| The job in this paper is a part of the national "973" Project: The basic Theory of the Universal trustworthy Network. In the Universal trustworthy Network, resources and services on the internet are all described by the Service-Identifier, which is resolved into Access-Identifier by Service-Identifier resolve mapping. In this way, universal searching for services is implemented. The Service-Identifier resolution system based on Chord algorithm is a solution for implementing the identifier mapping.However, the resolution system has hardly any consideration for network security. There are some potential security problems in system, such as falsifying important data, Denial of Service attack and malicious data registered by illegal user.In this paper, the work mainly focuses on increasing the security and the reliability for the Service-Identifier resolution system, which is based on Chord algorithm and designed by other people, by adding in related security mechanism. The security demand of resolution system mainly includes data confidentiality, data integrity, non-repudiation and authentication. The authentication includes authentication between two communicating nodes, authentication of user and access control. Firstly, according to these demands, taking the process of resources registering for an example, the paper analyzes the communication process in resolution system in detail to find where should be modified in original code. Then, resolution system's confidentiality, data integrity, and non-repudiation are guaranteed by symmetric cryptography algorithm interface, Public-key encryption algorithm interface and Private-key signature algorithm interface offered by OpenSSL library. Communicating nodes can trust each other through verifying each node's certificate, which contains public key, from credible third-party. In addition, the PAM user authentication mechanism is deployed in resolution system, and the related configuration file and authentication code are written to implement authentication, authorization and accounting for user. And the distributed authentication is implemented to avoiding single-point failure for centralized authentication in traditional network.The structure of the paper is described as follow:1,The Universal Network, the resolution system based on Chord, some related security protocols and tools are introduced.2,The security demands for resolution system are discussed, in which the important part is divided, and the method of design for each demand is introduced. 3,The paper introduces the process of each security module's implementation. 4,The network topology is described, on which we do coding and testing of the service identifier resolution system with security modules. |
PDF Full Text Request