一个自主开放的互联网根域名解析体系  被引量：19

作　　者：张宇[1] 夏重达 方滨兴[1,2] 张宏莉 ZHANG Yu XIA Zhongda FANG Binxing ZHANG Hongli(Research Center of Computer Network and Information Security Technology, Department of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China Institute of Electronic and Information Engineering in Dongguan, University of Electronic Science and Technology of China, Dongguan 523808, China)

机构地区：[1]哈尔滨工业大学计算机科学与技术学院计算机网络与信息安全技术研究中心,哈尔滨中国150001 [2]东莞电子科技大学电子信息工程研究院,东莞中国523808

出　　处：《信息安全学报》2017年第4期57-69,共13页Journal of Cyber Security

基　　金：广东省产学研合作项目"广东省健康云安全院士工作站"(No.2016B090921001);国家重点基础研究发展计划("973"计划)(No.2011CB302605;No.2013CB329602);国家自然科学基金(No.61202457;No.61402149)资助

摘　　要：域名系统(Domain Name System,DNS)的中心化根解析体系蕴含着权力滥用风险,对互联网的开放与平等形成威胁。本文提出了一个新的自主开放根解析体系,与现有DNS兼容的同时,从结构和机制两方面对权力滥用予以威慑。首先,针对域名唯一性与去中心化之间矛盾,提出了授权与解析分离机制,在保留单一根权威的条件下,实现解析服务去中心化。接着,针对中心式结构风险,提出建立国家根与根联盟,通过自治与合作实现权力制衡。然后,分析了新体系防范风险的有效性以及在当前DNS基础之上的增量,并讨论新体系所具有的自主、开放、平等、透明性质。最后,对新体系的安全性进行分析并给出了一个原型系统。The current DNS （Domain Name System） root resolution architecture has the risk of power abuse which posts threats on the openness and equality of the Internet. This paper presents a new DNS-compatible autonomous open root resolution architecture to effectively prevent the power abuse from the perspectives of structure and mechanism. First, aiming at the dilemma between the name uniqueness and decentralization, we propose the separation of delegation and resolution to decentralize resolution service while keeping a single root authority. Then, to cope with the risk in the centralized structure, we propose a structure with country roots and inter-root to provide power balancing. We analyze the effectiveness of the new architecture against the abuse threats and the changes on current DNS. We discuss the autonomy, openness, equality and transparency of the new architecture. We also analyze the security of the new architecture and implement a prototype.

关 键 词：域名系统 根 去中心化 互联网治理 

分 类 号：TP393.4[自动化与计算机技术—计算机应用技术]