安全點對點通訊架構

Abstract

本篇論文提出一種點對點(Peer-to-Peer，簡稱 P2P)通訊架構的模組與設定規劃。P2P 通訊架構對搜尋、網路資源分享、電腦軟硬體資源共享、儲存資訊、分散式運算、區域型及大規模型群組服務有所助益，以及可以做各種商業上的應用(ex: VPNs)。 論文中會先對整體架構和運作流程作一個詳細的介紹，並針對每個子系統的功能及運作方式說明。原則上，每個組成元件皆是以達到更佳的便利性和成效為目的。某些子系統更可以達到資料備份和錯誤處理的期望。為了讓此篇論文中所提到的點對點通訊架構達到安全性的需求，系統中將會包含一個提供防護機制。 接著將會針對內部金鑰交換運作管理做一個深入的探討。文本中會說明對於共享空間中的群體使用如何共享資訊，不讓非團體內的成員偷窺、修改內容。這部分主要是利用團體金鑰協定(group public agreement)來達成，由團體裡的成員共同計算出一把團體金鑰。 為達到較佳的相容與發展彈性，這篇論文盡量使用網路的標準協定來建置整個點對點通訊架構。希冀可以成為未來發展的一種可能方向，而並非只證明可以將傳統的網路安全機制運用在點對點通訊上面。

A peer-to-peer computing architecture with a security subsystem will be provided in this thesis. P2P computing architecture benefits many areas: search, network resource sharing, computer software/hardware resource sharing, mass storage, distributed computation, local and large-scale group service. It also can be implemented in business, such as VPNs. Above all, we will provide an overview of the components that make up peer-to-peer computing and how they work. It describes the application and platform architecture and explains how major components work. In principle, each part of the architecture is built up for more convenient and better performance. Some part is provided with ability to recovery and backup, and some other could handle errors occurrence. We also construct the peer-to-peer computing with a security subsystem. The subsystem which are proposed in this thesis could make the peer-to-peer computing safer. Following, we will describe the key management and working process. The purpose is to allow members to share information safely and forbid others to spy and tamper information. In order to achieve these goals, we use group session key agreement. A group key are contributed by all members of one group. For better compatibility and flexibility, this thesis use standards to built the architecture. We hope that my work can serve not only as proof that traditional conservative security principles can coexist with a novel distributed system, but also as a guide in other peer-to-peer projects developments. So we will also show some part of specification in the subsystem.