Research On Key Technologies Of Mapping Security Based On Identifier/Locator Separation

In today’s Internet, It is commonly recognized that the dual semantics of IP address has brought about serious problems, such as routing scalability, mobility, security, etc. To address these problems, there is an increasing consensus that identifier/locator separation is a promising solution in the research of future Internet architecture. As the key technology under identifier/locator separation architecture, the mapping service has been widely studied on the implementation method and performance evaluation. However, the researches on the mapping security are barely seen. Therefore, this dissertation focuses on the research on the key theories and technologies of mapping security. The main research points and innovations are outlined as follows:1. In order to address the worm propagation problems affected by identifier/locator separation and mapping, the semantics separation worm propagation model based on AAWP and the mapping latency worm propagation model based on SIR are proposed. By means of the numerical analysis and quantitative comparison between today’s Internet and identifier/locator separation architecture, the research results show that the semantics separation of IP address and the mapping latency of mapping service can be markedly conducive to alleviating worm propagation.2. A novel anomaly detection approach based on mapping request traffic is proposed to identify and diagnose the aberrant network behaviors. This approach introduces the cumulative sum algorithm for change point detection, and gives the design consideration about the mapping cache timeout. Besides, a practical mapping request threshold algorithm is also proposed to decouple the mapping request traffic and the mapping cache. In particular, the simulation results show that, this approach has notable advantages including alarm in advance and detection efficiency, and the mapping request threshold algorithm is feasible. Also, this dissertation discusses the influences on the mapping servers by the abnormal mapping request traffic and the possible false positive and false negative problems.3. An efficient defense approach based on double-threshold scheme is proposed to prevent the potential DoS attack against mapping cache. Aiming at resisting the mapping cache overflow, this approach not only presents a novel puzzle challenge mechanism based on iterative idea to decrease the growth rate of mapping entries, but also gives the trust value algorithm of mapping information to identify and filter out the malicious mapping entries. From the analytical results, we can see that this approach is efficient and feasible to prevent the DoS attack against mapping cache, and the puzzle challenge mechanism based on iterative idea has obvious advantages in security.4. A new defense approach based on reputation model is proposed to prevent the mapping spoofing which may exist or happen in the mapping service. In order to increase the trustworthiness of the mapping information, this approach introduces the reputation model based on feedback evaluation into the mapping service and uses the self-certifying identifiers to represent the identity information of tunnel routers. Based on the theoretical analysis, this dissertation gives the distinct advantages of this approach’s security and deployment.In addition, the numerical analysis and simulation results show this approach is effective to reduce the hazards of mapping spoofing.5. An original identity authentication mechanism, mainly including the initial access authentication scheme and the sustainable authentication scheme, is proposed to assure the authenticity and creditability of the mapping sources. This mechanism introduces the identity tag to bind the user’s digital certificate and the terminal’s identifier, and accomplishes the real relationship between the user’s identity and the terminal. From the analytical results, we can see that this mechanism has the improved security and the low computation cost, and can successfully guarantee the authenticity and sustained creditability of the mapping sources.