Shulou(Shulou.com)06/02 Report--

With the continuous development of computer network and information technology, the diversity, magnanimity and wide distribution of data resources in the DT era lead to the increasing complexity of information security problems and the threats brought by the open framework of computer network emerge in endlessly. In the face of the severe network security situation, the traditional information security system has been difficult to make a great breakthrough in terms of architecture and strength. In the practice of information security, people gradually realize that most of the security risks come from terminals. How to solve this problem has become another issue that all network giants need to overcome.

Qin Yangkai, the Qinzhi Digital products Program Department, gave a solution to this problem.

By building a distributed network of peer-to-peer network security protocols and information resource management system, we can quickly improve the free flow, communication and security of data resources.

What is a distributed network?

Distributed network is a decentralized service, in which a variety of heterogeneous and autonomous data nodes share their own resources with each other. Distributed network is to let each node in the network not only be service providers, share their own data resources, but also service demanders, and can directly access the high self-service network system of resource circulation without a third party.

What is the value of distributed networks?

Distributed network is a highly heterogeneous network, which has different capabilities in data aggregation, data storage, data processing, data mining analysis, data service and so on. Among them, the directory node realizes the logical centralization of each node's data resources and through a series of mining and analysis algorithms such as aggregation, classification and association, and the corresponding data resource retrieval services. Other nodes implement data resource analysis, data computing, data value-added and other services based on fully distributed network technology, and send resource location information to service requesters. After data resources are located, data requesters only establish reliable data resource request and transmission services with resource servers.

1. Trusted Network access and Authentication Protocol

The distributed network adopts trusted grid architecture, and port-based access control is realized through identity-based authentication and platform authentication to improve the high scalability of the platform.

Trusted network security authentication protocol process

The security authentication protocol mainly includes two parts: key agreement and platform authentication. Before the key negotiation, the two sides of the communication node go through two-way identity authentication, and the protocol verifies whether each other's identity is legal or not on the basis of the public key certificate, and starts to negotiate the session key in advance when the other party holds the certificate. After the key negotiation is successful, a secure session is established, so that the information exchanged between the two parties in the process of communication can be safely transmitted. The session key generated in the key negotiation phase plays a vital role in ensuring the security of the entire access authentication protocol. Under the protection of the session key, the two parties interact with each other's platform authentication information to prove their platform identity and platform integrity. After the end of access authentication, the trusted network management side makes a decision on whether to allow it to access the trusted network according to the relevant information submitted by the client network node.

two。 Practice of key Technologies of trusted Network

1) trusted network access

The network adopts three-layer trusted network architecture technology (network access, integrity evaluation, integrity measurement) and PKI digital certificate technology, and relies on the uniqueness of key pair matching in asymmetric encryption algorithm to ensure the legal identity of nodes and users, so that each node and node users are authenticated and authorized to ensure the normal flow of data resources.

Trusted network connection architecture

2) identity authentication

Based on the distributed peer-to-peer control protocol, the direct peer-to-peer two-way authentication between the node and the user and the network can be completed. The user identity authentication protocol is executed in network access control, network access request, access policy service and so on, and the two-way user identity authentication between access request and access control is realized.

3) trusted data distributed storage

The highly open and distributed characteristics of the distributed network, combined with the needs of the actual application scenario, determine that the data between nodes need distributed storage and query. Distributed trusted network and application scenarios mainly use distributed hash table technology to organize and manage the data nodes in the network.

4) distributed algorithm for trusted data computing

The distributed storage of trusted data in distributed network determines the distributed computing of trusted data. Each data node stores the direct / indirect credibility, similarity vector and global credibility of the corresponding nodes. The credibility data calculation of each data computing node provides complete trusted data computing services through optimized protocols such as Chord and Kademlia.

5) trusted incentive mechanism model

The distributed network uses an effective incentive strategy to encourage and drive rational nodes and users to share and exchange data resources for other nodes in the network. The network adopts a compound incentive mechanism based on the combination of mutually beneficial BitTorrent and virtual currency incentive MojoNation based on block chain technology.

6) Network security

The distributed network uses security authentication protocol to improve the security of the network. The protocol comprehensively uses a variety of security authentication technologies such as digital digest, digital envelope, digital signature, digital timestamp and digital certificate to ensure the normal operation of the network.

Security authentication protocol message format

To sum up, the distributed trusted network technology is mainly to solve the security problem of data node access network in the data circulation platform, by constructing a unified platform authentication and node integrity trusted network connection protocol, improve security control policies and services for data node access, and provide basic security guarantee for the construction of secure and controllable data circulation platform.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.