Research On Secure Anycast Model

Anycast is a new network service, it can resolve the congestion because of theimbalance of the network traffic, apportion the network load well and utilize thenetwork resourse effectively. Anycast has particular strongpoint in balancing networkload, but it also has the secure weakness as unicast and multicast, it will be attacked byillegal behavior easily. No safeguard no excellent performance. Therefore, researchingon the security of anycast has the academic value and nicer applied foreground.Nowadays, the hotspot in study of anycast is centralized on the realization, routingalgorithm and QoS optimized, there is little work on anycast security, it left widescientific research area for us.This paper makes a profound study in the field of anycast secure weakness, anddiscovers that anycast may be attacked by source IP spoof, identify imposture, privilegeembezzlement, lack of continuity of service, DoS, replay attack and so on. Based on lotsof analyse, this paper summarizes a series of anycast secure requirements, indicates thesecure anycast service must has strict group membership on identify and privilegemanagement, effective strategy on source authentication, perfect measure for protectingdata security and integrality, besides ensure service uninterruptedly when malfunctionhappened.This paper's emphases is that according to the anycast secure requirements,proposes a model of secure anycast based on PKI and PMI technology.This model isprovided with the functions such as: (1)Based on the PKI and PMI elements, our modeluse the Public key certificate and the Role Assignment Attribute certificate to bind theclients and group members' identify and privilege seriously, preventing the vicious oneuse the illegal identify and privilege to attack. (2)Using the "Wait-Join" and"Instant-Leave" strategies when group members join or exit the anycast group, itprotects the group inner information only shared by legal group members. (3)Whennodes in anycast group broken-down, utilize the method of "Authority exalt" and"Orbicular take-over" to adjust the inner organize, make sure of the serviceuninterruptedly and stop the illegal attacking clients when malfunction happened. (4)Utilizing the Public key principle protect the datas' reliability and sourceauthentication, having the effective key management to guarantee key security, preventthe vicious one steal the key and datas.Analysed the model's processes of client's requestion and member's service supplyby BAN Logic, proved the communication among the authority, group member andclient in these two processes are valid, reliable and authentic, thus demonstrate oursecure anycast model is security, scientific and reasonable.Finally, we implement a secure anycast archetypal system. The system's runningresults show that the secure anycast model can stop some network attacking, such asDoS attacking, surpassed privilege attacking, spoof attacking and so on. It testifies themodel is secure, doable and effective.