| As one of the most rapidly developed technology on the Internet in the earlypart of this century, P2P technology adhering to the initial design concept ofInternet, get rid of the difference between server and client, making networkcomputing model develop from decentralized mode to distributed mode, fullyuses resources of terminal equipments at the edge of Internet. Being equal parts,all the members in the network can directly connect and exchange files, and forma larger, more scalable overlay network. More and more P2P based applicationsare coming into being. However, though P2P technology promotes the sharing ofInternet hardware and software, its inherent anonymity, dynamic and opennesscharacters severely threat the security of Internet. Due to the reliability of theservice and the authenticity of the resources can not be guaranteed, and lack ofcontrol and management from a central component, there are morevulnerabilities that can be exploited by attackers in the P2P network. The easyway to share and fast way to route, also provide a platform for rapid spreading ofviruses and worms. Those seriously constraint the further developing of P2Psystem, and even threat the security of the entire Internet. How to improve thesecurity of P2P network has become an important issue to be solved. Thisdissertation analyzes and invests main security threats in P2P file sharing systems.From the point of view of system design, some enhancement methods areproposed.Firstly, fake-block attack in data transfer phase is a typical resourceconsumption attack, which seriously affect the availability of P2P systems. Thisdissertation studies fake-block attack in BitTorrent system, and creates astochastic mathematics model to give the theoretical upper bound that the attackcan take. Then the WAN experiment in a semi-open environment verifies theharm of fake-block attack in real network, and gives the result that the attack canbring at least3times delay of downloading. Finally a SmartHash algorithm basedcountermeasure is given. Simulation indicates this method is feasible andeffective. Secondly,routing security issues in peer selecting phase, not only threat theavailability of the system, but also provide a platform for other larger scaledestructive attacks. This dissertation makes attack validation in BT’s MainlinedDHT under actual network environment, proves that index poisoning and routingattack can controls the searching results of DHT network. To solve this securityissue, this dissertation proposes the improved node ID generation mechanism,routing table updating mechanism and the searching path selection mechanism.Theoretical analysis and simulation results show that the improved method canguarantee the query efficiency and system safety.Lastly, security threats in resource publishing/searching stage includesystem availability and resources authenticity. Research work of systemavailability is mainly focused on DHT structure. We study the keyword loadbalance problem in KAD network of eMule, and give a publishing and searchingimprovement based on the index of multiple target IDs. Simulation experimentsindicate the method can effectively improve the index load balancing. Researchwork of resources authenticity proposes a resource rating model in P2P filesharing system, called FRep, and details introduces votes aggregating mechanism,peer choosing mechanism, challenge mechanism, punishing and encouragemechanism and voting record exchange mechanism, analyzes the ability of FRepto resist large scale deception attacks. Simulation experiments prove FRep ismore powerful to counter against outside attacks and has better computationand communication efficiency.Overall, this dissertation systematically researches the security problems inP2P file sharing networks, in-depth analyzes different security threats in all stagesof P2P file sharing cycle model. The proposed methods and technologies caneffectively improve the performance and enhance the security of P2P network,which is significant for the future research on P2P network... |
PDF Full Text Request