Key Technologies of Sovereignty Network

Li, Hui; Yang, Xin

doi:10.1007/978-981-16-2670-8_4

3644 Accesses

Abstract

In order to realize all functions of the sovereignty network while guarantee the security at the same time, what key technologies should be used in the architecture? This chapter will elaborate on the key technologies of the sovereignty network. Firstly, on application layer, we proposed a large-scale multilateral managed consortium blockchain technology named as Proof of Vote to construct the multi-identifier system (MIS) for all nations in the world to jointly and equally co-manage the top-level identifiers, which assures the intercommunication between different nations. Meanwhile, each nation owns autonomy on low-level identifiers of its corresponding top-level identifiers, which reflects independent of cyberspace sovereignty. Then, we proposed some efficient algorithms to support inter-translating and addressing for multi-identifier and huge size of hundred billion identifiers, together with the hyperbolic routing scheme forming the core technologies of network layer in MIN Architecture. Technologies for guaranteeing privacy, security, and transmission control, etc. were also presented.

You have full access to this open access chapter, Download chapter PDF

In order to realize all functions of the sovereignty network while guarantee the security at the same time, what key technologies should be used in the architecture? This chapter will elaborate on the key technologies of the sovereignty network.

Sovereignty network is mainly composed by a traceable data signing and acceptance mechanism and combined with the MIN protocol architecture. A variety of innovations were proposed and integrated into the Multi-identifier Router (MIR) as the core device of MIN, and the construction is carried out around supporting multi-identifier coexistence, co-governance, endogenous security, as well as supporting network evolution.

On the data plane of sovereignty network, in order to support the operation of identity centric network, we proposed the data transmission scheme and designed the user access process based on identity centric network, which are described in Sect. 4.1. In order to meet the needs of various communication scenarios, we proposed and realize the inter-translation scheme supporting multiple identifiers coexisting equally in MIN. Then to guarantee endogenous evolution ability of MIN, we designed an identifier extension mechanism that allows the gradual extension of MIN identifiers. Details are presented in Sect. 4.10. In general, the above new identifiers are much longer than IP address, so the inter-translation and addressing process of multi-identifier will face great pressure in computing and storage. To this end, we proposed a hash table with prefix tree algorithm HPT, accelerating the backtracking process of FIB query algorithm and effectively improving the efficiency of multi-identifier translation and addressing. HPT-FIB has a significant storage overhead when the network scale further expands. Therefore, we proposed a hyperbolic identifier and routing scheme instead of forwarding table to reduce storage overhead in MIR. Those are described in Sect. 4.3. Further, in order to meet the demand of the development of future network towards space-terrestrial integrated, we proposed a greedy routing strategy based on hyperbolic routing technology and light-weight distributed self-adaptive satellite routing algorithm based on delay to construct the Space-Terrestrial Multi-Identifier Network (ST-MIN). ST-MIN takes advantages of the feature that satellite communication is not affected by time, location or environment, which is described in Sect. 4.9.

Moreover, considering the communication reliability and transmission efficiency of the sovereign network under different scenarios, we proposed MIT– Transmission Control Protocol, a transmission control scheme for MIN. MIT supports the transmission control in both push semantic and pull semantic, which is described in Sect. 4.8.

On the management plane of MIN, in order to realize co-governance of user information and identification, we proposed PPoV (Parallel Proof of Vote) as a non-forking consensus algorithm for consortium blockchain. The core idea is the separation of voting rights and bookkeeping rights, which is presented in Sect. 4.2.

In addition to the construction of the architecture, the sovereignty network is required to protect user privacy and system security while managing users. To this goal, we designed a variety of security mechanisms. To guarantee the privacy of users and traceable of behaviors, combined with asymmetry encryption technology, we proposed an identity authentication scheme of the sovereignty network based on human biological characteristics. To provide a hierarchical security and reliability guarantee for network, we adopted three kind of protection mechanisms: network censorship, cryptography, and Cyberspace Mimic Defense (CMD) for designing six levels of defense barriers. Besides the above structural security, we design a Security Situation Awareness System to monitor the network state in real time, and establish a mathematical analyzing model based on random process to assess the network security and optimize the security policy. The above security mechanisms are described in Sects. 4.4, 4.5, 4.6, and 4.7.

4.1 Identity Centric Network

Identity centric network is one of the key technologies of the sovereignty network. Data transmission in the sovereignty network is based on the identity centric network.

4.1.1 MIN Based on Identity Centric Network

The core conception of MIN is that multiple identifiers and transmission semantics can coexist in the network layer at the same time. In order to illustrate the concrete meaning of multiple identifiers, the identifiers are classified by two dimensions, including the identifier form and the identifier semantic. In terms of the dimension of the identifier form, identifiers can be classified into the following three types:

(1)
Flat identifiers. Flat identifiers are usually composed of a series of irregular values or characters. So, such identifiers are difficult to aggregate in the routing table. Some network architectures (such as XIA) use the hash value of a public key or data slice as the identifier for routing, which is a typical example of Flat identifiers.
(2)
Hierarchical identifiers. Hierarchical naming dictates that each content usually has an identifier that is similar to the Web URL, such as “/lab/pku/icon.jpg”. This kind of identifier is used in the Network layer of Named Data Networking (NDN) for routing. Identifiers in IPv4 or IPv6 can also be seen as hierarchical identifiers.
(3)
Spatial coordinate identifiers. Each node in the network is mapped into a geometric space with a coordinate. In the hyperbolic routing model, the hyperbolic coordinate is used to guide routing, such as $\left( {R_{1} ,\theta_{1} } \right)$.

On the other hand, in terms of the dimension of the identifier semantic, there are at least two types of transmission semantics listed as follows:

(1)
Point-to-point push semantic. It is a kind of semantics expressed by the traditional IP address identifier, which is characterized by that the data sender can actively push data to the data receiver without the request from the data receiver. Routers simply forward packets when dealing with such semantic network packets.
(2)
Point-to-multi-point pull semantic. It is a kind of semantics expressed by ICN identifier, which is characterized by that data sender can only transmit data to receiver on the premise that the receiver requests data. When a router deals with packets in push semantic, it will record the return path of packet and cache the data.

Network devices can process different types of identifiers. Devices that support the same identifiers can be divided into one area named identifier space. In order to support the extension of the new identifiers in the future, the current network must have one or more basic identifiers. The most typical basic identifier is the identity identifier, which directly uses the hash value of public key of the network device as the identifier for routing. It belongs to the flat identifier, and we define its transmission semantic is the point-to-point transmission semantic. Each device in the network must support identity identifiers, and each device will be bound to an identity identifier. A formal definition of the identifier space is given below.

1.
The Definition of Symbols
1. (1)
  $I = \left\{ {i_{0} ,i_{1} ,i_{2} , \ldots ,i_{k} } \right\}$, represents the set of all identifier that exist in MIN space. $i_{0}$ refers to the identity identifier of network devices, which is the most indispensable one. $\left\{ {i_{1} ,i_{2} , \ldots ,i_{k} } \right\}$ contains other extensible identifiers, such as the content identifier, service identifier, geographic identifier, IP, and so on.
2. (2)
  $V$ represent all device sets in MIN.
3. (3)
  $N$ is the subset of $I$, which is consist of several identifiers, for example, $N = \left\{ {i_{0} ,i_{1} } \right\}$.
4. (4)
  $S^{N} = \left( {V_{N} ,N } \right)$. $S^{N}$ represents the identifier space, which is a 2-tuple. $V_{N}$ represents a subset of network device $V$ in identifier space, and $N$ represents a subset of all identifiers that are supported by identifier space $S^{N}$.

2.
The Definition of Identifier Space

The set $S^{N} = \left( {V_{N} ,N} \right)$ can represent an identifier space in MIN if and only if $S^{N}$ meets the following conditions:
1. (1)
  Restrictive: $V_{N} \subseteq V,N \subseteq I$;
2. (2)
  Atomicity: $i_{0} \in N$;
3. (3)
  Consistency: $\forall v \in V_{N}$, $\forall i_{j} \in N$. $v$ supports $i_{j}$;
4. (4)
  Closure: if $\exists v \in V$, and for $\forall i_{j} \in N$, $v$ supports $i_{j}$, then $v \in V_{N}$.

4.1.2 Data Transmission Scheme

The characteristic of data transmission scheme in MIN is that it supports various transmission semantics coexisting on the network layer at the same time, including pull semantic and push semantic. MIR processing the incoming packet with different methods according to their identifier type, and this mechanism enable MIN’s network layer to be compatible with various transmission semantics.

Identity identifier is the basic identifier of MIN, and it has two features. Firstly, the transmission semantic of the identity identifier is push semantic. Secondly, identity identifier can be the hash value of public key of a user or device. Point-to-Point push semantic is the most essential method in packet forwarding. When a router receives an incoming packet, it is just need to look up the FIB (Forwarding Information Base) to decide the next hop where the packet will be sent to. If no match is found in FIB, the router will drop the packet. Both ends in a point-to-point session can validate each other’s identifier without any third-party certification body by using the hash value of the public key as the identity identifier. This is called the self-certified function of identifiers.

Another basic transmission semantic in MIN is the pull semantic, which is the typical transmission semantic in Information Centric Networking (ICN). Data transmission in ICN is driven by the consumer (receiver). There are two types of packets in ICN: Interest Packet and Data Packet. There are three major data structures: Forward Information Base (FIB), Content Store (CS), and Pending Interest Table (PIT).

FIB is used to forward interest packets to sources of matching the data. The FIB in the sovereignty network stores a list of outgoing faces rather than a single one [1]. Other than that, it’s almost identical to The FIB in IP. ICN’s FIB allows multiple data sources to be queried in parallel.

The CS is the same as the buffer memory of an IP router, but the replacement strategy is different [1]. Because each IP packet belongs to a separate point-to-point session, it has no further value after being forwarded downstream. So, the IP “forgets” the packet and recycles the cache (MRU replacement) as soon as the forwarding completes. ICN packets are idempotent, self-identifying, and self-certified, so each ICN packet may be useful to many consumers, for example, many hosts read the same news or watch the same YouTube videos. To maximize the possibility of sharing and minimize upstream bandwidth requirements and downstream latency, it is necessary for ICN nodes to remember incoming packets with LRU or LFU substitution strategies as long as possible.

PIT records the return path of the interest that is forward to upstream source of content, so the returned data packets can be sent downstream to the requester. In ICN, only interest packets are routed because they propagate upstream to possible data sources and leaving a “trace”. This “trace” provides a return path to the source requester for a matching packet. Each PIT entry is a trace. Once the PIT entry is used to forward a matching data packet, the PIT entry is erased (data packet consumes interest packet). PIT entries that do not find interest packets that match the packet will eventually time out by a soft state model; the consumer sends interest packets repeatedly if they still want the packet [1].

The process of data transmission in information centric network is shown in Fig. 4.1.

The requester sends an interest packet with name of the content. The router that receives the request will record the interest packet’s arrival face, and perform Longest Prefix Match Algorithm (LPM) for the content name.

Firstly, the CS is queried. If the requested content exists in the CS, the content is returned directly to the requester, and the interest packet is discarded; actually, it has been satisfied.

Then, the content name of the interest packet is queried in PIT. If there are exactly matching PIT entries, the arrival face of the interest packet is added to the list of requesting faces for PIT entries. Then the interest packet is discarded because a same interest packet has already been sent to upstream nodes. Hence, the router will send a copy of the data packet to each corresponding incoming face recorded in the PIT when the data packet arrives.

Finally, the content name of the interest packet is queried in FIB. If there is a matching entry, the interest packet needs to be sent upstream to the data source. If the resulting list of querying FIBs is not empty, the interest packet is then sent out all the reserved faces, and a new PIT entry is created according to the interest packet and its arrival face.

If the interest packet does not match any entry in FIB, it is discarded. It means that this node does not have any matching data and does not know how to find the matching data.

Once the interest packet reaches the node that has the requested resource, the data packet containing the name, content and the publisher’s signature is forwarded to the requester along the reverse path of the interest packet.

During the data transmission, neither interest packets nor data packets carries any host or interface address. In addition, ICN introduces the design of network cache. The router which the data packet passes through will cache the correct contents in its buffer memory, namely CS. Caches in ICN can help reduce the delay and the occupation of bandwidth in the content downloading process. If the cache has stored the request content, it can be returned to the requester without accessing to the data source when the request arrives at the router.

The process of data forwarding in the information centric network is as follows. When multiple interest packets request the same data at the same time, the router records incoming faces of these interest packets in PIT and only forwards the first received interest packet. When the data packets are returned, the router finds the matching entries in PIT and forwards the packets to those faces recorded in the entries.

4.1.3 Process of User Access

In identity centric network, the management strategies combining identity information is introduced for user access. In order to encourage users to be responsible for the published content, new contents published by users are bound with their identity information.

The process of user registration to the sovereignty network based on blockchain [2] is shown in Fig. 4.2.

Each user in the sovereignty network is a client node. Users in the sovereignty network must register with their real identities. The client generates public and private keys, then submits the public key, identity information, and information signed with the private key to any node in the blockchain. All nodes of the blockchain open service threads. When a blockchain node receives the request sent by the client, the request format is first checked. Then the blockchain node searches the user information in the local database and simply validates some contents. If one of the above steps failed, error message is returned to the client. If all the verifications are successful, the blockchain node encapsulates the user registration request as a common transaction and sends it to all consortium nodes.

The butler that receives the ordinary transaction stores it in the transaction pool. At the beginning of each consensus round, the duty butler takes ordinary transactions from the transaction pool to generate the pre-block and sends it to all commissioners for signatures.

The commissioners receiving the pre-block shall verify the pre-block header and each transaction according to the rules set in advance. There are three types of validation: no validation, probabilistic validation, and validation of keywords against a custom filter list. If the verification fails, the commissioner will send the failure message to the duty butler. Otherwise, the signature of the block header will be returned to the duty butler.

If more than half of the commissioners is collected rejecting signature, the duty butler will delete the pre-block in the memory, take out transactions from the local pool to generate the pre-block and send it to all commissioners for signatures. If more than half of the commissioners is collected agreeing signature, the duty butler will store the signatures in the block header and calculate the number of the duty butler for the next consensus period. Then it adds the timestamp to make the pre-block be a formal block. The formal block is finally released to the blockchain network. If less than half of the signatures are received, the duty butler will wait until time out, i.e., 20 seconds. Then the duty butler will be replaced and the pre-block will be regenerated and sent to the commissioners for signatures.

In blockchain, each node receiving formal block will verify signatures of commissioners and whether the number of signatures is more than half of commissioners. If the validation is successful, the block is stored in MongoDB database. The user registration information is then extracted from the block and is stored in the user registry. User information outside the blockchain is also stored via MongoDB. Considering MongoDB is a type of NoSQL (Not Only SQL), internal data is stored in a JSON-like format called BSON, which is different from the concept of the data table in a common relational database. However, due to the fixed key of user data and no nested structure, it can be equated to a user information table in a relational database.

The above procedure implements the process from sending requests to storing in the database and the information table outside the blockchain. By adding user registration requests in the consensus process, encapsulating user registration information into ordinary transactions, verifying the transactions, retrieving user information from transactions and saving to the database, it realizes the combination of blockchain and user registration function.

The fields and their meanings contained in the user information table are shown in Table 4.1.

Table 4.1 User information table

Full size table

An example of the user information table is shown in Table 4.2.

Table 4.2 An example of the user information table

Full size table

4.2 Large-Scale Multilateral Managed Consortium Blockchain Technology

The blockchain originates from a unique way to store data in the system of cryptocurrencies such as Bitcoin [3]. It can hold all historical data, transaction records, and other related information in the past by using a self-referencing blockchain data storage structure. Bitcoin has introduced the consensus mechanism into blockchain technology, making tampering with data almost impossible for attackers in computational difficulty [4, 5]. The consensus mechanism plays a key role in blockchain applications, which directly affects the safety and performance of products. Combining distributed storage, cryptography, consensus mechanism and peer-to-peer transmission, the blockchain technology reaches a spontaneous consensus in a decentralized environment with the core of safeguarding group interests.

Generally, the blockchain is divided into three types: public, private and consortium blockchain. Blockchain technology originates from the public blockchain. However, in practical application, the public blockchain suffers from various restrictions in different countries because of its transparency, untraceable of private information and weak controllability. As a compromise between the private and the public blockchain, the consortium blockchain has the advantage of realizing “partial decentralization” between some existing institutions, making the consortium of them efficient and fair.

The construction of the sovereignty network adopts the self-proposed efficient and novel consensus algorithm—PoV (Proof of Vote) [6,7,8,9,10], which is suitable for the consortium blockchain.

4.2.1 PoV Consensus Algorithm

There are four roles in PoV: commissioner, butler, butler candidate, and ordinary user. A certain degree of concurrent role is allowed, as shown in Fig. 4.3.

1.
Commissioner

A commissioner is a member of the consortium committee. Several enterprises or institutions from different regions of the world form a consortium committee and maintain a consortium blockchain system together. A new commissioner must be accepted through the proposed consortium law or offline consultation, and represented by a node working in the consortium blockchain network. It uses CS (Commercial Server) to provide services.

