资源目录
压缩包内文档预览:
编号:149922551
类型:共享资源
大小:224.58KB
格式:RAR
上传时间:2021-10-10
上传人:好资料QQ****51605
认证信息
个人认证
孙**(实名认证)
江苏
IP属地:江苏
20
积分
- 关 键 词:
-
tx069PS2P
下载
技术
应用
前景
研究
- 资源描述:
-
tx069PS2P下载技术应用前景研究,tx069PS2P,下载,技术,应用,前景,研究
- 内容简介:
-
毕业设计(论文)外文资料翻译院 (系): 经济管理学院 专 业: 信息管理与信息系统 班 级: 030519班 姓 名: 闵 远 顺 学 号: 030519529 外文出处:http:/ntrg.cs.tcd.ie/undergrad/4ba2.02-03/p10.html 附 件: 1.译文;2.原文;3.评分表 2007年05译文:P2P安全作者:Declan Murphy、Jarlath Kelly、Keith Curley、John Vickery、Dan OKeeffe概述对任何计算机系统而言,安全是一个重要的组成部分,尤其与P2P系统相关。在以下章节我们将概述的主要议题是P2P的安全问题,包括:安全的需要缺乏安全的后果当前的安全方法未来安全安全需要在这种多变的时代,你会觉得P2P安全将成为最重要的世界问题之一。然而,在IT世界里,由于攻击其内部网络带来P2P最前列的是公司的欺诈行为和税收损失。Napster网站的头条新闻可以取消由于越来越多的P2P应用所造成的使企业界头疼的法院案件。提供更好的安全协议,这种头痛在业界和世界也可以变成一笔宝贵的财富。我们所讲述的内容,我们必须加以利用,然后我们能解决安全问题。要点是连接控制、存取控制、操作控制、反病毒和保护存储在我们机器里的资料。在这儿,连接、进入与运行控制是首要问题。如果我们能够找到这些,其它两点应遵循这些。概述这一节选的是P2P应用很容易受到威胁。外部威胁P2P网络让你的网络将开放给各种形式的攻击、侵入间谍、并恶意的恶作剧。P2P没有带来任何新的威胁到网络上,刚刚熟悉的威胁,例如蠕虫和病毒的攻击。P2P网络还可以使雇员违反知识产权法的方式下载和使用版权材料,并以侵犯了组织的安全政策方式分享文件。申请诸如Napster、Kazaa软件、Grokster等已流行音乐爱好互联网用户数年许多用户利用其雇主的高速连接下载文件的工作。这为公司的网络提出了许多问题,例如使用昂贵的带宽和下载病毒攻击感染的文件。不幸的是,P2P网络企业担保,提供安全的分散管理,例如防火墙和NAT设备。如果用户能安装和配置自己的P2P客户,所有的网络服务器管理人员的安全计划是无用的。盗窃:公司可能由于伪装的文件使用P2P的技术而失去价值数百万欧元的财产,例如源代码。P2P包装工具,如wrapstar,作为一个MP3的音乐击中的无法掩盖的含有公司源代码的。zip文件。由于共犯公司以外的人可以使用无视下载伪装文件。对该公司的保安来说,这看起来好象一个普通的交易,甚至认为公司不允许员工使用P2P 共享音乐。但他们却不知道的是,他们的公司刚刚被打劫,价值数百万欧元的软件可能已遗失。带宽壅塞和文件共享:P2P的应用,如Kazaa软件、Gnutella、Freenet在互联网上可以使一台电脑分享设在别处的另一台计算机上的文件。共享P2P文件程序所造成的一个重大问题是交通繁忙,即网络阻塞。丰富的影音文件,P2P的用户占有率是非常大的,这会影响内部用户以及电子商务的顾客的响应时间,导致他们收入的损失。病毒:用户很可能下载并安装可能造成严重损害的P2P应用。比如一块看起来像流行IM或共享程序文件,它可能包括允许进入用户的计算机的代码。攻击者便可以对其造成严重的损害或索取他们所需求的更多的资料。后门通道:P2P的应用,如Kazaa软件、Gnutella、Freenet可以让全世界人民共享音乐、视频和应用软件。这些申请资料反应了互联网上成千上万的计算机用户。举例来说,如果一个用户使用了Gnutella软件,然后点击进入了企业内部网,检查他们的电子邮件,攻击者可以利用这个后门进入该公司的局域网。内部威胁随着外部威胁的转移,有一些内部问题要处理。互用:互用在P2P网络中是一个重大的安全问题。采用不同的平台、不同的系统、在一个特定的基础设施中不同的应用互用一套安全设施。较为分歧的地方在于一个特定的基础设施存在更复杂的安全问题。私营商业在公共网络:许多公司在公共网络中进行私营商业活动。这导致了接触各种安全隐患。这些风险必须要处理使用中的责任避免问题。总的安全:P2P股份有许多安全问题及解决办法,以网络和分布式系统,例如篡改数据,不可靠的传输,潜伏期的问题,鉴定问题等。分布式的危险:当用户使用分布式处理申请时,用户必须要下载、安装和运行一个工作站站中的可执行文件以便参与。拒绝服务可能导致软件合法兼容或包含故障。人的问题:往往也会有恶意的用户企图获取秘密进入公司网络的途径,在他们周围,无论什么样的安全议定书都有一些熟练的攻击者,给予足够的时间他们都能找到一种攻击办法。所以一切安全措施是保持领先的黑客创造更大更好的议定书。如果这说起来容易做的话!安全机制今天布置所有的安全机制,要么基于对称性加密/私钥或非对称加密/公钥,有时是两者的结合。在这里,我们将介绍私钥技术和公钥技术的基本方面,并比较它们的主要特点。密钥技术:密钥技术的关键技术是基于这样的事实:发送者和接收者共享一个秘密,这是用于各种加密操作,例如加密解密讯息,并建立和核实信息认证的数据。这个密钥的关键,必须在双方单独出一定的程序事先拟意通信(使用PKI的例子)。公钥技术:公共技术是基于非对称密码技术的。通常每个用户都拥有一对钥匙。其中两人一个是公开的,另一个是保密的。未来的P2P安全在P2P安全不断运行的主题就是信托。信托在使我们和提供了必要的申请软件供应商的信任的其他用户之间互动,。如果我们对这信任能有更多的信心, 或是感到更多的安全感,也许P2P开发增长幅度甚至高于P2P已经在做的。许多建议已被研究。人们认识到:如果是可以接受的消费者,安全是P2P必须正视的问题。 用户获取自己的信托:最近提出一个很有意思的想法,就是赢得p2p社区用户的信赖。所有用户会被分配一个独特的数字签名,像IP地址,不仅是每个用户,而且还是每台机器。这个数字签名将获得某种程度的信任。信任程度都会有所不同,从零到二十。这取决于用户在过去对有效利用网络、恶意和挤占的行为,他们会被上升成为信任度的理由。 这项计划规定,所有用户的信任程度开始将在一个较低的水平。这还仅仅是消除用户创造新的不必要的帐户,并立即利用新的高度信任水平。使用者都必须主动在网络上一段时间(例如一/两个月),然后他们信任水平才会推向高的水平。用户还可以保存已知的本地的其他用户的记录,它们可想分享当地的信任度,并有绕行全球的政策。 这一跳跃式的建议有许多障碍。这只是一个可以克服集中管理并加以开发的想法问题。反之,会影响网络用户的权威。如果社会大众尝试不断地贬斥一个用户而来自变得鸦雀无声的其他用户,他/她终将失去全部特权,。这一网络政策的想法还努力奖励那些在网络上有良好行为的真正用户。这个想法可能是太天真了,因为我们都知道必须人来做(尤其是青少年的影响),如果他们别无选择,却刚好相反。换句话说,人们不喜欢告诉他们如何做是好。量子密码加密:从短期来看,美国政府所采取的是一种被称为高级加密标准(AES)的新的加密标准, 最终将取代DES。 “一经批准,将公开旨在保护21世纪政府的敏感信息算法的计划。”如果这是真的,我们将会使用光谱吗?目前提出的一个构想概念是量子密码。由于加工和时间上的限制,许多现代的加密系统依靠难度越来越残暴武力攻击密钥。虽然仍停留在理论阶段, 假设的量子计算机作出了性能的改善,会使很多算法没用。显然是将需要一种新的加密算法。量子加密的关键用光子态作为编码信息。据海森堡测不准原理发现一个粒子在某个瞬间的动量和位置是不可能的。因此,在理论上,闯入者不能及时发现基于粒子状态信息的密钥,入侵者需要破译任何加密数据的钥匙。可惜的是这一概念,就目前而言,复杂的实施是难以置信的。在80年代后期,IBM公司的科学家建成了第一个量子密钥分配(QKD)系统的工作原型。那时,他们可以把量子信号在露天传输。今天,光缆传输信号达31英里。这仍然不是很远,但它肯定是良好的进展。