内生安全网络架构

doi:10.11959/j.issn.1000-0801.2019215

Abstract

Abstract:

IP network brings big benefits for human’s life by connecting most devices all over the world,but its security and privacy issues make people frustrating when using end to end communication.Without intrinsic security design of the network,it is difficult for patch-like solutions to cure stubborn security issues (IP spoofing,privacy leakage,MITM attack,DDoS,etc.).On the basis of surveying different kinds of security threats and related security techniques,an overview of the security weakness analysis was given,and network architecture with intrinsic security (NAIS) was presented,including dynamic ID/IP with intrinsic security,security verification and audit protocols,and cross-domain cooperation defense mechanism,which could provide security and trustworthiness for end to end communication.

Key words: IP network, intrinsic security, privacy, accountability, DDoS

CLC Number:

TN915.08

Weiyu JIANG, Bingyang LIU, Chuang WANG. Network architecture with intrinsic security[J]. Telecommunications Science, 2019, 35(9): 20-28.

Figures/Tables 4

References 24

[1]	Caida spoofer program report[R]. 2019.
[2]	ENGLEHARDT S , NARAYANAN A . Online tracking:a 1-million-site measurement and analysis[C]// the 2016 ACM SIGSAC Conference on Computer and Communications Security,Oct 12-16,2015,Denver,Colorado,USA. New York:ACM Press, 2016: 1388-1401.
[3]	FERGUSON P , SENIE D . Network ingress filtering:defeating denial of service attacks which employ IP source address spoofing:RFC 2827[S]. 2000.
[4]	DUAN Z , ·UAN X , CHANDRASHEKAR J . Constructing interdomain packet filters to control IP spoofing based on BGP updates[C]// INFOCOM,April 23-29,2006,Barcelona,Spain. Piscataway:IEEE Press, 2006.
[5]	BREMLER-BARR A , LEVY H . Spoofing prevention method[C]// IEEE INFOCOM, 2005(1): 536-547.
[6]	JIN C , WANG H , SHIN K . Hop-count filtering:an effective defense against spoofed DDoS traffic[C]// the 10th ACM Conference on Computer and Communications Security,Oct 27 - 30,Washington D.C.,USA. New York:IEEE Press, 2003.
[7]	BAKER F , SAVOLA P . Ingress filtering for multihomed networks:RFC 3704[S]. 2004.
[8]	BI J , LIU B . Problem statement of SAVI beyond the first hop,Internet Draft[R]. 2012.
[9]	LIU X , ·ANG X , WETHERALL D ,et al. Efficient and secure source authentication with packet passports[C]// 2nd conference on Steps to Reducing Unwanted Traffic on the Internet,San Jose,CA,USA. New York:ACM Press, 2006.
[10]	LIU X , ·ANG X , WETHERALL D ,et al. Passport:secure and adoptable source authentication[C]// 5th USENIX NSDI,April16-18,2008,San Francisco,California,USA. New York:ACM Press, 2008.
[11]	RAGHAVAN B , KOHNO T , SNOEREN A C ,et al. Enlisting ISP to improve online privacy:IP address mixing by default[C]// PETS '09,August 5-7,2009,Seattle,WA,USA. New York:ACM Press, 2009.
[12]	CHAUM D . Untraceable electronic mail,return address,and digital pseudonyms[J]. Communications of the ACM, 1981,24(2): 84-88.
[13]	DINGLEDINE R , MATHEWSON N , SYVERSON P F . Tor:the second-generation onion router[J]. Journal of the Franklin Institute, 2004,239(2): 135-139.
[14]	NARTEN T , DRAVES R , KRISHNAN S . Report from the IAB workshop on routing and addressing:RFC4941[S]. 2007.
[15]	GONT F . Method for generating semantically opaque interface identifiers with ipv6 stateless address autoconfiguration (slaac),RFC 7217,Internet engineering task force,request for comments[S]. 2014.
[16]	ANDERSEN D G , BALAKRISHNAN H , FEAMSTER N ,et al. Accountable internet protocol[C]// ACM SIGCOMM 2008 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications,August 17-22,2008,Seattle,WA,USA. New York:ACM Press, 2008.
[17]	NAYLOR D , MUKERJEE M K , STEENKISTE P.Balancing accountability and privacy in the network . [J]. ACM Sigcomm Computer Communication Review, 2014,44(4).
[18]	LEE T , PAPPAS C , BARRERA D ,et al. Source accountability with domain-brokered privacy[C]// the 12th International on Conference on emerging Networking Experiments and Technologies,December 12 - 15.2016,Irvine,California,USA. New York:ACM Press, 2016.
[19]	US service provider survives the biggest recorded DDoS in history[Z]. 2018.
[20]	ANTONAKAKIS M , APRIL · , BAILEY M ,et al. Understanding the mirai botnet[C]// 26th USENIX Security.[S.l.:s.n]. 2017.
[21]	CloudFlare. Advanced DDoS attack protection[Z]. 2018.
[22]	FAYAZ S K , TOBIOKA · , SEKAR V ,et al. Bohatei:flexible and elastic DDoS defense[C]// Usenix Conference on Security Symposium,August 12 - 14,2015,Washington,D.C.,USA. New York:ACM Press, 2015.
[23]	BASESCU C , REISCHUK R M , SZALACHOWSKI P ,et al. SIBRA:Scalable internet bandwidth reservation architecture[J]. arXiv preprint arXiv:1510.02696, 2015.
[24]	李子姝, 谢人超, 孙礼 ,等. 移动边缘计算综述[J]. 电信科学, 2018,34(1): 87-101.
	LI Z S , XIE R C , SUN L ,et al. A survey of mobile edge computing[J]. Telecommunications Science, 2018,34(1): 87-101.