Commissioners have the following characteristics:

(1)
Commissioners have the right to recommend, vote for and evaluate butlers the book keeping nodes.
(2)
Commissioners are obligated to verify and forward blocks and transactions.
(3)
Different consortiums can set voting weights according to the shares, which can be reflected in the proportion of the signature of the commissioners. By default, each commissioner has the same rights and obligations and is of equal standing.
(4)
When a block gets majority votes, the block will be marked as valid and added to the blockchain. The result of voting represents the will of all commissioners.

2.
Butler

Butlers specialize in producing blocks. The number of butler nodes is limited. They can be considered as representative nodes in the traditional consensus algorithm, but the difference is that the authority of butlers is supervised and voted by commissioners in the consortium. The role of butler is designed to separate the voting and bookkeeping right. Commissioners have no right to produce blocks. However, a butler should gather transactions from every commissioner via network, pack them into a block, and sign it.

To becoming a butler, one needs to take two steps:

(1)
Register as a butler candidate.
(2)
Participate in the election at the end of each term. The butler candidate will be voted by commissioners and the successful one will be elected as the butler.

The butlers take turns to generate blocks in random order during the tenure and accept re-election after the expiration of their term of office.

3.
Butler Candidate

The system numbers the butlers {0, 1, 2, …, n − 1} which win the election in each round. As the number of butlers is limited, commissioners can elect butlers only from butler candidates through voting. If butler candidates lose the election, they can stay online, and wait for the next election.

There are three steps to apply for a butler candidate:

(1)
Register a user account in the consortium system and send a request to a commissioner to be a butler candidate.
(2)
Submit a recommendation letter. After verifying and ensuring that the butler candidate’s identity information is correct, the commissioner signs the recommendation letter generated via calling a function of asymmetric encryption. The private and public keys are respectively used to encrypt and decrypt the recommended letter to prevent forgery.
(3)
Pay the guarantee deposit to become a butler candidate. Commissioners can retain dual roles as butler candidates by recommending themselves.
(4)
Ordinary User

All three of these nodes use cryptography to authenticate their identities and need to sign the hash values of their operational messages. In contrast, ordinary users have the following characteristics:

(1)
No identification is required. The behavior of ordinary users can be arbitrary and anonymous. In the specific implementation, the user’s real name may be required according to the configuration of the consortium blockchain, or the user’s identity information in the transaction may be hidden by the encryption function.
(2)
Ordinary users can join or exit the network at any time.
(3)
Ordinary users cannot participate in the block generation, only in the block distribution and sharing.
(4)
Ordinary users can see the whole consensus process while accepting the service of the system. In the process of block generation, ordinary users have the obligation to participate in the process of block forwarding.

Figure 4.4 shows the relationship between the four roles.

4.2.2 PoV Consensus Process

The overall process of PoV consensus is shown in Fig. 4.5. After initialization, each node first enters the phase of the genesis block generation, which is jointly generated by commissioners and contains the information of the initial consortium members and the first batch of butlers.

When the genesis block is created, the system will automatically enter the cycle of “generating B_W ordinary blocks +1 special block”. Each cycle is a tenure, and a round of consensus may pass through M duty butlers to eventually generate a block. The butler circulates the work during on-duty and off-duty, and periodically applies to the vast majority of commissioners for block synchronization to ensure the latest status of itself. The generation cycle of a block is also the duty cycle of a selected butler to create a block. Each block contains a random number R generated by the random number algorithm, specifying the number of the next duty butler i = R.

After the genesis block is generated, the key nodes to create the block are the commissioners and the butlers. Figures 4.6 and 4.7 respectively show the flow chart of the perspective of the butler and the commissioner of ordinary blocks, where 〈$h,hs,M, time, R,sign\left( B \right)$〉represents the block height, the latest special block height, the cost duty cycle, the timestamp, the random number, the butler’s signature and other key attributes in the current block.

Figures 4.6 and 4.7 explain the key processes of generating ordinary blocks and special blocks only from the perspective of commissioners and butlers. On the other hand, other nodes, such as butler candidates and ordinary users are in a continuous cycle of synchronizing blocks, updating stored data, forwarding blocks, submitting and forwarding transactions. Most of these operations are in the network layer and the data layer. Submitting a common application transaction is in the application layer and usually operated by the wallet.

Algorithm 4.1 gives the pseudocode to run PoV algorithm on a node. After a series of initializations, the node determines how to run the PoV process by its own state and configuration.

Algorithm 4.2 describes the implementation of the commissioner process, including phases of the genesis block generation and the ordinary block generation.

Algorithm 4.3 describes the implementation of the butler candidate process.

This PoV has been updated to highly efficient version of Parallel PoV, or shortly as PPoV.

4.2.3 PoV Hierarchical Signature Mechanism

Due to the division of labor among nodes in the identity centric network is different, the sovereignty network considers using a hierarchical group/ring signature scheme [11]. Signatures of nodes in the network form a tree structure, and each superior manages a group of subordinate nodes as its leaves. Non-leaf nodes and their leaves form a group/ring. The public key table with all public keys in the group/ring is maintained locally where the signature formats of leaf and non-leaf nodes are respectively $\upsigma = \left( {r,s} \right)$ and $\sigma = \left( {y_{new} ,\hat{r}_{1} , \cdots \hat{r}_{t} ,s} \right),\hat{r}_{i} = \left( {r_{i} ,\sigma_{i} } \right)$, as shown in Fig. 4.8.

The superior signature is generated by the combination of the subordinate signatures and contains all information of the subordinate nodes. So, the verification of the superior signature also includes that of the tree rooted by the signature. In addition, according to the security requirements of the hierarchical group signature scheme, the group manager can only track the signer identity of its leaf node and cannot open the signature generated by members in other groups. By establishing groups among nodes with different levels and identities, the superior group managers can quickly locate the problem group and identify the corresponding malicious nodes.

To reduce the size of a single tree and the complexity of iterative verification, the signature tree is divided into two types according to its ownership and purpose: ring signature tree for voting and common group signature tree. The hierarchical signature mechanism based on group/ring signature technology with PoV blocks is shown in Fig. 4.9.

(1)
Any ordinary user in the bottom domain generates the transaction and attaches the signature S. It also receives intra-domain transactions and verifies the correctness in terms of contents and signatures. If correct, the transaction is forwarded to other nodes in the domain. Butlers listen for intra-domain transactions and puts valid transactions into the local pool.
(2)
The duty butler regularly takes transactions from the pool and encapsulates into the pre-block. The ordinary users to which these transactions belong are added to the group of the duty butler to generate a new superior group signature S′. Then the duty butler sends the pre-block and S′ to commissioners and butlers in the domain.
(3)
After the commissioner receives the pre-block, it will verify the transaction and the butler’s signature S′. If it agrees to generate the corresponding block, it will send back its signature P and timestamp as a ticket to the duty butler.
(4)
If has collected signatures and timestamps from more than half of the intra-domain commissioners before the deadline, the duty butler will form a ring with the commissioners belonging to these signatures to generate a new superior ring signature P′.
(5)
When the commissioner receives the final block, it verifies the signatures P′ and S′. If valid, the transactions contained in the block will be removed from the local pool. If the commissioner is not in the top domain, it will extract the block header as a transaction, replace the attached butler signature S′ with the new superior group signature S”, and then propose the transaction as an ordinary user in the superior domain. The other superior nodes continue to verify the signatures P′ and S”. If the commissioner is in the top domain, the block will become legal and will been finally confirmed when more than half of the commissioners acknowledge were receipted.

4.3 Routing Scheme for Billions of Multiple Identifiers

Traditional Routing methods based on flat Routing Protocol, such as Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), are faced with the problem of Routing Information synchronization, and cannot be adapted to hierarchical network architecture. Considering the hierarchical management characteristics of the sovereignty network, the BGP protocol is adopted to synchronize the routing information between the autonomous system of the same level network. Considering the future Industrial Internet and other application scenarios, the network addressing scale will have been continued explosive growth.

In order to further improve the efficiency of routing, hyperbolic identifier and routing scheme [12, 13] is proposed for the core networks which has more stable topology and under greater routing pressure than other parts. Then the hash table with prefix tree algorithm is designed for edge networks which topology changes frequently to support a huge amount of identifiers routing problem.

4.3.1 Border Gateway Protocol

The Border Gateway Protocol (BGP) is an optimal distance vector routing protocol, which is used to connect the routes between autonomous system. BGP protocol provides an inter-domain routing system, it guarantees that the autonomous system can only exchange routing information acyclic and routers exchange information about the paths to the target network.

The BGP is modified from the Exterior Gateway Protocol (EGP), where EGP can only simply transport routing information between ASs. However, EGP does not distinguish any priority in routing and does not consider how to avoid routing loops between ASs. So BGP is generally adopted in the operator’s core network.

Different with the original EGP, the BGP provides a better service due to the routing optimization, avoiding routing loops, efficiently routing, and maintain large amounts of routing information. This is a policy-based routing protocol that allows the autonomous system to transport data based on a variety of BGP attributes. The most critical factor to be considered is the BGP attributes rather than the speed, when determining the best path.

BGP forwards by maintaining three tables: (1) a neighbor relationship table that records all neighbors, (2) a forwarding database that records neighbor network, path attributes, and BGP attributes, (3) a route table that records the optimal path and the distance of the BGP route from the outside/inside.

The main message types are listed as Table 4.3.

Table 4.3 The message type of BGP

Full size table

BGP adopts different strategies to establish neighborhood relationships according to its states. In the Idle state, BGP rejects connection requests from neighbors. Only after receiving the Start event from this device, BGP tries to make TCP connection with other BGP peers and goes to the Connect state. The Start event is triggered by one of these reasons: a BGP procedure is configured by an operator, an existing procedure is resettled, and the BGP procedure is resettled by a router software. Whatever the state BGP is, BGP will go to Idle state after receiving Error events such as Notification message, TCP pipe broken Notification.

If in the Connect state, TCP build the connection through three times handshake. If TCP do not complete the handshake, the BGP starts the Connect Retry timer and waits for TCP to complete the connection. If the TCP connection is successful, then BGP sends an Open message to the peer and switches to the OpenSent state. If the TCP connection fails, and the BGP switches to the Active state. If the Connect Retry timer timeouts and the BGP still does not receive a response from the BGP peer, the BGP attempts to build TCP connection with another BGP peer, and BGP remains in the Connect state.

In the Opensent state, if three times handshake is successful, and sending OPEN message to negotiate related parameters of BGP (e.g., AS, version, auth). BGP waits for the Open message of the peer, and checks the AS number, version number, authentication code and so on in the received Open message. If the received Open message is correct, the BGP sends the Keepalive message and switches to the OpenConfirm state. If any error is found in the received Open message, the BGP sends the Notification message to the peer and switches to Idle state.

When it enters the Establish state, BGP can exchange the Update, Keepalive, Route-Refresh and Notification messages with peers. If the correct Update or Keepalive message is received, then the BGP judges that the peer runs, and maintains the BGP connection. If an incorrect Update or Keepalive message is received, the BGP sends the Notification message to notify the peer of going to the Idle state. The Route-refresh message does not change the BGP state. If the Notification message is received, the BGP switches to Idle state. If the TCP chain notification is received, the BGP disconnects and switches to the Idle state. If Active TCP fails to establish three times handshake, it will attempt three times then goes back to Idle state.

Advantages of BGP:

BGP guarantees the network security, flexibility, stability, reliability and high efficiency from various aspects.
BGP guarantees network security through authentication and GTSM.
BGP provides various routing policies, which can be used to select routes flexibly and instruct neighbors to publish routes according to policies.
BGP provides the function of route aggregation and route attenuation to prevent route oscillation, which effectively improves the stability.
TCP is used as the protocol of transport layer (port number is 179) to combines BGP, BFD, BGP Tracking, BGP GR, as well as NSR, which improves the reliability of the network.
In the scenario with large number of neighbors and the routing scale, if most neighbors have the same exit strategy, BGP uses group packing technology improving the performance of BGP packing.

4.3.2 Hyperbolic Identifier and Routing Scheme

Sovereignty networks forward content based on the name, which suffers from the large identity scale and dynamic requests brought by many new types of identifiers and many future application scenarios such as IoT, Industrial Internet, high security private network.

Greedy geometric routing (GGR) maps the cyberspace into a metric space and assigns an address or coordinate to each node. Each segment of the network message transmitted in the network is accompanied by its destination coordinates. Each router calculates the geometric distance between each adjacent node and the destination separately after receiving the packet. The one with the smallest distance will be selected as the next hop for forwarding. In this process, since the required information of each node only includes the coordinates of its neighbors, GGR can minimize the size of FIB as much as possible. GGR is a basis for providing a routing protocol for large-scale networks.

Hyperbolic routing (HR) is based on the scale-free property of the network, which means that the degree of nodes in the network follows a power-law distribution. Through the mapping algorithm, the network is mapped to a space with negative curvature (i.e., hyperbolic space). Two-dimensional space is taken as an example. Each node is mapped into a disk with radius $R$ and assigned a polar coordinate $\left( {r,\theta } \right)$. The angular coordinate $\theta$ represents the relative position of the node in the network, and the radial coordinate $r$ indicates the central degree of the node. The smaller the radius coordinate of a node, the closer to the center of the disk. When the angular coordinates of the two nodes are constant, the hyperbolic distance between them will decrease with the decrease of radial coordinates. Therefore, greedy routing based on hyperbolic distance tends to select more centralized nodes as its next hop for forwarding.

Many networks such as the IP Internet have the scale-free property. Combining with an appropriate mapping algorithm, a simple greedy strategy based on hyperbolic range can forward the message to the destination node with a high success rate. For the few cases that forwarding fails, auxiliary intelligent forwarding strategies can be adopted to make the success rate of hyperbolic routing approach 100%.

However, HR algorithm also has some defects. Compared with the routing protocol based on the traditional shortest path algorithm, the forward path selected by HR algorithm has a larger transmission delay. It’s the inherent disadvantage of the greedy strategy, and most of the existing hyperbolic mapping algorithms do not consider network delay. To avoid this disadvantage, we have proposed a hyperbolic routing algorithm that reduces the network latency and ensures the fast selection of forwarding paths to guarantee the fast forwarding of the sovereignty network.

The proposed HR algorithm maps a scale-free cyberspace to a three-dimension hyperbolic space H³. Each node in the network is assigned a three-dimension spherical coordinates. The distance between two points $\left( {r_{1} ,\theta_{1} ,\phi_{1} } \right)$ and $\left( {r_{2} ,\theta_{2} ,\phi_{2} } \right)$ can be calculated based on the cosine law.

$$d_{12} = \cosh^{ - 1} \left( {\cosh r_{1} \cosh r_{2} - \sinh r_{1} \sinh r_{2} \cos \Delta \theta_{12} } \right)$$

(4.1)

where $\Delta \theta_{12}$ represents the central angle between the two points and the origin.

$$\Delta \theta_{12} = \cos^{ - 1} \left[ {\cos \theta_{1} \cos \theta_{2} + \sin \theta_{1} \sin \theta_{2} \cos \left( {\theta_{1} - \theta_{2} } \right)} \right]$$

(4.2)

The algorithm includes two parts: the angular coordinate mapping and the radial coordinate mapping. The specific process is described in the next part.

1.
Angular Coordinate Mapping

Each node is assigned an angular coordinate, which is mapped to the sphere S². Sphere S² simulates the surface of the earth, while the angular coordinates of nodes represent their actual positions in the network as shown in Fig. 4.10.

The angular coordinates of high degrees nodes are set directly as their geographic location, i.e., the latitude and longitude information. The reasons are listed as follows:

The transmission delay between two nodes is proportional to the geographical distance between them. Hence the mapping based on geographical location can optimize effectively on the delay.
The mapping method is convenient to calculate.
The mapping method is independent of the topology information of the network, so it maintains strong stability in the dynamic environment of the network.

We have proposed a different approach to non-central nodes with low degrees, because their network location depends on local topology than geographic information. For node $i$ whose degree is greater than or equal to 3, it will calculate its average delay from each central node, then select the three central nodes $j_{1}$, $j_{2}$, $j_{3}$ with the smallest delay to calculate its angular coordinate.

If the delay between $i$ whose angular coordinate is $\left( {\theta^{*} ,\varphi^{*} } \right)$ and $j_{k}$ whose angular coordinate $\left( {\theta_{k} ,\varphi_{k} } \right)$ is $t_{k}$, we can obtain that:

$$\min_{{\left( {\theta^{ *} , \varphi^{ *} } \right) \in S^{2} }} \left[ {\left| \xi \right| + \varepsilon \left( {\Delta \theta_{i1} + \Delta \theta_{i2} + \Delta \theta_{i3} } \right)} \right]$$

(4.3)

$$s.t. \lambda \Delta \theta_{ik} = t_{k} - \xi \left( {k = 1,2,3} \right)$$

(4.4)

$\Delta \theta_{ik}$ is the central Angle of $\left( {\theta_{k} , \varphi_{k} } \right)$ and $\left( {\theta^{*} ,\varphi^{*} } \right)$, which can be obtained from Eq. 4.2. The Eq. 4.2 reflects the direct proportional relationship of the network delay and spherical distance, where the relaxation variable $\xi$ is used to ensure a viable solution.