尽管我们现在有一段时间可能还看不到QKD来市场,但这不可思议的技术听起来还大有希望。结论显然,从上述情况表明,设计和实施P2P系统的关键问题是安全问题。目前它可能是主要抑制P2P增长的因素。更重要的是确保使用者充满自信,为了发掘能够保护他们安全措施的P2P技术的全部潜力。目前各项安全保卫措施,一般都未能激发起消费者的信心,这一问题必须立即解决。原文:P2P SecurityAuthors:Declan Murphy、Jarlath Kelly、Keith Curley、John Vickery、Dan OKeeffeOverviewSecurity is an essential component of any computer system, and it is especially relevant for P2P systems. In the following sections we will outline the main topics of P2P security, including:The Need for Security Consequences of poor Security Current Security methods Security in the Future Need for SecurityIn these turbulent times you would think that P2P security would be the least of the worlds problems. However corporate fraud and loss of revenue due to attacks on their internal networks has brought P2P to the forefront in the IT world. Napster was the headliner but since its high profile court case more and more P2P applications have been causing the corporate world headaches, which it could do without. With better security protocols this headache could be turned into a valuable asset for the corporate world and for the world. We must outline the elements that our important to use, before we address the issue of the security. The main points of this are connection control, access control, operation control, anti-virus, and of course the protection of the data stored on our machines.The connection, access, and operation control are the priority issues here. If we can make these secure, the other two points should follow from these. Outlined in this section is a selection of threats that P2P applications are vulnerable to. External ThreatsP2P networking allows your network to be open to various forms of attack, break-in, espionage, and malicious mischief. P2P doesnt bring any novel threats to the network, just familiar threats such as worms and virus attacks.P2P networks can also allow an employee to download and use copyrighted material in a way that violates intellectual property laws, and to share files in a manner that violates an organisations security policies. Applications such as Napster, Kazaa, Grokster and others have been popular with music-loving Internet users for several years, and many users take advantage of their employers high-speed connections to download files at work. This presents numerous problems for the corporate network such as using expensive bandwidth and being subject to a virus attack via an infected file download.Unfortunately, P2P networking circumvents enterprise security by providing decentralized security administration, decentralized shared data storage, and a way to circumvent critical perimeter defences such as firewalls and NAT devices. If users can install and configure their own P2P clients, all the network managers server-based security schemes are out the window.Theft:Companies can lose millions of euros worth of property such as source code due to disguising files using P2P technologies. P2P wrapping tools, such as Wrapstar, can disguise a .zip file, containing company source code, as an MP3 of a music hit. As a result an accomplice outside the company can use Morpheus to download the disguised file. To the companies security this looks like a common transaction, even if the company has frowned upon employees using P2P in music sharing. Little do they know is that their company has just been robbed, and possibly millions of euros worth of software has been lost.Bandwidth Clogging and File Sharing:P2P applications such as Kazaa, Gnutella