Prototype of Sovereignty Network and Application of Private Network Based on MIN

Li, Hui; Yang, Xin

doi:10.1007/978-981-16-2670-8_5

3752 Accesses

Abstract

Multi-Identifier Network (MIN) is compatible with IP network, and supports naturally and gradually de-IP, which will be promoted by users and the market for its performance gains rather than by compulsively. It is a predictable circumstance that the IP network may still be mainstream at United States of American in the future. But other countries will move away from IP to MIN in order to safeguard their sovereignty over cyberspace, and the connectivity between them and IP network are guaranteed through MIN. In other words, IP network will become the internal network of the United States, while other countries will constitute a multilateral governance network system based on MIN. In brief, the applications scenarios of Co-governed Sovereignty Network based on MIN could be classified into three scales: the small-scale scenarios such as high-security private networks for enterprises, industries, and government departments; the medium-scale scenarios of industrial Internet, private network of Internet of vehicles and smart city; the United Nations of Cyberspace: raplacing the current IP network with the large-scale high-security cyberspace for multilateral condominium and sovereign autonomy.

You have full access to this open access chapter, Download chapter PDF

Multi-Identifier Network (MIN) is compatible with IP network, and supports naturally and gradually de-IP, which will be promoted by users and the market for its performance gains rather than by compulsively. It is a predictable circumstance that the IP network may still be mainstream at United States of American in the future. But other countries will move away from IP to MIN in order to safeguard their sovereignty over cyberspace, and the connectivity between them and IP network are guaranteed through MIN. In other words, IP network will become the internal network of the United States, while other countries will constitute a multilateral governance network system based on MIN.

MIN integrates theories and technologies such as various network architecture, corresponding protocols, network defending mechanisms, artificial intelligence, blockchain consensus algorithm, and intelligent contract security.

MIN is based on the co-governing multi-identifier network architecture, which integrates various security control technologies. The primary application scenarios of MIN are the private network of government, military, financial industries and other large enterprises with high-security requirements. As a unified serving platform, MIN can also be applied to Industrial Internet, Internet of Things, and Internet of Vehicles. MIN can provide co-governing for international entities, such as the Shanghai Cooperation Organization and the “One Belt and One Road” states. It also supports top-level identification registration generation, full-cycle management, and analysis services. Starting from conducting networking experiments from a few states, MIN aims at forming a multinational public network to guarantee the cyberspace sovereignty of each states. The wide deployment of MIN will constitute the United Nations of Cyberspace with independent sovereignty and constitute a global public network system.

We have developed a sovereignty network testbed based on MIN architecture in operators’ network environment. The theory experiment and related applications of the sovereignty network have been carried out in this testbed.

The sovereignty network testbed covers Beijing, Guangzhou, Shenzhen, Hong Kong and Macao. The topology of this testbed, which is shown in Fig. 5.1, includes China Telecom, China Unicom, Peking University Shenzhen Graduate School, Kingsoft Cloud, South China University of Technology, The Hong Kong University of Science and Technology, The Chinese University of Hong Kong, Macau University of Science and Technology, as well as Guangdong Communications and Networks Institute etc.

5.1 Experiments of the Prototype System

Functions of the sovereignty network are tested in Operators’ network. The experimental environment is shown as follows:

1.
IDC Nodes

The operating system of servers in the Internet Data Center (IDC) is Ubuntu 16.04.

2.
Mainframes Used in Testing

The experiments use two type of mainframes, one with Ubuntu 16.04 and the other with Windows 10 Pro 64-bit. The former is used to demonstrate blockchain voting, process of group signing and ring signing, while the latter is used to demonstrate other processes.

5.1.1 User Registration and Resource Publishing

Environment Description

This functional experiment is carried out within the sovereignty network. Users on the Kingsoft Cloud node, conduct the registration and resource publishing.

1.
User Registration

The users register in the client with their real identity information, such as ID numbers, telephone numbers, and so on. The registration interface is shown in Fig. 5.2.

2.
Resource Publishing
1. (1)
  User who has registered in the system successfully can log in the system with fingerprint and iris.
2. (2)
  After logging in the system successfully, user can publish their resources which will be displayed on the client interface.

The interface of publishing resources is shown in Fig. 5.3. The interface of publishing resources successfully is shown in Fig. 5.4. The published resources can be accessed with users’ certificate, as shown in Fig. 5.5.

5.1.2 Accessing to IP Internal Network Resource

Environment Description

To demonstrate accessing function of the sovereignty network, a VoD video transmission testing have been conducted between the nodes of Kingsoft Cloud and the nodes of Peking University Shenzhen Graduate School.

Demonstration Details

Users Located on Kingsoft Cloud, visit the video resources of the National Digital Library and the National Cultural Database, which are located on Peking University Shenzhen Graduate School. The results show that these video resources could play normally on the screen of the remote client.

(1)
Video resources: HD, 1080P
(2)
Number of ways: 2 (limited by bandwidth)

Demonstration Results

In actuality, the video pulling result was shown in Fig. 5.6.

5.1.3 Accessing to External IP Resources

Environment Description

The users Located at Kingsoft Cloud ask for IP resources, which are located on the node of South China University of Technology. The demonstration shows that the system gets the file from South China University of Technology.

Demonstration Details

(1)
When a user tries to get the file at IP network for the first time, the system will prompt user to apply for the group signature. Only users who have passed the group signature can access external IP resources.
(2)
User access information is recorded on the blockchain node.
(3)
After all this, the user successfully gets the file from the external IP node.

Demonstration Results

The group signature is shown in Figs. 5.7 and 5.8.

Relevant information is locked in the blockchain, as shown in Fig. 5.9.

The user successfully gets the file at the external IP node, as shown in Fig. 5.10.

5.1.4 Certification Between Sovereignty Networks

Environment Description

Files with .txt suffixes are transferred between users of China Telecom and users of Peking University Shenzhen Graduate School.

Demonstration Details

(1)
A user of Peking University Shenzhen Graduate School applies for the certificate of the node at China Telecom.
(2)
If applying for the certificate successfully, user downloads the files of sovereignty network from the node at China Telecom.
(3)
If user doesn’t successfully apply for the certificate, user will have no right to obtain files in the sovereignty network, which are located on the China Telecom node.

Demonstration Results

The interface of applying for the certificate is shown in Fig. 5.11.

Users ask for other content with their certificates in the sovereignty network, as shown in Fig. 5.12.

The certificate information is recorded in the blockchain, as shown in Fig. 5.13.

5.1.5 Data Filtering Function of EMIR

Environment Description

When a sovereignty network user accesses the .txt file in IP network, sensitive words in the file will be filtered. A user of Kingsoft Cloud visits the file, which is an IP resource and located on the node of South China University of Technology.

Demonstration Details

(1)
The Kingsoft Cloud node audits the received packets.
(2)
If the packet contains harmful information, the harmful character is replaced with “**”.
(3)
The Kingsoft Cloud node sends the filtered file to the client.
(4)
When the client detects the character “**” contained by the file, the interface displays that “this file contains sensitive words”.

Demonstration Results

The result of using a signature to get the external IP text content is shown in Fig. 5.14.

The system will give a prompt when it has detected sensitive information in the text, as shown in Fig. 5.15.

The final version of the file that user gets has been filtered out for harmful information, as shown in Fig. 5.16.

5.1.6 E-Mail Transmission in Sovereignty Network

The two sovereignty subnetworks of Kingsoft Cloud and Peking University Shenzhen Graduate School form a large sovereignty network. A user of Kingsoft Cloud, sends an email to another user of Peking University Shenzhen Graduate School through the sovereignty network. User of Peking University Shenzhen Graduate School will receive this email successfully.

Demonstration Details

(1)
Firstly, a user of the sovereignty network is located on the node of Kingsoft Cloud. Another user of the sovereignty network is located on the node of Peking University Shenzhen Graduate School.
(2)
Then the user of Kingsoft Cloud sends an email to another user of Peking University Shenzhen Graduate School. The system interface shows that the mail has been sent successfully.
(3)
Finally, the system interface of Peking University Shenzhen Graduate School shows that the user mailbox receives a new email.

Demonstration Results

The e-mail transmission is shown in Figs. 5.17, 5.18 and 5.19.

5.1.7 Voting Through Blockchain

The blockchain voting process is displayed in real-time by the administrator end deployed on the host with the operating system of Windows ver.10, and the interface information is shown in Fig. 5.20.

5.2 MIN-Security Reliable Private Network

On March, 22, 2019, MIN has realized the multilateral co-governing and sovereignty autonomy in cyberspace for the first time. On, Nov. 2019, MIN and its prototype system were awarded as the leading technological achievements of the sixth World Internet Conference hold in Wuzhen, China [1]. However, the size of existing IP networks is so large, it is difficult to replace IP network architecture with the revolutionary MIN architecture in one day.

In 2020, considering the primary application scenarios of MIN are virtual private network of government, military, financial industries and other large enterprises with high-security requirements, we developed a MIN-Security Reliable Private Network (MIN-SRPN) based on the existing IP environment, which allowed both IP network and MIN to coexist. MIN-SRPN can meet the practical needs of mobile office, identity management, authority management, log storage, behavior detection, identity authentication, and network security.

5.2.1 MIN-SRPN

Multiple innovations have been adopted in MIN-SRPN to achieve efficient network access and orderly regulation. Firstly, blockchain technology guarantees the credibility of log records. Secondly, Cyber Mimic Defense [16] technology ensures the endogenous security of the core system. Thirdly, AI technology is used to detect, ser behavior and aware of security situations to ensure network security. Fourthly, real identity and biological characteristics are used to assures the reliability of user identifier and the effectiveness of user management. Fifthly, a new type of package binding identity information and data is proposed to effectively supervise the network. Finally, a variety of cryptographic signature technologies are used to achieve 198 a balance between privacy protection and supervision.

The MIN-SRPN v1.1 has been developed completely, which includes background systems and front-end systems. The background systems include the Multi-identifier System (MIS) and the Multi-identifier Router (MIR). The front-end systems include the administrator’s client on Windows and four kinds of users’ clients on Windows, Android, macOS, and iOS.

The overall architecture of MIN-SRPN is shown in Fig. 5.21. This private network is composed of the management plane and the data plane, including storage system, office PC, office software, MIR, MIS server, etc. The IP network is used for interconnection and free access to each other in the office area. Multiple IP entrances and exits are reserved to help that internal network users access external resources freely. At the same time, only one MIN entry is reserved to help that external network users access internal resources.