The former term of the objective function ensures that the value of $\xi$ is as small as possible. The latter term $\varepsilon \left( {\Delta \theta_{i1} + \Delta \theta_{i2} + \Delta \theta_{i3} } \right)$ is used to select the smallest sum of spherical distances when there are multiple feasible solutions.

For non-central nodes with degrees less than or equal to 2, their angular coordinates will directly copy one of the highest degrees in the neighborhood, since there is only one path to the central node.

2.
Radial Coordinate Mapping

The radial coordinate $r$ represents the central degree of a node. In a scale-free network, r follows the exponential distribution.

“Supernodes” in a network may delay the generation of suboptimal paths. For example, Shanghai has an extremely large number of Internet users, so there are several high “supernodes”. If a message from the north Korean city of Incheon to the south Korean city of Busan, the forwarding path selected by HR may be attracted to the high center of Shanghai, i.e., Incheon—Shanghai—Busan causing additional delay, because these cities have a smaller population than Shanghai.

To solve this problem, the global network is divided into subgraphs. The most central node in each subgraph has similar radial coordinates. Therefore, the forwarding process is more likely to select the central node in the subgraph, which improves the locality of routing and reduces transmission delay. The m nodes $i_{1} ,i_{2} , \ldots ,i_{m}$ with the highest degrees in the network are selected, and the other nodes measure the delay between themselves and each $i_{*}$. If $i_{k}$ is the one with the smallest delay, then this node belongs to the corresponding sub-graph $G_{k}$.

Radial coordinates are obtained by maximum likelihood estimation, and we have the following prior conditions:

(1)
The degree of nodes follows a power distribution $\rho \left( k \right)\sim k^{ - \gamma }$, where the lowest degree is k₀, and the average value is $\bar{k}$. The degree and radius coordinates satisfy the following relation:

$$r\left( k \right) = R - 2\ln \frac{k}{{k_{0} }}$$

(4.5)

where R indicates the radius of the sphere.

(2)
The probability of connecting two nodes with hyperbolic distance x is:

$$p\left( x \right) = \left\{ {1 + \exp \left[ {\frac{{\zeta \left( {x - R} \right)}}{2T}} \right]} \right\}^{ - 1}$$

(4.6)

T is temperature and represents the aggregation degree of control nodes. $\zeta$ is the curvature of hyperbolic space. R can be obtained by the following integral:

$$\bar{K} = \frac{N}{2\pi }\int\limits_{0}^{R} {\rho \left[ {k\left( r \right)} \right]} \int\limits_{0}^{R} {\rho \left[ {k\left( {r^{\prime}} \right)} \right]} \int\limits_{0}^{\pi } {\int\limits_{0}^{\pi } {p\left( x \right)d\varphi^{\prime}d\theta^{\prime}dr^{\prime}dr} }$$

(4.7)

x is the hyperbolic distance between $\left( {r^{\prime},\theta^{\prime},\varphi^{\prime}} \right)$ and $\left( {r,0,0} \right)$.

On the basis of the above prior conditions, for node ${\text{i}}$ with degree $k_{i}$, the maximum likelihood of its radial coordinate is estimated as:

$$r_{i}^{*} = R - 2\ln \frac{{k_{i} - T\gamma }}{{k_{0} }}$$

(4.8)

If node $i \in G_{j}$, its diameter coordinate is:

$$r_{i} = \log \left\{ {\beta + \exp \left[ {r_{i}^{*} + \left( {r_{0} - r_{i}^{*} } \right)\left( {\frac{{R - r_{i}^{*} }}{{R - r_{j}^{*} }}} \right)^{4} } \right]} \right\}$$

(4.9)

$\beta$ is used to adjust the relative weights of radial coordinates and angle coordinates in the routing process.

Through the above formula, the diameter coordinate $r_{0}$ of the most central node in each subgraph is obtained, and only minor modification is made to the non-central node whose original radial coordinate is small.

In the angular coordinate mapping algorithm, the network delay is equivalent to the spherical distance, and the coordinates of non-central nodes are calculated accordingly. At the same time, in the radial coordinate mapping algorithm, the delay is reduced by subgraph partition. At the same time, the network delay is taken as the basis of subgraph partition.

4.3.3 Hash Table with Prefix Tree Algorithm (HPT)

Prefix Tree (Trie), also known as Dictionary Tree, is a data structure commonly found in string matches. In a dictionary tree, an edge refers to a unit composed of a name, such as bits, characters, and so on. A node refers to a specific name whose contents are the assembly of components rooted to all the edges on the path to that node. In the storage structure based on Prefix Tree, the same prefix part between names is merged into the upstream path to realizing the compression of data capacity and the preservation of the logical relationship between names.

Because the prefix tree supports LPM (Longest Prefix Matching) algorithm and has good space utilization efficiency, most network uses prefix tree for forwarding. The disadvantage of prefix tree is that the searching speed in prefix tree is slow. Firstly, the computational overhead is roughly proportional to the expected length of the name. Secondly, at each level, the searching algorithm needs to match all the outsides of the node one by one to find the child nodes for the descent. Therefore, the forwarding architecture based on the prefix tree will cause a large searching delay and affect the overall performance of network.

Compared with the prefix tree, the searching speed of the hash table is not affected by name length and entry size, so it has better adaptability in a large-scale network. However, to cope with hash collisions, the hash table also needs to store the full key value (i.e., the content name) in the table entry, which incurs a large storage overhead. At the same time, the original hash table structure does not support the longest prefix matching algorithm, and the simplest linear implementation has a large searching time. To cope with these problems, existing ICN networks usually use data compression schemes such as footprint-based Hash Table and algorithm optimization schemes such as Random Search to improve the scalability of the system.

In general, the new identifier is much longer than the IP address, so the process of a multi-identifier will face great pressure of computing and storage. To this end, we propose a hash table with prefix tree algorithm HPT, adding semi-virtual entries to the prefix tree. This scheme accelerates the backtracking process of the FIB searching algorithm and effectively improves the efficiency of multi-identifier translation and addressing. Hash tables are used for quick lookups, and tree structures are used to store logical relationships between names. The main structure of FIB is shown in Fig. 4.11.

The characteristics of FIB include the following:

(1)
FIB consists of hash tables and prefix trees. For any name stored in a table, all true prefixes have corresponding entries in the table. The process of checking for the existence of the prefix and adding the corresponding secondary entry is called FIB refactoring. In reconstructed FIB, table entries are divided into real entries and non-real entries, and non-real entries are divided into virtual entries and semi-virtual entries.
(2)
In the hash table, the name is used as the key, and the node in the prefix tree is used as the value. In this way, we realize the fast retrieval of forwarding information.
(3)
Each edge in the prefix tree represents a name component. Each node in the prefix tree represents a name that stores the forwarding information corresponding to the name and the corresponding category of table entries, as well as Pointers to maintain the prefix tree structure.

The specific definitions of real entries, non-real entries, virtual entries, and semi-virtual entries are as follows:

(1)
Real entry: Names in real entries refer to actual data and are used to guide the forwarding of interest packets. Before FIB refactoring, all table entries are real.
(2)
Non-real entry: Auxiliary entries used to support random searching algorithms are called non-real entries. Names in non-real entries do not refer to any actual data and do not guide the forwarding of interest packets.
(3)
Virtual entry: A non-real entry is said to be virtual if it does not have any real prefix. When the random searching process ends with a virtual entry, it ends directly without generating any false-negative errors.
(4)
Semi-virtual entry: If the non-real entry has a real prefix, the non-real entry is called a semi-virtual entry and requires backtracking.

When a user registers and publishes resources on MIN, multiple identifiers are bound with resources and stored in MIS. Commonly used identifiers and their inter-translation information are stored in HPT-FIB of MIR. If MIR can query corresponding information in the local HPT-FIB, it will directly forward. Otherwise, MIR will initiate a translation request to the MIS system based on the identifier provided by the user. MIS searches the other identifiers corresponding to this identifier, then selects the appropriate identifier and sends it to MIR for addressing. The usage of FIB is as follows.

1.
FIB insert

First, we should determine whether the name to be inserted in FIB exists. If so, perform the first (1) inserting step; otherwise, perform the second (2) inserting step. The inserting steps are shown as below.

(1) The inserting steps

(1)
Step 1: Determine whether the entry corresponding to the name is a real entry. If so, update its forwarding information; otherwise, perform step 2.
(2)
Step 2: Judge whether the entry corresponding to the name is a virtual entry. If so, perform the modification step; otherwise, perform step 3.
(3)
Step 3: Change all virtual entries in the child tree to semi-virtual entries, and then perform the step 4, Modify step.
(4)
Step 4: Modify its category to be a real entry and add forward information.

To sum up, in the first inserting step, if the name to be inserted already has a corresponding entry in FIB, there is no problem with adding new entries. The case of real entries is trivial, so only non-real entries are considered. The corresponding category is modified to be real. If the entry is originally virtual, the virtual entry in the subtree needs to be modified to semi-virtual. If the entry is originally semi-virtual, the subtree does not need to be modified.

(2) The inserting steps

Firstly, search the LPM of the name to be inserted in FIB. If HIT is real, then perform the first processing step. If MISS or HIT is virtual, the second processing step is performed.

(1)
Step 1: insert the real entry corresponding to the name, find all true prefixes of the name in FIB, and insert the corresponding semi-virtual entry if it does not exist.
(2)
Step 2: insert the real entry corresponding to the name, find all true prefixes of the name in FIB, and insert the corresponding virtual entry if it does not exist.

To sum up, in the second step, if the name to be inserted does not have a corresponding entry, the corresponding real entry is inserted. At the same time, the prefixes are checked backward and forwards to ensure that they are present in the FIB. If a prefix is found not existing, the corresponding non-real entry is inserted. This process continues until the algorithm reaches the LPM or root node, and thus determines the category of non-real nodes inserted during this process (Fig. 4.12).

2.
FIB Search

The process of lookup of FIB algorithm is shown as Algorithm 4.5 and Fig. 4.13.

The port to forward the packet is obtained by searching the name of the interest packet through the random searching algorithm. The random searching algorithm can be chosen according to the request, such as traditional binary searches.

There are three patterns based on the category of the last HIT entry:

(1)
If it is a real entry, the search for LPM is successful, and returns the corresponding information.
(2)
If it is a virtual entry, it is sure that there is no matching real prefix in the table, so return with no match.
(3)
If it is a semi-virtual entry, there is at least one matching real prefix in the table. We can backtrack in the prefix tree to find the matching real prefix out and return it. Since backtracking in the prefix tree does not involve searching, this process has a minimal time overhead.

As shown in Fig. 4.14, the last HIT prefix of binary search for the name “/c1/c2/c3/c6/c7” is “/c1/c2/c3”, which is a semi-virtual table entry leading to the backtrack process. The algorithm starts from “/c1/c2/c3” to backtrack until it encounters the first real entry “/c1”, then returns its corresponding forward information.

So, there are two kinds of lookup results. One is HIT, which means that there is a corresponding real entry in HPT FIB (i.e., the last HIT entry is real entry or semi-virtual entry). The other is MISS, which means that the corresponding real entry does not exist (i.e., the last HIT entry is virtual).

3.
Deleting FIB

The FIB deleting step is used to discover and retrieve out-of-date non-real entries.

Firstly, determine whether there are child nodes in the corresponding entry of the name to be deleted in FIB. If so, perform the first deleting step; otherwise, perform the second deleting step.

(1)
The first deleting step: judge whether the parent node of the corresponding entry is virtual. If it is virtual, then execute the first deleting sub-step. If the parent node of the corresponding entry is real or semi-virtual, change the entry category of the name to semi-virtual.
- First deleting sub-step: Change the entry category corresponding to the name to virtual, and then traverse the subtree with the name as root. If one of the nodes satisfies the first condition (category is semi-virtual) and the second condition (there are no real nodes on the path from the node to its name), then the category of the node is changed to virtual.
(2)
The second deleting step: Deletes the entry, then checks all true prefixes of the name upward, step by step. If the corresponding node of the prefix satisfies the first point (class is not real) and the second point (leaf node), then delete the entry.

Through deleting steps, the categories of non-real entries can be kept correct in the dynamic environment, and out-of-date non-real entries can be found and recovered timely, so as to ensure the efficiency and stability of the forwarding plane (Fig. 4.15).

Our experiments show that the FIB forwarding data structure combining prefix tree with hash algorithm could support large-scale name prefix storage and search, as shown in Table 4.4.

Table 4.4 The relationship between time and scale of FIB [31]

Full size table

HPT-FIB has a significant storage overhead when the network scale further expands. Therefore, we proposed a 3D Hyperbolic Routing (HR) model instead of a forwarding table to reduce storage overhead in MIR. MIN is mapped to a 3D hyperbolic space, then MIR and all contents are given 3D spherical coordinates. In HBR, MIR only uses the greedy algorithm to select a MIR as next-hop with the smallest hyperbolic distance from the destination for forwarding. This approach significantly reduces the storage overhead of MIR.

The HPT-FIB entries of this system are more than one billion, and the lookup speed is close to log(log(N)), where N is the number of identifiers. The design completely solves the problem of false-negative errors in the existing algorithms. Besides, MIR can detect and delete obsolete table entries timely, thus improving the efficiency of memory recovery.

4.4 Identity Authentication Scheme Based on Real Identity and Biometric

The identity authentication of the sovereignty network users is based on human biological characteristics, and combined with blockchain technology as a decentralized identity management scheme. The user authentication function accurately identifies the user’s identity, and stores the related information into blockchains, so as to ensure its integrity and consistency. Besides, combined with the identity management scheme of blockchains, it also realizes the decentralization of third-party certificate authentication and generating institutions. Through the most advanced encryption scheme, the proposed scheme effectively protects the privacy of the user’s identity information.

4.4.1 Introduction of User Biological Characteristics

1.
Iris

The iris is the circular region between the pupil and the white sclera on the surface of the human eye. In near-infrared light, the iris presents a rich texture, such as spots, stripes, filaments, coronae and crypts. Iris recognition technology is adopted in identity authentication by comparing the similarities between iris image features. The core step is to describe, match and classify iris features of human eyes by pattern recognition, image processing and other methods, so as to realize automatic human identity authentication.

The characteristics of iris are listed as follows.

(1)
Uniqueness. According to physiological researches, the detailed texture of iris is determined by the random factors of the embryonic development environment. The random distribution of the texture details lays a physiological foundation for the uniqueness of iris. The images are significantly different even when the irises of twins or the same person’s left and right eyes. Hence it is almost impossible to find two identical irises in nature.
(2)
Stability. The iris begins growth in the third month of the infant’s embryonic period. By the eighth month, its main texture has been formed. On the other hand, due to the protection of the cornea, the fully developed iris is less vulnerable to external damage. Therefore, it is almost impossible that the iris changes due to external physical contact. Scientists have found that the texture of the iris remains almost constant throughout life, barring surgery that can endanger the eye.
(3)
Non-contact. The iris is an externally visible internal organ, whose feature collection is more hygienic and convenient than the biological features that need to be touched. This is very different from external organs such as fingerprints and face images. A qualified image of the iris can be obtained through a contactless (or even remote) collection device. This is very convenient in practical applications.
(4)
Large capacity. The acquisition of clear iris texture requires the cooperation of specialized devices and users, so it is difficult to steal iris images, compared with fingerprints and faces. In addition, eyes also have a lot of excellent optical and physiological characteristics, which can be used for detection in vivo iris.

Iris recognition process includes iris image acquisition, iris image preprocessing, feature extraction and comparison, and user identity recognition.

2.
Face Recognition

Face recognition is a kind of biometric technology based on facial feature information. Images or video streams containing faces are captured with cameras to automatically detect and track the faces. The series of related technologies are commonly known as portrait recognition or face recognition.

Rapidly developing solutions include multi-light face recognition based on active near infrared image and face recognition based on machine learning.

Multi-light face recognition based on active near infrared image technology can overcome the influence of light changes and improve the recognition performance. Due to the performance of the system in accuracy, stability and speed superior to 3D image face recognition, this technology has developed rapidly in recent two or three years, which gradually makes facial recognition technology to practical application.

The face recognition technology combining machine learning is based on various theories to build the learning model and face database, which can also realize high-precision face recognition without special physical equipment.

Similar to other biological features of the human body such as fingerprints, iris, etc., the human face is innate. It is difficult to be copied with unique characteristics, which provides a necessary prerequisite for identification.

Compared with other biometrics, face recognition has the following characteristics:

(1)
Non-mandatory. The process to obtain face images does not need users to cooperate with face acquisition equipment, which are almost unconsciously. Such a sampling method is not “mandatory”.
(2)
Non-contact. The process to obtain a face image does not need users to contact directly with the device.
(3)
Concurrency. In practical application scenarios, multiple faces can be sorted, judged and recognized at the same time.

