A Distributed Authentication Model Based On Trust And Risk Evaluation

Authentication is the basis of cyber security.The traditional authentication often uses a centralized authentication method based on the CA authentication center.This authentication method makes the CA authentication center become the bottleneck of performance: once a certain node of the CA can't be accessed due to hardware failures,malicious attacks and other factors,the corresponding authentication function will fail,and the entire authentication system is even crashed.P2 P networks are developing rapidly today.P2 P networks don't have control centers,and its topology is flexible.The centralized authentication method not only has a bottleneck in traditional networks,but also cannot play a good role in P2 P networks;a distributed authentication method emerges.This paper proposes a Distributed Authentication Model Based on Trust and Risk Evaluation(TRDM model).The TRDM model includes a two-way identity authentication and a two-way privilege authentication.The identity authentication is based on the public key cryptosystem and the privilege authentication is based on the comprehensive trust.The comprehensive trust is the result of the direct interactive evaluation of the node to the target node and the result of the evaluation by other nodes.In this way,the authentication is distributed to each node in the network,and distributed authentication is formed.The main contributions of this paper include the following three aspects:(1)The TRDM model is different from the general trust model that is either 100% trust or 100% distrust: the trust of the nodes is divided,and the nodes with different trust are granted different authority;that is called privilege authentication;and it gives new nodes the lowest authority,By this method the TRDM solves the trust problem of the new node and the problem that the malicious node cleans the crime by changing the identification.(2)With the introduction of the guarantee mechanism,the node is responsible for its evaluation for the target node.In order to stimulate the nodes to provide services of good quality and provide real guarantee data,The TRDM model also sets up a reward and punish mechanism,and designs a corresponding incentive and punishment schemes for malicious nodes and nodes that provide false guarantee data.(3)Considering the dynamic behavior of the nodes and the low sensitivity of the existing trust model to the abnormal behavior of the nodes;this paper introduces the risk evaluation mechanism of the financial field to the TRDM model,and adjusts the trust threshold or authority of the target node according to the risk value to protect the network from attacks.The experimental results show that the TRDM model can effectively resist a variety attacks,even if there is a large percentage of malicious nodes in the network;In addition,the TRDM model evenly distributes workload among nodes in the network.