The management plane is composed of MIS servers shown in the dashed box on the top of Fig. 5.21. These MIS servers communicate with routers on the data plane. MIS is deployed on blockchain nodes to record the identity and behavior log of users to ensure that the content of the whole network is unified, tamper-resistant, and traceable. The identity management module is responsible for the functions including user registration, user login, and certificate issuance. The behavior detection module is responsible for storing and analyzing access records of users to guarantee the security of information.

The data plane is mainly composed by user terminals, switches and MIRs. As the core equipment of data plane, MIR is mainly used for identifier inter-translation, routing, content filtering, data protecting, and other functions. MIR in MIN-SRPN is mainly used for traffic entry, that is, the external network users use MIN-SRPN to visit internal resources, and it is also used for forwarding MIN resources.

The storage system is mainly for storing resources, which are divided into internal IP resources and internal MIN resources. The internal Private IP (P-IP) resources refer to the resource located in an internal IP network. Users in the internal network can freely access P-IP resources in the traditional way, while users in the external network have to use MIN-SRPN to access P-IP resources. When the access traffic passes through MIN, MIS is responsible for identity management and behavior recording, and MIR is responsible for forwarding and identity authentication.

MIN-SRPN is a network without IP. All attack methods and weapons against TCP/IP protocol do not affect MIN-SRPN. After a long period of penetration testing by several professional teams, the results demonstrate that MIN-SRPN can effectively be immune to all attacks in IP-MIN and MIN-MIN network scenarios. MIN-SRPN can effectively protect industries with high-security requirements. Interesting potential users could visit the web^{Footnote 1} for more messages.

For large and medium-sized enterprises, we provide customized security products and solutions based on MIN-SRPN, according to the requirements of target customers. For small businesses, we plan to provide cloud services based on MIN-SRPN. As technical exporting, the underlying technologies can be encapsulated and provided to information technology companies in the downstream.

Industrial Internet Working Group of the Ministry of Industry and Information Technology of the People’s Republic of China has adopted MIN as a reference architecture for China’s independent supervision root service system. Shenzhen Media Group of China, as the first customer and user, has deployed MIN-SRPN as its media resources management system for China United Television (CUTV). In cooperation with Some Smart City Technology Development Group Co., Ltd., Peking University Shenzhen Graduate School is planning to build a hierarchical security private network for over 1,000 state-owned key enterprises. In the future, MIN-SRPN will be adopted to build the Internet of vehicles, 5G private network and government-private network.

MIN-SRPN is a small scenario application of MIN. The scale effect brought by incremental deployment of MIN-SRPN will increase the proportion of MIN traffic and gradually replace the IP system. Furthermore, MIN will become the global public Internet system.

5.2.2 Water Utilities System Based on MIN-SRPN

In order to improve its network security level, One of the Top Water Supply Groups in China, denoted as OT-WSG, was adopted this MIN-SRPN to replace its current IP-VPN scheme. After a long period of penetration testing by several professional teams, the results demonstrate that the MIN-SRPN can effectively be immune to all attacks in IP-MIN and MIN-MIN network scenarios.

According to the management levels, the water utilities system based on MIN-SRPN of this Water Group is mainly divided into four levels, including the group’s internal network, the area’s internal network, the water utilities company’s internal network, and the waterworks’ internal network. All terminal nodes within the business scope have wired connected to MIN-SRPN.

OT-WSG is planning to adapt MIN-SRPN to achieve the aims listed as follows. The network penetration attack based on TCP/IP system defects can be prevented to ensure that the anti-attack permeability is significantly improved compared to the existing IP-VPN network, including but not limited to TCP Trojan, UPD Trojan, ICMP Trojan implantation and other classic attack methods. The number of leased special lines is decreased to reduce the group’s rental cost of communication cables.

1.
Requirement Analysis

The safety of drinking water is related to the health of millions of households, and safe water supply must rely on a complete information system to assist management.

Its information systems are vulnerable to cyberattack. In addition, the criminals intend to destroy the application system and industrial control equipment to achieve their purposes. In order to ensure the security of information system, computer network as the medium of information exchange is the key protection target of MIN-SRPN.

(1)
Consistency of Network Architecture

Through continuously improving the existing network architecture of the water company, the underlying facilities of the system (such as optical fiber and physical lines) have covered all the business nodes, and the water departments and water plants have completed the deployment of facilities at all levels of the water utilities network in accordance with the existing management architecture. The water company’s business system and data backup system have been relatively complete. Given the need for water companies to provide essential services to the public in their daily lives, the business systems involved cannot be disrupted for a long time. Therefore, for the replacement of the existing network, it is necessary to keep the consistency with the original network infrastructure as much as possible and be compatible with the existing business system. At the same time, we need to eliminate redundant construction in order to reduce the upgrading cost of network system.

2.
Function Definition

MIN-SRPN consists of two parts: the management plane and the data plane, named MIS and MIRs respectively. All users and devices in MIN-SRPN are required to register in real identity. MIS is deployed on blockchain nodes to record the identity and behavior log of users to ensure that the content of the whole network is unified, tamper-resistant, and traceable. The identity management module is responsible for functions including user registration, user login, and certificate issuance. The behavior detection module is responsible for storing and analyzing access records of users to guarantee high-security information management. The data plane is mainly composed of switches and MIRs. As the core equipment of data plane, MIRs are mainly used for identifier inter-translation, routing, content filtering, data protection, and other functions.

The functions of MIN-SRPN are defined as follows:

(1)
Progressive de-IP: MIN are compatible to IP network, so MIN-SRPN can be directly deployed on the worldwide IP network. The existing application layer software needs not to be changed, and the conversion of network protocol can be completed with the help of MIN client software.
(2)
Mobile office: MIN-SRPN enables office staff to get rid of the constraints of time and space improving the efficiency of working and strengthening the remote collaboration. No matter on business trip or on the way to work, users of external network can timely approve documents, browse announcements, handle personal affairs, access internal network resources, and so on.
(3)
Identity management: Identity management includes user registration, user login and certificate issuance. New users have to registrant with their real identities to access the sovereignty network. They need to authenticate and register with real information such as ID number, mobile phone number, and face when they register a MIN account. The system uploads and stores user information in the blockchain. After the MIS receives the user’s login information and authenticates the user, it issues the user’s certificate to the EMIR for authentication in routing.
(4)
Authority management: Users can access and only access their own authorized resources according to security policies set by the system, and unauthorized resources cannot be accessed illegally.
(5)
Log storage: The servers in MIN-SRPN will extract destination address, destination port, HTTP URL and other information of each packet, which will be combined with user’s identity information to form user access record and sent to MIS.
(6)
Behavior detection: The system should effectively manage the identity of legal users, and be able to detect illegal behaviors of legal users. The behavior detection function of MIS will analyze and review user’s access records according to the user requirements and security policies.
(7)
Endogenous security: The multi-signature technology enables traceability of network packet, including signatures of user and first-hop router. All routers in MIN can verify the validity of network packet by checking the signature. Illegal data packet can be traced back to individual and user accessing location.
(8)
Situational awareness: The security situational awareness system can realize the real-time monitoring of the dual stack network and the security detection of the target host, as well as the real-time evaluation and prediction of the overall security of the current system.
(9)
Resisting the traditional IP attack: MIN can be immune to the traditional TCP/IP-based attacks, including ARP attack, DNS hijacking, port sniffing, vulnerability scanning, RAT Trojan attack, etc. Those attacks under IP network cannot play a role in MIN-SRPN environment after testing.

3.
The Architecture of MIN-SRPN

As shown in Fig. 5.22, a MIN VPN environment will be built between the head-quarters of OT-WSG and every water company of OT-WSG on China. It is a two-layer network structure. The top-level or first-level blockchain is consisted by the MIS note on the general headquarter and the MIS nodes on branch headquarter at each city. There are total tens of node on the top-level blockchain, and usually the same amount of second-level blockchain. Each MIS node of branch headquarter on each water company located at each city together with other MIS nodes being deployed on its water plants, water pump stations and etc. at the same city, to form each second-level blockchains respectively.

According to the security level of the application systems, the network for serving can be divided into general application area and core application area. The servers in general application area are open to authorized management users and authorized terminals. The servers in core application area are open to authorized management users only who login with designated bastion host. After building the MIN-SRPN, the network structure will be shown as in Fig. 5.23. MIRs are added to the dedicated line of the water group and each water company, which makes the network of the water group and company become a MIN-SRPN.

The topology is mainly composed of switches, MIRs, MIS servers and other devices, which are all in the MIN environment. MIRs are deployed at the exit of each location, and blockchain nodes are deployed on these servers to form identifier management system of the network. At the same time, these MIRs are also the exit of accessing IP network.

Within each water plant and pump station, MIRs are used to form the MIN-SRPN. MIRs connect directly to each other using network cables. The MIN packets are transmitted directly using MIN protocols, but rather the protocol for IP communication. MIRs of MIN subnet in multiple sites uses IP extranet as communication tunnel, which makes them logically form a unified MIN-SRPN.

The two-level network architecture of MIN-SRPN is shown in Fig. 5.24. The top-level chain consists of seven early network nodes, which are connected via the Internet. The secondary blockchain network consists of MIR for each node connection and other water company or subordinate institutions including water plants and water pumping stations within the node area. Secondary blockchain network is used to authenticate the identity of its users, manage the authority of its users, as well as alleviate the network load of top-level blockchain network.

The deployment of the first-level blockchain network in the early stage is designed as in Fig. 5.24. Considering that each internal network of the water group is an independent IP network, in order to facilitate the initial deployment of the MIN-SRPN, IP tunnel is adopted to realize the connection between the separate subnetworks of MIN. This approach enables progressive deployment. If a new regional company or water company called new node subsequently joins the top-level blockchain MIN, it can be gradually added to the top-level MIN in this manner.

When new node joins the first-level MIN-SRPN, the corresponding second-level blockchain network is created according to the scale of water plants and water pump stations in the region. In principle, the second-level network nodes take prefecture-level cities as the units for deploying. Secondary MIN servers are deployed in all water plants and water pump stations in the region to form a secondary MIN-SRPN. If there are more than one water company in an area, it is recommended to assign one water company as the primary node of the area to join the first-level MIN-SRPN.