In addition, face recognition also conforms to the characteristics of “recognizing people by appearance”, as well as guarantees simple operation, intuitive results, good concealment, etc.

The face recognition system mainly consists of four parts: face image acquisition and detection module, face image preprocessing module, face image feature extraction module, matching and recognition module.

3.
Fingerprint

The fingerprint is lines on the skin on the front end of fingers. The lines are arranged regularly to form different patterns. Fingerprints are almost synonymous with biometric identification for their lifetime immutability, uniqueness, and convenience.

The starting point, ending point, joint point and bifurcation point of the lines are researched as the detailed feature of fingerprint. Fingerprint identification compares the detailed features of different fingerprints. Fingerprint recognition technology combines image processing technology, pattern recognition technology, computer vision technology, mathematical morphology, wavelet analysis and many other subjects. Fingerprints can be used for identification because everyone’s fingerprints are different even between the fingers of the same person.

The main advantages of fingerprint identification technology are listed as follows.

(1)
Fingerprints are unique features of the human body, and they are complex enough to provide features for identification.
(2)
The reliability can be improved through registering and identifying more fingerprints from different fingers. Up to ten fingerprints can be taken, and each fingerprint is unique.
(3)
The speed of fingerprint scanning is very fast, and it is very convenient to use.
(4)
When reading a fingerprint, the user must directly touch the fingerprint sampling machine with the finger.
(5)
Direct contact with a fingerprint sampling machine is the most reliable method to collect human biological characteristics.
(6)
The fingerprint sampling machine is smaller and cheaper than other sampling machines.

Above all, the adoption of biometric information can greatly improve the reliability of user identification and significantly reduce the probability of user feature information being stolen.

4.4.2 Introduction of Each Module

In the sovereignty network, the authentication system based on real identity and biometric characteristics includes three modules: identity chain, Content Management (CM) module, sovereignty network client and handheld terminals.

1.
Identity Chain

The identity chain uses the blockchain based on PoV consensus as the underlying storage system to store the user’s identity information, public key, and part of the encrypted identity information. Identity information refers to symbols that can be individually mapped to a particular unique user, such as relevant certificates, fingerprints, iris images and face information. Depending on the requirements of scenario with the need for high security, a location map of the off-chain storage can be written on the block, which uses a secure off-chain storage scheme to store identity information that the user refuses to disclose.

The identity chain also provides a client to query identity information. The sovereignty network client or CM module obtains the corresponding identity information with this client.

2.
CM Module

CM module is responsible for completing user’s operations, such as adding, deleting, modifying, searching, etc., as well as specific business, such as registration, login, logout, modification and deletion of identity information. Various designs are adopted to protect the privacy and rights of the user. The addition and deletion of the user are executed without the authorization of users, while the modification and query of user information need its consent. In fact, the client needs to generate the corresponding Access Token or the intermediate key in re-encryption technology to indicate the obtained users’ permission.

During the registration process, CM module approves part of the user’s information. Once approved, the summary is signed and returned to the client. Meanwhile, as the verifier in the identity management scheme, CM module invokes the identity chain of the client to write and query the identity. In addition, CM encapsulates the third-party biological interface and works as the server for biological characteristics authentication. Since the variety of proposed biological authentication methods in the sovereignty network, the CM module determines which authentication method the user uses for login.

3.
Sovereignty Network Client and Handheld Terminals

The client is responsible for collecting and maintaining the corresponding hardware and software information, and the handheld terminal uses the interface of the biological verification facility in the form of APP to collect the initialization data and biological information during verification. The handheld terminal adopts Android system to develop Android applications and corresponding identity authentication applications for the sovereignty network client.

In addition, during the registration, the Elliptic Curve Cryptography (ECC) is adopted in the client to generate the corresponding public and private key pairs, and then issue a request after CM approval. The approval public key, client information and identity information are written to the identity chain. Then the erasure code technology is used by the client to split the private key into n blocks, which will be stored on trusted devices respectively. While restoring the private key, m blocks are requested from the corresponding devices to decode the complete private key. In this way, MIN enhances the stability of the private key storage with low storage overhead.

4.4.3 Application Scenarios

1.
Handheld Terminal Authorization

As shown in Fig. 4.16, the process of handheld terminal authorization is as follows.

(1)
The end-host device sends a request to CM for obtaining the public key of CM.
(2)
The end-host generates the public and private keys and unique information, then encrypts the information with CM’s public key and sends a request to CM.
(3)
CM writes the identity information of the device into the blockchain.
(4)
Blockchain returns the feedback of written information.
(5)
CM returns the result to the end-host.

2.
User Registration

As shown in Fig. 4.17, the user registration process is as follows:

(1)
The client first sends a request for CM’s public key.
(2)
The relevant information (i.e., name, account number, ID number, etc.) is provided from the client’s registration screen, and iris images are input through the iris sampling device. The client then generates public and private key pairs. The private key is encoded into n pieces by erasure code (n is configurated by operation staff), and is stored in trusted devices. It is worth mentioning that MIN would provide a local disk to store private keys if the user does not provide any equipment.
(3)
After the client encrypts iris images with its public key followed by a signature made by the private key, it uses CM’s public key to encrypt the ciphertext of iris images again and sends it to CM server. After the CM server receives the registration information submitted by the client, it returns the link to submit the user’s biometric information to the client.
(4)
The client generates the corresponding Quick Response (QR) code and sends it to the handheld terminal. The QR code contains the client’s public key which is bound with the client by the user.
(5)
The user scans the QR code with a handheld terminal to log in with the identity information, and collects fingerprints, faces and other information. After all the signs are collected, then they are encrypted using the public key of CM and sent to the CM server with other encrypted information.
(6)
The registration information received by CM server is automatically approved by the system. If validation passes, CM will store the identity information into the blockchain.
(7)
The blockchain feeds back the results to CM.
(8)
CM returns information to the client about whether the registration is successful or not.

3.
User Login

As shown in Fig. 4.18, the process of user login is as follows:

(1)
The user enters the user name and password. Then the client uses its private key and CM’s public key to generate the re-encryption key. The re-encryption key cannot be used to invert the user’s private key and CM’s public key, but can be decrypted with CM’s private key.
(2)
The client uses CM’s public key to encrypt user name, password, re-encryption key and hardware and software information, and sends the ciphertext to CM.
(3)
The CM module searches for the corresponding information on the blockchain according to the user ID. The query result is sent to CM and stored in the cache after being decrypted with the private key of CM.
(4)
The CM module sends the link of physical verification to the client according to the policy set by administrators. Then the client generates the QR code.
(5)
The handheld terminal scans the QR code and sends its public key and binding information to CM.
(6)
The CM encrypts the feature information with the public key of the handheld terminal and returns it to the handheld terminal, which authenticates biometric characteristics such as fingerprint, face and iris.
(7)
The handheld terminal sends the feedback result of authentication to the CM module.
(8)
If the authentication is successful, CM sends a notification to allow the client to mount the file system. Otherwise, the login fails. The mount process is the same as the NFS mount process.

4.
User Identity Information Modification and Deletion
1. (1)
  Modification of user information.
  - If the user needs to re-enter biological information, the process is similar to the registration process.
  - If the user needs to modify the biological information, the client would send the corresponding information to the CM module, and CM would re-write the updated identity information on the blockchain.
2. (2)
  Deletion of user information. According to the user ID, the CM module writes the information representing the deleting behavior to the blockchain.

4.5 Privacy Protection and Network Management

The broadcasting network is used as an application example of the sovereignty network, which needs to protect user privacy while managing users. Hence, the sovereignty network introduces blockchain technology, asymmetry encryption technology, privacy protection strategy and other technologies [14, 15].

In addition to the above technologies, the sovereignty network set up electronic visas. When a user of a sovereignty subnet wants to access the content of another sovereignty subnet, he or she needs to apply for an electronic visa for the target sovereignty subnet. Access to the resource in the sovereignty subnet is only possible with visa information.

4.5.1 Electronic Visas of Sovereignty Network

Each country independently builds its own sovereignty network and has full autonomy. To access the content of a country’s sovereignty web, users in other countries must first apply for an electronic visa, and then carry the successfully applied visa for the visit. At the same time, the country can control visa permissions and design access rules for content, such as making it off-limits to foreign users. In this way, cyberspace corresponds to reality, just as the Internet customs. It can not only realize the mutual access between countries, but also manage and control the access behavior. See Sect. 5.4.2 for a detailed description of certificate acquisition and access to network content through certificates.

4.5.2 Asymmetric Encryptions

Existing content centric network architectures typically use “verifiable names” for data requests. In other words, each name must contain how its publisher’s public key is acquired, as well as the publisher’s signature of the name and content. Before the data message is cached by the routing node or received by the requester, its signature information must be verified to ensure the integrity, security and reliability of the name and content.

There are frequent public key requests in the network. In order to save bandwidth resources and reduce the transmission pressure of the network, the sovereignty network adopts the public and private key generation scheme based on the identity identification and combination matrix. The scheme is briefly described as follows:

The cryptosystem we adopt is Elliptic Curve Cryptography (ECC). In ECC, if the base point $G$ on the elliptic curve and its order n are given, the positive integer $r < n$ is the private key, and the r times G point $rG = R$ is used as the public key. It is easy to calculate $R$ by $\left( {R,G} \right)$, but it is not computationally feasible to solve $r$ by $\left( {R,G} \right)$ because the discrete logarithm problem of elliptic curve is difficult. The private key matrix $(r_{ij} )_{m \times n}$ is $m \times n$ order, where every element $r_{ij}$ is a positive integer satisfying $r_{ij} < n$. The public key matrix $(R_{ij} )_{m \times n}$ can be generated by the corresponding relation $r_{ij} G = R_{ij}$. The private key matrix is only held by the authority of key management and used for the distribution of the user’s private key. The public key matrix is held by each network node and used for data signature authentication.

As shown in Fig. 4.19, the key management agency generates the user’s private key $r_{ID}$ with the user’s identity ID and private key matrix $(r_{ij} )$.

For example, the generation of the private key can be implemented in the following way. Through cryptographic chip and cryptography, each identity ID can uniquely generate a sequence, as shown below.

$$GenerateSub\left( {ID} \right) = \left\{ {i_{1} ,i_{2} , \ldots ,i_{l} ,j_{1} ,j_{2} , \ldots ,j_{l} } \right\}$$

(4.10)

The private key corresponding to ID is the sum of the corresponding items in the private key matrix:

$$r_{ID} = r_{{i_{1} j_{1} }} + r_{{i_{2} j_{2} }} + \cdots + r_{{i_{l} j_{l} }}$$

(4.11)

Similarly, the public key corresponding to the ID can be calculated by the verifier using the public key matrix and the identity ID

$$R_{ID} = R_{{i_{1} j_{1} }} + R_{{i_{2} j_{2} }} + \cdots + R_{{i_{l} j_{l} }}$$

(4.12)

Because the multiple points of G form an exchange group,

$$\begin{aligned} r_{ID} G = & \left( {r_{{i_{1} j_{1} }} + r_{{i_{2} j_{2} }} + \ldots r_{{i_{l} j_{l} }} } \right)G \\ = & r_{{i_{1} j_{1} }} G + r_{{i_{2} j_{2} }} G + \ldots r_{{i_{l} j_{l} }} G \\ = & R_{{i_{1} j_{1} }} + R_{{i_{2} j_{2} }} + \ldots R_{{i_{l} j_{l} }} \\ = & R_{ID} \\ \end{aligned}$$

(4.13)

Therefore, $\left( {r_{ID} ,R_{ID} } \right)$ constitutes the private-public key pair relationship. In this way, the one-one mapping between the identity and the public key is completed, which ensures the superintendence and traceability of network behaviors. On the other hand, the proposed method could avoid frequent requests for public keys and improves network performance.

4.5.3 Privacy Preserving Policy

When all user terminals request the network to register an identity identifier, they need to bind the corresponding identity information to ensure the normal operation and maintenance of the network. The user generates the identity certificate with a specific hash function and the user identity information. The system sends the user’s public key to the supervisor node. The user signs the identity registration request with his own identity certificate and sends it to the supervision node together with the identity registration request. After the identity registration request is received, the supervisor node first uses the same hash function to verify the user’s legitimacy, and then uses the user’s public key to decrypt the additional signature. The supervisor node compares the two hash values. If they are the same, then the signature can be proved to come from the user, and the identity registration request is confirmed by the supervisor node. The sovereignty network stores the user’s identity certificate in a distributed database, ensuring that the identity can be traced and monitored later. At the same time, the sovereignty network requires that all identities must be registered before they can be routed through the network. In addition, the identity information of the publisher must be added when the identity is registered, which can effectively reduce the spread of illegal prohibited content in the network, including but not limited to the dark web of traditional IP networks and personal privacy data. Screening for banned content can further protect users’ privacy.

The sovereignty network also introduces a permission management policy. Content posted by users will be graded. When users access network resources, access rights can be determined according to their identity information. This can help administrators implement user management, such as restricting the daily online and gaming time of students and other certain groups. Classification of Internet content can effectively protect the physical and mental health of minors and promote the reasonable and compliant development of Internet content.

4.6 Security Situation Awareness System

In addition to the internal security mechanisms of the sovereignty network, in order to further guarantee security and controllability, we come up with a security situation awareness system. This system breaks through the multi-platform security perception problem to work in a variety of networks, and adopts multiple technologies to maintain and improve the accuracy and expandability. Specifically, the proposed security situation awareness system is also deployed on MIRs, which coheres to the safety perception and routing service. In this way, the security situation awareness system is no longer just bypass detection equipment. It isolates and records the malicious packets for the first time without human intervention. After detecting, the malicious behaviors and the related user information will be automatically transmitted to the MIS system, then the MIS system will automatically intercept and submit them for manual review. In addition, the complete logging function is provided, which will be periodically audited by the system. If an abnormal condition is discovered, the system demerits the user and provides the information to the administrator for further processing. The last line of defense for security monitoring is served by the administrator.

4.6.1 Innovative Points

Adaptable to multiple network systems: The proposed system can work in a variety of networks. It can not only be proposed for the existing IP network, but also can adapt to a variety of future network architectures, such as MIN.
Real-time packet analysis based on big data: The proposed system based on big data technology analyzes various dimensions of massive security data to perceive existing and possible security threats at various levels.
Artificial intelligence-based model: Advanced machine learning, deep learning and swarm intelligence optimization algorithm are employed to improve the efficiency and accuracy of analysis.
User-friendly front ends: The proposed system can display the analysis in real-time through the front-end from multiple perspectives, so that the administrator can perceive the security situation clearly and intuitively.
Multi-dimension intrusion detection: We propose a complete detection model, including three parts of detection based on network flow, host and behavior of users. Through the detection of multiple objects, the ability of continuously monitoring the network security is improved. Thus, it is easier for administrators to find network anomalies in time, and quickly speculate the attack purpose, attack means, attack path and impact range, so as to minimize network risks and losses.
Reliable storage technology based on blockchain: Blockchain technology is used to store and accurately locate events to prevent attackers from tampering with attack behavior logs. Hence network administrators can make more credible risk status assessments and future development trend predictions.

4.6.2 Technical Terms

TF-IDF: Term Frequency-Inverse Document Frequency, a commonly used weighting technique for information retrieval and text mining to assess the importance of a word to a document in a set of documents or a corpus.
ANN: Artificial Neural Network, which has good adaptability, self-learning and nonlinear approximation ability.
Novelty detection: There are no outliers in the training data, and the model is used to detect the outliers in the new sample.
One-class SVM: One-Class Support Vector Machine, one type of support vector machine, which uses an unsupervised learning method and does not need to manually mark the output labels of the training set.
PSO: Particle Swarm Optimization, an evolutionary calculation method derived from the behavior simulation of bird predation, which has a swarm intelligence optimization algorithm with strong global optimization ability.

4.6.3 Application Scenarios

The security situation awareness system can be applied not only in the traditional IP network, but also in the MIN architecture. The following takes MIN as an example to introduce its main application scenarios. The network topology is shown in Fig. 4.20.

If the internal MIN communicates with the external IP network, a MIN packet containing IP resource requests will be sent out, which will be translated by the Edge Multi-Identifier Router (EMIR). The corresponding IP network resources will be requested. After receiving the corresponding response, it is encapsulated by the EMIR, and forwarded as a MIN packet again. However, if the users of the external network want to access the resources of the internal MIN, they are allowed to use the client of MIN to communicate with MIN through pure MIN traffic after the authentication of the certificate layer by layer.

The security situation awareness system is applied to EMIRs. While security awareness of MIN network is carried out, IP traffic is also detected and analyzed. During this process, the security situation awareness system is applied to two core devices: the MIS servers and MIRs.

4.6.4 System Architecture

The security situation awareness system including four modules: Malicious Traffic Detection Based on BP Neural Network, Anomaly Access Behavior Detection Based on One-class SVM, Security Situation Prediction Based on PSO-SVM, Quantitative Hierarchical Threat Evaluation Model for Security Situation.