Metrics

Recommended 0

No Suggested Reading articles found!

Network architecture with intrinsic security

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 24

Related Articles 15

Metrics

Recommended 0

[1]	Yingjie HE, Qiwei LI, Han SUN, Di GAO, Jianfeng DONG, Shuhua YANG. A lightweight privacy-preserving truth discovery mechanism for IoT [J]. Telecommunications Science, 2021, 37(5): 124-132.
[2]	Shuangxing WANG, Jintang LUO, Lisha SHUAI, Jiamin ZHANG, Min ZHANG, Xiaolong YANG. Cloud data anonymous assured deletion approach based on blockchain [J]. Telecommunications Science, 2021, 37(3): 90-104.
[3]	Feiyang LIU, Kun LI, Fei SONG, Huachun ZHOU. Construction of DDoS attacks malicious behavior knowledge base construction [J]. Telecommunications Science, 2021, 37(11): 17-32.
[4]	Bing HUANG, Bin TAN, Jian LUO, Yong GUO. Future IP network architecture evolution for service and network collaboration [J]. Telecommunications Science, 2021, 37(10): 39-46.
[5]	Chi ZHANG, Ye LU, Yuping LUO, Xiaokai SUN, Hanke ZHU. A novel approach for face privacy protection based on surveillance video in complex scene [J]. Telecommunications Science, 2021, 37(1): 94-101.
[6]	Huifang HOU,Xuefang LI,Jie PAN,Zhigang DING. 5G carrier network data collection and security management evolution ideas [J]. Telecommunications Science, 2020, 36(9): 154-159.
[7]	Zhe CHEN,Sheng JIANG,Chuang WANG. A flexible and secure protocol framework for industrial internet of smart things [J]. Telecommunications Science, 2020, 36(7): 26-33.
[8]	Shaoliang PENG,Liang BAI,Li WANG,Minxia CHENG,Shulin WANG. Trusted edge computing for smart healthcare [J]. Telecommunications Science, 2020, 36(6): 56-63.
[9]	Zishan LIU,Qiang CHENG,Bo LV. A survey on key technologies of privacy protection for machine learning [J]. Telecommunications Science, 2020, 36(11): 18-27.
[10]	Xiuli ZHENG, Sheng JIANG, Chuang WANG. NewIP:new connectivity and capabilities of upgrading future data network [J]. Telecommunications Science, 2019, 35(9): 2-11.
[11]	Jingyi XU,Zeyu ZHAO,Minhu SHEN,·ibin ·ING,Weiqiang ZHOU. Next generation IP network test system framework based on microservices architecture [J]. Telecommunications Science, 2019, 35(9): 29-37.
[12]	Huijuan ·AO, Liang GENG. Trend of next generation network architecture:computing and networking convergence evolution [J]. Telecommunications Science, 2019, 35(9): 38-43.
[13]	Lintao JIANG. Current situation and development trend of data network [J]. Telecommunications Science, 2019, 35(8): 1-15.
[14]	Xiuli ZHENG, Jiayao TAN, Sheng JIANG, Chuang WANG. Analysis on the requirements of future data network [J]. Telecommunications Science, 2019, 35(8): 16-25.
[15]	HE Yusheng. Research on C＆C traffic detection of DDoS BotNet in internet of things [J]. Telecommunications Science, 2019, 35(6): 96-101.