There are two ways to form the secondary MIN-SRPN:

(1)
If the new node and the secondary node have deployed the private wired network, only a MIR server needs to be deployed on each secondary node in the region.
(2)
If there is no private wired network between the new node and secondary nodes, it needs to be connected through the Internet public network. The deployment between the secondary chain node and the regional master node is required in the way as shown in Fig. 5.25.
Fig. 5.25
The logic structure of network
Full size image

According to the requirement of OT-WSG to build a safety and reliable network, the proposed scheme adopts MIN-SRPN with OT-WSG in XYZ Province as a pilot program. The scheme constructs a secure and reliable network environment without changing the basic topology of the existing network.

5.2.3 The Human Resources Digital Intelligent Service Platform Based MIN

Another typical application of MIN-SRPN is the human resources digital intelligent service platform, which is collaborated with ShenZhen Zeneyes Digital Technology Co., Ltd.^{Footnote 2} ShenZhen Zeneyes Digital Technology Co., Ltd. is an innovative research and development company based in Shenzhen with cutting-edge blockchain technology, and focuses on the application of human resources digital industry. Their Smart Eye Digital Human Resource Project is an innovative human resource digital intelligent service platform with independent intellectual property rights which is deeply developed by using big data and blockchain technology. It provides a career credit system for professionals in the whole ecological field, redefines the career dynamic credit evaluation system, and reconstructs the digital ecology of career credit value by innovating “multilateral dynamic career credit certification system”, “big database of career credit traceability”, “full life cycle digital occupational chip”, and so on.

The core function of the MIN-based human resource digital intelligent service platform is to objectively define and record the whole life cycle credit certification system of professionals and form a large professional credit database through distributed storage, traceability and tamper-resistant encryption technology of blockchain. Based on building the professional credit database, a digital occupational chip is developed.

On the premise of respecting and protecting individual privacy, the intelligent algorithm is used to realize the efficient and accurate matching of talents with almost zero cost, and intelligent contract is used to form a rapid multilateral coordination mechanism of talent transaction and management. Meanwhile, ecological tokens are used to encourage multilateral participation in building long-term value of talent credit and contribute to ecological community.

The MIN-based human resource digital intelligent service platform advocates “people-oriented, and taking credit as principle” to create a credible, transparent, professional digital environment. By this way, the whole world of integrity laborers get better returns and more fair opportunity, and the cost and risk of industrial human resources are reduced, thus improving the talent value and liquidity.

Combined with the MIN private network and the core technology of large consortium blockchain, super large digital human resource vertical industrial hierarchical consortium blockchain named Smart Eye Chain with high security can be established. The structure of the Smart Eye Chain is shown in Fig. 5.26.

In the future, the throughput of Smart Eye Chain can achieve 1 million TPS. As one of the human resources digital infrastructure in the Industry 4.0 era, it will develop into a shared, transparent, controllable, universal, and secure professional digital environment and collaboration center.

5.3 MIN Adopted in the Industrial Internet

Internet of Things (IoT) [2] describes the Internet of Everything (IoE), which is a network expanded from the Internet. The IoT can combine various information sensing devices with the Internet to realize the interconnection of people, machines and things at any time and any place. There are two key technologies in the application of the IoT, sensor technology and embedded technology.

5.3.1 National Industrial Internet Identifier Resolution System with MIN

The existing National Industrial Internet Identifier System is as shown in Fig. 5.27. The MIN has been adapted as the Architecture of a National Industrial Internet identifier resolution system of China named MIN-II [19], which is designed into four levels: national top-level nodes, international root nodes connected to national top-level nodes, secondary nodes, and recursive service nodes.

By the end of 2018, five national top-level nodes of identifier resolution in Beijing, Shanghai, Guangzhou, Wuhan, and Chongqing were put into operation, fully supporting various identifier resolution systems. As of November 15, 2020, the number of registered identifiers has been more than 915 million, with 785 pertinent enterprises.

Based on the national top-level nodes, the system functions and capabilities are continuously improved according to the established plan, and the network infrastructure of the identifier resolution system are gradually built for open integration, unified management, interconnection, security, and reliability. On the other hand, secondary nodes are auxiliary, and a number of secondary nodes have been playing their roles in researching new approaches [3]. The secondary Internet nodes are built to promote the integrated innovation application of Industrial Internet identifier resolution. Lastly, identifier resolution systems are built for Industrial applications. Identifier resolution industry ecology can be gradually built from encourage the application demonstration in many industries such as aviation and machinery vehicles.

The system security of the Internet of Things is very important [4, 5]. Not all nodes have to run at a global level, such as the TCP/IP layer. For example, many terminal sensors and actuators cannot run the TCP/IP protocol stack. Computing power of Industrial Internet devices is always low, which only provides some simple application services. The security of them rely entirely on built-in encryption mechanisms because it is difficult to install defense software. If the user keeps the default password, the hacker can easily break into the Internet of Things. After hacking into the Internet of Things, hackers will turn to attack other systems on the Internet of Things, even gain access to users’ data, which is known as the Stepping Attack.

Some groups of hackers can post fake or malicious apps on Google Play to steal users’ data escaping from being aware of users. Besides, they can launch blockage-style attacks through botnets comprised of the Internet of Things devices, such as printers, cameras, baby monitors, home routers and so on.

On October 21st, 2016, many denial-of-service attacks occurred at the major DNS providers, and the target of all attacks was the servers of Dyn who is the domain name system provider. Network security officials believed that it was a botnet comprised of many Internet of Things devices, which infected the Mirai malicious software. BBS, a British media, was also hit by a record 602 Gbps traffic attack.

5.3.2 National Industrial Internet with MIN

In order to solve these problems, the Internet of Things are combined with the sovereignty network.

Firstly, the sovereignty network is a secure autonomous network.

Secondly, the sovereignty network makes the Internet of Things devices use their identifiers within a domain. Only when these devices need to communicate with devices outside the domain, the identifier translation will be carried out. In this way, the devices are connected to the Internet in a limited way to compensate for the lack of access capability.

Thirdly, in the IoT system of the sovereignty network, nodes can use interest packets to manage devices with some tasks, such as turning on a household appliance. Data can be used to confirm the execution of task and report the results of operation, such as success or failure. The pull mode is used to manage detection devices, while the push mode is used for IoT application devices to transmit data.

Fourthly, there are many caches in the transmission paths of the sovereignty network. Although the resources of IoT devices are limited, the introduction of caches enhances energy efficiency, transmission rate and timeliness.

MIN architecture can be used in the existing Internet of Things and Industrial Internet. In the Industrial Internet, the identifier resolution system is not only an important part of the network architecture, but also a neural hub supporting interconnection and interworking of the Industrial Internet [6]. By giving the unique identity identifier to each product, component, machine or digital intellectual property rights copyright, network resources can be flexibly distinguished and effectively managed.

1.
Identifiers System

The root service system, based on the MIN architecture, provides many functions, such as generation, management and resolution of identity, content, service, IP address, and geographic identifiers. At the same time, it is compatible with the existing TCP/IP protocol cluster, provides the traditional Internet DNS domain name resolution service, and provides the mutual translation function between multiple identifiers. MIN-II speeds up the process of “Internet of everything”, ensure data traceability and privacy protection in the network, and correct the disordered and difficult supervision problems of the existing IP Internet.

In the digital space of MIN-II, digital objects should have corresponding identifiers, resolve and use identifiers dynamically on demand. In the future, the separation of digital object and position will be realized, and IP semantic overload can decouple, to realize the separation mechanism of digital object and position. However, the existing mainstream identifier systems, such as the Handle system based on the reform route, and the Ecode and OID identifier system based on the DNS technology improvement route, have not yet got rid of the IP system. The multi-identifier tunnel mechanism is used in multi-identifier root service system to complete various tunnel transmission and exchange of visits scenarios, such as IP-Content-IP, IP-Identity-IP, Content-Identity-Content and so on.

The MIN-II supporting Industrial Internet focuses on the redefinition of the existing network layer to support Industrial Internet identifiers, based on other identifiers that have already been supported, including identity, content, service, IP address, and geographic identifiers.

At the network layer of MIN, multiple identifier packets, system management packets, control packets should co-exist and be supported for routing. The specific implementation method is distinguishing different types of identifier packets by the TLV message header. At the network layer of MIN, the identifier information is encapsulated into transmissible TLV messages by MIRs and forwarded to the next MIR according to the Forwarding Information Base (FIB). Then, the scheme of the multi-identifier message format based on TLV structure is designed as follows. The tag of the interest packet is used to represent the identity information, which realizes the multi-identifier network space. Specifically, the type of the tag in the TLV structure is used to distinguish the different kinds of identifiers. Industrial Internet identifiers are used to uniformly manage and assign different types of identifiers to their subordinates, which are also nested under Industrial Internet identifiers in TLV format. According to the requirements of the ASNI standard, the value range of Tag is 1 to 2 bytes. In order to meet the needs of various Industrial Internet identifiers at home and abroad, as well as customized identifiers for different industries and enterprises, the multi-identifier root service system adopts 2-byte scheme (Fig. 5.28).

Various packets in the network layer of MIN are distinguished by the tag of the top-level TLV. A network layer is added to the system carrying packets of multi-identifier space. According to the design requirements, the added packets used to represent identity classes in multi-identifier network space includes the following categories:

(1)
MIN Interest Packet
(2)
MIN Data Packet
(3)
Identity Identifier
(4)
Service Identifier
(5)
Geographic Identifier
(6)
Industrial Internet Identifier
(7)
Management Packet
(8)
Control Packet

In the production environment of the Industrial Internet, data transmission runs independently of the IP network environment. In this case, the data is transmitted with the network transmission mode similar to that in the Named Data Network (NDN) [7]. A receiver asks for content by issuing an Interest packet, then the corresponding Data packet is returned in response to that Interest. The different types of identifiers rely on the TLV of tag to finish the corresponding process, or relies directly on the encapsulation mode of the Industrial Internet for data packaging and transmission.

For Industrial Internet identifiers, tag values in the TLV structure are divided into four kinds according to certain rules, as shown in Table 5.1.

Table 5.1 The range and description of tag value in the TLV structure

Full size table

For domestic and foreign identifier systems, the system uniformly allocates identifiers. If different industries and enterprises need to define their identifiers autonomously, they need to apply to MIS, which is the management plane of MIN. When a user registers its identity identifier in MIS for the first time, the user needs to provide basic information and a public key to MIS. Once the MIS passes its registration request, it issues a certificate to the user and saves it on the blockchain. After that, all the interaction information between the user and MIS requires that the user signs with its private key. MIS validates the information before further operations. When a user applies for the customized identifier, MIS first verifies the certificate, then MIS allocates the tag value in the system to ensure the uniqueness of the tag value, and according to the corresponding specifications, ensure that the customized identifier conforms to the requirements of MIN.