1.
Malicious Traffic Detection Based on BP Neural Network

The DDoS detection based on a neural network provides the possibility to solve the limitation of the traditional machine learning algorithms. The proposed system based on the existing neural network algorithm analyzes the DDoS attack detection theory, method and the local datasets. We build an attack traffic detection model based on six characteristics such as the packet length, the packet sending time interval, and the changing rate of packet length. Then a parameters optimization scheme for adjusting the error of neural network is proposed through a large number of experiments. The above methods effectively improve the accuracy of DDoS detection, and can be extended for other attack traffic detection, such as the port scanning attack, by combining the detection mode of neural network with statistical analysis.

For the process of feature extraction, the proposed system improves the accuracy of DDoS attack detection while ensuring low resource consumption. After tagging, normalization and feature extraction of the original data, the datasets that can be transmitted to the neural network for training are obtained. Artificial Neural network (ANN) [29] is employed as the detection model of DDoS attack detection.

When training multi-layer neural networks with sigmoid function, the traditional gradient descent algorithm may cause tiny changes in weight and deviation, or even be far away from their optimal values, because the gradient amplitude is too small. The fast algorithm can solve the problem of local error trap. The network structure of three-layer neural network is shown in Fig. 4.21.

Where $N_{in}$, $N_{hid}$ and $N_{out}$ represent the number of neurons in the input layer, hidden layer and output layer respectively. $Wih_{ij}$ represents the connection weight between the $i_{th}$ neuron in the input layer and the $j_{th}$ neuron in the hidden layer. $Who_{jk}$ represents the connection weight between the $j_{th}$ neuron in the hidden layer and the $k_{th}$ neuron in the output layer.

80% of the datasets obtained from previous processing are used for training neural network and 20% for attack detection. We compared the results of based and modified algorithm. The results are shown in Table 4.5.

Table 4.5 The results of based and modified algorithm

Full size table

The results show that the proposed modified algorithm reduces the average number of iterations by more than 50%. Therefore, the modified algorithm can significantly shorten the detection time and improve the efficiency of DDoS attack detection. At the same time, the modified algorithm also improves the average intrusion detection accuracy by about 1.4%.

In order to verify the generalization ability of the model, the validation datasets of the model are formed by combining the normal flow data collected and the manual DDoS flow data. The validation results are shown as follows (Table 4.6).

Table 4.6 The results of validation model

Full size table

The results show that the multi-layer neural network combined with the statistical characteristics of network traffic in this system is accurate and efficient.

2.
Anomaly Access Behavior Detection Based on One-class SVM

We use anomaly access behavior detection based on white samples, and sample learning is carried out through unsupervised or one-class SVM. The minimum model that can fully express white samples is constructed as Profile to realize the detection of anomaly requests.

We extract 150,000 normal requests from the network access log as the dataset for model training, which is used to train the Profile of normal samples. More than 150,000 XSS, SQL injection and other payloads are collected from threat intelligence platforms and other datasets as anomaly access requests. The frequency-Inverse Document Frequency (TF-IDF) algorithm is used to extract the text features and output them in the form of a matrix. TF-IDF is a common weighted technology for information retrieval and text mining.

In the binary classification problem of exception request detection, we consider learning the minimum boundary of a single class of samples through a single classification model, and those outside the boundary are identified as exceptions. The One-class SVM in machine learning is used to identify the anomaly access requests in the system, which fits the business scenario and requirements.

The results of detection are shown in Table 4.7.

Table 4.7 The results of detection

Full size table

The results show that the one-class SVM model trained by white sample datasets is feasible and effective in detecting anomaly access behaviors.

3.
Security Situation Prediction Based on PSO-SVM

The proposed system predicts the security situation based on the nonlinear time series, and comprehensively analyzes the historical law of security situation to predict the future security situation within a certain period of time or at a certain moment, which fits well the business scenarios and requirements. On this basis, a network security situation prediction model named PSO-SVM is proposed, which combines Particle Swarm Optimization (PSO) and Support Vector Machines (SVM). PSO-SVM is used to effectively on small sample data to forecast the trend of value.

When constructing the dataset, the value of security situation is regarded as a simple time sequence, in which each monitoring point corresponds to a value of network security situation. Those values constitute a nonlinear time series. In order to predict this nonlinear security situation time series, we need to find the relationship between the security situation value at the moment $i + p$ and the security situation value at the previous $p$ moments $\left[ {x_{i} ,x_{i + 1} , \ldots ,x_{i + p - 1} } \right]$. In other words, we need to explore the function $x_{i + p} = f\left( {x_{i} ,x_{i + 1} , \ldots ,x_{i + p - 1} } \right)$. Function $f$ is a nonlinear function and represents the nonlinear relationship along time series. According to the theory of SVM, the function $f$ can be obtained by learning and training several groups of known samples of security situation time series.

The PSO-SVM prediction model dynamically generates the security situation sample set with a sliding window algorithm. The corresponding network security situation value of monitoring point $1,2, \ldots ,n$ is $a_{1} ,a_{2} , \ldots ,a_{n}$. If the size of window is set to be m, the 1st sample record is $a_{1} ,a_{2} , \ldots ,a_{m}$. Hence, the network security situation value at monitoring point $m + 1$ is $a_{m + 1}$. Then the second sample is constructed to record $a_{2} ,a_{3} , \ldots ,a_{m + 1}$, and the situation value of network security at monitoring point $m + 2$ is $a_{m + 2}$, and so on. In the proposed system the m is set to be 3, and the size of sliding window is set to be 3. At the same time, in order to prevent the accumulation of errors, when the proposed model is used to predict the security situation value at a certain time point t in the future, the predicted value at time t will be covered by the actual security situation value, if the security situation value before time point $t - k$ has been calculated according to the practical situation.

The method of constructing the sample set is shown in Fig. 4.22.

The proposed model combines the SVM model based on statistical learning theory. Compared with the neural network model, this model is currently the best small sample statistical and learning scheme, which solves the problems of over-learning, nonlinear and dimensional disasters. In addition, SVM adopts the principle of structural risk minimization, and the whole solution process is transformed to a convex quadratic programming problem to obtain the global optimal and unique solution, which overcomes some shortcomings of neural network.

In the training process, Particle Swarm Optimization (PSO) is used to optimize the parameters of SVM and ensure the accuracy of predictive data. In this algorithm, each solution of the optimization problem is called a particle, and an adaptive function is defined to measure the superiority of each particle. A group of particles and the velocity of particles are randomly initialized, then each particle travels in a swarm based on its own “flight experience” with other particles to search for the optimal solution from the whole space.

The process of security situation prediction is shown in Fig. 4.23.

Lots of experiments show that the proposed model predicts the security trend in the future for a period of time providing us with a forward-looking of the network security situation, which helps us to take preventive measures in advance according to the security situation.

There are some limitations in processing small samples with neural network, such as that it is easy to fall into the local minimum point and the convergence speed is slow. Considering the above limitations and the strong linear features of network security situation values, we study the feature of the SVM method to use the mathematical advantage of processing nonlinear data, small sample data. Then a complex nonlinear fitting model is built which is more suitable for network security situation dataset. The proposed PSO-SVM combined with PSO guarantees the fast-global optimization and nonlinear fitting. Based on the periodic characteristics of network security situation, periodic grouping and prediction are carried out.

4.
Quantitative Hierarchical Threat Evaluation Model for Security Situation

Combined with the application scenario of MIN boundary router, we adopt the hierarchical security situation quantitative awareness model of bottom-to-up, local-to-overall strategy. The security situation is evaluated from three aspects: abnormal event, host situation and network situation. Except the statistics of alarm frequency, alarm severity and network bandwidth consumption rate, the proposed method weights the importance factor of service and host, and calculates the threat index of service, host and the whole network to evaluate and analyze the security threat situation.

The threat index is calculated as follows:

$$R_{{S_{j} }} \left( t \right) = f\left( {\vec{\theta }, \vec{C}_{j} \left( t \right),\vec{A}_{j} \left( t \right),\vec{N}\left( t \right),\vec{A}_{d} \left( t \right)} \right) = \vec{\theta } \cdot \left( { \vec{C}_{j} \left( t \right) \cdot 10^{{\vec{A}_{j} \left( t \right)}} + 100\vec{N}\left( t \right) \cdot 10^{{\vec{A}_{d} \left( t \right)}} } \right)$$

(4.14)

where vector $\vec{\theta } = \left( {\theta_{1} , \ldots ,\theta_{h} } \right)$ represents the normal traffic, and $h$ is the number of time periods a day divided into. The initial element value of $\vec{\theta }$ is assigned by the system administrator according to the average normal traffic $F_{i} \left( {i = 1, \ldots ,h} \right)$ of the protected network system in different time periods. After the average visits are quantified, the element value of $\vec{\theta }$ is obtained as follows:

$$\theta_{i} = \frac{{F_{i} }}{{\mathop \sum \nolimits_{t = 1}^{h} F_{t} }}$$

(4.15)

Vector $\vec{A}_{j} \left( t \right) = \left( {\vec{A}_{j1} , \ldots ,\vec{A}_{jt} , \ldots ,\vec{A}_{jh} } \right)$ and vector $\vec{C}_{j} \left( t \right) = \left( {\vec{C}_{j1} , \ldots ,\vec{C}_{jt} , \ldots ,\vec{C}_{jh} } \right)$ describe the attack severity and occurrence times at time $t$ respectively. The types and values of these elements are obtained by counting the attack event log database.

$\vec{N}\left( t \right) = \left( {\vec{N}_{1} , \ldots ,\vec{N}_{t} , \ldots ,\vec{N}_{h} } \right)$ represents the network bandwidth utilization and $\vec{A}_{d} \left( t \right) = \left( {\vec{A}_{d1} , \ldots ,\vec{A}_{dt} , \ldots ,\vec{A}_{dh} } \right)$ represents the threat level vector of DoS attack. Their elements $\vec{N}_{i} \left( v \right) = \left( {\vec{N}_{{i_{1} }} ,\vec{N}_{{i_{2} }} , \ldots ,\vec{N}_{{i_{v} }} } \right)$ and $\vec{A}_{di} \left( v \right) = \left( {\vec{A}_{{di_{1} }} ,\vec{A}_{{di_{2} }} , \ldots ,\vec{A}_{{di_{v} }} } \right)$ $\left( {i = 1, \ldots ,h} \right)$ represent the network bandwidth utilization and the DoS threat level vector of each time window in the $i$ time period respectively. $v$ is the number of analysis event windows in the $i_{th}$ period. The coefficient is set as 100 for converting the occupancy rate into an integer to evaluate the threat of DoS attack. Combining with Common Vulnerability Scoring System (CVSS), we set the threat level of malicious events such as DDoS and scanning behavior. CPU utilization increases more rapidly than bandwidth utilization when attack events occur. Hence, we not only take advantage of bandwidth utilization, but also add CPU utilization to the evaluation.

This scheme is more stable and efficient than the situation awareness algorithm based on machine learning, and avoids some deviation. In addition, we combine the application scenario of MIN and adopt the situation awareness consist of IP network threat situation and host threat situation including MIN network awareness. The real-time evaluation of the system security makes the evaluation results completer and more appropriate.

The results of experiments show that the proposed hierarchical network security situation quantitative awareness model can intuitively display the security threat situation of the entire server, so that network administrators can timely understand the security situation and find out the reasons for security changes to adjust security policies. In this way, the maximal security of the system is guaranteed. Moreover, the evolution rule of security situation can be obtained from the long-term curve, which evaluates the threat of common network attacks and frees administrators from the heavy task of alarm data analysis.

4.7 Security Analysis

To construct the sovereignty network, one of the main focuses is to ensure network security, especially the security of core components. This section will analyze the anti-attacking strategy and security of the sovereignty network.

4.7.1 Security Mechanisms

To guarantee security, the IP network is not included in the sovereignty network. The most obvious differences between the devices in the sovereignty network and the existing system is the addition of the ID-ICN router and Edge Multi-Identifier Router (EMIR) in the sovereignty network, which form the first two levels of the defending barriers of the sovereignty network.

An ID-ICN router is a router that supports addressing of identity and content identifiers and network data inter-translation. When a user retrieves certain content, if the content is within the sovereignty network, the content identifier and user’s real address would be translated first on the ID-ICN router, and then the data would be transferred in the identity centric network.

EMIR not only has the packet forwarding function as the ordinary MIR but also works as a two-way access interface between the IP network and the sovereignty network. On the other hand, the content that arrives at the node is initially reviewed and filtered through relevant content audit procedures installed in EMIR, such as AI content audit procedures. Through these two mechanisms, the outside network attacks can be isolated to ensure the security of the sovereignty network. If the user asks for content in the external network, the content identifier and the IP address would be inter-translated on the EMIR of the sovereignty network, then the request would be transported to the content source. If the requested content is in the sovereignty network of other countries, multi-identifiers would be inter-translated at the EMIRs of the sovereignty network, and then the data would be transmitted in the identity centric network.

The third level is CMD architecture, which is the core component in the sovereignty network.

In brief, security mechanisms in the sovereignty network mainly include the protective mechanisms such as EMIR, blockchain technology, asymmetric encryption, and security gain brought by data transmission through the identify-centered network; link protection consisting of security mechanisms of ID-ICN routers such as AI detection and packet detection [16]. And security devices such as cyberspace mimic routers, firewalls, and distributed storage systems [16, 17]. These anti-attacking mechanisms provide a high secure system. The framework of security mechanisms is shown in Fig. 4.24.

4.7.2 Security Mechanism of Network Architecture

Because the sovereignty network is built based on the identity centric network, it has certain defense capability. The data transmission mode in the identity centric network is different from the existing IP network. The sovereignty network filters access information through EMIR first. Only the content is actively requested by users in the internal network can be accessed through EMIR. In other words, the attacker cannot scan, attack, or even send malicious information into the sovereignty network continuously as in the IP network.

In the sovereignty network, after real-name registration, users need to pull data from the network with their signatures. For data requested by internal users, its contents and requesters are recorded by blockchain log. In case of any abnormal circumstances, the system traces back and does accountability according to the blockchain log, so as to ensure the authenticity and reliability of the information. To a certain extent, the system avoids malicious operations by intranet users.

In Fig. 4.24, the security mechanism mainly relies on cryptography technologies such as the identity authentication. The attack difficulty of existing encryption algorithms has reached exponential level. For example, it would take decades to run the most powerful supercomputers to break the common RSA algorithm [18, 19].

The difficulty of cracking the RSA algorithm is related to the length of the key. For an RSA algorithm with public key $e$ and module $n$, the complexity of the brute force attack is $O\left( {n^{e} } \right)$ [20]. The most common way to break RSA is through factorization. When the key length is 256 bits or less, a high-speed computer can successfully factor it in one day. A long key length will increase the factorization time. In 1999, a Cray supercomputer took five months to factor a 512-bit key. Ten years later, on December 9, 2009, some researchers reported that they had factored 768-bit and 232-bit RSA keys, and it took thousands of times longer to factor a 768-bit RSA key than a 512-bit one. It takes 1000 times longer to factor the current commonly used 1024-bit key than a 768-bit key, so 1024-bit keys can still meet security requirements in a short period [21].

With current computing power, it takes two years to factor a 1024-bit key, and 80 years to factor a 2048-bit key. Hence, we assume that the attacking time is 50 years, then the attack success rate per second is calculated as 6.43 × 10⁻¹⁰.

4.7.3 Security Mechanism of Network Links

The attack chain is formed of two parts, including the nodes between EMIR and the content request node, and the nodes between the content request nodes to network core components the attackers need to breakthrough. The attack process at this stage is mainly the dissemination of malicious information in the internal links of the sovereignty network, which is regarded as a random walk on the attack chain [22].

After the requested content is pulled into the sovereignty network, it will go through multiple filtering mechanisms between EMIR and the content request node, such as firewall, packet detection, text, audio, image and video recognition detection, and natural language processing. Between the content request node and network core components, the transmitted content is filtered through a series of human censorship mechanisms. An attacker needs to break through levels of protection to reach the target, namely core network components.

The complete network link consists of many filters. If attackers want to attack core components along the attack chain, attackers need to attack each filter along the attack chain. The attacker advances along the attack chain, and each successful escape from a filter leads one step forward along the attack chain. If the attacker is captured by a filter, it goes back along the attack chain. If the attacker neither succeeds in the attack nor is caught by the filter, it stays on the node. This approach that next stage is only related to the present state and the range of the next move is consistent with the characteristics of Markov chains. Therefore, the Markov chain and Martingale [23] are used to model and solve this problem.

The probability of escaping from a filter is denoted as $\mu$, and the number of the node in the attack chain is denoted as $\theta$. The probability of capturing the attacker is $\omega$. We assume that the attacker has escaped from $k$ nodes, for example, he stays at the $k_{th}$ node (Fig. 4.25).