and FreeNet make it possible for one computer to share files with another computer located somewhere else on the Internet. A major problem with P2P file-sharing programs is that they result in heavy traffic, which clogs the institution networks. The rich audio and video files that P2P users share are very big. This affects response times for internal users as well as e-business customers and that results in lost income.Viruses:A user could quite possibly download and install a booby-trapped P2P application that could inflict serious damage. For example a piece of code that looks like a popular IM or file-sharing program could also include a backdoor to allow access to the users computer. An attacker would then be able to do serious damage or to obtain more information then they should have.Backdoor Access:P2P applications such as KazaA, Morpheus or Gnutella enable people all over the world to share music, video and software applications. These applications expose data on a users computer to thousands of people on the Internet. These P2P applications were not designed for use on corporate networks and as a result introduce serious security vulnerabilities to corporate networked if installed on networked PCs. For example if a user starts Gnutella and then clicks into the corporate Intranet to check their email, an attacker could use this as a backdoor to gain access to the corporate LAN.Internal ThreatsAlong with the external threats previously described there are a few internal issues that have to be dealt with.Interoperability:Interoperability is a major security concern within P2P networks. The introduction of different platforms, different systems, and different applications working together in a given infrastructure opens a set of security issues we associate with interoperability. The more differences in a given infrastructure, the more compounded the security problems.Private Business on a Public Network:Many companies conduct private business on a public network. This leads to an exposure to various security risks. These risks must be addresses in order to avoid the liability this use entails.General Security:P2P shares many security problems and solutions with networks and distributed systems e.g. data tampering, unreliable transport, latency problems, identification problems etc.Distributed Dangers:When using distributed processing applications the user is required to download, install and run an executable file on their workstation in order to participate. A denial of service could result if the software is incompatible or if it contains bugs.The People Problem:There will always be malicious users who are intent on gaining clandestine access to corporate networks. And no matter what security protocols are put in place a skilful attacker, given enough time, will find a way around them. So all that the security buffs need to do is to keep ahead of the hackers by creating bigger and better protocols. But thats easier said then done!Security MechanismsAll security mechanisms deployed today are based on either symmetric/secret key or asymmetric/public key cryptography, or sometimes a combination of the two. Here we will introduce the basic aspects of the secret key and public key techniques and compare their main characteristics.Secret Key Techniques:Secret key techniques are based on the fact that the sender and recipient share a secret, which is used for various cryptographic operations, such as encryption and decryption of messages and the