DHT系统的安全性优化方法研究

对分布式哈希表(DHT)系统的安全脆弱性问题进行了研究,提出了多种安全性优化策略,并给出了一个原型系统。进行了真实网络实验,实验数据表明,现有DHT网络易受索引毒害和路由污染攻击,产生的错误查询结果甚至会引发更大规模的网络安全事件。通过改进一个个DHT系统的节点ID生成机制、路由表更新机制和搜索路径选择机制,从系统运行的各个阶段提升其安全场,抵御攻击者共谋。基于上述方法设计的原型系统在保证平均查询跳数增加不到1跳的情况下,在共谋攻击节点占比60%的网络中,将系统查询成功率保持在65%以上,其方法适用于各种分布式哈希表结构,具有重要的实际应用前景。

Study on the security optimization of DHT systems

The security vulnerability of distributed Hash table (DHT) systems was studied,a variety of security optimization strategies were proposed,and a prototyhpe system was designed.Real world network experiments were performed,and the resuhs show that existing DHT networks are vulnerable to index poisoning and routing pollution attacks,so the wrong query results caused by this will even lead to a larger network security event.By improving the node ID generation mechanism,the routing table update mechanism and the search path selection mechanism of a DHT system,the study improved the security of the DHT system from all working stages to resist attackers' collusion attack.The desinged prototype system based on these methods can remain the query success rate of more than 65％ in the attacking seniro with 60％ of collusion attack nodes.The only cost is increasing the average querying hop of less than 1.Thus,the method is applicable to a variety of distributed Hash table structures and has important practical prospects.