The attack process is denoted as a matrix $M_{\theta \times \theta }$. The element $M_{i,j}$ represents the probability that the attacker has escaped from the $i_{th}$ filter and his target changes to the $j_{th}$ filter. During the attack, the attacker moves along the attack chain. After conquering a node, the attacker will get the information of the next node. During the attack, the single node attack can be successful only if the attack being captured. The attack has three directions: going back to the last node, going forward to the next node, and staying at the present node. The transition probability is as follows:

(1)
Going back to the last node (M_i,i−1 = ω). No matter whether the attacker escapes from the device, as long as the system detects the attacker, the attack will not be able to be carried out and the attacker must fall back to the previous device.
(2)
Going forward to the next node (M_i,i+1=(1 ₋ ω)µ). The probability of no effective detection is (1 ₋ ω). And the probability of the attacker escaping from the filter is µ. Hence, the probability that the attacker escaping from this filter without effective detection is obtained as M_i,i+1=(1 ₋ ω)µ.
(3)
Staying at the present node (M_i,i= (1 ₋ ω)(1 ₋ µ)). The attacker stays at the same node in the next time slot if the attacker does not escape and be captured.

The Markov chain $X_{0} ,X_{1} ,X_{2} , \ldots ,X_{n}$ denotes a set of random variables, in which $X_{i} (X_{i} \in [0,\uptheta],X_{0} = 0)$ denotes the position attacker staying at the start of the $i_{th}$ time slot. If the attacker stays at the $k_{th}$ device, the possibility of the next stage is denoted as follows:

$$P\left\{ {X_{n + 1} = k + 1|X_{n} = k} \right\} = \left( {1 - \omega } \right)\mu$$

(4.16)

$$P\left\{ {X_{n + 1} = k|X_{n} = k} \right\} = \left( {1 - \omega } \right)\left( {1 - \mu } \right)$$

(4.17)

$$P\left\{ {X_{n + 1} = k - 1|X_{n} = k} \right\} = \omega$$

(4.18)

Hence,

$$\begin{array}{*{20}c} {E[X_{n + 1} |X_{n} ] = \left( {1 - \omega } \right)\mu \left( {k + 1} \right) + \left( {1 - \omega } \right)\left( {1 - \mu } \right)k + \omega \left( {k - 1} \right)} \\ { = k + \left( {1 - \omega } \right)\mu - \omega } \\ \end{array}$$

(4.19)

According to the above Markov chain, we can build another set of random variables $M_{0} ,M_{1} ,M_{2} , \cdots ,M_{n}$, where

$$M_{i} = X_{i} - \left[ {\left( {1 - \omega } \right)\mu - \omega } \right] \cdot i$$

(4.20)

The $M_{n}$ can be proofed to be a Martingale related to $X_{0} ,X_{1} ,X_{2} , \ldots ,X_{n}$.

If the attacker escaping from a filter with probability $\mu$, and be captured with probability $\omega$, for an attack chain with $\theta$ nodes, the steps before the attacker assesses the target node, for example, the production and broadcasting platform located at the $\theta_{th}$ node is:

$$E\left[ S \right] = \frac{\theta }{{\left[ {\left( {1 - \omega } \right)\mu - \omega } \right]}}$$

(4.21)

Therefore, the steps which the attacker assesses the production and broadcasting network is represented by E[S], which can be calculated with $\theta$, $\omega$, and $\mu$. In this way, the quantitative relationship between the limit probability and system parameters is obtained [22].

4.7.4 Security Mechanism of Core Components

For the core components, we adopt the CMD (Cyber Mimic Defense) security mechanism, which stores the data in a distributed system redundantly. Each independent server is regarded as an executor, and multiple heterogeneous-structure executants perform the same task independently. Their running results are sent to the arbitrator, which will output a result according to the above results. In the section, we take a system with three executors as an example [24] (Fig. 4.26).

A Generalized Stochastic Petri Net (GSPN) model is established, where all the surviving executors are under attack. The failure order of different executors can be inferred based on their attacking difficulty, but that will make the analysis complex. Ignoring the slight differences caused by different attack orders, the simplified GSPN model is shown in Fig. 4.27, assuming that the executor is successfully attacked in the order of No. 1, No. 2, and No. 3.

Places denoted as circles represent the different states of the system. Place P_ix consists of the element i and x, where i represents the number of compromised executors and x represents the state of attacked executors. There are five states of compromised executors, including working (W), compromising minor executors (B), compromising the most of executors without a consistent result (C), compromising the most of executors with a consistent result (D), and compromising all of the executors with a consistent result (E). The most dangerous phase is P_E, which means that all executors are tampered with the same result, namely the production and broadcasting system is destroyed.

Transitions represent the different behaviors of a defender or attacker who changes the system between different states. The transitions can be divided into the immediate transition measured by probability and the timed transition measured by the delay of behavior. Immediate transition and timed transition are represented by a solid rectangle and hollow rectangle respectively. Transition $t_{ijx}$ indicates that the behavior x turns the system from the states with i compromised executors to the states with j compromised executors. There are six behaviors of the arbitrator, including attacking (a), driving out the compromised executors (e), mistakenly driving out the innocent executors (m), stopping and replacing all the living executors with new ones (s), random disturbance (d), and arbitration (j).

We assign values and use SPNP to simulate the proposed GSPN model. If the probability of random disturbance is set to 0.01%, the steady-state probability of breaking the CMD production and broadcasting system is calculated as 1.30 × 10⁻⁶. The defenders can reasonably choose random disturbance frequency according to their security requirements. Different random disturbance frequency corresponds to different steady-state probability of breaking the system. The correspondence between the disturbance frequency and the probability of failure is shown in Table 4.8. In this way, the result is obtained as [25].

Table 4.8 The relationship of disturbance frequency and probability of failure

Full size table

4.7.5 Security Gain Brought by Sovereignty Network

We assume an attacker from the external network, whose attacking process is shown in Fig. 4.28.

For the third level, when the random disturbance probability is 0.0001, the steady-state probability of breaking the CMD production and broadcasting system is calculated as 1.30 × 10⁻⁶.

For the second level, we assume that there are five filters with the same effectiveness (i.e., $\omega_{1} = \omega_{2} = \omega_{3} = \omega_{4} = \omega_{5} = 0.137931$) and the attacker escapes from each filter with probability $\mu = 0.160$. Then we have

$$E\left[ S \right] = \frac{\theta }{{\left[ {\left( {1 - \omega } \right){\mu - \omega }} \right]}} = 1.25 \times 10^{8} \,(s)$$

(4.22)

Considering the filtering effect of the first two levels, the time of breaking the system is expected to be 1.517 × 10²³ s. In other words, it takes 4.8 × 10¹⁵ years to break the system on average.

Hence, for a sovereignty network with a five-level filtering mechanism, three-redundancy of CMD production and broadcasting system and 0.0001 disturbance frequent, when the filtering failure rate of each device is 0.16 (i.e., 1.6 out of 10 malicious messages can escape on average), the failure time of production and broadcasting system reaches 4.8 × 10¹⁵ years. This calculation result is obtained under an obvious loose attack condition leading to an enlarged attack success rate. However, in practical application, the success rate of each filtering operation is much higher than 14%, and the attack success rate of a single executor is far less than 100%. Hence in the sovereignty network, the failure time of the core system is also longer than 4.8 × 10¹⁵ years. The corresponding relationship between the disturbance frequency and the time to break a sovereignty network is shown in Table 4.9.

Table 4.9 The relationship of disturbance frequency and the failure time

Full size table

4.7.6 Conclusion

According to the above analysis, the sovereignty network can adjust its configuration to realize more effective defense.

Defenders can adopt a less costly configuration in a safe environment. In the circumstances, although an attacker could theoretically break into the system, it would cost millions of years and would not be feasible in reality. When the network environment is poor, the defending cost of the sovereignty network can be improved to exchange for higher security. In the circumstances, the successful time of the theoretical attack is longer. That is to say, the attacker can’t break into the system.

By various security mechanisms, the sovereignty network has successfully reversed the imbalance between attackers and defenders. Protected by the set of proposed technologies, including identity centric network system, blockchain, EMIRs, as well as CMD technology, the production and broadcasting network and other important subnetworks of the sovereignty network can work at a high level of security.

4.8 Transmission Control

The transmission mode of the traditional TCP/IP network is defined as end-to-end communication in the push semantic. However, with the popularity of the Internet and the exponential growth of data quantity, users are more concerned about how to obtain the content, and don’t care about the location of the content producers. To solve this problem, the content centric network with the pull semantic has been proposed, which makes the network transmission mode compatible with the user communication requirements.

Considering the progressive deployment of the sovereignty network and the applications under different scenarios, we propose MIT, a transmission control scheme based on MIN. MIT supports the transmission control in both the push semantic and the pull semantic, realizes reliable data communication under different business requirements of the sovereignty network. MIT detects congestion based on the active queue management mechanism, and then signals it towards clients by explicitly marking certain packets, so that clients can reduce their sending rates according to the network congestion status. Meanwhile, MIT regulates the packet forwarding rate at the output interface of the router via maintaining one virtual queue per flow to guarantee the sufficient utilization of network resources.

4.8.1 MIT Design

MIT supports the transmission control in both the push semantic and the pull semantic, which are defined as follows:

(1)
Push Semantic

The push semantic is a host-oriented end-to-end transmission mode, the clients subscribe previously the information and then the servers push to the clients the available information. The whole data transmission process is dominated by the sender, and the transmitted data will not be cached in the intermediate nodes of the network. The client will check the data received from the server, if no mistake, the client confirms this by sending a packet back to the server with the ack flag set. The transmission control under the push semantic is represented by TCP, applies to the Instant Messaging services, such as the real-time video conference, online chatting, Internet telephony and other interaction scenarios.

(2)
Pull Semantic

The pull semantic has emerged in recent years, as a content-oriented transmission mode driven by the consumers of data. There are two packet types, the request packet and the response packet. In this semantic, consumers pull response packets by sending out request packets to the network. One response packet matches one request packet, and both of them contain the name of the requested content. Any content source node or intermediate node that satisfies the requirements can return the requested data. The response packet returns along the opposite path of the request packet and the content can be cached at the intermediate node according to the caching strategy. The transmission control under the pull semantic has strong scalability and is often used for content distribution, which can realize the efficient reuse of network resources.

Based on the above concepts, we further define the concepts of flows in the push semantic and pull semantic respectively.

(1)
Flows in Push Semantic

A flow in push semantic is composed of the one-way packets transmitted from the sender to the receiver, and uses the service identifier to identify a flow. For example, a conversation between Client1 and Client2, as shown in Fig. 4.29, one flow from Client1 to Client2 and another flow from Client2 to Client1, both of which are completely independent and unrelated. The direction of a flow is from source to destination, and the upstream and downstream are defined according to the direction of flow.

(2)
Flows in Pull Semantic

A flow in pull semantic is composed of request packets and response packets for the requested content, and uses the content name to identify a flow. As the Fig. 4.30 shows, the consumer issues the content request, and it hits the cache of the content source (producer). We define the direction of the consumer as downstream, the direction of the content source as upstream, and the request packet is forwarded from the downstream to upstream. After hitting the content source, the response packet containing the requested content will be sent to the consumer.

Both the client and the router are involved in the transmission control. In order to realize the hop-by-hop shaping scheme, MIT maintains one virtual FIFO queue per flow in each output interface, identified by the name of the identifier. We use $f_{j}^{i}$ to represent the flow $j$ in output interface $i$, use $q_{j}^{i}$ to represent the virtual queue of flow $j$ in output interface $i$. Flows in the push semantic and the pull semantic are associated with different virtual queues, identified by their identifiers.

Based on the above definition, MIT consists of four components:

(1)
Active Congestion Detection: MIT directly detects congestion status in intermediate nodes via the active queue management mechanism.
(2)
Explicit Congestion Notification: After congestion detection, the router signals congestion by marking packets, and the marked packets will be fed back to the client.
(3)
Hop-by-Hop Rate Shaping: The router dynamically adjusts the forwarding rate according to the difference between the current transmission capacity of the uplink and the downlink to achieve the hop-by-hop rate shaping.
(4)
Client Rate Adjustment: The client dynamically adjusts the size of the congestion window which is increased on unmarked packets and decreased on marked ones.

4.8.2 Active Congestion Detection

CoDel algorithm is an AQM (Active Queue Management) mechanism. It detects congestion by measuring the queuing delay (“sojourn time”) of each packet on its outgoing links. If the minimum sojourn time over a time period (default: 100 ms) exceeds a threshold (default: 5 ms), it considers this link as congested. CoDel algorithm can effectively avoid the problem of queue size oscillation caused by the burst traffic and keep the queue small as long as the buffer size of the router is set in a reasonable range.

MIT uses the CoDel algorithm to actively detect congestion in intermediate routers, and detects congestion by measuring the queuing delay (“sojourn time”) of each packet on its outgoing links.

4.8.3 Explicit Congestion Notification

The network congestion is mainly caused by the excessively fast transmission rate of the client, which makes the amount of data transmitted over the link exceed the capacity of the link under the current network condition. Therefore, after the router has detected network congestion, a mechanism is required to notify the client of the current network congestion status, so that the client can reduce the transmission rate to alleviate the network congestion.

Explicit Congestion Notification (ECN) is a mechanism for signaling congestion in TCP/IP network, an ECN-aware router may set a mark in the IP header instead of dropping a packet to signal impending congestion. The receiver of the packet echoes the congestion indication to the sender, which reduces its transmission rate as if it detected a dropped packet.

MIT notifies clients of the current network state via explicit congestion notification, requiring an optional congestion mark field at the header of the packet to record the congestion status of the network. When a router has detected congestion, it will set the congestion field in the packet. The client judges the network status by determining whether the received packet carries a congestion mark.

Through the explicit congestion notification, the congestion information carried in the packet will be fed back to the client. For the flows in push semantic, after the marked packet arrives at the receiver, the receiver will set the corresponding congestion field in the ACK packet header, so that the congestion information in the received packet can be fed back to the sender by the ACK packet. For the flows in pull semantic, the response packet carried the congestion mark will be forwarded to downstream nodes until it reaches the client.

4.8.4 Hop-by-Hop Rate Shaping

After congestion detection, the router will adjust the forwarding rate of the packet through the hop-by-hop rate shaping mechanism. The details are as follows:

(1)
When no congestion occurs on the outgoing queue of the router, it shows that the resource utilization on the outgoing link doesn’t exceed the link capability. At this moment, the router doesn’t enable the rate shaping mechanism.
(2)
Once the router has detected that one of its outgoing links is congested, the state of the corresponding output interface will be marked as congestion. Since MIT requires to maintain one virtual FIFO queue per flow in each output interface, the hop-by-hop rate shaping mechanism can adjust the forwarding rate of the packet at the congested interface via its virtual queue. Therefore, the router will dynamically adjust the forwarding rate according to the difference of the current transmission capacity of the uplink and the downlink to achieve the hop-by-hop rate shaping.

Notice that when the client stops sending packets, there may be some packets in the virtual queue that have not yet been forwarded. To solve this problem, when a flow stops sending packets, each router will detect whether the virtual queue of the flow is empty, and if not, forwards the remaining packets in the virtual queue at the last forwarding rate.

The above hop-by-hop rate shaping mechanism is shown in Fig. 4.31. N1 and N2 are a pair of terminal nodes which adopt the push semantic. C and P are the consumer and the producer respectively, which adopt the pull semantic. R1, R2, R3 and R4 are routers in the network. F1, F2 and F3 are interfaces on router R2. L1, L2 and L3 are links connected with interfaces F1, F2 and F3 respectively. Flow1 is a flow that adopts the push semantic and Flow2 is a flow that adopts the pull semantic. Q1 is a virtual queue maintained for Flow1 at the interface F1 of router R2, and Q2 is a virtual queue maintained for Flow2 at the interface F1 of router R2.

Assuming L1, L2 and L3 have the same capability, so the network congestion may occur at bottleneck link L1. If router R2 has detected the link L1 is congested, it will mark the status of interface F1 as congestion and maintain a virtual queue for each flow passing through interface F1. For the Flow1 in the push semantic and through the interface F1, packets will be queued in its virtual FIFO queue Q1 served at the shaping rate. For the Flow2 in the pull semantic and through the interface F1, request packets will be queued in its virtual FIFO queue Q2 served at the shaping rate. The congestion on the link L1 will be alleviate quickly through the rate shaping on the interface F1 of router R2 and the client rate adjustment based on received marked packets.

4.8.5 Client Rate Adjustment

The client maintains a congestion window (specifying the maximum number of inflight packets) for each flow, which is increased on unmarked packets and decreased on marked ones. Through this rate adjustment mechanism, the client can achieve the optimal sending rate and adjust it dynamically to adapt to the changing network status. MIT can implement many classic loss-based TCP algorithms like Reno, New Reno, HTCP, HSTCP, BIC, and CUBIC. The only difference to traditional TCP is that a window decrease is triggered not only by timeouts, but also by marked packets. After experimenting with them, the CUBIC algorithm is selected for the client rate adjustment mechanism in MIT.