2.
Identifiers Registration and Request

The network supports routing with multiple types of identifiers, including identity identifier, content identifier, spatial location identifier, and IP address identifier etc. The content identifiers of all resources in the network are bound to an identity identifier of the publisher. After a user logs into the network, the spatial location identifier and the accessed network resources will be recorded at blockchain supervision node of network for security supervision and data protection (Figs. 5.29 and 5.30).

The procedure of identifier registration includes following steps:

(1)
Step 1: Registering a resource: Network node receives the resource content registered by the user. At the same time, it adds the identity identifier of the content publisher and the spatial location identifier according to where the content is stored;
(2)
Step 2: Network node authentication: After receiving the identifier registration request from the user, the node will review the content and the user information, as well as the resource identifier, then registers the generated identifier to the upper-level domain and add the local identifier prefix;
(3)
Step 3: Identifier registration request transmission: After receiving the identifier registration request, the upper-level network node sends its identifier to the controller of the located domain for subsequent authentication and registration operations based on predefined data transmission protocol;
(4)
Step 4: Identifier verification: Once receiving the identifier registration request from the subordinate network domain, a node on the top-level domain will verify the request and return the corresponding confirmation message to the original application node. The distributed storage scheme ensures that all registered identifiers cannot be tampered with. The original identifier will be stored on the distributed database of top-level domain. After a predefined time, corresponding database synchronization will be carried out within the entire network to guarantee that the resource identifier information between the respective top-level domains is equivalent and unified.

The procedure of network resource requesting includes steps:

(1)
Step 1: Inquiry request: A query request is transmitted to the nearest network node;
(2)
Step 2: Local identifier data query: When the nearest MIN node receives the request, it will discern the identifier type firstly. If it is an IP address, it will go on with the traditional DNS query process. If it is an identity or content identifier, it will be queried on the forwarding table. If the identifier content recorded in the forwarding table already exists in the local database, the corresponding identifier content will be returned; otherwise, step 3 will be executed;
(3)
Step 3: Requesting query transmission: When there is no corresponding identifier stored in the local database, the query request will be uploaded to node on the upper-level network. After receiving the query request, the upper-level node will query the identifier following step 1 to step 2. If the corresponding identifier content is found, it will be returned to the low-level node; otherwise, the query request is subsequently transmitted to the upper-level node recursively until the top-level domain network node;
(4)
Step 4: Identifier query, verification, and interworking: After the relevant registered identifier is found, the relevant shortest path is automatically obtained according to the dynamic topology of the existing network. Then the related MIN nodes on the forwarding path receive a new forwarding path table and establish a data transmission path through multi-hop routing. If even the nodes in the top-level domain do not find the corresponding identifier, other network identifier information corresponding to that identifier is queried in the database proceeding as step 5;
(5)
Step 5: The identifier request distribution: A Node at the top-level domain will distribute the querying request to the specified network domain according to the original identifier and the first prefix from the converted identifier, until locally queried by the lowest-level node. If the corresponding identifier is found successfully, it is delivered to the query requester; otherwise, the query error information is returned.

5.3.3 Inter-translation of Multiple Network Identifiers

When a piece of content is registered and published on a multi-identifier network, the identity identifier is bound with multiple identifiers, such as identity, content, location information, and IP address. Therefore, there is a need for multiple identifiers to be commonly addressed. In addition, the identifiers in the Industrial Internet should be application-oriented and record the product information. On the other hand, it should support addressing and routing. Due to the diversity of the applications, it is difficult to establish a global hierarchical naming scheme that is suitable for all applications.

Therefore, in the multi-identifier-based Industrial Internet service platform, it is inevitable that multiple network identifiers and multiple identifiers resolution standard system coexist. A globally unique namespace needs to be established, as well as a unique namespace for each application. The multi-identifier translation table is utilized to establish an inter translation table (IFB) and interoperability mechanism with existing common identifiers.

1.
The Translation Process Between Name and Identity

In order to maintain a secure network environment, we bind the name of a content to the identity of its original publisher, and use a valid extension to identify network resources in the following mode:

$$/UniqueID_{A} /SubID_{A} /Name/Sig\left( {Name,PrK_{A} } \right)$$

UniqueIDA is the globally unique identifier of the publisher A, and no collision occurs. It will generate the public-private key pair of the user; SubIDA is the secondary identifier when the content is published, because the same user in the network may have multiple identities. Name is the hierarchical content name; Sig (Name, PrKA) is the signature of the content name signed by A. Before the content is received by the user or cached at the intermediate routing node, its signature must be verified to ensure its legitimacy based on the security mechanism described above. As a result, any resource in the network can be traced back to its original publisher, which guarantees the regulatory nature of the publishing behavior and the security of network transmission. Under this representation, an identifier is regarded as a particular form of extension names, that is, those with empty content names. Therefore, we use the prefix tree data structure to support storage and query operations on names and identities.

Under this representation method, identity is regarded as a special form of extension name; that is, when the content name is empty, so we use the prefix tree as a data structure to support the storage and query operations of names and identities as shown in Fig. 5.31.

2.
The Translation Between Location, Name, and Identity

As mentioned above, each user corresponds to a unique real or virtual spatial location identifier. For a name in the network, in order to reduce the routing delay, we set its location identifier to the nearest node location holding the corresponding content of the name, which is calculated and distributed by the upper control node. The transformation sequence is shown as Fig. 5.32.

(1)
Step 1: A resource request is issued with a particular identifier.
(2)
Step 2: Multi-identifier system performs queries based on the type of the identifier: (1) If the request is issued with traditional domain names, then DNS is queried directly. (2) If it is an IP address, and exists as entry of the identifier inter translation forwarding table (IFB), mutual translation is performed; otherwise, the agent accesses traditional IP networks; (3) If it is other type of identifiers such as an NDN identifier, or an identity identifier, the content identifier is first queried in the CS, PIT and inter translation forwarding table. If it exists, an inter translation is performed; otherwise, go to step 3.
(3)
Step 3: If the identifier does not exist in the current domain, the multi-identifier system will recursively query up to the top domain.
(4)
Step 4: If there is no such identifier information in the top-level domain, the query will be performed according to the specific lower-level domain of the identifier information, until the bottom-level domain specified by the identifier, and the corresponding result will be returned once it exists. Otherwise, a query error message is returned.

Besides, we use the trusted access and transmission, trusted storage and management of Industrial Internet identifier technologies, and data analysis and mining technologies of identifier routing. The root service system of basic industrial Internet is established to support multiple identifiers registration, analysis and management services of network recursive nodes and blockchain nodes. It is compatible with the existing TCP/IP protocol system and supports the non-aware transition of current IP network to future MIN network.

After the multi-identifier root service system is completed in the future, it connects with national nodes. The identifier registration and resolution services will cover the whole state, and support transnational services. Along with national top-level nodes, it provides access and resolution services for national second-level nodes, recursive nodes, top-level domain name resolution nodes, and blockchain infrastructure nodes. The development of the system requires the formation of the identifier registration, resolution, data management, identity information storage, application demonstration systems and scalable solutions. The identifier root service system provides all kinds of identifier resolution services, and overcome the weak foundation and coordination difficulties in China’s industrial design, manufacturing and application fields, provides the information sharing and application across enterprises, regions and industries, cover all process and industry chains. It will effectively support government regulation, build a new pattern of symbiosis and win-win industrial chains, and open up new prospects for independent, controllable and sustainable development.

5.3.4 Identifier Resolution in Automotive Industrial Internet

The Industrial Internet identifier of automotive industry is a key basic resource for identifying and managing complete vehicles, parts and equipment. It is similar to the domain name in the Internet, which gives the target object an “ID” that recognizes and manages the resources by switching identifier between physical world and virtual cyber world freely. The resolution of identifier in automobile Industrial Internet is to query the server address storing product information via product’s unique “ID” (identification code), or query the information and related services of product. Therefore, the resolution of the identifier in automobile Industrial Internet is an important basis for realizing the revolution of connecting services and the automobile Industrial Internet.

The MIN-II is not only an important part of the architecture of automobile Industrial Internet, but also a neural hub that supports the interconnection of the Industrial Internet [20]. In the process of exploring the construction of secondary node for MIN-II, the construction of identifier resolution system with MIN is divided into eight steps:

(1)
identification of identifier object;
(2)
formulation of identifier code;
(3)
selection of identifier terminal;
(4)
maintenance of identifier data;
(5)
assurance of identifier security;
(6)
secondary node construction of identifier resolution;
(7)
compilation of the standard identifier resolution system;
(8)
development of identifier-based application software.

1.
Identifier Object and Encoding

The automobile Industrial Internet identifier cover all aspects of the automobile industry value chain. In combination with the current status of China’s automobile industry management and related standards, vehicles, parts, organizations, equipment are mainly used to construct an identifier resolution system.

(1)
Vehicle Identifier

Vehicle identifier is mainly related to vehicle R&D (Research and Development), production, sales and maintenance, including: vehicle model identifier, vehicle announcement identifier, vehicle identification number (VIN) identifier, vehicle configuration list identifier, vehicle production order identifier, sales order identifier, vehicle maintenance order identifier and so on.

(2)
Parts Identifier

The identifier of parts is used to vehicles production and vehicles maintenance, including: parts classification identifier, single or batch parts identifier, parts purchase order identifier, parts production order identifier, parts logistics order identifier, parts storage order identifier and parts maintenance order identifier.

(3)
Equipment Category Identifier

The equipment category identifier is mainly applied to automobile during production, transportation and sales. It includes: equipment classification identifier, equipment identifier, equipment failure identifier, equipment function identifier and equipment location identifier.

(4)
Institution Identifiers

Institution identifiers refer to various types of objects in the ecological value chain of automotive industry. Generally speaking, institution identifiers include company vehicle manufacturing identifiers, company component manufacturing identifiers, sales enterprise identifiers and company aftermarket service identifiers. In enterprise, institution identifiers also denote factory identifiers and workshop identifiers and internal management department identifiers.

