Research On Key Technologies Of The Secure Packet Forwarding In Smart Integration Identifier Networks

Billions of users have connected to the Internet nowadays,which makes forwarding devices face various security threats.On one hand,attackers can issue many malicious packets to flood forwarding devices and make them hard to work.On the other hand,attackers can eavesdrop packets in forwarding devices to intercept secret information.The architecture of traditional Internet is difficult to design secure forwarding mechanisms.Currently,Information-Centric Networking,Smart Integration Identifier Networks(SINET-I)and other new networks bring opportunities for designing secure forwarding mechanisms.Therefore,this dissertation focuses on key technologies of the secure packet forwarding in SINET-I.First,this dissertation theoretically analyzes the forwarding principle and security threats in SINET-I.Second,this dissertation designs forwarding mechanisms for defensing flooding and eavesdropping attacks.Finally,this dissertation optimize forwarding mechanisms by using Artificial Intelligence(AI).Particularly,the main works and contributions are:(1)This dissertation originally proposes a forwarding principle in SINET-I,and theoretically analyzes its security threats.First,the architecture of SINET-I is introduced in detail,it has three layers vertically and three domains horizontally.Then,a datagram of variable-length addressing packet and a programmable packet forwarding are designed.Third,the security threats during forwarding a packet in SINET-I are theoretically analyzed,including the attacking principles of flooding and eavesdropping attacks.Besides,a mathematical model of flooding attacks is constructed.Finally,evaluation methods of forwarding performances and security threats are provided.(2)Regarding the threats of flooding attacks,a secure packet forwarding mechanism is proposed based on an optimization of multiple defense factors.First,three defense factors including accuracy,delay and memory cost are theoretically analyzed.Then,an optimization based secure forwarding mechanism is proposed against flooding attacks.The proposed mechanism has three separate method to optimize the three defense factors against active attacks.That is,a method based on the statistics of multiple forwarding states is designed to optimize the defense accuracy,a method based on Negative Acknowledgement(NACK)is proposed to optimize the defense delay,and a method based on the bloom filter is designed to optimize the defense memory cost.Finally,experimental results show that the proposed mechanism can decrease the false positive rate by 10.54%,decrease the false negative rate by 44.36%,decrease the delay level from seconds to milliseconds,and decrease the memory cost by 78.29%.(3)Regarding the threats of eavesdropping attacks,this dissertation combines multiple defense lines and proposes a novel secure forwarding mechanism.First,the necessary of combining multiple defense lines is theoretically analyzed.Then,the proposed mechanism has three defense lines against eavesdropping attacks.The third line encrypts all packet payloads in application layer.Additionally,the second line re-encrypts all packet headers in transport layer to distribute the packets from one stream into different streams,and disturbs attackers to classify the packets correctly.Complementally,the first line uses programmable forwarding policies which could split all the packets into different network paths disorderly.Finally,experimental results show that the proposed mechanism can decrease the encryption cost by 69.85%?81.24% compared with state-of-the-art mechanisms.(4)This dissertation originally proposes an in-network AI-assisted secure forwarding mechanism for meeting different security requirements.First,an algorithm is analyzed for mining the semantic of a packet payload.Besides,an in-network AI model for classifying the security requirements is constructed based on the Convolutional Neural Networks(CNN)algorithm.Then,an in-network AI-assisted secure forwarding mechanism is proposed to classify the security requirements and decrease the overhead when defensing eavesdropping attacks.Finally,this dissertation implements the proposed mechanism by using programmable data planes,and evaluates its forwarding performances and effectiveness against eavesdropping attacks.Experimental results show that the mechanism can forwarding packets securely for privacy-sensitive traffics,and decrease the forwarding delay for non-privacy-sensitive traffics.Besides,the proposed mechanism can effectively decrease the computing overhead by 10.18%.