Research On Path-identifier-based Routing Architecture And Its Security In Smart Identifier Network

Routing architecture design is the most significant part in the future Internet research, which is the key factor that affects the performace of the network. Therefore, in recent years, researchers have proposed numerous routing architectures for the future Internet. Among those architectures, the path-identifier-based routing architecture has attracted extensive attention from researchers, for its strong scalabitiy, efficient packet forwarding, and effective support for multi-path routing. The basic idea of path-identifier-based routing is to assign each path in the network a path identifier (PID), and advertise PIDs throughout the Internet. A packet sender in the network simply encapsulates the PIDs along the path to a destination into the packet header, and the routers in the network determine the forwarding interface based on PIDs. In this way, the routers along the path will forward the packet to the destination.However, from the perspective of network security, such a design will make the new routing architecture suffer from the same secure risks as in the current Internet. Therefore, to enhance network security in the future Internet, the dissertation is motivated to answer the following three questions:1) is it feasible to design a routing architecture that does not advertise PIDs throughout the Internet? 2) How about the performance of such a routing architecture? 3) Can such a routing architecture really enhance network security? The main contributions of the dissertation are:(1) For the first question, the dissertation proposed a routing architecture that dose not advertise PIDs throughout the Internet, called COLOR, under the principles of the smart identifier network. The dissertation designed the service location process and the data packet forwarding process in COLOR, analyzed the main performance including security, mobility, and scalabitily of COLOR, and implemented COLOR in the prototype. The analysis and experiment results show that COLOR is effective and feasible, which has a number of advantages compared with the current Internet.(2) For the second question, the dissertation proposed an intra-domain routing mechanism based on PID, which achieves dynamic adaption of network resources. The dissertation designed the service request handling process and the data packet forwarding process of the proposed mechanism, analyzed the main performance including service retrieval delay, number of routing entries, and effectiveness of resource adaption of the proposed mechanism, and implemented the proposed mechanism in the prototype. The analysis and experiment results show that the proposed mechanism can efficiently achieve dynamic resource adaption, significantly reduce the number of routing entries, and effectively reduece the service retrieval delay in the network.(3) For the third question, the dissertation analyzed COLOR’s security in two different aspects:1) For the attacking approaches in the current Internet and the information-centric network (ICN), the dissertation qualitatively analyzed the effectiveness of each attacking approach in COLOR; 2) The dissertation proposed and simulated two approaches that can launch distributed denial-of-service (DDoS) attacks in COLOR, quantificationally evaluated the effectiveness of those DDoS attacks in COLOR, and compared it with the DDoS attacks in the current Internet. The evaluation results show that, compared with the current routing architectures, COLOR can reduce the number of attackable ASes (Automatic System) in the network, reduce the attacking traffic received by victim, and increase the attacking overhead of the attacker, thus improving network security.(4) To further improve the security of COLOR, the dissertation proposed a dynamic path identifier mechanism, called D-PID. The D-PID mechanism dynamically changes PIDs in the network, thus making it more difficult for attackers to launch attacks. The dissertation designed the PID negotiation process between two neighbor domains and the PID distribution process, proposed the service request retransmission mechanism to maintain legal communications, and used a mathematical model to analyze it. In addition, the dissertation evaluated D-PID’s main performance and overheads, and implemented it in the prototype. The evaluation and experiment results show that D-PID can effectively improve network security with little overhead.