A Mechanism Based on Reputation in P2P Networks to Counter Malicious Packet Dropping

In P2P (Peer-to-Peer) networks,some malicious peers can impact on overall networks performance.One of the malicious behaviors of these peers is malicious packet dropping.In this paper,our focus is to detect and to exclude peers that misbehave by dropping some or all packets.Here,we propose a reputation-based mechanism for solving the problem efficiently.The proposed mechanism uses both direct reputation information and indirect reputation information to compute comprehensive reputation of a peer.At the same...     

构造P2P电子商务系统中基于推荐过滤信任模型

通过对已有工作的分析和对比,选用了一种利用置信因子综合局部声誉和全局声誉的信任评价机制作为研究基础,引入基于集合迭代二分法的过滤方法对推荐节点进行过滤,并提出对评价其他节点评价质量的节点的评价可信度进行了限定来提高模型的准确性和抗攻击能力.同时,为避免恶意节点用诚信买行为来掩盖恶意卖行为的情况,对买家和卖家给对方的评价...     

A mechanism based on reputation in P2P networks to counter malicious packet dropping

In P2P (Peer-to-Peer) networks,some malicious peers can impact on overall networks performance.One of the malicious behaviors of these peers is malicious packet dropping.In this paper,our focus is to detect and to exclude peers that misbehave by dropping some or all packets.Here,we propose a reputation-based mechanism for solving the problem efficiently.The proposed mechanism uses both direct reputation information and indirect reputation information to compute comprehensive reputation of a peer.At the same time,history reputation information is also taken into account to provide faults tolerance capability and we regulate the imprecision based on the fact that the cause of packet dropping can be complex.Finally,the peers with bad comprehensive reputation can be detected easily and then will be excluded from the network.In this way,our proposed mechanism improves the performance of P2P networks without increasing computational overhead.     

多维适配算法对区块链节点可信授权的优化研究

区块链技术可解决物联网传统访问控制方案中管理集中、数据易丢失等问题,实现分布式、安全性高的访问控制,但容易忽视建立动态灵活的访问控制机制的重要性,当节点被破坏时无法自动捕捉网络的动态信息,并相应地调整其授权策略.本文设计了一种基于属性的物联网访问控制机制,具有辅助授权的信任和声誉系统,提出多维适配算法(MDAA),首先利用一个公有区块链和私有侧链,将敏感信息和公共数据分开存储,服务消费节点注册属性,服务提供节点定义访问门限策略;接着信任和声誉系统逐步量化网络中每个节点的信任和声誉评分,当服务消费节点发起访问请求后,智能合约验证服务消费节点是否满足访问门限策略要求的属性和信任声誉阈值,都满足则获得访问权限;最后依据节点间交互作用定期更新节点的信任和声誉评分,实现动态验证和授权.仿真结果表明,与TARAS算法、DADAC算法相比,MDAA支持双向信任评估,具有较好的算法收敛性,在确保授权安全的同时减少了处理访问控制的延迟,具有适用性.     

Personalized Trust Management for Open and Flat P2P Communities

A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trust from a subjective point of view and gives personalized decision support to each peer. Simulation experiments prove its three advantages： free of central control, stronger immunity to misleading recommendations, and limited traffic overload.     

Authorization Management Framework Based on Joint Trust-Risk Evaluation

0 Introduction Trust management[1-3] is an approach to managing authorization in distributed environ- ments. Blaze et al[1] firstly proposed the concept of trust, and took trust into consideration in au- thorizing. Probability computed via historical records is viewed as the grade of trust[4]. Trust is classified into two types: direct trust and recom- mendation trust. But modeling the subjective trust with the simple probability and expressing the integration of multi recommendation trusts b…     

面向对等网络应用的信任与名誉模型

P 2P(peer to peer)网络已经得到日益广泛的使用。但是如何建立Peer之间的信任关系,却一直没有很好的解决方案。该文使用两种表——局部信任表和全局名誉表,提出了一种方案——P 2P trust:每个节点保存与其交易过的一些服务质量好的节点的局部信任值,组成局部信任表,同时每个节点保存另外几个节点的全局名誉表,并且引入朋友机制,这样就结合了局部名誉表和全局名誉表各自的优点。P 2P trust可以解决冒名、协同作弊等问题,模拟结果表明该方案有很强安全性和较好可扩展性,并且运行开销相对比较小。     