(5)
Quality Category Identifiers

Quality category identifiers express the standards and grades of products inspected by automobile industry, including: product inspection standard identifiers, quality grade identifiers, defect cause identifiers and defect level identifiers.

Code is a basic technical means for people to unify their views and exchange information. The purpose of encoding is to improve the efficiency of information processing. The establishment of identifier encoding is a technology for defining, assigning and managing the data structure of encoding format of Industrial Internet identifiers. At present, the mainstream encoding technology systems include GS1 encoding, EPC, Handle, OID, Ecode and so on [8].

The proposed encoding method of automotive Industrial Internet identifier consists of a prefix and a suffix. The prefix is assigned by the primary node and the secondary node while the suffix is mainly composed of an application identifier and a unique code. The application identifier is used to distinguish between different identifier objects in identifiers resolution of automotive Industrial Internet. For instance, a secondary node in constructing MIN-II, uses “V” to represent the vehicle and “91” to represent the automotive parts. For a vehicle, the encoding of identifier is like (Table 5.2).

Table 5.2 The encoding of identifier

Full size table

The identifiers terminal includes the carrying methods and the carrier. Existing carriers generally include bar codes, QR codes, RFID tags and sensors [9]. The carrying methods generally include nameplates, tags, labels, laser etching and mechanical stamping. Automotive industry prefers direct marking of identifiers at present. If the direct marking is not suitable, label and list is used for this case. External packing is used for making identifiers when direct marking and label and list is not appropriate. Thanks to the development of QR code, the automotive Industrial Internet identifiers terminals currently adopt engraving with QR code and bar code. Laser etching is generally used on key components to ensure long-term identifiable of identifiers. In addition, with the development of the Industrial Internet, RFID is valued for the automotive industry.

2.
Identifier Management

Identifier is the key parameter information expressed by an identifier. There are a large number of OEMs, component manufacturers, distributors and service providers on automobile Industrial Internet, all of them have their own identifier based on their data standards. On the one hand, the owner of each identifier needs to register key information with MIN-II based on the demands of looking up by other people and therefore the system needs to perform corresponding registration, review and update operations on the identifier. On the other hand, because of the diversity of identifier data environment, the identifier data needs to integrate heterogeneous Industrial Internet application system data. In order to strengthen the interoperability of Industrial Internet resources in automotive industry and facilitate the search and discovery of Industrial Internet resources between different Industrial Internet systems, it is necessary to maintain and map identifier data in various types.

The Industrial Internet identifier resolution system is an important network infrastructure of the automotive Industrial Internet. The identifier data is important information generated during the production and operation of an enterprise, which should be protected because it may involve the company’s trade secrets and is also the core asset of the enterprise. During the construction of MIN-II, it is necessary to display different information according to the user level and time, and support the secure channel function to prevent sensitive information from being intercepted at the same time.

The construction of MIN-II in the automotive industry is separated into three steps at the security level:

(1)
Software level security. The rationality of software architecture and the completeness of relevant protocols are all issues for overall consideration of identifiers security.
(2)
Data-level security, including security guarantees for the exchange and storage of massive data, optimized management of multi-source heterogeneous data aggregation and countermeasures against illegal data use.
(3)
Operational security. It would avoid misuse of registration and illegal registration, allocate reasonable identifier resources and improve the security of environment for identifier management.

The secondary node of identifier resolution for automotive Industrial Internet is the core system that implements registration, query and analysis of identifiers by various application subjects in automotive industry. MIN constructs a secondary node for the resolution of the automotive Industrial Internet. It is used to support the registration and analysis of physical resources such as vehicles, equipment and parts in automotive industry, as well as virtual resources such as algorithms and processes. As an industry public service platform, the secondary node in MIN-II is linked up to the national primary nodes, which queries the network location of the Industrial Internet identifiers resolution from secondary nodes and linked down to the local data or local resolution system of each company on the automotive industry value chain, which queries the enterprise data storage location from secondary node.

Due to the complexity and diversity of Industrial Internet environment [15], the construction of secondary nodes for identifier resolution will face a large number of different hosts, different places and heterogeneous systems. The simple analysis of storage location can no longer meet the increasingly sophisticated requirements of automobile industry for Industrial Internet data. Therefore, when constructing the secondary node for Industrial Internet identifiers resolution, it builds the identifiers resolution secondary node based on the industry master data system, a-piece-a-code system and a public data center, as shown in Fig. 5.33.

The industry master data system, as a data standard management system, will unify the classification and description of vehicles, parts and accessories in the automotive industry, or solve the problem of “same things with different names” between different enterprises through background data mapping. An a-piece-a-code system is used for the unique code management of single pieces or single batches in the industry, providing the entire network with unique codes for the entire vehicle and auto parts. The public data center serves as a shared data storage center that stores the identifier data registered to secondary node from enterprises node so that it supports association and mapping of identifiers. The identifiers resolution secondary node built on this basis analyzes the network storage location on the one hand and analyzes the associated information of the same identity object on the other hand. It provides data support for the development of new business forms and new ecology in automotive industry.

3.
Standard of MIN-II

At present, the mainstream identifier standard systems include Handle, OID (Object Identifier), Ecode (Entity Code for IoT), Epc, UCode and so on, which have been proposed by different organizations. These systems are used to uniquely mark and provide information query for item objects and digital objects at the first time and they have developed into a low-level information architecture now, similar to DNS in the Internet.

The identifiers resolution standard system of automobile Industrial Internet is prepared with full consideration of industry needs and draws on and absorbs the research results of other industries. It takes technology standards as the main line and identifiers and resolution as the core. At present, it is initially composed of three parts: basic standards, technical standards and platform standards structure, as shown in Fig. 5.34.

(1)
Primary Standard

The basic standard mainly defines the definition of terms for automobile production lines, electrical and safety equipment and defines coding principles, data structures and symbolic representation methods for vehicles, auto parts and accessories. The standard achieves data integration across enterprises and regions and provide standard coding rules for OEMs, component manufacturers and distributors.

(2)
Technical Standard

The technical standards mainly cover three parts. The first is to standardize the registration and resolution principles of identifiers in physical resources including complete vehicles, equipment, parts and components and in virtual resources including algorithms and processes. Secondly, it standardizes the technical requirements of the sources of automotive Industrial Internet identifier data, analytical methods and storage specification. Thirdly, it standardizes interface technical requirements including data transmission method and interface method to ensure the intelligence, feasibility, advancement and reliability of multi-platform interconnection after the platform is connected.

(3)
Platform Standard

The platform standard mainly specifies the technical for network data security monitoring and privacy protection of the Industrial Internet in automotive industry. It also standardizes operating guidelines for OEMs, component manufacturers, dealers and other participants in the construction of the identifier resolution in Industrial Internet.

4.
Exploration of Identifier Applications

The construction of MIN-II in automotive industry is an important basis for the application of automotive Industrial Internet. On the one hand, by standardizing the identifier resolution standards for automotive Industrial Internet, an identifier database for products, parts and accessories in the automotive industry is established and used as the entrance to the Internet identifier query of automobile industry. On the other hand, through the implementation of the Industrial Internet, IT new technologies and the implementation of key equipment, the entrance to the Industrial Internet resource management of the automobile industry is established, national automobile manufacturers and suppliers, companies, service providers, dealers, customers and other industry agencies are established in the service platform of industrial big data for automotive industry based on this (Fig. 5.35).

5.
Supply Chain Collaboration Based on Identifier

Collaborative management of the supply chain is not the management of a certain information system, but an interconnected ecosystem covering the entire value chain of planning, procurement, supply, logistics, warehousing, quality, transportation, sales and service. With the help of the identifier resolution platform for automotive Industrial Internet, the entire vehicle, parts, suppliers, equipment and tooling equipment are assigned network storage location codes, which combined with their own unique codes in their respective systems to ensure that each participating interconnected data has unique identifier information in the entire network with a good basic environment for supply chain collaboration.

In terms of implementation, taking customer needs as the starting point and basing on a unified identifier resolution service, management of the supply chain would not only link physical objects such as complete vehicles, production parts and spare parts in the supply chain, but also exam the weak points of supply chain management of the company. It also plans and gradually build a collaborative and efficient supply chain collaborative management system with formulate a collaborative supply chain management.

In the automotive industry and supply chain collaborative application scenario, the specific application process of using identifier resolution is shown in Fig. 5.36:

(1)
Step 1: Encoding identifier of collaborative resources;
(2)
Step 2: Register the above resources in MIN-II;
(3)
Step 3: In the product design phase, the R&D department designs products based on the same identifier;
(4)
Step 4: The procurement department’s design requirements for R&D are communicated to the supplier in time;
(5)
Step 5: The supplier obtains R&D requirements based on the unified identifiers and promptly feedbacks production requirements;
(6)
Step 6: The logistics company timely feedbacks the logistics status of the product based on the unified identifiers;
(7)
Step 7: Based on the unified identifiers, the quality department feedbacks the quality inspection information to the R&D department and suppliers;

Compared with traditional supply chain management, supply chain management based on identifier resolution has been improved in the following five areas:

(1)
Collaborative Design, Shorten Development Cycle

Through the identifier resolution technology, the R&D resources are fully shared in the Industrial Internet field and it becomes possible for suppliers and dealers to participate in the design and evaluation of vehicle products, form a synchronous and collaborative development situation and greatly shorten the development cycle.

(2)
Collaborative Procurement to Reduce the Risk of Material Shortage

Through the Industrial Internet identifier resolution technology, OEMs and suppliers can obtain real-time dynamic information of customer orders, inventory levels and purchase orders, which will reduce the risk of material shortage.

(3)
Logistics Collaboration to Reduce Logistics Costs

With Registration of logistics vehicle information and cargo information to MIN-II, the OEM and supplier can obtain the logistics information in time, as well as improve the vehicle efficiency by collecting the cargo flow and reduce the transportation cost.

(4)
Quality Collaboration to Improve Supplier Capabilities

During the use of the vehicle, service providers and customers can register the collected quality problems to MIN-II and suppliers can not only obtain quality feedback in a timely manner, but also optimize the design and improve the quality of supplier parts.

(5)
Finance of Supply Chain

By combining with the Internet of Vehicle, the identifier resolution technology can obtain the real-time location and maintenance information of the vehicle, provide financial guarantees for partners and expand the business of assistant partners.

