【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 8640次   下载 5828 本文二维码信息
码上扫一扫!
未来互联网体系结构中的内生安全研究
陈钟,孟宏伟,关志
分享到: 微信 更多
(高可信软件技术教育部重点实验室(北京大学) 北京 中国 100871;网络和软件安全保障教育部重点实验室(北京大学) 北京 中国 100871;北京大学信息科学技术学院 北京 中国 100871;高可信软件技术教育部重点实验室(北京大学) 北京 中国 100871;网络和软件安全保障教育部重点实验室(北京大学) 北京 中国 100871;北京大学软件工程国家工程研究中心 北京 中国 100871)
摘要:
未来互联网体系结构试图通过其内生安全特性解决目前互联网中的安全问题。新型的未来互联网体系结构命名空间普遍使用了具备自认证能力的网络标识支持网络的内生安全,但目前的方案不能将用户标识符、网络标识符、公钥三者在脱离PKI的情况下实现同时绑定。本文提出了基于组合公钥密码体制的自认证标识(SCI-CPK)命名方案,可用于未来互联网体系结构命名空间中标识安全绑定,并给出了在未来互联网体系结构XIA、MobilityFirst和NDN中支持实体鉴别的应用方法。分析表明,SCI-CPK方案能够支持未来互联网中泛在互联和泛在移动场景下的大规模实体身份和地址鉴别。
关键词:  未来互联网体系结构  内生安全  自认证  组合公钥体制
DOI:10.19363/j.cnki.cn10-1380/tn.2016.02.004
Received:April 07, 2016Revised:April 21, 2016
基金项目:本课题得到国家自然科学基金项目(Nos.61170263、61421091)资助。
Research on Intrinsic Security in Future Internet Architecture
CHEN Zhong,MENG Hongwei,GUAN Zhi
Key Laboratory of High Confidence Software Technologies(Peking University) Ministry of Education, Beijing 100871, China;Key Laboratory of Network and Software Security Assurance(Peking University) Ministry of Education, Beijing 100871, China;School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China;Key Laboratory of High Confidence Software Technologies(Peking University) Ministry of Education, Beijing 100871, China;Key Laboratory of Network and Software Security Assurance(Peking University) Ministry of Education, Beijing 100871, China;National Engineering Research Center of Software Engineering, Peking University, Beijing 100871, China
Abstract:
The characteristics of intrinsic security in the future Internet architecture have been used to conquer the security problems of current Internet. Self-certifying addresses are introduced in future Internet architecture (FIA) to enable the intrinsic security properties. However, without PKI, these approaches in FIA miss the intrinsic binding between user-level descriptor, network-level identifier and correspondent public key. To this end, a naming scheme of Self-Certifying Identifier in FIA based on Combined Public Key (CPK), named as SCI-CPK, is proposed in this paper. The use cases of identity authentication based on SCI-CPK in FIA designs are also given, including XIA, MobilityFirst and NDN. The analysis shows that the proposed method is benefit of ubiquitous access and vast mobility scenario in the future Internet.
Key words:  future Internet architecture  intrinsic security  self-certifying  combined public key