Skip to main content

Building an IPv6 address generation and traceback system with NIDTGA in Address Driven Network

在地址驱动网络中构建嵌入可扩展用户网络身份标识和时间信息的 IPv6 地址生成和追溯系统

Abstract

In the design and construction process of Next Generation Internet, it is important to identify the source of each IP packet forwarding accurately, especially for the support of precise fine-grained management, control, traceability and improving the trustworthiness of the Internet. This paper designed a scalable Network Identity (NID) scheme for the Internet users, proposed NIDTGA (Network Identity and Time Generated Address), an IPv6 address generation algorithm embedded NID and time information, then designed and implemented an IPv6 address generation and traceback system based on NIDTGA. The design of NIDTGA, which reflects the length, time and owner attributes of the IP address, can be a good support to ADN (Address Driven Network). At the same time, by embedding the key elements of user identity and time in the IPv6 address, and by taking into account both the traceability and privacy, NIDTGA can provide a technical basis for the establishment of the network trust mechanism, and achieve the traceability of security event.

摘要

创新点

在构建下一代互联网的过程中, 准确确定网络中转发的每一个 IP 分组的来源, 对于支持细粒度的网络管理、 控制、 追溯以及提高网络可信任性具有重要意义. 这篇论文设计了一种可扩展的互联网用户身份标识 (NID) 方案, 提出了一种嵌入可扩展用户网络身份标识和时间信息的 IPv6 地址生成方法 (NIDTGA), 并基于这一方法构建了一个 IPv6 地址生成和追溯系统. 该地址生成方法充分体现了 IP 地址的长度属性、 时间属性和所有者属性, 满足了地址驱动网络 (ADN) 对地址的要求 同时, NIDTGA 方法通过在地址中嵌入用户身份标识、 时间等用户上网行为关键要素, 兼顾可追溯性和隐私性, 为建立系统的网络信任机制和实现安全事件追溯提供了支持.

This is a preview of subscription content, access via your institution.

References

  1. Clark D, Braden R, Sollins K, et al. New arch: future generation Internet architecture. Technical Report, DARPA, MIT, ISI, 2003

  2. Aura T. Cryptographically Generated Addresses (CGA). RFC3972. 2005

    Book  Google Scholar 

  3. Moskowitz R, Nikander P, Jokela P, et al. Host Identity Protocol. RFC5201. 2008

  4. Nordmark E, Bagnulo M. Shim 6: Level 3 Multihoming Shim Protocol for IPv6. RFC5533. 2009

    Google Scholar 

  5. O’Dell M. GSE-an alternate addressing architecture for IPv6. 1997

    Google Scholar 

  6. Kunishi M, Ishiyama M, Uehara K, et al. LIN6: a new approach to mobility support in IPv6. In: Proceedings of 3rd Inernational Sympsium on Wireless Personal Multimedia Communications, Bangkok, 2000. 43

    Google Scholar 

  7. Andersen D G, Balakrishnan H, Feamster N, et al. Accountable Internet protocol (AIP). ACM SIGCOMM Comput Commun Rev, 2008, 38: 339–350

    Article  Google Scholar 

  8. Yan Z M, Zou X, Jin B. Ordered activities depending on eID in cyber virtual society (in Chinese). Netinfo Secur, 2011, 3: 005

    Google Scholar 

  9. Wu J, Bi J, Li X, et al. A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience. RFC5210. 2008

    Google Scholar 

  10. Wu J, Bi J, Bagnulo M, et al. Source Address Validation Improvement (SAVI) Framework. RFC7039. 2013

  11. Daemen J, Govaerts R, Vandewalle J. Weak keys for IDEA. In: Proceedings of 13th Annual International Cryptology Conference, Santa Barbara, 1994. 224–231

    Google Scholar 

  12. Eastlake D, Hansen T. US Secure Hash Algorithms (SHA and HMAC-SHA). RFC4634. 2006

  13. Borst J, Knudsen L R, Rijmen V. Two attacks on reduced IDEA. In: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, 1997. 1–13

    Google Scholar 

  14. Biham E, Dunkelman O, Keller N. A new attack on 6-round IDEA. In: Proceedings of 14th International Workshop on Fast Software Encryption, Luxembourg, 2007. 211–224

    Chapter  Google Scholar 

  15. Khovratovich D, Leurent G, Rechberger C. Narrow-Bicliques: cryptanalysis of full IDEA. In: Proceedings of 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, 2012. 392–410

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Gang Ren.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Liu, Y., Ren, G., Wu, J. et al. Building an IPv6 address generation and traceback system with NIDTGA in Address Driven Network. Sci. China Inf. Sci. 58, 1–14 (2015). https://doi.org/10.1007/s11432-015-5461-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-015-5461-0

Keywords

  • network identity
  • IPv6
  • Address Driven Network
  • IP traceback
  • IP address generation

关键词

  • 用户网络身份标识
  • 下一代互联网
  • 地址驱动网络
  • IP 地址追溯
  • IP 地址生成
  • 120102