基于STiP模型的安全主机标识及认证协议
|
摘要
为了构建自主可控、安全可信的互联网环境,我们提出了一种安全可信的网络互联协议(STi P)模型。本文详细介绍了STi P模型的层次结构,然后定义了基于STi P模型的报文头格式。此外,设计了终端主机接入协议和映射解析协议,用于终端主机接入的注册,以及在终端主机通信过程中映射信息的更新、查询和响应。
In order to build a secure and reliable internet environment with controllability, we proposed a secure and trusted internet protocol, which is called STiP. In this paper, the network model and the structure of the protocol is described in detail.After that, the definition of the packet header format is introduced. In addition, the host access protocol is designed for the registration of the STiP based network and the mapping resolution protocol is designed for the updating, querying and response of mapping information during the communication of the hosts.
In order to build a secure and reliable internet environment with controllability, we proposed a secure and trusted internet protocol, which is called STiP. In this paper, the network model and the structure of the protocol is described in detail.After that, the definition of the packet header format is introduced. In addition, the host access protocol is designed for the registration of the STiP based network and the mapping resolution protocol is designed for the updating, querying and response of mapping information during the communication of the hosts.
引文
[1]蒋文保,朱国库.一种安全可信的网络互联协议(STi P)模型研究[J].网络空间安全,2017,(01):24-31.
[2]朱国库,蒋文保.一种去中心化的网络域名服务系统模型[J].网络空间安全,2017,(01):14-18.
[3]王鹏.可重构基础网络多态路由关键技术研究[D].解放军信息工程大学,2015.
[4]R.Moskowitz,P.Nikander,P.Jokela,and T.Henderson,“Host Identity Protocol,”RFC 5201,IETF,Apr 2008.
[5]D.Naylor,M.K.Mukerjee,P.Agyapong,R.Grandl,R.Kang and M.Machado,“XIA:Architecting a More Trustworthy and Evolvable Internet,”ACM SIGCOMM Computer Communication,Volume 44,Number 3,pp.50-57,July 2014.
[6]T.Aura,“Cryptographically Generated Addresses(CGA),”Internet Engineering Task Force,Mar.2005.RFC 3972.
[7]D.Raychaudhuri,K.Nagaraja and A.Venkataramani,“Mobility First:A Robust and Trustworthy Mobility Centric Architecture for the Future Internet,”ACM SIGMobile Mobile Computing and Communication Review(MC2R),Volume 16 Issue 4,October 2012.
[8]徐恪,朱亮,朱敏.互联网地址安全体系与关键技术[J].软件学报,2014,01:78-97.
[9]陈钟,孟宏伟,关志.未来互联网体系结构中的内生安全研究[J].信息安全学报,2016,02:36-45.
[10]L.Zhang,et al.“Named Data Networking,”ACM SIGCOMM Computer Communication Review(CCR),July 2014.
[11]Murphy S.BGP security vulnerabilities analysis.RFC 4272,2006.
[12]吴建平,任罡,李星.构建基于真实IPv6源地址验证体系结构的下一代互联网[J].中国科学(E辑:信息科学),2008,(10):1583-1593.
[13]李晓明,刘芳,侯刚.基于可信网络连接(TNC)的电子政务网络安全接入架构研究[J].计算机安全,2013(7):81-85.
[2]朱国库,蒋文保.一种去中心化的网络域名服务系统模型[J].网络空间安全,2017,(01):14-18.
[3]王鹏.可重构基础网络多态路由关键技术研究[D].解放军信息工程大学,2015.
[4]R.Moskowitz,P.Nikander,P.Jokela,and T.Henderson,“Host Identity Protocol,”RFC 5201,IETF,Apr 2008.
[5]D.Naylor,M.K.Mukerjee,P.Agyapong,R.Grandl,R.Kang and M.Machado,“XIA:Architecting a More Trustworthy and Evolvable Internet,”ACM SIGCOMM Computer Communication,Volume 44,Number 3,pp.50-57,July 2014.
[6]T.Aura,“Cryptographically Generated Addresses(CGA),”Internet Engineering Task Force,Mar.2005.RFC 3972.
[7]D.Raychaudhuri,K.Nagaraja and A.Venkataramani,“Mobility First:A Robust and Trustworthy Mobility Centric Architecture for the Future Internet,”ACM SIGMobile Mobile Computing and Communication Review(MC2R),Volume 16 Issue 4,October 2012.
[8]徐恪,朱亮,朱敏.互联网地址安全体系与关键技术[J].软件学报,2014,01:78-97.
[9]陈钟,孟宏伟,关志.未来互联网体系结构中的内生安全研究[J].信息安全学报,2016,02:36-45.
[10]L.Zhang,et al.“Named Data Networking,”ACM SIGCOMM Computer Communication Review(CCR),July 2014.
[11]Murphy S.BGP security vulnerabilities analysis.RFC 4272,2006.
[12]吴建平,任罡,李星.构建基于真实IPv6源地址验证体系结构的下一代互联网[J].中国科学(E辑:信息科学),2008,(10):1583-1593.
[13]李晓明,刘芳,侯刚.基于可信网络连接(TNC)的电子政务网络安全接入架构研究[J].计算机安全,2013(7):81-85.