Research And Implementation Of Bootstrapping Remote Secure Key Infrastructures Communication Mechanism For Autonomic Network

With the rapid development of information technology and social economy,Internet technology is also constantly improving.The Internet has penetrated into every aspect of people's lives,but at the same time,the defects of the Internet are also exposed.The "best effort" service principle in the traditional Internet can no longer meet people's growing demand for network services,and the increasingly complex network structure has brought enormous challenges to network management.At the same time,as the network environment becomes more and more complex,the identity security of the end users requesting connection is difficult to guarantee.And the traditional secure access authentication protocol has uncontrollable network access objects,and the authentication process is vulnerable to malware attacks and networks attack problem,and the lack of identity bidirectional authentication between the access object and the network that make the security of network access is not guaranteed.In order to solve the above network problems,the Internet Engineering Task Force established the autonomic network integration model method working group in 2014.The working group proposed a general autonomic network model based on the idea of autonomic communication,which defines three specific parts,including Bootstrapping Remote Secure Key Infrastructures,Autonomic Control Plane and Generic Autonomic Signaling Protocol.The RSKI is an access authentication mechanism in the autonomic network to ensure the security of network access.This thesis takes the above autonomic network as the research object,and focuses on the BRSKI mechanism of the autonomic network.Firstly,this thesis introduces the research background and research status of autonomic network and BRSKI mechanism.Among them,the architecture and characteristics of the autonomic network,the common access authentication protocol and the key technologies needed to implement BRSKI mechanism are described.Secondly,it expounds the related principles and workflow of the BRSKI,including the components of the BRSKI mechanism and the message types.Through in-depth research,it is found that the existing BRSKI mechanism has problems such as redundant log request messages,unreasonable logs,and replay-attacks.To solve the above problems,an efficient and reasonable log update method and an anti-replay attack method based on double check are proposed.Based on the above two new methods,a Bootstrapping Remote Secure Key Infrastructures communication mechanism for efficient anti-replay attacks is designed.Thirdly,the principle and workflow of each module in BRSKI mechanism and the operation process of each node in the network model are elaborated in detail.On this basis,the specific implementation scheme of each module and the overall implementation scheme of BRSKI mechanism are designed.At the same time,C language was used in the Linux operating system to complete the software programming implementation of the original BRSKI mechanism and the new mechanism,in which the registration module was implemented by transplanting and modifying the libest open source project.By setting up the test platform,the test and verification of the functions of each module of the BRSKI mechanism are completed.The test results show that the functions of each module are normal and meet the system design requirements.By comparing the old mechanism with the new mechanism,it is found that the new mechanism effectively reduces the overhead,improves the rationality of log,and reduces the log storage overhead.At the same time,the network can avoid replay attack effectively by using double check anti replay attack method.Finally,the work of this thesis is summarized and the further research of BRSKI mechanism is prospected,and the research direction and emphases are pointed out.