Vivaldi 網路座標系統安全機制之改進

Abstract

Vivaldi是一種網路座標系統，其成員擁有一組虛擬的座標用以表示其與其他成員的距離關係。換而言之，其成員可以利用其座標預測出與其他成員溝通時的回傳時間，並因而減少量測回傳時間時所消耗的網路頻寬。可惜的是，Vivaldi並沒有任何的安全保護機制。目前已證實其安全漏洞確實存在，且尚未被解決。在我們的研究中，我們將探討Vivaldi的安全相關議題，指出Vivaldi中與安全有關的部份，並解釋關於攻擊和防禦Vivaldi的概念。並且已此為基礎，設計出兩種可能的防防禦方法。這兩種方法將根據常出現於惡意訊息的特徵，過濾出可能的惡意訊息。最後，模擬及評估的結果將顯示其保護效果和副作用，同時，也証實了惡意訊息的特徵是必須存在的。

Vivaldi is a network coordinate system. Each the network node in it has a virtual coordinates which illustrate the distance relationship to other nodes. That is to say, the nodes can use their coordinates to predict their round trip time to other nodes, and thus reduce the traffic consumed by round trip time measurements. Unfortunately, Vivaldi does not consist of any security protection scheme. Currently, the existence of vulnerability of Vivaldi has been proven and yet been solved. In our works, we are going to discuss the security issues of Vivaldi. The security-related part of Vivaldi will be pointed out, and offending and defending concepts will be explained. Furthermore, Base on the concepts we provide, we design two possible defending methods. These two defenses are designed to filter out the information which has some characteristics usually found on malicious one. The simulation and evaluation results show the protection abilities and the side effect of these two defenses. At the same time, the requirements of the characteristics found on malicious nodes are also examined.