Research And Implementation Of The Survivable System Based On Trust

With the rapid development of the computer network and information systems, many essential departments are increasingly depend on the network information system. This trend causes security problems in the network information system to be more prominent. The traditional network security technology is facing the huge challenge, and cry for more effective security means. The research of network survivability is a breakthrough to traditional security concept and technology. Its importance has obtained widespread attention nowadays. This thesis focuses on the survivable system based on P2P technology. It does not only provide perfect core mechanism of technology implementation for assuring and improving system survivability, but also provide a reliable method to evaluate creditability for secure communication among network nodes. Consequently the research provides an effective means for solving trust and security problems in the system. The main contribution of this thesis includes:Firstly, the theory of system survivability and P2P technology is analyzed, and the feasibility of survivable system based on P2P technology is explored. This thesis focuses on the trust problems in P2P networks and probes into the solution to trust problems in P2P system based on the DHT algorithm.Secondly, the survivable system based on P2P technology is improved substantially. The major achievements were redesigned whole function of the system and respective role of nodes, and performed the key technologies'realization mechanism. According to further research of JXTA technology and XML protocols, we can see that the combination of these two can provide steady communication platform and reliable delivery of message, and it can assure communication among nodes and message routing.Thirdly, a survivable prototype system based on trust is designed and implemented, which consists of security authentication mechanism, surrogate mechanism, concurrent downloading mechanism and trust mechanism. The security authentication mechanism can assure the control of malicious nodes joining, identification of malicious behavior and disposal of malicious nodes. The surrogate mechanism based on trust can select another most creditable node to provide basic functional service continuously when one node in the system collapsed. Concurrent downloading mechanism assures that the system can support thousands and millions of concurrent downloading based on trust. Consequently, system performance is improved remarkably. Finally, an evaluation method of dynamic trust relationship and a node's election scheme based on trust are proposed. This thesis pays more attention to the method of trust evaluation among nodes. A concrete approach for a node in the system to evaluating reliability of the other nodes is designed. The node's election scheme based on trust evaluation is designed to apply the requirement of surrogate mechanism and concurrent downloading mechanism, and then the detailed design scheme and algorithmic implementation are presented. A series of simulation experiments have done to estimate the node's election scheme based on trust evaluation. The result of experiments demonstrated the effectiveness of the scheme in function and performance of the whole system, and validated the veracity and reliability of the scheme.The research in the thesis takes the active role in the 863 project. At the same time, it has made good contribution to project approval of information attack and defense laboratory.