that system risk is enormous with respect to Simple forwarding pollution and active pollution attack.The thesis puts forward a credible forwarding based CDMS model (Credible Data-driver Multicast Security). To timely identify malicious multicast datagram and locate malicious multicast node are the two major challenges to anti pollution mechanism. CDMS assumes that malicious multicast datagram can be detected in real time, and the participating nodes validate before forward the datagram. In this paradigm, every node in P2P system undertakes the security censor procedure, as the access router does in the edge of IP multicast network, thus the polluted content can be effectively curbed so as not to propagate. By making a normalized behavior for the P2P nodes, the P2P system can effectively recognize the malicious nodes, and in combination with the autonomous security route selection, malicious nodes can be quarantined in a timely and cost-effective manner.Two hybrid tree-chain signature contribution schemes are proposed, namely STC scheme and EMTC scheme. To facilitate the credible forwarding in P2P multicast system, real time and non-repudiation are the most prominent request. Both STC and EMTC are based on digital signature, hence non-repudiation is ensured. STC may result in a slight validation delay at the receiver side. EMTC will cause no validation delay at the receiver side in case of packet loss, and will cause low validation delay in case of packet sequence disorder. Analytical computing, simulation, and comparison with other systems show that the newly proposed scheme is highly efficient. While the existing schemes can validate n packets by carrying n Hash value, the hybrid tree-chain schemes can perform 2n-1 direct validating processes. By abundant simulation study, the optimal combination of span obtained by EMTC has approximated the theoretic optimum.A triple active mechanism is designed to ensure the transfer of the signature packet. Safe and timely delivery of signature packet to member nodes is the base of security for signature distribution authentication scheme. The triple active mechanism involves three aspects:gossip based active pushing, scheduling of signature packet request and anti-attack secondary active redundant scheduling. The mechanism secured the release of signature packet, and the feasibility is proved by simulation.A precautionary mechanism of probability authentication is presented to lower the system expenditure. When the system is not under attack, conducting all the security forwarding for all the nodes will cause undesirable cost. By randomly selecting some guard nodes to implement credible authentication check, potential attack can be detected by sending security warning to the originating nodes, and other nodes can be protected from the attack. The thesis analyzes the possible vulnerability of the scheme, and puts forward three approaches to complete the main scheme, including responsibility-free forwarding, backward security remind and mandatory security data response. Though probability authentication mechanism can not fully determine the malicious source, it helps to suppress the further attack from the malicious nodes.The credible data in the CDMS model include:verifiable multicast data, malice-verifiable security remind message, mandatory security multicast request, verifiable multicast possibility strategy and authentication signature. When the above data are combined with low-cost multicast route maintenance, the P2P system can be secured by the proposed mechanism.
|
PDF Full Text Request