Design And Implementation Of Security Mechanisms Of Mapping System In ID/Locator Split Achitecture

It is commonly recognized that today's Internet is facing serious routing scalability problem. This problem is mainly caused by the overloading of IP address semantics. Because the identifiers used by the transport layer and the network layer have the same IP namespace, the transport layer and the network layer are coupled in addressing. The ID/Locator split scheme is introduced to address this problem. The subject 'Routing and Addressing Architecture and Experimental System Based on ID/Locator Split' is proposed under this background. The main basis of this subject is RANGI, which is a new ID/Locator Split architecture. In RANGI, because of the split of ID and Locator, there must be a new component, the mapping system, to provide the ID/Locator mapping service. The security issues of the mapping system of RANGI are very important.The main work of this thesis is the analysis of security issues of the RANGI's DNS-based mapping system, and the design and implementation of security mechanisms of the mapping system of RANGI. First, all sorts of attacks aiming to the mapping system of RANGI are analyzed and the security requirements were summered, that is the security of ID management, mapping server and mapping protocol should be enhanced. The design of the secure mechanisms of the mapping system of RANGI is also discussed in this thesis. A new ID register protocol is designed to provide secure ID registering and the DNS TSIG and DNSSEC mechanisms are used to protect the update and query process of ID/Locator mapping records. This thesis also discusses how to integrate the ID register protocol and TSIG and DNSSEC mechanisms into the whole mapping system of RANGI. Besides, the implementation of the security mechanisms of the mapping system of RANGI is also discussed in detail, including the implementations of the ID management server, the ID register client, the secure mapping server and the secure mapping client. Test results show that, the security mechanisms can indeed provide good security protection for the mapping system of RANGI.