| 基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案 |
| |
| 引用本文: | 况鹏,刘莹,何林,任罡. 基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案[J]. 电信科学, 2019, 35(12): 15-23. DOI: 10.11959/j.issn.1000-0801.2019289 |
| |
| 作者姓名: | 况鹏 刘莹 何林 任罡 |
| |
| 作者单位: | 清华大学网络科学与网络空间研究院北京信息科学与技术国家研究中心,北京100084;清华大学网络科学与网络空间研究院北京信息科学与技术国家研究中心,北京100084;清华大学网络科学与网络空间研究院北京信息科学与技术国家研究中心,北京100084;清华大学网络科学与网络空间研究院北京信息科学与技术国家研究中心,北京100084 |
| |
| 基金项目: | 国家自然科学基金资助项目(61772307);国家自然科学基金资助项目(61402257);国家重点研发计划基金资助项目(2018YFB1800405);国家重点研发计划基金资助项目(2018YFB1800404);国家重点研发计划基金资助项目(2017YFB0801701) |
| |
| 摘 要: | 将可扩展的用户身份标识嵌入IPv6地址中,不仅为追溯用户身份和精细管控用户行为提供可能,而且有利于提高互联网的安全性、可审计性和可信性。目前提出的嵌入用户身份标识的IPv6地址生成方案存在DHCPv6 客户端开发复杂或临时地址租约难以管理等问题,均不易于实际部署。考虑到身份认证与地址分配之间的时序逻辑,提出一种基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案,通过在二层进行用户身份认证,随后进行IPv6地址分配,解耦了身份认证与地址分配过程,避免了为各操作系统开发新的扩展DHCPv6客户端以及为DHCPv6服务器维护临时地址租约等限制,更加具备可部署性。
|
| 关 键 词: | 用户身份标识 IEEE 802.1x DHCPv6 |
IEEE 802.1x-based user identity-embedded IPv6 address generation scheme |
| |
| Peng KUANG,Ying LIU,Lin HE,Gang REN. IEEE 802.1x-based user identity-embedded IPv6 address generation scheme[J]. Telecommunications Science, 2019, 35(12): 15-23. DOI: 10.11959/j.issn.1000-0801.2019289 |
| |
| Authors: | Peng KUANG Ying LIU Lin HE Gang REN |
| |
| Affiliation: | Institute for Network Sciences and Cyberspace,Beijing National Research Center for Information Science and Technology,Tsinghua University,Beijing 100084,China |
| |
| Abstract: | Embedding extensible user identities into IPv6 addresses not only provides the possibility of tracing the user identity and finely controlling the user behavior,but also helps to improve the security,auditability and credibility of the Internet.Current schemes that embed user identity within IPv6 address are hard to deploy in practice due to the complexity of DHCPv6 client development or the complicated management of temporary address.Considering the sequential logic between identity authentication and address allocation,a IEEE 802.1x-based user identity-embedded IPv6 address generation scheme was proposed.By conducting identity authentication using layer-2 mechanisms and then assigning IPv6 addresses,this scheme decoupled the process of identity authentication and address allocation,and avoided the limitation of developing new extended DHCPv6 clients for each operating system and maintaining temporary address leases on DHCPv6 servers,which was more deployable. |
| |
| Keywords: | user identifier IEEE 802.1x DHCPv6 |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《电信科学》浏览原始摘要信息 |
|
点击此处可从《电信科学》下载全文 |
