Design And Implementation Of Security Mechanism In The Named Data Networking

With the rapid development of the Internet,the existing internet framework based on TCP/IP architecture is facing growing problems.The network scale is expanding passively with a grave shortage of IP address and sluggish growth of connection speed that can't adapt to the fast development of internet applications.The network frequently collapses due to overload and it can hardly ensure the safety of the transmitted data.In order to solve those problems within the internet,there are many research institutions in China and abroad researching into the current and future internet.In 2010,the American NSF has funded four projects researching into the FLA.(Future Internet Architecture)with the duration of three years and they are NDN(Named Data Networking),Mobility first,NEBULA,XIA,respectively.The four projects are all claimed to be able to resolve the main problems of the Internet,but their focuses of research vary.The NDN is currently one of the mainstream research subjects.However,like the traditional Internet,NDN still has some problems in terms of data security.For Internet Flooding Attacking which is security risks in NDN network,this paper achieved the protocol stack based on the most current research and improvement of design methods.In the beginning,this paper introduced the basic concepts of NDN network,illustrated some specific method of IFA attacks and prevention measures currently available,and then pointed out the characteristics and shortcomings of the existing measures,laying the foundation for the further research and improvement.This paper designed three modules(statistic module,control module and filter module)to improve Internet Flooding Attacking Defense.Statistic module mainly collected the sent Interest and the content of the reply to the Interest,then obtained a satisfaction rate of Interest packet.And the IFA defense module is divided into filter module and control module.The filter module filtered traffic based on statistical information which collected in statistic module,then control module controlled forwarding traffic based on statistical data.At the same time,setting up a feedback mechanism to control data traffic,this part of the information would be feedback to the upstream node after filtered in time,then adjusted the flow of data to determine policy in order to achieve more accurate results This paper mainly combined above these modules to achieve IFA defense.Finally,this paper used simulation tools which called ndnSIM to achieve the above method,and verify the effectiveness of preventive measures by analyzing the simulation data.