共查询到20条相似文献,搜索用时 515 毫秒
1.
面向点对点的安全可靠存储系统 总被引:5,自引:0,他引:5
利用P2P的方法实现了一个共享和合作的安全存储系统,其中参与节点运行Paramecium协议或其他兼容的DHT(distributed hash table)协议形成自组织覆盖层,维护系统的组织结构和提供路由服务.由于该系统为开放式结构,引入了基于PKI的安全认证机制以确保用户数据的授权访问.用户数据和副本标示的绑定支持了安全的数据自修复;副本类型的引入提供了安全的共享写.初步的分析和实验表明,该P2P系统在现实条件下,在消耗较低的维护带宽的同时维持了较高的可靠性并提供了较好的读写性能. 相似文献
2.
Service technology is slowly evolving to be a promising technology for developing applications in open, loosely coupled and
distributed computing environments, e.g., in mobile commerce (m-commerce). Services technology can shield the heterogeneous
platforms and is suitable for m-commerce applications. Peer-to-Peer (P2P) technology becomes more and more popular for mobile
commerce applications. For secure media distribution in m-commerce applications, the security and P2P rights management become
more and more urgent. New schemas and architectures for secure P2P based m-commerce applications, which are expected to function
automatically or semi-automatically, are expected. In this paper, a secure media service system is presented, which can trace
illegal distributors in m-commerce applications. In this scheme, the decryption operation and fingerprint embedding operation
are combined together, which avoids the leakage of clear media content in mobile transfer. Additionally, these operations
are implemented by the peer, which makes the scheme compliant with existing Peer-to-Peer Digital Rights Management (DRM) systems
and very proper for secure media distribution in m-commerce applications. The architectures and modes of secure media distribution
in m-commerce environment are presented and discussed. 相似文献
3.
4.
Sybil attack is one of the most challenging problems that plague current decentralized Peer-to-Peer(P2P) systems. In Sybil
attack, a single malicious user creates multiple peer identities known as sybils. These sybils are employed to target honest
peers and hence subvert the system. In this paper, we describe a novel solution that enables all honest peers to protect themselves
from sybils with high probability in large structured P2P systems. In our proposed sybil defense system, we associate every
peer with another non-sybil peer known as SyMon. A given peer’s SyMon is chosen dynamically such that the chances of both of them being sybils are very low. The chosen SyMon is entrusted with the responsibility of moderating the transactions involving the given peer and hence makes it almost impossible
for sybils to compromise the system. We show the effectiveness of our proposed system in defending against Sybil attack both
analytically and experimentally. In addition to this, we explore the feasibility of our proposed solution in two P2P applications:
reputation systems for P2P based file sharing applications and P2P applications susceptible to Denial-of-Service(DOS) attack,
systems known to be highly vulnerable to Sybil attack. In each of our case studies, we discuss possible ways in which our
solution can be employed to defend the system against Sybil attack. 相似文献
5.
Many P2P applications require security services such as privacy, anonymity, authentication, and non-repudiation. Such services could be provided through a hierarchical Public Key Infrastructure. However, P2P networks are usually Internet-scale distributed systems comprised of nodes with an undetermined trust level, thus making hierarchical solutions unrealistic. In this paper, we propose Chord-PKI, a distributed PKI architecture which is build upon the Chord overlay network, in order to provide security services for P2P applications. Our solution distributes the functionality of a PKI across the peers by using threshold cryptography and proactive updating. We analyze the security of the proposed infrastructure and through simulations we evaluate its performance for various scenarios of untrusted node distributions. 相似文献
6.
The concept of declarative security allows the separation of security concerns from business logic and enables the development of highly flexible and secure applications. Whereas Hibernate and the Enterprise Java Beans specification provide sufficient authentication and authorization functionalities in the context of object persistence, the Java Data Objects (JDO) specification designed as a lightweight persistence approach doesn’t provide any declarative security capabilities.
The novel security approach, JDOSecure, introduces a role-based permission system to the JDO persistence layer, which is based on the Java Authentication and Authorization Service (JAAS). JDOSecure is based on the dynamic proxy approach and ensures the collaboration with any JDO implementation. It comprises a management solution for users, roles, and permissions and allows storing the authentication and authorization information in any arbitrary JDO resource. Furthermore, a Java-based administration utility with a graphical user interface simplifies the maintenance of security privileges and permissions. 相似文献
7.
