首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到19条相似文献,搜索用时 109 毫秒
1.
现有的TCP/IP网络中,IP地址承载了身份标识与地址定位的双重作用,语义过载,制约了互联网性能的进一步提升。在对已有的身份标识与地址分离的HIP协议、LISP协议进行深入研究的基础上,提出基于身份标识的LISP协议模型。该模型内置身份认证机制与密钥交换机制,从源头解决真实身份、安全通信等问题。  相似文献   

2.
基于分离主机的身份标识和路由标识地址空间来重新设计互联网体系结构,解决当前计算机网络面临来自可扩展性、移动性、多宿主等方面的挑战,在位置与标识分离的思想中,标识映射服务系统的研究又是事关成败的关键。  相似文献   

3.
基于标识的名字空间及对移动通信的支持研究   总被引:1,自引:0,他引:1       下载免费PDF全文
当今互联网在安全性和移动性方面存在着严重问题,IP地址同时用作用户的身份标识和位置标识,不能很好地解决主机的移动、网络安全;针对此问题,提出了许多方案来改进Internet的名字空间和对移动性、安全性支持;对目前几种典型的基于身份标识和位置标识相分离的名字空间改进方案对移动性、安全性支持进行了对比研究,同时提出了一种基于标识的移动通信机制。  相似文献   

4.
组合公钥标识认证系统的设计及密钥生成的实现   总被引:1,自引:0,他引:1  
介绍了一种基于组合公钥(CPK)算法的标识认证系统的设计,给出了一种组合映射算法和多作用域密钥管理的具体实现方法。基于CPK原理,通过组合映射算法实现了规模化的密钥管理和独立于第三方的身份认证。该方法对其他基于CPK算法的认证系统的实现具有参考价值。  相似文献   

5.
NAT穿越技术是基于分组的多媒体传输技术中一个重要的研究课题.目前已有不少切实可行的解决方案,但它们都具有一定的局限性.主机标识协议(host identity protocol,HIP)在传输层与网络层之间引入了新的协议层,打破了身份标识与拓扑位置的绑定,通过引入HIP,提出一种基于HIP的NAT穿越方案.讨论了网络体系中各层的具体穿越办法,并对新方案进行了安全性分析.  相似文献   

6.
提出了新的用于软件版权保护等的用户身份标识加密、隐秘存储与认证的算法.首先给出了一个分段线性混沌映射,并构造了其复合函数,进而分析了它们的统计特性;为实现身份标识加密,构建了基于混沌映射的Hash函数,并在此基础上进一步构造了生成隐含身份标识的认证证书的Hash函数.试验结果表明,该算法准确、安全、高效、实用.  相似文献   

7.
李秀芹  兰巨龙 《计算机工程》2008,34(15):97-99,1
目前互联网在移动性和安全性方面存在缺陷,IP地址同时作为用户的身份标识和位置标识,导致语义过载。该文分析几种典型的基于身份标识和位置标识相分离的名字空间改进方案,比较其对移动性、安全性的支持,提出一种新的基于一体化网络的移动通信机制。  相似文献   

8.
提出一种基于HIP协议的间接通信结构模型HBIA,该模型引入了"映射同步更新"机制,将用户的身份信息与位置信息相分离,用接入标识HIT表示终端主机的身份,而广义交换路由标识IP仅用于终端主机在核心网中路由和寻址.主机移动时,由于仅仅改变了其广义交换路由标识,而接入标识并没有发生变化,因此只要及时完成其主、从、子映射的同步更新,原有通信就不会中断,从而有效解决了终端的移动问题.在搭建的环境中进行了实验和验证,测试结果表明,该更新机制能够很好地实现主机的移动并保障了其安全性.  相似文献   

9.
目前互联网在移动性和安全性方面存在缺陷,IP地址同时作为用户的身份标识和位置标识,导致语义过载.该文分析几种典型的基于身份标识和位置标识相分离的名字空间改进方案,比较其对移动性、安全性的支持,提出一种新的基于一体化网络的移动通信机制.  相似文献   

10.
随着区块链技术发展以及广泛应用,链与链之间交互成为关注焦点,跨链身份认证与管理是实现区块链可信交互的基础。针对当前跨链身份认证与管理中存在的安全性与性能不足问题,提出一种基于ECC-ZKP的面向跨链系统的用户身份标识认证模型。通过研究跨链身份标识模型,引入椭圆曲线加密算法和零知识证明,实现跨链身份标识注册、更新以及认证,为用户的跨链访问、通信提供可信身份认证服务。分析与测试结果表明,该方案具有较高的安全性,且在处理效率、资源利用率方面表现较好。  相似文献   

11.
当前,互联网的路由可扩展问题已成为影响互联网快速发展的一个巨大隐患。业界普遍认为:身份与位置分离协议能够有效解决这一问题。提出基于NS2的仿真分离映射机制的方法,通过在NS2上实现身份与位置分离协议并创建仿真拓扑,对身份与位置分离协议进行了仿真分析,弥补了实际系统由于规模限制而不能模拟大规模网络环境的不足。  相似文献   

12.
卢宁宁  张宏科 《软件学报》2013,24(6):1274-1294
为了解决前缀劫持、路由伪造和源地址欺骗问题,设计了一种路由体系——基于责任域的安全路由体系(accountability realm based secure routing architecture,简称Arbra)。首先,提出了自治系统到责任域的映射方法和基于责任域的两级路由结构,责任域是具有独立管理主体的网络,也是 Arbra 网络拓扑的基本元素,因为它为内部用户的网络行为负责,所以称做责任域;其次,建立了基于责任域的路由体系设计框架,主要包括混合寻址方案、核心路由协议、标签映射协议、分组转发流程和公钥管理机制等研究内容;最后,比较了 Arbra 和其他著名路由结构(IPv4/v6,LISP,AIP)的异同,分析了Arbra的安全性、可扩展性、通信性能和部署代价。研究结果表明:(1) Arbra具有的分布式信任模型,不仅有利于抵御前缀劫持、路由伪造和源地址欺骗攻击,而且还给许多其他网络安全问题的解决奠定了基础;(2) Arbra具有优良的可扩展性,路由表的规模较小;(3) Arbra具有合理的通信性能和部署代价。该研究成果可以看做是以网络安全为视角对未来信息网络体系结构的有益探索。  相似文献   

13.
The rapid growth of broadband access has popularized multimedia services, which nowadays contribute to a large part of Internet traffic. Among this content, the broadcasting of live events requires streaming from a single source to a large set of users. For such content, network-layer multicast is the most efficient solution, but it has not found wide-spread adoption due to its high deployment cost. As a result, several application-layer solutions have been proposed based on large-scale P2P systems. These solutions however, are unable to provide a satisfactory quality of experience to all users, mainly because of the variability of the peers and their limited upload capacity. In this paper we advocate for a network-layer solution that circumvents the prohibitive deployment costs of previous approaches, taking advantage of the rare window of opportunity offered by the locator/identifier separation protocol (LISP). This new architecture, motivated by the alarming growth rate of the default-free zone (DFZ) routing table, is developed within the IETF, and aims to upgrade the current inter-domain routing system. We present CoreCast, an efficient inter-domain live streaming architecture operating on top of LISP. LISP involves upgrading some Internet routers and our proposal can be introduced along with these new deployments. To evaluate its feasibility in terms of processing overhead in networking equipment we have implemented CoreCast in the Linux kernel. Further, we compare the performance of CoreCast to the popular P2P streaming services both analytically and experimentally. The results show that CoreCast reduces inter-domain bandwidth consumption and that introduces negligible processing overhead in network equipment.  相似文献   

14.
A DHT-Based Identifier-to-Locator Mapping Approach for a Scalable Internet   总被引:5,自引:0,他引:5  
It is commonly recognized that today's Internet routing and addressing system is facing serious scaling problems, which are mainly caused by the overloading of IP address semantics. That is, an IP address represents not only the location but also the identity of a host. To address this problem, several recent schemes propose to replace the IP namespace in today's Internet with a locator namespace and an identity namespace. The locator namespace consists of locators that are used to represent the locations of hosts. On the other hand, the identity namespace consists of identifiers that are used to represent the identities of hosts. For these schemes to work, there must be a mapping system that can supply an appropriate locator for any given end point identifier (EID). While prior related works mainly focus on aggregable EIDs, several recent works proposed the use of self-certifying EIDs for purpose of security and privacy. However, self-certifying EIDs are flat, unstructured and prior proposals cannot be used to deal with flat EIDs. In this paper, we propose a Distributed hash table (DHT)-based identifier-to-locator mapping scheme to resolve a locator for a flat identifier. We evaluate the performance of the proposed scheme. We show that, besides the capability to support flat EIDs, the scheme has good scalability and low resolution delay. We also show that the scheme is robust and can efficiently support mobility.  相似文献   