6.
Quality Traceability Based on Identifier Resolution

With the help of identifier resolution standard for automotive Industrial Internet and its application platform, a quality traceability coding standard that complies with the automotive industry standards is established. It makes coding rules for raw materials, semi-finished products and finished products traceable. On the one hand, in order to improve the readability of the code and reduce the cost pressure of parts traceability on the automotive industry supply chain, automobile companies use the same traceability code rules to implement quality traceability management. The analyzing system collects quality data for the entire life cycle of core components from manufacturing, transportation, quality inspection, and storage, assembly to complete vehicles, terminal sales, maintenance services, replacement, retirement and recycling, so that the product quality of companies is optimized and improved.

From the perspective of implementation, the quality traceability of key components in automotive industry needs to accurately record the correspondence between vehicles and components during the assembly process of a vehicle. It has to accurately record the corresponding information, such as the vehicle dealer information, customers during the vehicle sales process, replacement records of parts and components in the after-sales service. By this way, when something wrong, the vehicle manufacturer can quickly determine which vehicles the problematic parts are installed on, which areas these vehicles are sent to and which end users are sold to. If these end users need to be replaced and repaired, where is the nearest service outlet should be considered.

In the application scenario of quality tracing of automotive key component, the specific application process of using identifier resolution is shown in the following Fig. 5.37:

(1)
Step 1: Suppliers encode the key components of the car with QR code, bar code and RFID, and register them in MIN-II.
(2)
Step 2: According to the coding identifier, the OEM records product information such as storage, quality inspection, warehousing and assembling and registers related information in MIN-II.
(3)
Step 3: The OEM marks the entire vehicle with an identifier, then records the correspondence between the vehicle and the components and finally registers the vehicle identifier to MIN-II.
(4)
Step 4: When a vehicle is sold to end customer, the dealer service personnel bind the customer’s information such as name, age, occupation, purpose, etc. with the vehicle information and registers the sales information to MIN-II.
(5)
Step 5: The service provider records the replacement information of the old and new parts by scanning the QR code of the parts during the maintenance link and obtains the production, logistics, quality inspection and other information of the parts.

7.
Intelligent Production Based on Identifier Resolution

In the entire vehicle manufacturing process, customer needs, product resources, production materials, logistics transportation and other information related to production are registered in the Industrial Internet ecology of automotive industry through the identifier resolution system, so that intelligent production can lay the foundation. Its process mainly includes the following steps (Fig. 5.38):

(1)
Step 1: Registration of customer identifier order. Customers complete product customization in the DMS (Dealer Management System) and get an order number, then the system automatically registers the order information to MIN-II.
(2)
Step 2: The product design department obtains the information about the specific model and configuration involved in the order according to the order identifier and registers the designed product BOM, parts and other identifiers to the identifier resolution system.
(3)
Step 3: Purchasing and production management departments formulate purchase requisitions and production orders according to purchase requisitions and production plans and register the purchase order and production plan information to MIN-II.
(4)
Step 4: The supplier obtains the material specific information and demand date required by the purchase order through MIN-II and starts the production order.
(5)
Step 5: The logistics company obtains information such as the specific delivery date and quantity of parts according to the production order identifier and purchase order identifier and transports the materials to the warehouse where the production is located.
(6)
Step 6: According to the order identifier, material identifier and equipment identifier, the production department obtains the resource information required by customers and production and translates it into job instructions to guide the equipment to execute accurately. At the same time, the equipment feedbacks the processing results in time and the execution result is registered to MIN-II.
(7)
Step 7: Through the identity resolution system, customers can get the specific production process of their customized products in time.

8.
Service Innovation Based on Identifier Resolution

By creating an intelligent and differentiated customer service system, an intelligent service system based on the MIN-II is established. It not only promotes information interconnection between the product terminal and the client, but also upgrades the traditional after-sales service to active services, remote online services and intelligent services transformation.

In the traditional vehicle after-sales service, the vehicle’s operating status data cannot be grasped immediately. When the vehicle has some problems, such as limp home or even broke down to wait for rescue, the service engineer is difficult to get the fault information at the first time and always only diagnose and maintain on the spot. This situation makes the vehicle service passive. Based on the Industrial Internet big data platform, the vehicle production data, product data and customer data are registered to MIN-II, which grasps the running status of the vehicle at any time, predicts the possible faults of the vehicle, as well as timely detect the damaged parts of the vehicle for customers. Fault reminder, maintenance reminder and driving behavior guidance are provided based on the above technology, as shown in Fig. 5.39.

Fault Reminder: Through the MIN-II, vehicle production and assembly data, customer sales data and real-time data during product operation are connected to establish a big data analyzing model, so that the performance indicators and damage levels of key vehicle components are monitored effectively. Besides, SMS, APP and cars are used to push message reminders automatically and to communicate with customers on the phone in time according to the fault level. We should ask him if there is a problem with the vehicle on the phone. If the customer raises a problem, related staff is immediately sent to solve the problem, in order to avoid the expansion of the fault which makes the vehicle operation more economic and safety.

Maintenance Reminder: Through the combination with the Internet of Vehicles, the vehicle mileage and vehicle operating condition information are registered in the MIN-II. When the maintenance time or mileage is approaching, the maintenance invitation will be sent through APP and SMS in order to avoid affecting the service life of the vehicle due to improper maintenance. This will not only enable customers to save maintenance costs, improve driver safety, but also bring profit to service stations. And it will reduce the failure rate and increase the company’s brand reputation at the same time.

Driving Behavior Guidance: In the operation of the vehicle, by monitoring the vehicle’s gear, speed, fuel consumption and other operating data, we analyze the customer’s driving behavior through the analysis and modeling of big data back end, in order to provide driving behavior guidance to customers. Good driving habits to a certain extent will prolong the service life of the vehicle and reduce the failure rate of the vehicle.

5.4 Multinational Interconnected Public Network with Co-governing and Sovereignty Autonomy

Cyberspace has become a state’s fifth frontier, besides the four frontiers of land, sea, air and space. Moreover, the security of cyberspace affects and determines the security of other territories.

Each state should develop its sovereignty network, in which identifiers are defined independently to ensure that cyberspace is fully autonomous, manageable and controllable. The development of a global sovereignty network can start with the participation of a few states to form a multinational interconnected public network with co-governing and sovereignty autonomy. In this section, we will introduce the architecture, communication, and examples of the multinational interconnected public network.

5.4.1 Network Topology

The multinational interconnected public network connects multiple sovereignty subnetworks of states to develop a co-governing cyberspace. The topology of the multinational interconnected public network is shown in Fig. 5.40.

As shown in Fig. 5.40, sovereignty networks between neighboring states are connected directly via optical fibers, rather than via IP Internet. The information between remote sovereignty networks is transmitted through the Internet or other sovereignty networks. The identifiers of sovereignty network in various state are defined independently. For the content that is accessible to other sovereignty networks, its identity identifier needs to be publicized through a dynamic routing protocol, so that all the EMIRs in the sovereignty network of multinational interconnected public network know the forwarding path to access the content. When other sovereignty network users want to access the content, they first need to apply for a digital certificate to the target sovereignty network, then transmit the request to the EMIR of their sovereignty network. Finally, the identifiers are mutual translated at EMIR and are forwarded. For the content that the states prohibit other sovereignty network users to access, the EMIR in the sovereignty network directly reject the accessing requests. Besides, the scope of legitimate behaviors of users within the sovereignty network are also limited through the certificates, so as to ensure the manageability and controllability of the sovereignty network. The content providers can also mirror some or all of their content on the Internet for the convenience of sovereignty networks users in other states.

5.4.2 Network Communications

The communication of the multinational interconnected public network, mainly includes three types: (1) a user of the sovereignty network obtains the content on the Internet, (2) a user of the sovereignty network obtains the content on the other sovereignty network, (3) the point-to-point transmission such as E-mail.

1.
A User of the Sovereignty Network Obtains the Content on the Internet

Users of the sovereignty network freely access the content on the Internet within their permission. Content on the Internet including two kinds, the content on the existing IP network and the content provided by other users of the sovereignty network. Sovereignty content providers publish content resources on the Internet, and other users access the content directly instead of obtaining them from another sovereignty network. This approach reduces processes of the certificate application and the certificate verification. For example, Baidu, a Chinese search engine, places part of the open content on the IP Internet in a mirroring manner. These open content does not require a high level of management and is freely accessible to other sovereignty network users within their permissions. The user permission verification is carried out by EMIRs of sovereignty network. The user permission management is referred to Table 3.1. Figure 5.41 shows the processes indicating that a user of the sovereignty network obtains content, including the process of obtaining content from the sovereignty network and the process of obtaining content from IP Internet.

(1)
Users of the Chinese sovereignty network requests content without location of the content.
(2)
The content request is sent to the ID-ICN router. If the content request hits the cache of the ID-ICN router, the corresponding content will be returned to the user. Otherwise, the content will be searched on the sovereignty network or on IP Internet.
(3)
If the content is on the sovereignty network, the request will be routed to the content source, then the source will return the content.
(4)
If the content is on IP Internet, the ID-ICN router sends the content request to EMIR of sovereignty network.
(5)
The sovereignty network EMIR will audit the user permission. If the request conforms to the scope of the permission, the content will be obtained following the traditional IP network data transmission mode.
(6)
The EMIR of sovereignty network audits the returned data content with the artificial intelligence technologies to filter out harmful data, then returns the data directly to the content requester along the opposite direction of request path.

2.
Users of the Sovereignty Network Obtain the Content on the Other Sovereignty Network

If a user of a sovereignty network plan to obtain the content on the other sovereignty network, the user needs to apply for a certificate from the sovereignty network where the content is located. The process of applying for a certificate is shown in Fig. 5.42.

(1)
A user host requests a certificate from an EMIR of its sovereignty network.
(2)
The EMIR of the domestic sovereignty network sends the certificate request to the destination country through the Overlay IP network.
(3)
The EMIR of the destination country audits the incoming request.
(4)
The approved certificate request is sent to blockchain nodes for voting.
(5)
For the request achieving consensus, the certificate is returned to the requester along the opposite direction of the request path.

The user who has obtained a certificate is demanded to put the certificate message into the signature of the interest packet when the user accesses the content on the corresponding sovereignty network. Then the EMIR of destination country will verify the certificate message. If passing the verification, the user can successfully obtain the content, as shown in Fig. 5.43.

(1)
The content requester sends interest packets that carry the certificate message.
(2)
The EMIR of the domestic sovereignty network sends the certificate request to the destination country through the Overlay IP network.
(3)
The EMIR of the destination country verifies the certificate.
(4)
For the request achieving consensus, the EMIR of the sovereignty network sends interest packets to the content source.
(5)
The content source returns the content to the content requester.

