Research On P2P Network Access Control Model Based On IPv6

Peer-to-Peer (P2P) service has become one of the most important applications in the Internet nowadays. P2P is a new model for network interconnection, while IPv6 is the basis of next-generation Internet, the Combination of them will provide wide opportunity of development for the application of P2P technology. Because of its magnificent future and great development potential, P2P technologies attract great concerns of academic field. However, the distributed, anonymous and dynamic characteristics of P2P network lead to security issues such as the non-cooperation and unreliable quality of service. The traditional access control models and trust management models can not satisfy the P2P environment commendably. So some key issues of access control model in P2P environments based on IPv6 are researched in this thesis and our works mainly include:(1) A Recommendation based Atack Resistant Trust model (RARTrust) was proposed. It combines the advantages of local trust model.The nodes trust is composed of three parts and they are direct trust value, recommendation trust value and punishment value. Experimental results show that, compared to some current trust models, RARTrust has advantages in modeling dynamic trust relationship.(2) We proposed a Dynamic Trust, Role and Context-Based Access Control model (TRCBC) which extended the traditional RBAC with context constraints to solve the security issues in P2P application. The TRCBC provide authorization with dynamic granularity and real-time permissions.By the trust value, introduction of context-bound process of access control, TRCBC retaining the advantages of RBAC model provides more effective access control for P2P network resources. The TRCBC mechanisms dynamically grants and adapts permissions to users based on a set of contextual information collected from the application environments and the node trusts value greater than the threshold value of trust.(3) The new framework of P2P network based on IPv6 was designed. A kind of Lightweight Attribute Certificate (LAC) was proposed. Through the lightweight attribute certificates, the peers can be validated their legal identities and also can acquire their privileges for the resources according to the role information in the lightweight certificates. The security policy language with Security Assertion Markup Language and extensible Access Control Markup Language which are both based on XML is used.By inheriting the advantages of XML, this security policy language achieves the inherent qualities of distributed, anonymous and dynamic characteristics of P2P network. The implementation of RABAC is just based on this security policy language. Compared with current research works of P2P network, this security policy is more scalable and extensible and platform-independent.