15.
The relentless growth of Internet, which has resulted in the increase of routing table sizes, requires consideration and new direction to address Internet scalability and resiliency. A possible direction is to move away from the flat legacy Internet routing to hierarchical routing, and introduce two-level hierarchical routing between edge networks and across transit networks. In this way, there is also an opportunity to separate the routing locator from the terminal identifier, to better manage IP mobility and mitigate important routing security issues. In this paper, we study the extended traffic engineering capabilities arising in a transit-edge hierarchical routing, focusing on those multi-homed edge networks (e.g., Cloud/content providers) that aim at increasing their Internet resiliency experience. We model the interaction between distant independent edge networks exchanging large traffic volumes using game theory, with the goal of seeking efficient edge-to-edge load-balancing solutions. The proposed traffic engineering framework relies on a non-cooperative potential game, built upon locator and path ranking costs, that indicates efficient equilibrium solution for the edge-to-edge load-balancing coordination problem. Simulations on real instances show that in comparison to the available standard protocols such as BGP and LISP, we can achieve a much higher degree of resiliency and stability.1  相似文献   

16.
针对Chord协议的路由表只能覆盖一半标识符空间的问题,提出了一种基于双标识符的Chord路由模型。该模型除了按照Chord协议给每个节点和关键字分配一个顺时针标识符,另外还分配一个逆时针标识符。这样,一个Chord环上的节点或待查找的关键字便拥有双标识符。因此,每个节点能构造顺时针和逆时针两张路由表,可以覆盖整个标识符空间。理论分析和仿真实验表明,改进的Chord路由模型减少了平均查找跳数,提高了路由效率。  相似文献   

17.
The current Internet has several known challenges, such as routing scalability, mobility, multihoming, traffic engineering, etc. due to the overloaded semantics of IP address, i.e. it is used as a node identifier (ID) and a node locator (LOC). Thus, the research community has redesigned the Internet architecture based on ID/LOC separation to overcome the limitations of the current Internet. In all Internet architectures based on ID/LOC separation, ID to LOC mapping system is necessarily required to bind ID and its LOC, since ID is no longer dependent to its LOC logically or physically. Thus, how to design the mapping system is a key challenge in ID/LOC separation architecture. In this paper, we analyse qualitatively the mapping systems proposed in ID/LOC separation architectures to provide insights into designing a new mapping system. The main contribution in this paper is that we categorise ID to LOC mapping systems according to the mapping server structure and provide the pros and cons of the mapping systems belonging to each category. Based on our qualitative analysis, we also examine intuitively if the mapping systems in each category satisfy their requirements.  相似文献   

18.
一体化网络提出了接入路由标识、交换路由标识及其映射理论,解决了传统网络中的移动、安全等问题。映射服务器负责管理一体化网络中的各种标识及其映射关系,是一体化网络中的关键设备,需要较高的安全可靠性。映射服务器一致性测试是保证映射服务器按照协议描述安全有效可靠运行的重要测试方法。详细介绍了映射服务器一致性测试的实现环境与设计方案,详细描述了一致性测试几种测试例的消息格式设计,并对测试结果进行分析。  相似文献   

19.
一种基于标地分离的卫星网络移动切换管理技术   总被引:1,自引:0,他引:1  
移动卫星网络因具有覆盖区域广、通信延时低等优势受到广泛关注,当前有大量研究旨在开发IP协议的组网技术,并将其与地面IP网络融合。融合网络的挑战之一,即为卫星移动性,用户在卫星网络中的接入点频繁切换导致移动管理问题,而现有的移动IP技术不能高效支持卫星网络移动切换。为了高效支持移动切换,在卫星网络中应用标地分离思想,在标地分离的架构下研究切换管理问题;用映射服务系统对终端进行位置管理,在移动切换中由新接入卫星网关和终端的标志为主要信息在原卫星中形成通告转发表。仿真结果表明,相对移动IP技术,该方法有明显优势。将其应用于卫星网络时可以降低切换延时,减少大量的绑定更新开销或是次优路由,提升系统的性能和可扩展性。  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号