3.
Point-to-Point Transmission Such as E-Mail

For individual users, the majority of web application are occupied by scenarios peer-to-peer network communications, such as instant messaging, online shopping, E-mail and so on. By now, the sovereignty network system has realized the transmission of E-mail, and its transmission process is shown in Fig. 5.44.

(1)
The content sender sends the data to the EMIR of a sovereignty network following the data transmission mode in the sovereignty network.
(2)
The EMIR transmits the data content to the server in IP network through TCP/IP.
(3)
This server transmits the content to the EMIR in the target country through TCP/IP.
(4)
The EMIR in the target country verifies the content, then sends the approved content to the receiver through the data transmission mode in the sovereignty network.

4.
Security of the Multinational Interconnected Public Network

The security mechanisms of the multinational interconnected public network are shown in Fig. 5.45. The specific process has been introduced in Sect. 4.8.

5.4.3 An Example of the Multinational Interconnected Public Network

The testbed of the system covers Beijing, Guangzhou, Shenzhen and Hong Kong, Macao, so that the Guangdong-Hong Kong-Macao Greater Bay Area is covered totally. Hong Kong is on behalf of an English-speaking region, while Macao is on behalf of a Portuguese-speaking region. The topological structure of the Guangdong-Hong Kong-Macao Greater Bay Area is shown in Fig. 5.46.

5.4.4 The United Nations of Cyberspace

Based on building multinational interconnected public network, the sovereignty network will attract more countries to participate and attract the transition of traffic from the IP network to the MIN due to its advantages, such as multilateral co-management, security and credibility, flexible autonomy, forward compatibility, backward extensibility and so on. With the development of the multinational interconnected public network, the United Nations of cyberspace will be eventually built.

During developing the United Nations of Cyberspace, we accelerates the building of global Internet infrastructure for greater connectivity, build an online platform for cultural exchanges and mutual learning, promote innovative development of the digital economy for common prosperity, maintain cybersecurity to promote orderly development, build a system of global governance in cyberspace to promote equity and justice, as well as provide the most effective and powerful guarantee for technology and product.

5.5 Current Work Basis and Future Expansion: Space-Terrestrial Multi-identifier Network

With the unceasing technical progress and the developing demand for user services, the ground communication system has developed rapidly in recent years. However, the quality of its services is limited by surface morphology and natural disasters. Satellite communication, which is not limited by time, place or environment, has gradually attracted people’s attention. A Space-terrestrial Multi-identifier Network (ST-MIN) [10] with three heterogeneous layers including satellite network, space-based network and land-based network has been formed to provide communication services with high capacity and seamless coverage. To improve the performance of the sovereignty network, ultimate goal of sovereignty network is to build an ST-MIN.

Based on the Multi-Identifier Network (MIN) architecture and the space-terrestrial routing strategy proposed in Sect. 4.8, we further come up with many technologies, such as ST-MIN mobility management scheme, 5G business and 6G-based space-terrestrial networking [11]. Furthermore, we have proposed ST-MIN, as well as the corresponding architecture and protocols. We are developing key technologies of ST-MIN and verify its functions through network simulation. In the future, prototype verification of ST-MIN will be conducted in real satellite network scenarios and application demonstration systems are developed for certain industries.

5.5.1 Current Work Basis

Since January 2019, Sovereign Network has been verified, tested and applied in different scenarios in cooperation with several units.

Starting from January 2019, Peking University, China Telecom, China Unicom, Jinshan Cloud and other units began to deploy and verify the prototype of the MIN network on the operator network, which is shown in Fig. 5.47.

From January 2019 to March 2019, we have employed nodes based on the consensus of the alliance chain in Beijing, Guangzhou, Shenzhen, Hong Kong, Macao and other places to carry out the data transmission of MIN. The results showed that the project was feasible, which is a world first work as far as we know.

On March 22nd 2019, the shenzhen graduate school of Peking University and GuangDong Communications & Networks Institute jointly launched a strategic planning, the joint institute of China unicom, China telecom and innovation research institute, south China university of technology, guangdong university of technology, dongguan institute of technology, the Chinese university of Hong Kong, the Chinese university of Hong Kong, macau university of science and technology (shenzhen), Hong Kong and Macao to launch a big bay multilateral joint laboratory work network technology, world debut this prototype for verification.

On March 22 2019, the Guangdong Greater Bay Area Co-Governed Network Technology Laboratory jointly sponsored by Peking University and Guangdong Communications & Networks Institute was established and the MIN prototype was first verified worldwide (Fig. 5.48). Its co-sponsors include China Unicom, China Telecom, South China University of Technology, Guangdong University of Technology, Dongguan University of Technology, Chinese University of Hong Kong, Macau University of Science and Technology, and the Chinese University of Hong Kong (Shenzhen).

From April to July 2019, the prototype of sovereignty radio and television network based on MIN passed the test and acceptance of metrology and test center of radio and TV, academy of broadcasting planning. Then the prototype of sovereignty radio and television network based on MIN was applied for capital investment by the National radio and Television Administration (Fig. 5.49).

At the March 2020, in combination with the current situation of the epidemic COVID-19, in order to achieve high security work at home, a high security private network MIN-VPN based on MIN was developed. MIN-VPN is used for uploading videos, images and program contents to the backstage of broadcasting control and editors of CUTV, a city united television station under Shenzhen Radio and Television Group (Fig. 5.50).

5.5.2 Routing Strategy and Mobility Management Scheme in ST-MIN

For different characteristics of the satellite network and the ground-based network, we propose a hyperbolic routing algorithm and a delay-based distributed adaptive routing algorithm in the satellite network. The multiple identifiers are addressed based on the MIN and MIS, and the path selection and forward of different identifier packets are achieved through MIR. The routing strategy and mobility management scheme of ST-MIN is shown in Fig. 5.51.

The routing algorithm based on hyperbolic distance adopts a simple greedy strategy with little routing information. The current node only needs to calculate the hyperbolic distance between each neighbor node and destination node, and selects the shortest path for forwarding. Greedy embedding of a complex network in Euclidean space requires high dimensions leading to the relatively complex network embedding and distance calculation. In a hyperbolic embedding network, a hyperbolic plane can embed any network topology of various size and node degree without dimensionality reduction and high-dimensional computation. Based on hyperbolic coordinates, the greedy routing reaches a high routing success rate. Theoretically, good hyperbolic embedding in the network makes the routing success rate reach 100%. For the scale-free network, the greedy routing algorithm based on hyperbolic coordinates approaches the optimal routing path.

The network identifier space is designed with hierarchical structure, which is determined according to the actual demand and topology stability. The bottom of the network identity space consists of individual users, who belong to different network autonomous domains. Hyperbolic coordinates are regarded as hyperbolic identifiers of AS nodes to route between different domains. The hyperbolic coordinate of each domain node remains unchanged for a long time, because the topology of the network between nodes in each hierarchical domain is relatively stable. In the lowest domain, due to frequent topology changes, we adopt the intra-domain routing protocol, such as OSPF, etc., to calculate the overhead of different paths according to link states, then the router selects the path with the lowest overhead as the forwarding path.

The delay based distributed adaptive routing algorithm is suitable for satellite networks with intersatellite links. The algorithm calculates the propagation delay and queuing delay of each candidate next hop to obtain the probability of each next hop being chosen, then forward the packet to the next hop with the highest probability. In addition, when the load of the satellite network is low with a good network condition, the data transmission between satellite network devices should be carried out through the satellite network first. When the load of the satellite network is too high or the link fails, packets will be sent to the station in the ground-based network. Hence, it is an adaptive routing algorithm which reduces the delay of packet transmission and the possibility of network congestion and gives the control method when congestion occurs.

The routing process in the ST-MIN is as follows: (1) The routing process between devices in the satellite network is carried out through the satellite network first. In case of network congestion or link failure, the ground-based network is used as a backup. (2) In order to select the optimal gateway station for data transmission, the routing between satellite network equipment and ground based network equipment should comprehensively consider the geographical location of satellite network equipment, and the hyperbolic distance between the gateway station and the target ground-based equipment. (3) The method of minimizing the hyperbolic distance between neighbor nodes and destination nodes is adopted to routing between ground-based network equipment.

The mobility management scheme in ST-MIN, saves the geographic location information and hyperbolic coordinate information of nodes in rendezvous nodes (RV nodes), which are distributed across various domains. The distributed rendezvous system (DRS), which is formed from these nodes, enables the network to identify and locate terminals by running the data synchronization protocol. By this way, ST-MIN supports users to use terminals during the mobile process.

5.5.3 5G Business

The 5th generation mobile networks (5G) are the latest generation of cellular mobile communication technology, which is extended from 4G (LTE-A, WiMax), 3G (UMTS, LTE) and 2G (GSM) systems [12,13,14]. 5G aims at provide the service with high data rates, low latency, energy savings, low costs, large system capacity and large-scale device connectivity. The first phase of the 5G standard in Release-15, required the completion of early commercial deployment. The second phase in Release-16 has been completed in April 2020, and submitted to the International Telecommunication Union (ITU) as a candidate for the IMT-2020 technology. The ITU IMT-2020 standard stipulate multiple requires, such as a speed of 20 Gbit/s, wide channel bandwidth and large capacity MIMO.

5G network is a digital cellular network, where the service area covered by the operator is divided into many smaller geographic areas called cells. Analog signals representing sound and images are digitized in the phone, then are converted by an analog-to-digital converter and transmitted as a bitstream. All 5G wireless devices in the cell, communicate with local antenna arrays and low-power automatic transceivers (transmitters and receivers) in the cell via radio waves. The transceiver allocates channels from a common frequency pool. These channels can be reused in geographically separated cells. The local antenna is connected to the telephone network and the Internet through a high-bandwidth fiber optic or wireless backhaul connection. When users move from one cell to another, the mobile devices will automatically switch to the antenna in the new cell.