基于平衡理论的P2P信任模型的建构与设计

当前P2P网络中存在着大量的恶意节点攻击和共谋团体欺骗等问题,已存在的信任模型在一定程度上完善了P2P网络环境;但模型的侧重点不同,无法全面解决大规模的恶意攻击和欺骗。为此,提出了基于平衡理论的P2P信任模型。该模型由信任结构的构建、恶意节点检测和信任推测等三部分完成。模型首先根据平衡理论构建信任网络;针对恶意节点的攻击,利用平衡理论定义节点的平衡因子,通过计算恶意行为对网络平衡性的影响来检测恶意节点;最后利用信任推测算法来推测信任节点,防止网络加入不信任的节点,降低网络的安全性。实验结果表明该模型可靠完善,算法有效和健壮。     

基于信任向量的P2P网络信任管理模型

为了解决由于P2P开放、匿名和高度动态的特性而容易受到攻击并被攻击者用来散布恶意信息的问题,需要建立P2P节点间的信任关系,提出一种TPP(trust in peer to peer)方案。该方案中每个节点通过计算被查询节点信任值的方式,使用信任向量建立本地信任表,并提交对另外节点的评价以建立全局可信表,最终建立一个信任网络。模拟结果表明TPP比其他模型的交易成功率高,而通信和计算资源开销小,且能够很好地解决冒名、协同作弊以及"搭车行为"等安全问题。通过建立TPP模型,P2P网络有更强的健壮性和可扩展性,安全性提高,易于建立更加可信的网络。     

基于信任向量的P2P网络信任管理模型

为了解决由于P2P开放、匿名和高度动态的特性而容易受到攻击并被攻击者用来散布恶意信息的问题,需要建立P2P节点间的信任关系,提出一种TPP(trust in peer topeer)方案。该方案中每个节点通过计算被查询节点信任值的方式,使用信任向量建立本地信任表,并提交对另外节点的评价以建立全局可信表,最终建立一个信任网络。模拟结果表明,TPP比其他模型的交易成功率高,而通信和计算资源开销小,且能够很好地解决冒名、协同作弊以及"搭车行为"等安全问题。通过建立TPP模型,P2P网络有更强的健壮性和可扩展性,安全性提高,易于建立更加可信的网络。     

基于UCON改进模型在云环境虚拟访问控制中的应用研究

传统访问控制方法授权都是在访问前进行的,无法处理访问过程中的新授权需求,不适于云环境虚拟网络。为此,将UCON改进模型应用于云环境虚拟访问控制中。构建原始UCON模型,针对UCON模型的弊端,从文件存储和授权方面对UCON模型进行改进。针对文件存储方面,选用GFS模式对服务器端文件进行存储,通过空间变换形式增强隐私文件的安全性;针对授权方面,将用户信任程度看作授权条件,采用客观与主观相结合的信任衡量策略,依据推荐信任与用户信誉实现信任度计算,只有信任度满足授权条件的用户可得到访问权限,为云计算虚拟访问控制添加一道符合其特点的屏障,实现UCON模型改进。将UCON改进模型应用于云环境虚拟网络,实现访问控制。实验结果表明,所提方法能够有效实现文档访问控制、图像访问控制,存取性能高。     

一种基于不同角色和反馈可信度的P2P信誉模型

针对已有的全局信誉模型,多数方案仅单独使用正面或负面否认信息构建实体的信誉值,且基本建立在信任度高的节点反馈也更可信的假设上,将节点的反馈质量等同于服务质量的问题,提出一种基于节点不同角色和反馈可信度的P2P全局信誉模型,并给出了模型的数学表述和实现方法。分析与仿真实验结果表明,该模型较已有的全局模型能有效防止恶意节点用诚信买掩盖恶意卖以及共谋欺骗等恶意行为,促进节点积极诚信参与网络活动,提高系统的安全性。     

PeerMD： A P2P Molecular Dynamics Simulation Framework Based on Web Services

PeerMD, a P2P molecular dynamics simulation frame-work based on Web services is proposed. It utilizes rich free CPU time and network bandwidth of P2P networks to provide enough resources for dynamics simulation of bio-macromolecule, and has resolved the problem that it is difficult to interoperate between heterogeneous peers in P2P environment through Web services. Structure of PeerMD is given. Function, input and output of molecular dynamics simulation Web service are defined. Processes of publishing, discovering and invoking of molecular dynamics simulation Web service based on multi-level SuperPeer are given. A protocol system of PeerMD is implemented on a basic P2P platform JXTA, and experimental simulations of tumor necrosis fact alpha （TNF-α） and two mutations of it are executed on the protocol system. Simulation results show that PeerMD can speed up molecular dynamics simulation perfectly.     

对等网信任管理模型的研究

研究了P2P技术应用于文件共享服务时存在的安全问题,构建了一种新的声誉评价公式与方法,研究了基于资源可信度和推荐可靠度的声誉方法建立的信任模型,通过信任机制的建立,用户获得了目标节点的历史经验,据此选择更安全的资源服务对象,并对参与共享文件提供激励作用.     

UCIMssp:Ubiquitous Computing Identification Mechanism Based on SPKI/SDSI and P2P

Ubiquitous computing systems typically have lots of security problems in the area of identification supply by means of classical Public Key Infrastructure （PKI） methods. The limited computing resources, the disconnection network, the classification requirements of identification, the requirement of trust transfer and cross identification, the bidirectional identification, the security delegation and the privacy protection etc are all these unsolved problems. In this paper, UCIMssp, a new novel ubiquitous computing identification mechanism based on SPKI/SDSI and Peer-to-Peer （P2P） is presented. SPKI- based authorization is exploited in UCIMssp to solve the above problems in the smalbscale ubiquitous computing environment. The DHT and flooding technology of P2P overlay network over the Intemet is expanded to solve the routing search in the large-scale ubiquitous computing environment. The architecture of ubiquitous computing environment, the validation of identification requisition, the identification authorization processes and the identification supply processes etc of UCIMssp are described in the paper. The performance analysis shows that UCIMssp is a suitable security solution used in the large-scale ubiquitous computing environment.     

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.     

一种基于网格计算的对等安全构架

文章提出了一种灵活的基于网格计算的对等安全构架:P2PSLF(对等网络安全层构架)。P2PSLF提供了大量的安全机制(如认证、机密性、完整性等),并能建立新的安全机制;P2PSLF独立于应用系统之上,能使新应用系统的实现不需要考虑安全问题。此外,这种构架是模块化的,可以进行重新配置,构架中的每一个同位体在通信中能满足的安全请求都是相对确定的,并可以在不重编译应用的情况下进行调整。     

基于通信历史相关性的P2P网络分布式信任模型

提出了一种新的P2P分布式信任模型NBRTrust.在节点通信历史分布式存储基础上构造了节点局部信任度评价分布式存储网-βlist,通过分布式计算节点信任评价行为的相关度,得到以节点相关度为因子的全局信任模型NBRTrust,用于评估节点的可信程度;定义了模型的数学表述和分布式计算方法,设计了基于NBRTrust信任模型的P2P通信模型.仿真分析表明,相比纯粹的局部信任模型和全局信任模型,NBRTrust信任模型更客观,能够有效抵御单个恶意节点和团队恶意节点的欺骗行为,是一种有效的信任模型.     

A formal reputation system for trusting wireless sensor network

In this paper, a formal system is proposed based on beta reputation for the development of trustworthy wireless sensor networks (FRS-TWSN). Following this approach, key concepts related to reputation are formal described step by step for wireless sensor networks where sensor nodes maintain reputation for other sensors and use it to evaluate their trustworthiness. By proving some properties of beta reputation system, the beta distribution is founded to fit well to describe reputation system. Also, a case system is developed within this framework for reputation representation, updates and integration. Simulation results show this scheme not only can keep stable reputation but also can prevent the system from some attacks as bad mouthing and reputation cheating. Biography: XIAO Deqin(1970–), female, Associate professor, research direction: formal theory of information security.     

5G校园专网的安全接入和授权管理研究

校园网用户具有基数大、流动性强、分布广等特性,用户的可控安全接入和授权管理是5G专网落地校园的重点和难点。首先介绍5G校园专网安全接入和授权管控的必要性以及关键技术、组网方式、优点及应用框架,其次讨论5G校园专网的常见安全风险,并分析几种安全接入方案的优缺点,最后提出一种基于安全管控装置的安全接入和授权管理方案,并进一步结合零信任网关构造更为安全可靠的5G专网安全系统,从而实现5G校园专网用户的安全无感接入以及基于用户身份与应用级别细颗粒度的授权管控。