Unstructured peer-to-peer (P2P) overlay networks with two-layer hierarchy, comprising an upper layer of super-peers and an underlying layer of ordinary peers, are used to improve the performance of large-scale P2P applications like content distribution and storage. In order to deal with continuous growth of participating peers, a scalable and efficient super-peer overlay topology is essential. However, there is relatively little research conducted on constructing such super-peer overlay topology. In the existed solutions, the number of connections required to be maintained by a super-peer is in direct proportion to the total number of super-peers. For super large-scale P2P applications, i.e. the number of participating peer is over 1,000,000, these solutions are not scalable and impractical. Therefore, in this paper, we propose a scalable hierarchical unstructured P2P system in which a self-similar square network graph (SSNG) is proposed to construct and maintain the super-peer overlay topology adaptively. The SSNG topology is a constant-degree topology in which each node maintains a constant number of neighbor nodes. Moreover, a simple and efficient message forwarding algorithm is presented to ensure each super-peer to receive just one flooding message. The analytical results showed that the proposed SSNG-based overlay is more scalable and efficient than the perfect difference graph (PDG)-based overlay proposed in the literature. 相似文献
8.
随着信息技术的发展,数据的安全和稳固成为人们普遍关心的话题,本文将结合云的概念和思路介绍一种安全的、高可靠的低成本P2P云存储备份模型,并给出我们对该模型的一个尝试性的实现。 相似文献
9.
用户通过使用网络身份访问互联网应用及服务。身份管理整合了用户身份信息保护和资源访问控制等诸多技术,为优化用户体验奠定基础。本文基于网络身份特点及身份管理基础框架,分析了身份管理的发展趋势,并介绍了基于云架构的中国科学院统一身份管理系统应用案例,该系统使用单点登录、多重认证和多级安全策略,实现了应用服务间网络身份的安全高效部署及融合。 相似文献
10.
Patrick Klinkoff Engin Kirda Christopher Kruegel Giovanni Vigna 《International Journal of Information Security》2007,6(6):417-428
The number of applications that are downloaded from the Internet and executed on-the-fly is increasing every day. Unfortunately,
not all of these applications are benign, and, often, users are unsuspecting and unaware of the intentions of a program. To
facilitate and secure this growing class of mobile code, Microsoft introduced the .NET framework, a new development and runtime
environment where machine-independent byte-code is executed by a virtual machine. An important feature of this framework is
that it allows access to native libraries to support legacy code or to directly invoke the Windows API. Such native code is
called unmanaged (as opposed to managed code). Unfortunately, the execution of unmanaged native code is not restricted by the .NET security model, and, thus, could
provide the attacker with a mechanism to completely circumvent the framework’s security mechanisms if the user decides to
grant execute permission to the .NET application. The approach described in this paper uses a sandboxing mechanism to prevent
an attacker from executing malicious, unmanaged code that is not permitted by the security policy. Our sandbox is implemented
as two security layers, one on top of the Windows API and one in the kernel. Also, managed and unmanaged parts of an application
are automatically separated and executed in two different processes. This ensures that potentially unsafe code can neither
issue system calls not permitted by the .NET security policy nor tamper with the memory of the .NET runtime. Our proof-of-concept
implementation is transparent to applications and secures unmanaged code with a generally acceptable performance penalty.
To the best of our knowledge, the presented architecture and implementation is the first solution to secure unmanaged code
in .NET. 相似文献
11.
车联网可有效提高交通的效率和安全性,但通信过程中存在的隐私泄露问题严重阻碍了其应用落地。提出一种面向车联网V2X通信的条件隐私保护认证协议。针对现有协议大多仅支持车辆认证的局限性,基于用户身份和车辆身份信息生成车与用户绑定的生物密钥,使协议支持单车多用户或单用户多车认证。在保护用户和车辆身份的条件下完成对消息发送方的身份认证,并在特定情况下追溯车辆和用户的真实身份,从而实现对车辆和用户的条件隐私保护。同时,在协议中添加批量验证功能以提高验证效率。形式化的安全性分析和性能评估结果表明,该协议是安全且高效的。 相似文献
12.
13.
Vidal Martins Esther Pacitti Manal El Dick Ricardo Jimenez-Peris 《Distributed and Parallel Databases》2008,24(1-3):1-43
Collaborative applications are characterized by high levels of data sharing. Optimistic replication has been suggested as a mechanism to enable highly concurrent access to the shared data, whilst providing full application-defined consistency guarantees. Nowadays, there are a growing number of emerging cooperative applications adequate for Peer-to-Peer (P2P) networks. However, to enable the deployment of such applications in P2P networks, it is required a mechanism to deal with their high data sharing in dynamic, scalable and available way. Previous work on optimistic replication has mainly concentrated on centralized systems. Centralized approaches are inappropriate for a P2P setting due to their limited availability and vulnerability to failures and partitions from the network. In this paper, we focus on the design of a reconciliation algorithm designed to be deployed in large scale cooperative applications, such as P2P Wiki. The main contribution of this paper is a distributed reconciliation algorithm designed for P2P networks (P2P-reconciler). Other important contributions are: a basic cost model for computing communication costs in a DHT overlay network; a strategy for computing the cost of each reconciliation step taking into account the cost model; and an algorithm that dynamically selects the best nodes for each reconciliation step. Furthermore, since P2P networks are built independently of the underlying topology, which may cause high latencies and large overheads degrading performance, we also propose a topology-aware variant of our P2P-reconciler algorithm and show the important gains on using it. Our P2P-reconciler solution enables high levels of concurrency thanks to semantic reconciliation and yields high availability, excellent scalability, with acceptable performance and limited overhead. 相似文献
14.