The sovereignty network is developed based on the identity centric network (ICN), it combines with the in-network caching, and inherently supports multiple paths, so that it can support the 5G communication well. The in-network caching ensures good mobility. When users move to another coverage area of the base station, it is only needed that their device send another interest packet. Because the requested content has cached in a certain node on the path of the last request, the data is returned directly through finding the nearest cached node on the path. The identity centric network inherently supports multiple paths, which means that ICN allows mobile devices to connect to multiple base stations at the same time without affecting the data transmission beyond the current base station coverage. Within the sovereignty network, the base station of 5G acts as a node in the identity central network, which is carried out directly following the data transmission mode in the identity central network. If the base station of 5G is located outside the sovereignty network, named an IP node, it will be an important issue to supervise the data accessing the sovereignty network through the 5G base station, that is, how to manage mobile users leaving the sovereignty network. We design the data transmission process shown in Fig. 5.52 to solve this problem.

(1)
A wireless terminal device with an identity identifier, communicates with the base station via Overlay IP.
(2)
The base station sends the data to an outbound node of the target sovereignty network following the traditional IP transmission mode.
(3)
The outbound node audits the user’s identity. If approved, it is allowed to access the data, otherwise denied.
(4)
Hence, the sovereignty network supports the 5G business and mobility well.

5.5.4 Switching Scheme Between Satellite and Gateway Station Based on 6G

With the development of ground network, whether the 6G technology can be used in the low-orbit satellite network has attracted lots of attention. The switching technology and network architecture are researched, so that ordinary users can seamlessly switch between the 6G satellite base station and the 6G ground base station.

The ST-MIN should guarantee the continuity of service when terminals move in different wireless cells. Assuming that the low-orbit satellite MIN is also equipped with a 6G base station and complies with the 6G standard, a seamless handover scheme between the terminals in satellite cells and ground cells is analyzed and designed.

The satellite beam and the ground station beam have different time delay and frequency offset for the 6G terminal on the ground. During switching, time and frequency needs to be synchronized between the terminal and the new cell. Figures 5.53 and 5.54 show the variation of channel delay and frequency offset when the beam of a satellite on 600 km orbit passes a terminal on the ground. Under such conditions, the randomly access technology used in the ground network cannot complete the time-frequency synchronization process. In order to complete the switch between the ground cell and the satellite cell, the randomly access technology of the 6G standard needs to be enhanced. Besides, it’s necessary to design the leader sequences, sub-carrier interval, sequence splicing mode, which enables access to the 6G cell covered by the satellite network. Firstly, the terminal judges whether the target switching cell is a cell covered by the satellite network. Then the enhancement scheme can be adopted in the switching process.

Due to the regularity of satellite movement, the network predicts the switching of terminals and adopt the noncompetitive randomly access process to reduce the switching time between cells. As an example, Fig. 5.55 shows a classic noncompetitive randomly access process. The original cell sends the leader sequence required for switching to the terminal, and the terminal sends the sequence directly to the target cell. Furthermore, according to the regular of moving of satellite, the time-frequency synchronization of fixed terminal can be predicted, so as to simplify the sequences required for users to access the target cell to shorten the time required for access. We estimate the time-frequency offset prediction ability in simulation and measurement in an actual environment to guarantee the fast switch.

Due to the complex topological structure of ST-MIN, cell switching also involves the switching between different core networks and different Public Land Mobile Networks (PLMNs). In the future work, it is necessary to analyze the signaling process under different circumstances at the same time, and further improve the switching process of 6G protocol standards.

5.5.5 Experiment and Evaluation of ST-MIN

1.
The Building of ST-MIN Testbed

Starting in April 2020, an ST-MIN testbed was built in cooperation with China Satellite Communications Corporation (or China Satcom). At present, it has passed the primary test and verified the feasibility of ST-MIN. The prototype network is shown in Fig. 5.56. The test network deployed several representative small multi-identifier subnets, including MIN-IDC (Multi-Identifier Network Internet Data Center) in Kashgar, Chengdu, and Beijing, and MIN-IDC in Peking University Shenzhen Graduate School, Chinese University of Hong Kong, Macau University of Science and Technology, and so on. Multiple subnets are connected through the ZhongXing 16th Satellite. IP tunneling is used to communicate between subnets, and the link-layer protocol is used to transfer the multi-identifier network packets directly within the subnets.

2.
Two-level Multi-identifier Management System Deployment Test

Based on the ST-MIN testbed, one server from each subnet are selected as a blockchain node and to compose the first level blockchain of our multi-identifier management system. The first level blockchain including eight nodes respectively from Peking University Shenzhen Graduate School, China Satcom, Chinese University of Hong Kong, Macau University of Science and Technology, Hong Kong University of Science and Technology, South China University of Technology, Jinshan Cloud Co. Ltd., and China Unicom.

In the private network of Satcom, the second-level consortium blockchain is deployed based on ZhongXing 16th Satellite communication system. The second-level management system of Satcom contains a total of 5 nodes, which are used to manage the space-based network communication identifiers. The experiment shows that the two-level management system can run normally and the multi-identifier management system has great flexibility in the level expansion.

3.
Basic Communication Test of ST-MIN

A simple network file transfer program is implemented to do the basic communication test on the ST-MIN testbed. This program includes a server and a client. The server is installed in the host named wt3 in IDC of China SATCOM in Beijing, and the client is installed in the host named node11 in the IDC of PKUSZ in Shenzhen. The client downloads file from the server with a simple transmission control protocol based on MIN’s network protocol. This transmission control protocol can use a fixed number of transmission windows to transfer data reliably and every packet size it sends is 8000 bytes. The test network topology is shown in Fig. 5.57. The total bandwidth of the transmission link is 20 Mbps. Eight kinds of a fixed number of transmission windows are used to do the test, and every test repeats ten times. The transmission results are shown in Fig. 5.58. As the transmission window increase, the transmission rate increases almost linearly. Further transport testing requires the design of a good transport control mechanism based on ST-MIN, which is beyond the scope of this article.

4.
Analysis and Comparisons

Compared with IP networks, the key advantages of ST-MIN include the following: (1) Multiple identifiers and transmission modes are allowed to coexist, and a more appropriate identifier is used to meet different scenarios, such as hierarchical identifier in the ground network and geospatial identifier in the space network. (2) ST-MIN has more endogenous safety features, including trust computing, packet multi-signature, and self-authentication identifiers. (3) Identifier co-management and co-governance technology, the voting management of the identifier is realized through the consortium blockchain technology. (4) Identify extensibility, instead of using fixed identifier and communication mode, the ST-MIN reserves interfaces for future identifier and communication mode expansion, which makes the resistance of future network architecture innovation less.

Notes

1.
www.cogmin.net or www.cogmin.cn.
2.
www.zeneyesdt.com.

References

World Internet Conference (2019) The 6th world internet conference. https://2019.wicwuzhen.cn/. Accessed 29 Dec 2020
Gubbi J, Buyya R, Marusic S et al (2013) Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gener Comput Syst 29(7):1645–1660
Article Google Scholar
Li H, Qi Z (2019) Thinking on secondary node construction of industrial internet identifier resolution. Inf Commun Technol Policy 296(02):68–72
Google Scholar
Sadeghi AR, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial internet of things. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp 1–6
Google Scholar
Khan MA, Salah K (2018) IoT security: review, blockchain solutions, and open challenges. Future Gener Comput Syst 82:395–411
Article Google Scholar
Li JQ, Yu FR, Deng G et al (2017) Industrial Internet: a survey on the enabling technologies, applications, and challenges. IEEE Commun Surv Tutorials 19(3):1504–1526
Article Google Scholar
Baccelli E, Mehlis C, Hahm O et al (2014) Information centric networking in the IoT: experiments with NDN in the wild. In: Proceedings of the 1st ACM conference on information-centric networking, pp 77–86
Google Scholar
Zhang YW, Chi C (2019) Zhu SY (2019) Information and communications technology and policy. Inf Commun Technol Policy 08:43–46
Google Scholar
Jia XQ, Luo S (2019) Hu Y (2019) Industrial Internet identification and its application research. Inf Commun Technol Policy 04:1–5
Google Scholar
Wei GH, Li H, Bai YJ, Li GX, Xing KX (2020) Space-terrestrial integrated multi-identifier network with endogenous security. Space Integr Ground Inf Netw 1(02):66–73
Google Scholar
Liu G, Huang Y, Li N et al (2020) Vision, requirements and network architecture of 6G mobile network beyond 2030. China Commun 17(9):92–104
Article Google Scholar
Boccardi F, Heath RW, Lozano A et al (2014) Five disruptive technology directions for 5G. IEEE Commun Mag 52(2):74–80
Article Google Scholar
Zhou YQ, Pan ZG, Zhai GW et al (2015) Standardization and key technologies for future fifth generation of mobile communication system. Data Acquisition Process 30(4):714–724
Google Scholar
Liu D (2019) Promote the integrated development of 5G and industrial internet. http://www.caict.ac.cn/kxyj/caictgd/201911/t20191128_270414.htm. Accessed 29 Dec 2020
Like BW, Like SW, Italiano I et al (2013) The Cyber-Industrial-Complex. Theriskyshift Com
Google Scholar
Wu JX, Li JH, Ji XS (2018) Security for cyberspace: challenges and opportunities. Front Inf Technol Electron Eng 19(12):1459–1461
Article Google Scholar
Li H, Wu JX, Yang X, et al (2020) MIN: Co-Governing Multi-Identifier Network Architecture and Its Prototype on Operator’s Network. IEEE Access (8):36569–36581
Google Scholar
Li H, Wu JX, Xing KX et al (2019) Prototype and testing report of a multi-identifier system for reconfigurable network architecture under co-governing. Scientia Sinica Informationisnis (49):1186–1204
Google Scholar
Wang YM, Li H, Xing KX et al (2019) Identifiers management of industrial internet based on multi-identifier network architecture. ZTE Communications 18(1):36–43
Google Scholar
Lin CJ, Liu XW (2019) The construction and application of identifier resolution in automotive industrial internet. ZTE Communications 18(1):55–65
Google Scholar

Download references

Author information

Authors and Affiliations

Shenzhen Graduate School, Peking University, Shenzhen, China
Prof. Hui Li & Xin Yang

Authors

Prof. Hui Li
View author publications
You can also search for this author in PubMed Google Scholar
Xin Yang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hui Li .

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Li, H., Yang, X. (2021). Prototype of Sovereignty Network and Application of Private Network Based on MIN. In: Co-governed Sovereignty Network. Springer, Singapore. https://doi.org/10.1007/978-981-16-2670-8_5

Download citation

DOI: https://doi.org/10.1007/978-981-16-2670-8_5
Published: 27 July 2021
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-2669-2
Online ISBN: 978-981-16-2670-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics