摘要
针对未来网络对安全性和移动性的需求,论文基于身份标识与地址定位分离的思想,提出一种安全可信的网络互联协议模型,简称STi P(Secure and Trusted internet Protocol)模型。STi P模型将传统的IP地址双重功能进行分离,同时通过引入报文签名与验证、地址/身份认证和去中心化密钥管理等内在安全机制,能从源头上解决源地址欺骗、路由劫持、拒绝服务等网络安全问题,从而有利于构建自主可控、安全可信的互联网环境。文中详细探讨了STi P模型的体系结构、安全主机标识与基于层次树的名址映射解析系统、骨干网安全路由及去中心化的密钥管理方案等关键技术。
To fullfillthe requirementsofsecurityandmobilityinthe future networkenvironment, a secure and trusted internet protocol based on locator and identifier separation is proposed in this paper,which is called STiP.STiP separates the traditional dual functions of IP address. Moreover, intrinsic security mechanisms are designed in STiP, including digital signature and authentication, address and identity validation and decentralized key management.With the help of STiP, the security problems of current Internet such as address spoofing, route hijacking and denial of service can be solved from the source, and these help to build a secure and reliableinternet environment with controllability. The architecture of STiP, secure host identifierand its hierarchical name system, the security routing of the backbone network and its decentralized scheme for key managementand some other key technologies are discussedin detail in the paper.
出处
《网络空间安全》
2017年第1期24-31,共8页
Cyberspace Security
基金
国家自然科学基金资助项目(61540020):"基于多维证据的信任评估理论
模型与关键机制研究"
关键词
未来网络
互联网协议
网络安全
可信网络
地址安全
命名与寻址
futurenetwork
internetprotocol
networksecurity
trustednetwork
addresssecurity
namingandaddressing