Cihan Topal 《Computers & Electrical Engineering》2009,35(1):115-125
The current structure of the Internet, with hosts behind network address translation (NAT) boxes, causes well-known problems for P2P applications. There are several proposals, e.g., STUN, UPnP, MIDCOM, TURN among others, to enable P2P UDP communication for nodes behind NAT boxes, but each technique offers a partial solution that works in special limited cases and fails in others. In this paper, we present a framework based on the use of IPv4+4 addresses and the standard IPv4 Loose Source Record Route (LSRR) option that offers a complete solution to the secure seamless P2P UDP communication problem. Our proposal requires no changes whatsoever to end-host protocol stacks and Internet routers. The only requirement is a simple upgrade of border routers with a new LSRR-based packet forwarding algorithm for the P2P UDP traffic. We detail our implementation of a Linux-based border router that runs the proposed forwarding algorithm, and describe how applications requiring P2P UDP communication such as Voice over IP (VoIP) using SIP can benefit from our framework. 相似文献
15.
P2P搜索技术是P2P研究中的一个重要的领域。本文介绍了一个基于P2P结构化覆盖网络的分布式搜索引擎的架构和实现。该搜索引擎采用了三层架构,良好的层次架构减少了搜索引擎核心算法与P2P覆盖网络协议和具体应用间的依赖,使得搜索引擎可以移植到不同的P2P结构化覆盖网络之上。由于P2P搜索过程中会消耗大量的网络带宽,所以该搜索引擎使用了一些优化算法,它们不仅减少搜索过程带来的带宽消耗,而且保证了系统的可伸缩性。 相似文献
16.
Jaime Muoz-Arteaga Ricardo Mendoza Gonzlez Miguel Vargas Martin Jean Vanderdonckt Francisco
lvarez-Rodríguez 《Advances in Engineering Software》2009,40(12):1231-1241
A methodology is provided here to assist in the design of secure interactive applications. In particular, this methodology helps design an adequate security information feedback based on User Interface Patterns, the resulting feedback is then evaluated against a set of design/evaluation criteria called Human–Computer Interaction for Security (HCI-S). In case of a security issue the security information feedback is generally presented using the visual and auditory channels required to achieve an effective notifications, and it is explicitly specified in the design of user interfaces for secure web system. 相似文献
17.
Cloud computing technology offers the possibility of inter-organizational medical data sharing at a larger scale. The different organizations can maintain their own cloud environment while exchanging healthcare data among them in a peer-to-peer(P2P) fashion according to some defined polices. However, there are many security and privacy challenges that hamper the adoption of cloud computing solutions in healthcare domain. Besides, due to the privacy sensitivity of healthcare data, an organization may not wish to disclose its identity to others when exchanging data in the network to avoid different attacks by the intruders. Hence, anonymously authenticated data exchange is essential between the different peer organizations. In this paper we propose an anonymous on-the-fly secure data exchange protocol for such environment based on pairing-based cryptography. Our proposed solution allows cloud peers to dynamically generate temporary identities that are used to produce a session key for each session of data exchange. The proposed protocol is robust against different attacks, such as target-oriented, man-in-the middle, masquerade, and message manipulation attacks. 相似文献
18.
Peer-to-peer (P2P) architectures have recently become a popular design choice for building scalable Networked Virtual Environments (NVEs). In P2P-based NVEs, system and data management is distributed among all participating users. Towards this end, a Delaunay Triangulation can be used to provide connectivity between the different NVE users depending on their positions in the virtual world. However, a Delaunay Triangulation clearly suffers from high maintenance cost as it is subject to high connection change rate due to continuous users’ movement. In this paper, we propose a new triangulation algorithm that provides network connectivity to support P2P NVEs while dramatically decreasing maintenance overhead by reducing the number of connection changes due to users’ insertion and movement. Performance evaluations show that our solution drastically reduces overlay maintenance cost in highly dynamic NVEs. More importantly, and beyond its quantitative advantages, this work questions the well accepted Delaunay Triangulation as a reference means for providing connectivity in NVEs, and paves the way for more research towards more practical alternatives for NVE applications. 相似文献
19.