Journal of Software:2014.25(1):78-97

(清华信息科学与技术国家实验室(清华大学), 北京 100084;清华大学 计算机科学与技术系, 北京 100084)
Architecture and Key Technologies of Internet Address Security
XU Ke,ZHU Liang,ZHU Min
(Tsinghua National Laboratory for Information Science and Technology (Tsinghua University), Beijing 100084, China;Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China)
Chart / table
Similar Articles
Article :Browse 5587   Download 3240
Received:January 08, 2013    Revised:July 30, 2013
> 中文摘要: 当前,互联网体系结构不具备地址真实性验证机制,源地址伪造与路由地址前缀欺骗造成了极大危害.解决地址安全问题、构建真实可信的互联网环境,已成为亟待解决的重要课题.地址的真实性是互联网可信的基础和前提.针对这些问题,研究者们从不同角度提出了很多解决方案.首先,该文介绍了地址的概念及其欺骗现状,分析了地址安全的含义,并从研究体系、实现机制以及关键技术这3个维度,对地址安全研究思路进行了归纳分析.然后,对典型地址安全方案的性能指标进行了总结.最后,给出了一个地址与标识通用实验管理平台的设想,基于该平台,可以为不同的地址标识方案提供统一的部署实验环境.
Abstract:Forged source address and routing address prefix hijacking have caused great threats since there are no source address validation mechanisms on the current Internet. Solving the address security problem and constructing a reliable Internet environment have become a critical issue. The foundation of a trustworthy Internet is the authenticated IP addresses. Therefore, researchers have proposed many solutions from different perspectives on these problems. This paper first introduces the notion of address and the current situation of address spoofing, then gives an analysis to the meaning of the address security. The paper analyzes and compares these security solutions in three dimensions: The architecture, the mechanism and the key technical means. Their performances are also summarized and evaluated. Finally, the study provides a proposal of constructing a general experimental platform for network addresses which enables different address schemes to be deployed and experimented.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61170292);国家重点基础研究发展计划(973)(2009CB320501,2012CB315803);国家科技重大专项(2012ZX03005001-001);国家高技术研究发展计划(863)(2013AA013302);国家科技支撑计划(2011BAK08B05-02,2012BAH01B01) 国家自然科学基金(61170292);国家重点基础研究发展计划(973)(2009CB320501,2012CB315803);国家科技重大专项(2012ZX03005001-001);国家高技术研究发展计划(863)(2013AA013302);国家科技支撑计划(2011BAK08B05-02,2012BAH01B01)
Foundation items:
Reference text:


XU Ke,ZHU Liang,ZHU Min.Architecture and Key Technologies of Internet Address Security.Journal of Software,2014,25(1):78-97