Research On Control Technology And Simulation System In Trusted Network

Internet plays the necessity heavier in people’s work, life and entertainment. There are a few of security flaws in traditional network, such as the dual semantic of an IP address, the lack of authentication to user access. So it’s very important to ensure network security, reliable, trustworthy and controllable.First, the thesis builds a trusted control system of network based on identifier/locator separation technology and the distributed trust model principle. Feasible and effective control technologies are made to the system from the access, transmission and routing levels: In the access layer, the trusted authentication, digital signature and trusted access control policy in identifier/locator separation are used to ensure safer identity of the users. In the transmission layer, the packet by packet authentication and credibility detection mechanisms of packet are utilized to ensure data integrity and security. The routing control strategies in identifier/locator separation are practiced to ensure network route safe and reliable.Then, the thesis constructed an OPNET credible control system simulation platform, combined with credible control principle, including the detailed information design and communication protocols of the internal system. The complete simulation platform contains network、node and process modeling.Finally, the thesis classifies, analyzes the traditional common network attacks and introduces some to simulation platform. The simulation results confirmed the effectiveness and feasibility of control systems to deal with network attacks. 23 kinds of attack scenarios were designed into simulation system. The simulation results include two major areas. One is the effect of control system for network attacks, mainly on the trends of node trust, the ability to prevent routings which pass bad nodes. On the other hand, network load, end to end propagation delay, time to build trusted connection, packet loss rate and the proportion of routings which pass bad nodes are selected as the indicators of overall network performance. Simulation results show that the control system with a variety of strategies in network access, transmission and routing levels can monitor those 23 kinds of attacks and prevent damage by adjusting the trust of nodes. Meanwhile, the additional network load and the delay with control strategies to increase the credibility is not significant, but the proportion of routings which pass bad nodes and network packet loss rate are significantly reduced.