|
|
|
| Fast trust chain search in role-based credential overlay network |
| CHEN Ke, HU Tian-lei, CHEN Gang |
| College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China |
|
|
|
Abstract Current research on trust chain discovery is based on the assumption that the credentials were stored centrally. Aiming at this limitation, a role-based credential overlay network (RBCON) was proposed. Every peer of RBCON can store rolebased credentials, by which trust chains can be established between each pair of peers based on role-based distributed Hash table. RBCON also introduces novel algorithms for RBCON generation, stabilization, trust chain search and present new distributed data structure for storing role-based credential keys. RBCON adapts efficiently as peers join and leave the system, and can execute trust chain search even if the system is continuously changing. The simulation results highlight the correctness and efficiency of this solution, especially the communication cost and the state maintained by each node scale logarithmically with the number of RBCON peers. The solution is very easy to implement and popularize.
|
|
Published: 01 December 2010
|
|
|
基于角色的信任证覆盖网络中高效信任链搜索
现有的信任链发现均假设信任证为集中式存放,针对该局限性,设计一个基于角色的信任证覆盖网络(RBCON),并提出RBCON生成、维护等算法,在此基础上给出信任链搜索方案.信任凭证存储在RBCON各个结点上,基于角色的分布式哈希表以实现信任凭证的双向定位.基于角色的信任证覆盖网络结点频繁加入或者离开时能高效的完成多种信任链查询.大量仿真实验表明:该方案能够满足分布式信任链发现的各种查询的需要,并能在尽可能少的证书定位和查找的前提下完成信任链的搜索;该网络在持续的网络结点加入和离开/失败的情况下依然能保证较高的信任链查找率,因此,能够较好的抵抗各种恶意网络攻击.
|
|
| [1] BLAZE M, FEIGENBAUM J, STRAUSS M. Compliancechecking in the policymaker trust management system [J]. Lecture Notes in Computer Science, 1998, 1465: 254-274.
[2] 徐锋,吕建. Web安全中的信任管理研究与进展 [J]. 软件学报, 2002, 13(11): 2057-2064.
XU Feng, LV Jian. Research and development of trust management in Web security [J]. Journal of Software, 2002, 13(11): 2057-2064.
[3] CLARKE D, ELIEN J E, ELLISON C, et al. Certificate chain discovery in SPKI/SDSI [J]. Journal of Computer Security, 2001, 9(4): 285-322.
[4] MAO Ziqing, LI Ning, WINSBOROUGH W H. Distributed credential chain discovery in trust management with parameterized roles and constraints [J]. Information and Communications Security, 2006, 4307: 159-173.
[5] NIKANDER P, VILJANEN L. Storing and retrieving Internet certificates [C]∥ Proceedings of the 3rd Nordic Workshop on Secure IT Systems. Trondheim, Norway: Elsevier, 1998: 1-13.
[6] STOICA I, MORRIS R, KARGER D, et al. Chord: a scalable peertopeer lookup protocol for Internet applications [C]∥ Proceedings of the 2001 ACM SIGCOMM Conference. San Deigo, CA: ACM, 2001: 149-160.
[7] LI Ning, WINSBOROUGH W H, MITCHELL J C. Distributed credential chain discovery in trust management [J]. Journal of Computer Security, 2003, 11(1): 35-86.
[8] AJMANI S, CLARKE D E, MOH C H, et al. Conchord: cooperative SDSI certificate storage and name resolution [C]∥ PeertoPeer Systems: 1st International Workshop. Ithaca, NY, USA: SpringerVerlag, 2002: 141-154.
[9] KARGER D, LEHMAN E, LEIGHTON F, et al. Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the world wide Web [C]∥ Proceedings of the 29th Annual ACM Symposium on Theory of Computing. Texas, United States: ACM, 1997: 654-663.
[10] CHEN Ke, HWANG K, CHEN Gang. Heuristic discovery of rolebased trust chains in peertopeer networks [J]. IEEE Transactions on Parallel and Distributed Systems, 2009, 20(1): 83-96.
[11] STEPHANOS A, DIOMIDIS S. A survey of peertopeer content distribution technologies[J]. ACM Computing Surveys, 2004, 36(4): 335-371.
[12] 罗杰文. Peer to peer综述[EB/OL]. [20051103].http:∥www.intsci.ac.cn/users/luojw/papers/p2p.htm. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
