引用本文
  • 张宇,夏重达,方滨兴,张宏莉.一个自主开放的互联网根域名解析体系[J].信息安全学报,2017,2(4):57-69    [点击复制]
  • ZHANG Yu,XIA Zhongda,FANG Binxing,ZHANG Hongli.An Autonomous Open Root Resolution Architecture for Domain Name System in the Internet[J].Journal of Cyber Security,2017,2(4):57-69   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 5577次   下载 6090 本文二维码信息
码上扫一扫!
一个自主开放的互联网根域名解析体系
张宇1, 夏重达1, 方滨兴1,2, 张宏莉1
0
(1.哈尔滨工业大学计算机科学与技术学院 计算机网络与信息安全技术研究中心, 哈尔滨 中国 150001;2.东莞电子科技大学电子信息工程研究院, 东莞 中国 523808)
摘要:
域名系统(Domain Name System,DNS)的中心化根解析体系蕴含着权力滥用风险,对互联网的开放与平等形成威胁。本文提出了一个新的自主开放根解析体系,与现有DNS兼容的同时,从结构和机制两方面对权力滥用予以威慑。首先,针对域名唯一性与去中心化之间矛盾,提出了授权与解析分离机制,在保留单一根权威的条件下,实现解析服务去中心化。接着,针对中心式结构风险,提出建立国家根与根联盟,通过自治与合作实现权力制衡。然后,分析了新体系防范风险的有效性以及在当前DNS基础之上的增量,并讨论新体系所具有的自主、开放、平等、透明性质。最后,对新体系的安全性进行分析并给出了一个原型系统。
关键词:  域名系统    去中心化  互联网治理
DOI:10.19363/j.cnki.cn10-1380/tn.2017.10.005
投稿时间:2016-07-15修订日期:2017-05-22
基金项目:广东省产学研合作项目"广东省健康云安全院士工作站"(No.2016B090921001),国家重点基础研究发展计划("973"计划)(No.2011CB302605,No.2013CB329602),国家自然科学基金(No.61202457,No.61402149)资助。
An Autonomous Open Root Resolution Architecture for Domain Name System in the Internet
ZHANG Yu1, XIA Zhongda1, FANG Binxing1,2, ZHANG Hongli1
(1.Research Center of Computer Network and Information Security Technology, Department of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China;2.Institute of Electronic and Information Engineering in Dongguan, University of Electronic Science and Technology of China, Dongguan 523808, China)
Abstract:
The current DNS (Domain Name System) root resolution architecture has the risk of power abuse which posts threats on the openness and equality of the Internet. This paper presents a new DNS-compatible autonomous open root resolution architecture to effectively prevent the power abuse from the perspectives of structure and mechanism. First, aiming at the dilemma between the name uniqueness and decentralization, we propose the separation of delegation and resolution to decentralize resolution service while keeping a single root authority. Then, to cope with the risk in the centralized structure, we propose a structure with country roots and inter-root to provide power balancing. We analyze the effectiveness of the new architecture against the abuse threats and the changes on current DNS. We discuss the autonomy, openness, equality and transparency of the new architecture. We also analyze the security of the new architecture and implement a prototype.
Key words:  Domain Name System  root  decentralization  Internet governance