Design And Implementation Of Security Enhancement Mechanism For New Internet Ticket Address Resolution Protocol

The current Internet architecture has many shortcomings such as insufficient security,poor scalability and poor service quality.The 973 project "Basic Research on Universal Trusted Network and Pervasive Services" builds a new type of Internet to solve these problems.Among them,the new Internet Address Resolution Protocol standardizes and realizes the mutual conversion between the identifier and physical link address in the same subnet.Due to the lack of date source verification mechanism,the Address Resolution Protocol system is vulnerable to ARP spoof,Retransmission Attacks,Denial of Service Attack etc.The research on the security enhancement mechanism of the new Internet Address Resolution Protocol is very crucial.This paper studies the working mechanism of the new Internet Address Resolution Protocol and the principle of the ARP attack,analyzes the existing security technology.Based on this,the paper designs security enhancement mechanism for new Internet Ticket Address Resolution Protocol.In the mechanism,functional entities such as Ticket Distribution Centre are designed to verify the identity of the host and to issue the ticket.The host adds ticket to ARP message so that the receiver can verify whether the ARP reply comes from the trusted data source.The paper standardizes the exchange process and message format of all kinds of messages,and realizes the functions of the request/reply processing and ticket caching of the node for packets.In this paper,the security enhancement mechanism for Ticket Address Resolution Protocol is realized in the New Internet system.By adding initial module,packet construction and sending module,neighbor cache module,ticket generation and processing module in the Linux kernel system,the study realizes the function of authentication,ticket integration and address resolution on the receiver.According to the test framework of new Internet Address Resolution Protocol system,this paper tests the ticket mechanism,validates the format of all kinds of packets,and proves the feasibility of the mechanism in the new Internet address conversion system.By modifying the flag,hardware address,timestamp and signature of the ticket,the study tests the ability of nodes to identify illegal data packets,the result proves that the mechanism has a good security.