Current research on trust chain discovery is based on the assumption that the credentials were stored centrally. Aiming at this limitation, a role-based credential overlay network (RBCON) was proposed. Every peer of RBCON can store rolebased credentials, by which trust chains can be established between each pair of peers based on role-based distributed Hash table. RBCON also introduces novel algorithms for RBCON generation, stabilization, trust chain search and present new distributed data structure for storing role-based credential keys. RBCON adapts efficiently as peers join and leave the system, and can execute trust chain search even if the system is continuously changing. The simulation results highlight the correctness and efficiency of this solution, especially the communication cost and the state maintained by each node scale logarithmically with the number of RBCON peers. The solution is very easy to implement and popularize.
[1] BLAZE M, FEIGENBAUM J, STRAUSS M. Compliancechecking in the policymaker trust management system [J]. Lecture Notes in Computer Science, 1998, 1465: 254-274.
[2] 徐锋,吕建. Web安全中的信任管理研究与进展 [J]. 软件学报, 2002, 13(11): 2057-2064.
XU Feng, LV Jian. Research and development of trust management in Web security [J]. Journal of Software, 2002, 13(11): 2057-2064.
[3] CLARKE D, ELIEN J E, ELLISON C, et al. Certificate chain discovery in SPKI/SDSI [J]. Journal of Computer Security, 2001, 9(4): 285-322.
[4] MAO Ziqing, LI Ning, WINSBOROUGH W H. Distributed credential chain discovery in trust management with parameterized roles and constraints [J]. Information and Communications Security, 2006, 4307: 159-173.
[5] NIKANDER P, VILJANEN L. Storing and retrieving Internet certificates [C]∥ Proceedings of the 3rd Nordic Workshop on Secure IT Systems. Trondheim, Norway: Elsevier, 1998: 1-13.
[6] STOICA I, MORRIS R, KARGER D, et al. Chord: a scalable peertopeer lookup protocol for Internet applications [C]∥ Proceedings of the 2001 ACM SIGCOMM Conference. San Deigo, CA: ACM, 2001: 149-160.
[7] LI Ning, WINSBOROUGH W H, MITCHELL J C. Distributed credential chain discovery in trust management [J]. Journal of Computer Security, 2003, 11(1): 35-86.
[8] AJMANI S, CLARKE D E, MOH C H, et al. Conchord: cooperative SDSI certificate storage and name resolution [C]∥ PeertoPeer Systems: 1st International Workshop. Ithaca, NY, USA: SpringerVerlag, 2002: 141-154.
[9] KARGER D, LEHMAN E, LEIGHTON F, et al. Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the world wide Web [C]∥ Proceedings of the 29th Annual ACM Symposium on Theory of Computing. Texas, United States: ACM, 1997: 654-663.
[10] CHEN Ke, HWANG K, CHEN Gang. Heuristic discovery of rolebased trust chains in peertopeer networks [J]. IEEE Transactions on Parallel and Distributed Systems, 2009, 20(1): 83-96.
[11] STEPHANOS A, DIOMIDIS S. A survey of peertopeer content distribution technologies[J]. ACM Computing Surveys, 2004, 36(4): 335-371.
[12] 罗杰文. Peer to peer综述[EB/OL]. [20051103].http:∥www.intsci.ac.cn/users/luojw/papers/p2p.htm.
