未来互联网体系结构中的内生安全研究

陈钟; 孟宏伟; 关志

【打印本页】【下载PDF全文】【View/Add Comment】【Download reader】【 Close 】

本文已被：浏览 7445次下载 4384次	码上扫一扫！
未来互联网体系结构中的内生安全研究
陈钟,孟宏伟,关志
分享到：微信更多字体:加大+\|默认\|缩小-
(高可信软件技术教育部重点实验室(北京大学) 北京中国 100871;网络和软件安全保障教育部重点实验室(北京大学) 北京中国 100871;北京大学信息科学技术学院北京中国 100871;高可信软件技术教育部重点实验室(北京大学) 北京中国 100871;网络和软件安全保障教育部重点实验室(北京大学) 北京中国 100871;北京大学软件工程国家工程研究中心北京中国 100871)

摘要:

未来互联网体系结构试图通过其内生安全特性解决目前互联网中的安全问题。新型的未来互联网体系结构命名空间普遍使用了具备自认证能力的网络标识支持网络的内生安全,但目前的方案不能将用户标识符、网络标识符、公钥三者在脱离PKI的情况下实现同时绑定。本文提出了基于组合公钥密码体制的自认证标识(SCI-CPK)命名方案,可用于未来互联网体系结构命名空间中标识安全绑定,并给出了在未来互联网体系结构XIA、MobilityFirst和NDN中支持实体鉴别的应用方法。分析表明,SCI-CPK方案能够支持未来互联网中泛在互联和泛在移动场景下的大规模实体身份和地址鉴别。

关键词: 未来互联网体系结构内生安全自认证组合公钥体制

DOI：10.19363/j.cnki.cn10-1380/tn.2016.02.004

Received:April 07, 2016Revised:April 21, 2016

基金项目:本课题得到国家自然科学基金项目(Nos.61170263、61421091)资助。

Research on Intrinsic Security in Future Internet Architecture

CHEN Zhong,MENG Hongwei,GUAN Zhi

Key Laboratory of High Confidence Software Technologies(Peking University) Ministry of Education, Beijing 100871, China;Key Laboratory of Network and Software Security Assurance(Peking University) Ministry of Education, Beijing 100871, China;School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China;Key Laboratory of High Confidence Software Technologies(Peking University) Ministry of Education, Beijing 100871, China;Key Laboratory of Network and Software Security Assurance(Peking University) Ministry of Education, Beijing 100871, China;National Engineering Research Center of Software Engineering, Peking University, Beijing 100871, China

Abstract:

The characteristics of intrinsic security in the future Internet architecture have been used to conquer the security problems of current Internet. Self-certifying addresses are introduced in future Internet architecture (FIA) to enable the intrinsic security properties. However, without PKI, these approaches in FIA miss the intrinsic binding between user-level descriptor, network-level identifier and correspondent public key. To this end, a naming scheme of Self-Certifying Identifier in FIA based on Combined Public Key (CPK), named as SCI-CPK, is proposed in this paper. The use cases of identity authentication based on SCI-CPK in FIA designs are also given, including XIA, MobilityFirst and NDN. The analysis shows that the proposed method is benefit of ubiquitous access and vast mobility scenario in the future Internet.

Key words: future Internet architecture intrinsic security self-certifying combined public key