creation and verification of message authentication data. This secret key must be exchanged in a separate out of bound procedure prior to the intended communication (using a PKI for example).Public Key Techniques:Public Key Techniques are based on the use of asymmetric key pairs. Usually each user is in possession of just one key pair. One of the pair is made publicly available, while the other is kept private.The Future of P2P SecurityThe constant running theme in the security of P2P is that of trust. Trust in the other users who we interact with, and trust within the software vendors who supply us with the necessary applications. If we could have more faith in this trust, or feel a greater sense of security, maybe the development of P2P would grow even faster than it is already doing.Many proposals are already being studied. People are acknowledging that security is an area P2P must address, if it is to be accepted by consumers.Users Gaining Their Own Trust:One very interesting idea recently proposed, is that of users gaining trust within the P2P community. All users would be assigned a unique digital signature, like IP, but per user and not per machine. Associated with this digital signature would be a level of trust. Trust levels would vary from say zero, to twenty. Depending on a users behaviour in the past, their trust level would either be promoted on the grounds of valid use of the network, of demoted with acts of malice and misuse.The proposed plan states that all users trust level would begin at a rather low level. This is merely to combat unwanted users creating new accounts, and abusing the new high trust level immediately. Users would have to be active on the network for some time ( say one/two months), before their trust level would be pushed up a level. Users could also keep a local record of other known users, to which they may want to share a local trust level, and bypass the global trust policy.This proposal has many hurdles to jump of course. It is merely an idea to be developed. The problem that it overcomes is that of the centralized managing authority. Instead, the users of the network are the authority. If the general public continuously try to demote a user, he/she will eventually lose all their privileges, and become silenced from other users. This idea also rewards genuine users, for their efforts in keeping the network policed, and for their good behaviour on the network.The idea is possibly a bit too naive, as we all know that must humans(especially adolescent ones), will do the exact opposite of what they are meant to do, if given no choice. In other words, people do not like to be told what to do.Quantum Key Cryptography:For the short term, The US Government is adopting a new encryption standard called Advanced Encryption Standard (AES), which will eventually replace DES. When approved, the AES will be a public algorithm designed to protect sensitive government information well into the 21st century. If thats true, what will be used after AES?One idea currently being proposed is the notion of Quantum Cryptography. Many modern encryption systems depend on the difficulty in mounting brute force attacks on secret keys, due to processing and time constraints. Although still at the theoretical stage, the performance improvements given by a hypothetical quantum computer would render man
- 温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
人人文库网所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
川公网安备: 51019002004831号