Besides, to avoid the sharp reduction of the congestion window caused by the burst traffic, the classic TCP SACK-based conservative loss recovery algorithm were introduced in the client. When the client timer is timed out, MIT adopts the conservative loss recovery algorithm to limit the decrease of the window: the client performs at most one window decrease per RTT, so that MIT can prevent the network oscillation caused by the burst traffic. When the client receives the marked packet, the mechanism in Sect. 4.8.2 can effectively avoid too many packets are marked. MIT doesn’t adopt the conservative loss recovery algorithm to restrict the adjustment of the window for marked packets, so that the client can quickly response to the network congestion.

4.9 Addressing Model for Space-Terrestrial Integrated Networks

Although the terrestrial communication system has been developed rapidly in recent years, its quality of service is subject to the surface morphology and natural disasters. Satellite communication, which is not affected by time, place or environment, has gradually attracted people’s attention, and the Space-Terrestrial Integrated Networks (FSTINs) has been formed to provide communication services with high capacity and seamless coverage. In order to improve the performance of the sovereignty network, we aim at constructing the Space-Terrestrial Integrated Networks based on MIN. However, due to the multi-level construction of the Space-Terrestrial Integrated Networks, as well as the particularity of satellite network, it is subject to exposure of satellite nodes, openness of channels, interconnection of heterogeneous networks, dynamic change of the topology height, large delay of transmission, large variance of delay, limited capacity of on-board processing, and so on.

The Space-Terrestrial Multi-Identifier Network-Virtual Private Network (ST-MIN-VPN) is proposed based on MIN. The greedy routing strategy based on hyperbolic routing technology is designed for terrestrial network, and the lightweight distributed self-adaptive satellite routing algorithm based on delay is designed for satellite networks with intersatellite links. Different routing schemes and forwarding strategies are designed for different application scenarios. The routing strategy and mobility management scheme of ST-MIN is shown in Fig. 4.32.

4.9.1 Hyperbolic Routing Algorithm in Terrestrial Networks

The identifier space of ST-MIN adopts the idea of hierarchy. The network domain is divided into k levels, and the network topology of each level domain is mapped to hyperbolic space respectively. MIS allocates the hyperbolic coordinate for each edge router of domain, and uses each hyperbolic coordinate as the hyperbolic identifier of each domain. Each node records its own hyperbolic identifier and its neighbor nodes’ hyperbolic identifiers. We assume that the whole network domain is divided into k levels, which is determined by actual requirements and stability of topology. In each level, routers can support N network identifiers. MIS embeds each level domain of terrestrial network into the hyperbolic space in order, so the hyperbolic coordinate set $\left( {R_{i} ,\varTheta_{i} } \right)$, $i = 1,2, \ldots ,k$ of each level domain can be obtained. The divided network supports the network identifier space with $N^{k}$ orders of magnitude.

Take a three-level network as an example. Level-1 domain contains multiple domain nodes. The network topology constituted by all nodes in the level-1 domain is embedded into the hyperbolic space to obtain level-1 domain’s hyperbolic coordinate set $\left( {R_{1} ,\varTheta_{1} } \right)$. As the hyperbolic identifier of nodes in the level-1 domain, $\left( {R_{1} ,\varTheta_{1} } \right)$ directs inter-domain routing between the level-1 domains. Each level-1 domain is divided into multiple level-2 domains, the network topology constituted by the nodes in the level-2 domain is embedded into the hyperbolic space to obtain the level-2 domain’s hyperbolic coordinate set $\left( {R_{2} ,\varTheta_{2} } \right)$, which directs inter-domain routing in the level-2 domain. Because each level-2 domain belongs to a level-1 domain, its complete hyperbolic identifier is “$\left( {R_{1} ,\varTheta_{1} } \right):\left( {R_{2} ,\varTheta_{2} } \right)$”. Similarly, each level-2 domain can be further divided into several level-3 domains. Users are included in the level-3 domain.

At present, the mainstream algorithm of hyperbolic embedding is HyperMap proposed by Papadopoulos [26]. It can embed a given real network topology G (V, E) into the hyperbolic space and calculate the hyperbolic coordinates $\left( {r,\theta } \right)$ of the embedded nodes. The procedure of HyperMap Algorithm is shown in Algorithm 4.7.

Hyperbolic embedding computation complexity of HyperMap algorithm is $O\left( {n^{3} } \right)$. In recent years, Bläsius [27] proposed the Fast Embedding algorithm to improve the hyperbolic embedding method and reduce the computational complexity to $O\left( n \right)$. The pseudocode of the fast embedding Algorithm is shown in Algorithm 4.8:

In the proposed scheme, the Fast Embedding algorithm is used to do hyperbolic embedding for each level’s domain. Take the three-level domain as an example, the specific process is as follows:

(1)
Firstly, MIS uses the Fast Embedding algorithm to embed the network topology of level-1 domain nodes into the hyperbolic space and obtain level-1 domain nodes’ hyperbolic coordinate set $\left( {R_{1} ,\varTheta_{1} } \right)$. The hyperbolic coordinates are used as the level-1 domain nodes’ hyperbolic identifiers. Because the topology of the level-1 domain is stable, the hyperbolic coordinates of the domain nodes will not change in a period of time.
(2)
Secondly, MIS uses the Fast Embedding algorithm to embed each network topology of level-2 domain nodes into the hyperbolic space, to obtain the level-2 domain nodes’ hyperbolic coordinate set $\left( {R_{2} ,\varTheta_{2} } \right)$. In order to keep the uniqueness of identifiers in the entire network and support cross domain communication, complete hyperbolic identifier of level-2 domain node is defined as “$\left( {R_{1} ,\varTheta_{1} } \right):\left( {R_{2} ,\varTheta_{2} } \right)$”, and the edge routers of each domain provide cross domain identity transformation.

The Greedy Routing process between domains based on hyperbolic identifiers is as follows:

(1)
We assume that the hyperbolic coordinate of the source node is $\left( {r_{s} ,\theta_{s} } \right)$, and the hyperbolic coordinate of the destination node is $\left( {r_{d} ,\theta_{d} } \right)$. The hyperbolic coordinate of the destination node is encapsulated in the packet and the source node sends the packet to the destination node through the forwarding of intermediate nodes.
(2)
When an intermediate node receives the packet, it will compute the hyperbolic distance of each neighbor node $\left( {r_{i} ,\theta_{i} } \right)$ to the destination node $\left( {r_{d} ,\theta_{d} } \right)$ according to the hyperbolic distance formula $x_{id} = {\text{arccosh}}\left( {\cosh r_{i} \cosh r_{j} - \sinh r_{i} \sinh r_{j} { \cos }\theta_{id} } \right)$, $\theta_{id} = \pi - \left| {\pi - \left| {\theta_{i} - \theta_{d} } \right|} \right|$, then it chooses the nearest neighbor node as the next hop to forward the packet.
(3)
Through the process in 2), the packet finally reaches the destination node $\left( {r_{d} ,\theta_{d} } \right)$.

Algorithm 4.9 shows the Greedy Routing algorithm executed by each node in the network with the above routing strategy.

In case of a short-term failure of some nodes, an alternative path can be found by adding a backtracking mechanism to the simple greedy routing algorithm. In this case, the hyperbolic coordinates of the nodes do not need to be changed.

4.9.2 Delay-Based Distributed Self-adaptive Routing Algorithm in Satellite Networks

The delay-based distributed self-adaptive satellite routing algorithm is suitable for satellite networks with inter-satellite links. The algorithm calculates the propagation delay and queue delay of each candidate to the next hop to obtain the probability of selecting the next hop. Then the packet is forwarded according to the probability. In addition, when the load of satellite network is low, the data transmission between satellite network devices should be carried out through the satellite network first. When the satellite network is overload or the link fails, the data will be sent to the ground station and relayed by the terrestrial network.

The algorithm requires each satellite to establish the Access Information Table and Status Information Table. In the Access Information Table, entry ${\text{AIT}}_{\text{s}}$ records the information of users and ground stations connected to the current satellite, and the entry ${\text{AIT}}_{\text{u}}$, ${\text{AIT}}_{\text{d}}$, ${\text{AIT}}_{\text{l}}$, and ${\text{AIT}}_{\text{r}}$ records the information of users and ground stations connected to the satellite in the upper, lower, left and right direction, respectively. In the Status Information Table, the entry ${\text{SIT}}_{\text{u}}$, ${\text{SIT}}_{\text{d}}$, ${\text{SIT}}_{\text{l}}$, and ${\text{SIT}}_{\text{r}}$ record the link status, size of packets in the buffer queue, load of buffer queue and channel attenuation coefficient of the satellites in the upper, lower, left and right direction, respectively.

The algorithm is designed with a notification mechanism. Each satellite node regularly sends notification messages to its neighbors, including the current satellite access information table ${\text{AIT}}_{\text{s}}$, packet size ${\text{q}}_{\text{i}}$ in the buffer queue, load ${\text{L}}_{\text{i}}$ of the buffer queue, and channel attenuation coefficient $\upvarepsilon$.

When the satellite node receives a packet, it needs to obtain the candidate node of the next hop according to the destination’s address and location information in the packet header. If the destination address is in ${\text{AIT}}_{\text{s}}$, the satellite node will direct forward the packet to the user in the terrestrial network. If the destination address is in ${\text{AIT}}_{\text{u}}$, ${\text{AIT}}_{\text{d}}$, ${\text{AIT}}_{\text{l}}$, or ${\text{AIT}}_{\text{r}}$, the satellite node will forward the packet to the corresponding satellite. Otherwise, the candidate next hop is obtained according to the destination’s location information and the SIT table.

Depending on the orbit and in-orbit position of the current satellite node and the destination satellite node, the number of candidates for the next hop is usually one or two. If there is only one candidate for the next hop, the probability that this node to be the next hop is 100%. If there are two candidates for the next hop, we should calculate the probability of which to be the next. Assuming based on current node, it faces the choice of the next hop in the vertical direction and the horizontal direction, and the paths after two hops completely coincide, which means the probability of calculation only considers the delay of the next two hops. If the next hop in the vertical direction is ${\text{N}}_{\text{v}}$ and the next hop in the horizontal direction is ${\text{N}}_{\text{h}}$, then the probability of the next hop is inversely proportional to the total delay of the two paths from the current node to the second hop via ${\text{N}}_{\text{v}}$ and ${\text{N}}_{\text{h}}$, respectively. The total delay is the sum of propagation delay and queue delay, which is obtained as follows:

$$T_{total} = T_{propagation} + T_{queue}$$

(4.23)

As a distributed algorithm, the probability calculation ignores the queue delay on other satellite nodes. The probability $P_{v}$ of choosing the next hop in the vertical direction and the probability $P_{h}$ of choosing the next hop in the horizontal direction can be obtained by the following equation:

$$\frac{{P_{v} }}{{P_{h} }} = \frac{{T_{p} \left( {intra} \right) + T_{p} \left( {inter_{h} } \right) + T_{q} \left( h \right)}}{{T_{p} \left( {intra} \right) + T_{p} \left( {inter_{v} } \right) + T_{q} \left( v \right)}}$$

(4.24)

where $T_{p}$ is the propagation delay and $T_{q}$ is the queue delay. We use R, H, and c to represent the radius of the earth, the orbital altitude, and the velocity of light, respectively. N represents the number of satellites in an orbit, and M represents the number of satellite orbits. The propagation delay between adjacent satellites in the same orbit is calculated as follows:

$$T_{p} \left( {intra} \right) = \frac{{2\pi *\left( {R + H} \right)}}{N*c}$$

(4.25)

Assume the latitude of ${\text{N}}_{\text{h}}$ is ${\text{lat}}_{h}$ and the latitude of ${\text{N}}_{\text{v}}$ is ${\text{lat}}_{\text{v}}$, then the propagation delay between the current node to ${\text{N}}_{\text{h}}$, and ${\text{N}}_{\text{v}}$ to the node of the second hop is:

$$T_{p} \left( {inter_{h} } \right) = \frac{{2\pi *\left( {R + H} \right)*\cos \left( {lat_{h} } \right)}}{2*M*c}$$

(4.26)

$$T_{p} \left( {inter_{v} } \right) = \frac{{2\pi *\left( {R + H} \right)*\cos \left( {lat_{v} } \right)}}{2*M*c}$$

(4.27)

Assume the packet size of ${\text{N}}_{\text{h}}$’s and

$$T_{q} \left( h \right) = \frac{{q_{h} }}{{C*\varepsilon_{h} }}$$

(4.28)

$$T_{q} \left( v \right) = \frac{{q_{v} }}{{C*\varepsilon_{v} }}$$

(4.29)

Finally, according to the ratio of $P_{v}$ and $P_{h}$, the probability of the next hop in the vertical direction and the horizontal direction can be calculated. Hence the node can forward the packet according to the calculated probability.

The complete process of the delay-based distributed adaptive satellite routing algorithm is as follows:

When the satellite node receives a packet, ① if it is an interest packet with a content identifier, then the satellite node will check CS and return a copy if cache hits. Otherwise, the satellite node will check PIT to verify if an entry for the same content name already exists, if so, appends the incoming interface information to the entry and discards the interest packet, if not, creates a new PIT entry, and then follow the normal routing process. If it is a data packet with a content identifier, it will be forwarded according to the interface information in PIT entry. If the name of the data packet cannot be found in PIT, it will be discarded. ② If the received packet with an identity identifier or a service identifier, it will be processed directly according to the normal routing process. The specific routing process is shown in Algorithm 4.10.

The integrated routing of ST-MIN can be divided into space-to-space routing, space-to-terrestrial routing, terrestrial-to-space routing, terrestrial-to-terrestrial routing. ① Space-to-space routing refers to the routing of packets transmitted between communication devices both connect to the satellite network. ② Space-to-terrestrial routing refers to the routing that satellite network device sends packets to the terrestrial network device. ③ Terrestrial-to-space routing refers to the routing that the terrestrial network device sends data packet to the satellite network device. ④ Terrestrial-to-terrestrial routing refers to the routing of packets transmitted between terrestrial devices.

In space-to-space routing, the communication process is established as follows. The sender searches the receiver’s GPS identifier according to the receiver’s identity identifier in the MIS. The GPS identifier is used as the destination of the packet. Then the packet is forwarded in the ST-MIN. when the condition of the satellite network is good, the packet can arrive the receiver by transmission in the satellite network, otherwise, it is sent to the terrestrial network to relay. Finally, the packet will arrive the receiver. The routing process is shown as route ① in Fig. 4.33.

In space-to-terrestrial routing, the communication process is established as follows. The sender searches the receiver’s hyperbolic coordinate according to the receiver’s identity identifier in MIS. The sender calculates locally the hyperbolic distance from several nearby ground stations to the receiver, and chooses the ground station with the shortest distance as the destination to send the packet. After arriving the terrestrial network, each intermediate node selects the nearest neighbor node to the destination as the next hop by calculating the hyperbolic distance between the neighbor and the destination. After arriving at the lowest level autonomous domain, the packet arrives at the receiver through the intradomain routing. The routing process is shown as route ② in Fig. 4.33.

In terrestrial-to-space routing, the communication process is established as follows. The sender searches in MIS to obtain the receiver’s GPS identifier according to the receiver’s identity identifier, and one or more hyperbolic coordinates of the ground station which is responsible for the receiver’s area. Then through local calculation, the ground station with the smallest distance is selected as the destination of data uploading. After arriving at the ground station by hyperbolic routing, the packet is uploaded to the satellite network. Then the network routes the packet through receiver’s GPS identifier, and finally sends packets to receiver. The routing process is shown as route ③ in Fig. 4.33.

In terrestrial-to-terrestrial routing, the communication process is established as follows. The sender searches the hyperbolic coordinate of the receiver in MIS through the identity of the receiver. For cross domain communication, the packet will be routed to the edge router of its domain, and then it will be routed to the edge router of the receiver’s lowest level autonomous domain through hyperbolic routing. Finally, it will arrive at the receiver through intra-domain routing. For intra-domain communication, the packet will be routed directly through the intra-domain routing protocol. This process is shown as route ④ in Fig. 4.33.

4.10 Identifier Extension Technology

In order to meet the needs of various communication scenarios, there are multiple identities coexisting equally in MIN. Further, in the view of new communication modes and scenarios that will appear in the future, we propose a model to support the evolution of MIN. The evolution of MIN architecture is the continuous extension of routing identifier in network layer. Therefore, in order to guarantee endogenous evolution ability of MIN, we designed an identifier extension mechanism that allows the gradual extension of MIN identifiers.

Firstly, we classify the identifiers of MIN and define the identifier space. Then, we propose a network packet format to support network evolution, and the network identifier generation, management and resolution mechanism. Based on the proposed network packet format and identifier management system, a mechanism supporting identifiers fallback and the routing mechanism that supports handling packet are designed to provide the endogenous support for network identifier extension of MIN.

