Abstract
In the design and construction process of Next Generation Internet, it is important to identify the source of each IP packet forwarding accurately, especially for the support of precise fine-grained management, control, traceability and improving the trustworthiness of the Internet. This paper designed a scalable Network Identity (NID) scheme for the Internet users, proposed NIDTGA (Network Identity and Time Generated Address), an IPv6 address generation algorithm embedded NID and time information, then designed and implemented an IPv6 address generation and traceback system based on NIDTGA. The design of NIDTGA, which reflects the length, time and owner attributes of the IP address, can be a good support to ADN (Address Driven Network). At the same time, by embedding the key elements of user identity and time in the IPv6 address, and by taking into account both the traceability and privacy, NIDTGA can provide a technical basis for the establishment of the network trust mechanism, and achieve the traceability of security event.
摘要
创新点
在构建下一代互联网的过程中, 准确确定网络中转发的每一个 IP 分组的来源, 对于支持细粒度的网络管理、 控制、 追溯以及提高网络可信任性具有重要意义. 这篇论文设计了一种可扩展的互联网用户身份标识 (NID) 方案, 提出了一种嵌入可扩展用户网络身份标识和时间信息的 IPv6 地址生成方法 (NIDTGA), 并基于这一方法构建了一个 IPv6 地址生成和追溯系统. 该地址生成方法充分体现了 IP 地址的长度属性、 时间属性和所有者属性, 满足了地址驱动网络 (ADN) 对地址的要求 同时, NIDTGA 方法通过在地址中嵌入用户身份标识、 时间等用户上网行为关键要素, 兼顾可追溯性和隐私性, 为建立系统的网络信任机制和实现安全事件追溯提供了支持.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Clark D, Braden R, Sollins K, et al. New arch: future generation Internet architecture. Technical Report, DARPA, MIT, ISI, 2003
Aura T. Cryptographically Generated Addresses (CGA). RFC3972. 2005
Moskowitz R, Nikander P, Jokela P, et al. Host Identity Protocol. RFC5201. 2008
Nordmark E, Bagnulo M. Shim 6: Level 3 Multihoming Shim Protocol for IPv6. RFC5533. 2009
O’Dell M. GSE-an alternate addressing architecture for IPv6. 1997
Kunishi M, Ishiyama M, Uehara K, et al. LIN6: a new approach to mobility support in IPv6. In: Proceedings of 3rd Inernational Sympsium on Wireless Personal Multimedia Communications, Bangkok, 2000. 43
Andersen D G, Balakrishnan H, Feamster N, et al. Accountable Internet protocol (AIP). ACM SIGCOMM Comput Commun Rev, 2008, 38: 339–350
Yan Z M, Zou X, Jin B. Ordered activities depending on eID in cyber virtual society (in Chinese). Netinfo Secur, 2011, 3: 005
Wu J, Bi J, Li X, et al. A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience. RFC5210. 2008
Wu J, Bi J, Bagnulo M, et al. Source Address Validation Improvement (SAVI) Framework. RFC7039. 2013
Daemen J, Govaerts R, Vandewalle J. Weak keys for IDEA. In: Proceedings of 13th Annual International Cryptology Conference, Santa Barbara, 1994. 224–231
Eastlake D, Hansen T. US Secure Hash Algorithms (SHA and HMAC-SHA). RFC4634. 2006
Borst J, Knudsen L R, Rijmen V. Two attacks on reduced IDEA. In: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, 1997. 1–13
Biham E, Dunkelman O, Keller N. A new attack on 6-round IDEA. In: Proceedings of 14th International Workshop on Fast Software Encryption, Luxembourg, 2007. 211–224
Khovratovich D, Leurent G, Rechberger C. Narrow-Bicliques: cryptanalysis of full IDEA. In: Proceedings of 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, 2012. 392–410
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Liu, Y., Ren, G., Wu, J. et al. Building an IPv6 address generation and traceback system with NIDTGA in Address Driven Network. Sci. China Inf. Sci. 58, 1–14 (2015). https://doi.org/10.1007/s11432-015-5461-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-015-5461-0