Research On Identifier-based Controllable Transmission Mechanism

With the expansion of user scale,the Internet is developing rapidly,becoming a new type of infrastructure at the national strategic level.However,since the traditional TCP/IP network manages and controls transmission based on well-known port numbers,the initiation and establishment of connections during transmission is simple and static,and its problems in terms of manageability,controllability,and security are prominent.In response to these problems,this paper adopts the concept of unified registration of service identifiers in the identifier network,and proposes an identifier-based controllable transmission mechanism.Its core features include: 1)By introducing a transmission control center,the mechanism performs authentication and authorization on the TCP transmission subject,enhancing the manageability and controllability of the network;2)By means of identifier register and dynamic update,the mechanism can dynamically change the address and port information during network transmission,which solves the problem that the well-known port numbers exposed by the protocol and port binding are vulnerable to attacks in the existing TCP/IP network,provides a load balancing method at the network level,and enhances network security;3)By introducing connection authorization information,the hiding of the TCP listening port is completed,which prevents the collection of system network information by means such as port scanning and further enhances network security.First,this paper analyzes the current status of network security,expounds the concept of unified registration of service identifiers,and introduces the relevant theories and technologies.On this basis,through the analysis of the requirements of the controllable transmission mechanism,the design scheme of the identifier-based controllable transmission mechanism is proposed.Its framework includes the following four main parts: 1)In the kernel dynamic identifier module,we have developed the format of dynamic identifier related messages,designed the structure of identifier information maintenance,introduced several timers to realize the switch of identifier register information,and analyzed and designed the identifier production and cleaning time;2)In the kernel identifier query module,we have formulated the format of the message related to identifier query,designed the query message queue,and analyzed the identifier query process in blocking and non-blocking situations;3)In the transmission control center,we have elaborated on the identity authentication of the transmission subject,the authority control of identifier register and query,and the scheme of transmission authorization;4)In the kernel low-level message module,through the analysis of the message sending and receiving requirements,we clarified the model of message sending and receiving,thereby designing the internal structure and external interface of the module.Secondly,this paper uses Linux kernel development technology and Python development technology to implement the kernel and the transmission control center in the mechanism.The kernel implementation is divided into three main modules: 1)Kernel dynamic identifier module,which realizes the identifier dynamic hopping,through the modification of the internal implementation of the listen,accept and close system calls and the driving of the timer;2)Kernel identifier query module,which realizes the embedding of the identifier query and the processing of its response message by modifying the internal implementation of the connect system call.3)Kernel low-level message module,which uses kernel socket programming technology,implements connection management and message processing interfaces.The transmission control center,which uses an event-driven mechanism to implement request processing and response,message objects and packet processors,and identity authentication and dynamic identifier management.Finally,this paper tests the mechanism,builds a test prototype system,verifies the dynamic identifier,identifier query,identifier management and permission control,etc.,and scans the system from the outside to verify the effectiveness of the mechanism for transmission control and system port concealment.At the end of the paper,a summary and outlook were made.