4.10.1 Basic Formats for Network Packet

MIT supports the transmission control in the push semantic and the pull semantic. The network packet encoding method uses a specific TLV (Type-Length-Value) format for encoding. TLV encoding divides a binary data block into three fields. The Type field represents the type of the current data block. The Length field, indicates the Length of the Value field. The Value field is used to store the data or to nest one or more TLV blocks. The basic data structure in TLV encoding mode is shown in Table 4.10.

Table 4.10 The packet structure with TLV format

Full size table

The length of the Type field and Length field should comply with the regulation of Table 4.11. The value of the first byte indicates the length of the field, and reserve twelve values for the expansion of the Type field and the Length field in the future. Given a Type field or a Length field, the first byte of the field will be read first, this byte represents an 8-bit unsigned integer. If the first 8-bit unsigned integer’s value is in the range [0,240], it means that this filed has only one byte. If the first 8-bit unsigned integer’s value is 241, it means that this filed has three byte, and the next two bytes represent a 16-bit unsigned integer which is used to store the value of Type filed. If the first 8-bit unsigned integer’s value is 242, it means that this filed has five bytes, and the next four bytes represent a 32-bit unsigned integer which is used to store the value of the Type field or the Length field.

Table 4.11 The length of Type and Length field

Full size table

According to the regulation in Table 4.11, when we want to represent a Type field with a value of 98, one byte is used to represent the Type value, and this byte represents an 8-bit unsigned integer with a value of 98. When we want to represent a Type field with a value of 890, three bytes are needed to represent the Type field. The first byte of these three bytes is an 8-bit unsigned integer with a value of 241, and the next two bytes are a 16-bit unsigned integer with a value of 890, as shown in Fig. 4.34. And so on, the length of the Type field can be 5, 9, or longer. The Length field is represented in the same way as the Type field.

The packet structure in TLV encoding is shown in Fig. 4.35. Each field of network packet is encapsulated in the Value field of the top-level TLV structure, and different areas in each field are recursively encapsulated into the Value field of the field’s TLV structure. The basic fields that must be included in the packet and the assignment of corresponding Type values are given in the Table 4.12. The identifier of packet including the source address and destination address are also organized as a TLV structure, which uses the Type field to represent the type of identifier. Considering different semantics of the same forms of identifiers, another Type field is added at the beginning of Value field of the TLV structure to represent the transmission semantics. Therefore, a data structure used to store an identifier in a network packet can be represented as “{Type | Length | Semantic-Type | Value}”. In addition, in order to distinguish the priority of the identifiers, rather than adding additional fields, we use the location of the identifier in the data packet to indicate the priority. The closer the location of the identity is to the network packet’s head, the higher its priority will be.

Table 4.12 The basic fields of a packet

Full size table

The destination identifier area can store multiple destination identifiers for identifier fallback, but only one of them represents the intent of the sender, which is referred to the original identifier. The more identifiers stored in a destination identifier area, the higher the transmission overhead will be. Considering the above trade-off, up to six different destination identifiers can be stored in a data packet, which can be adjusted in the future when computing ability is improved. The size of the identifier can be defined by the user. In general, the destination identifier area size should not exceed 7.5% of the maximum network packet size. In the first implementation version of the proposed method, the maximum length of network packet is defined to 8000 bytes, in which the identifier area’s size can be up to 600 bytes. The average identifier length can support a maximum of 100 bytes, which is far beyond the IPv6 address length to meet the current network communication requirements. In the future, the length of an identifier can be configured for longer as the network packet length grows.

Finally, for describing the identity fallback mechanism later, we present five typical identifiers with their names, Type values, semantics and specific examples as shown in Table 4.13.

Table 4.13 Five typical identifiers

Full size table

4.10.2 Identifiers Binding in MIS

The function of the MIS is to provide a unified identifier registration, query, management and resolution service for devices in the network. Each user in the network is bound to a unique identity identifier in the network, and the identity identifier of a user will also be bound to other identifiers, including content, service, geographic information, IP address. At the same time, considering the mobility, the user also needs to be bound to the identifier of the access router.

The users can request a human readable string as its name of identifier set, similar to a domain name address. For example, a user can request a name of “Alice” so that others can find her communication ID. In this case, the acquisition of a communication identifier is equivalent to a DNS resolution, and the specific identifier resolution process is described in the section about MIS.

4.10.3 Identifier Extension Mechanism

Identifier extension is achieved by carrying an alternate destination identity in the network packet. The identity identifier (or other basic identifiers) of the destination must be carried in each packet to ensure that all routers in the network support packet forwarding. With the support of router processing mechanism, the basic process that a user sends a packet with a new network identifier contains the steps shown as follows.

(1)
The user queries all identifiers of the communication entity in the MIS with the new destination identifier X or the user name.
(2)
The user encapsulates the new identifier X, X’s corresponding identity identifier, and corresponding identifier which has the same transmission semantic with X into the destination identifier field of the packet. All the identifiers are sorted according to the addressing priority desired by the user;
(3)
When an intermediate router receives the packet and reads the identifier type from the Type field in the destination identifier area. Then according to the priority of the various identifiers in the destination identifier area, the identifier with the highest priority and supported by the current router is selected for subsequent forwarding. When the router selects an old identifier (i.e., not the identifier X) for forwarding and the forwarding is successful, the process is called identifier fallback;
(4)
If the router selects the identifier with high priority for forwarding, but the forwarding is unsuccessful, the router will continue to select the identifier with lower priority for forwarding. When all the identifiers in the destination identifier area have been tried but none of them can be used to forward the packet successfully, the packet will be discarded.
(5)
When the packet arrives at the destination, if there is a principal wait for the packet with the new identifier X, the X will be used by the destination host to forward the packet. Finally, the new identifier X is used for local forwarding to the corresponding process or receiver. This process can be referred to as the recovery of the new identifier X.

Before the network packet is sent out, it is the suitable time to select alternate identifiers. If all the identifiers with the same semantic are loaded into the destination identifier, there may be the problem that the number of identifiers exceeds the upper limit, and some identifiers will not be used in the whole network communication process causing unnecessary communication overhead. Identifier space detection mechanism is introduced to solve this problem. Similar to the ICMP protocol in an IP network, according to the detection mechanism the user sends a probe packet, which carries only an identity identifier as the alternate identifier. The intermediate router records the identifier type that it supports and has the same semantic as the new identifier X in the variable data area of the probe packet. The destination host records the source address, which can be acquired in the signature information of the packet, and its corresponding sequences of identifier space, then returns the reply packet. The reply packet returns the identifier space information recorded in the probe packet to the sender. According to the identifier type recorded in the variable data area of the reply packet, the user selects the appropriate alternate identifiers and loads them in the destination identifier area.

Identifier extension achieved by identifier fallback mechanism is based on one or several fundamental identifiers existing in MIN. As long as an identifier follows simple point-to-point push semantic, the identifier can be used as a fundamental identifier, and can be used as the anchor for the fallback process of other identifiers. Therefore, the proposed method allows that there can be a variety of basic identifiers in MIN as the anchor of fallback. For example, we can use the identity identifier, geographic information identifier, and hyperbolic identifier as fundamental identifiers. With the development of the network, when all routers do not support some obsolete fundamental identifiers, these obsolete fundamental identifiers can also be replaced gradually to support network evolution.

4.10.4 Procedure of the Packet Processing

When the router receives a packet, it firstly decreases the TTL value in the packet by one. Then If the TTL value is less than 0, the packet is dropped. If the TTL value is greater than 0, the next operation is performed. Next, determining whether the network packet is an identifier space probe packet, if so, a specific area in the packet is set to record the identifier type number which is supported by the current router and has the same identity semantic as the packet’s first identifier. When the router processes a packet with multiple destination identifiers, the intention of the sender, identifier priority and its own ability to support the identifier should be considered. The procedure of the packet processing is shown as follows:

(1)
Step 1: The router reads each identifier in the destination identifier area from front to back;
(2)
Step 2: For each identifier, the router judges whether the current router supports the addressing, forwarding and processing of the identifier;
(3)
Step 3: If the router supports this identifier, it will try to use this identifier to transmit the packet. If the forwarding process of the packet is successful, the procedure of the packet processing will end; otherwise, return to Step 1;
(4)
Step 4: If the router does not support the identity, return to Step 1;
(5)
Step 5: After all identifiers have been traversed, if the packet still cannot be forwarded, it will be discarded.

References

Jacobson V, Smetters DK, Thornton JD et al (2009) Networking named content. In: Proceedings of the 5th international conference on emerging networking experiments and technologies-CoNEXT, pp 1–12
Google Scholar
Li H, Ma H, Li HP et al (2017) Blockchain based domain name resolution system. US Patent. App. No. 15768833, 2018.04.16
Google Scholar
Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf. Accessed 14 Jan 2020
Eyal I, Gencer AE, Sirer EG et al (2016) Bitcoin-NG: a scalable blockchain protocol. In: Proceedings of the 13th usenix conference on networked systems design and implementation, Berkeley, CA, pp 45–59
Google Scholar
Kiayias A, Russell A, David B et al (2017) Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Proceedings of annual international cryptology conference. Springer, Cham, pp 357–388
Google Scholar
Li KJ, Li H, Hou H et al (2017) Proof of vote: a high-performance consensus protocol based on vote mechanism & consortium blockchain. In: Proceedings of 19th IEEE international conference on high performance computing and communications (HPCC). IEEE, pp 466–473
Google Scholar
Li KJ (2017) Research on the new consensus mechanism of consortium blockchain. Peking University, Beijing, p 2017
Google Scholar
Li KJ, Li H, Wang H et al (2020) PoV: An efficient voting-based consensus algorithm for consortium block-chains. Front Blockchain 3(11):1–16
Google Scholar
Li H, Li KJ, Chen YL et al (2017) Determining consensus in a decentralized domain name system. US Patent. US.10382388 B2, 2019.08.13
Google Scholar
Wang XG, Li KD, Li H (2017) Consortium DNS: a distributed domain name service based on consortium chain. In: Proceedings of the 19th IEEE international conference on high performance computing and communications (HPCC). IEEE, pp 617–620
Google Scholar
Li H, Li HP, Ma HJ et al (2017) Indexing a multi-layer blockchain system. US Patent. App. No. 15997726, 2018.06.05
Google Scholar
Wei GH, Li H, Bai YJ, Li GX, Xing KX (2020) Space-terrestrial integrated multi-identifier network with endogenous security. Space-Integrated-Ground Inf Netw 1(02):66–73
Google Scholar
Lv S, Li H, Wu JX et al (2020) Routing strategy of integrated satellite-terrestrial network based on hyperbolic geometry. IEEE Access 8:113003–113010
Article Google Scholar
Xu L, Li H, Hu JW et al (2017) An autonomous system based security mechanism for network coding applications in CCN. In: Proceedings of international conference on mobile, secure, and programmable networking. Springer, pp 34–48
Google Scholar
Li H, Wang H, Wu JX et al (2018) A method and system for multi-identifier network privacy protection and identity management. PCT Patent. PCT: CN2018/119724, 2018.12.07
Google Scholar
Li WJ, Li XF, Li H et al (2018) CutSplit: a decision-tree combining cutting and splitting for scalable packet classification. In: Proceedings of IEEE international conference on computer communications (INFOCOM), 2018, May, Honolulu, USA
Google Scholar
Yu HY, Li H, Yang X et al (2020) On chord in distributed storage system. In: Proceedings of IEEE international conference on Big Data (Big Data). IEEE, pp 1–6
Google Scholar
Boneh D (1999) Twenty years of attacks on the RSA cryptosystem. Not Am Math Soc (AMS) 46(2):203–213
MathSciNet MATH Google Scholar
Mumtaz M, Ping L (2019) Forty years of attacks on the RSA cryptosystem: a brief survey. J Discrete Math Sci Crypt 22(1):9–29
Google Scholar
Kocher PC (1996) Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Proceedings of the 16th annual international cryptology conference on advances in cryptology. Springer, Berlin Heidelberg
Google Scholar
Members of loria (2006) Integer factoring records. https://members.loria.fr/PZimmermann/records/factor.html. Accessed 14 Jan 2020
Yang X, Li H, Wang H (2018) NPM: An anti-attacking analysis model of the MTD system based on Martingale theory. In: Proceedings of 2018 IEEE symposium on computers and communications (ISCC), p 1–7
Google Scholar
Ross SM (1983) Stochastic processes
Google Scholar
Li H, Wu JX, Yang X, Bob LI et al (2019) Anti-attacking modelling for CMD systems based on GSPN and Martingale theory. US Patent. US10440048B1, 2019.10.08
Google Scholar
Yang X, Li H, Wu JX (2019) A two-dimension security assessing model for CMDs combined with generalized stochastic Petri net. SCIENTIA SINICA Informationisnis 50(12):1–17. https://doi.org/10.1360/SSI-2019-0224
Article Google Scholar
Papadopoulos F, Psomas C, Krioukov D (2014) Network mapping by replaying hyperbolic growth. IEEE/ACM Trans Netw 23(1):198–211
Article Google Scholar
Bläsius T, Friedrich T, Krohmer A et al (2018) Efficient embedding of scale-free graphs in the hyperbolic plane. IEEE/ACM Trans Netw 26(2):920–933
Article Google Scholar
Hu JW, Li H (2019) A composite structure for fast name prefix lookup. Front Blockchain 6(15):1–9. https://doi.org/10.3389/fict.2019.00015
Yang KX, Sang YS (2017) Research on DDoS detection based on BP neural network. J Sichuan Univ (Nat Sci Ed) 54(1):71–75
Google Scholar
Wei GH, Li H, Bai YJ, Li GX, Xing KX (2020) Space-terrestrial integrated multi-identifier network with endogenous security. Space Integr Ground Inf Netw 1(02):66–73
Google Scholar
Li H, Wu JX, Xing KX et al (2019) Prototype and testing report of a multi-identifier system for reconfigurable network architecture under co-governing. SCIENTIA SINICA Informationisnis 49:1186–1204
Google Scholar
Meng J (2012) Research on key techniques in network security situation assessment and prediction. Doctoral dissertation, Nanjing Univ Sci Technol 1–114. https://doi.org/10.7666/d.Y2276837

Download references

Author information

Authors and Affiliations

Shenzhen Graduate School, Peking University, Shenzhen, China
Hui Li & Xin Yang

Authors

Hui Li
View author publications
You can also search for this author in PubMed Google Scholar
Xin Yang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hui Li .

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Li, H., Yang, X. (2021). Key Technologies of Sovereignty Network. In: Co-governed Sovereignty Network. Springer, Singapore. https://doi.org/10.1007/978-981-16-2670-8_4

Download citation

DOI: https://doi.org/10.1007/978-981-16-2670-8_4
Published: 27 July 2021
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-2669-2
Online ISBN: 978-981-16-2670-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Key Technologies of Sovereignty Network

Abstract

4.1 Identity Centric Network

4.1.1 MIN Based on Identity Centric Network

4.1.2 Data Transmission Scheme

4.1.3 Process of User Access

4.2 Large-Scale Multilateral Managed Consortium Blockchain Technology

4.2.1 PoV Consensus Algorithm

4.2.2 PoV Consensus Process

4.2.3 PoV Hierarchical Signature Mechanism

4.3 Routing Scheme for Billions of Multiple Identifiers

4.3.1 Border Gateway Protocol

4.3.2 Hyperbolic Identifier and Routing Scheme

4.3.3 Hash Table with Prefix Tree Algorithm (HPT)

4.4 Identity Authentication Scheme Based on Real Identity and Biometric

4.4.1 Introduction of User Biological Characteristics

4.4.2 Introduction of Each Module

4.4.3 Application Scenarios

4.5 Privacy Protection and Network Management

4.5.1 Electronic Visas of Sovereignty Network

4.5.2 Asymmetric Encryptions

4.5.3 Privacy Preserving Policy

4.6 Security Situation Awareness System

4.6.1 Innovative Points

4.6.2 Technical Terms

4.6.3 Application Scenarios

4.6.4 System Architecture

4.7 Security Analysis

4.7.1 Security Mechanisms

4.7.2 Security Mechanism of Network Architecture

4.7.3 Security Mechanism of Network Links

4.7.4 Security Mechanism of Core Components

4.7.5 Security Gain Brought by Sovereignty Network

4.7.6 Conclusion

4.8 Transmission Control

4.8.1 MIT Design

4.8.2 Active Congestion Detection

4.8.3 Explicit Congestion Notification

4.8.4 Hop-by-Hop Rate Shaping

4.8.5 Client Rate Adjustment

4.9 Addressing Model for Space-Terrestrial Integrated Networks

4.9.1 Hyperbolic Routing Algorithm in Terrestrial Networks

4.9.2 Delay-Based Distributed Self-adaptive Routing Algorithm in Satellite Networks

4.10 Identifier Extension Technology

4.10.1 Basic Formats for Network Packet

4.10.2 Identifiers Binding in MIS

4.10.3 Identifier Extension Mechanism

4.10.4 Procedure of the Packet Processing

References

Author information

Authors and Affiliations

Corresponding author

Rights and permissions

Copyright information

About this chapter

Cite this chapter

Download citation

Share this chapter

Publish with us

Search

Navigation