检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:李丹[1] 秦澜城 吴建平[1] 苏莹莹 徐明伟[1] 施新钢 顾钰楠 林涛 LI Dan;QIN Lancheng;WU Jianping;SU Yingying;XU Mingwei;SHI Xingang;GU Yunan;LIN Tao(Tsinghua University,Beijing 100084,China;Huawei Technologies Co.,Ltd.,Beijing 100095,China;New H3C Technologies Co.,Ltd.,Beijing 100102,China)
机构地区:[1]清华大学,北京100084 [2]华为技术有限公司,北京100095 [3]新华三技术有限公司,北京100102
出 处:《电信科学》2020年第10期21-28,共8页Telecommunications Science
基 金:国家重点研发计划项目(No.2018YFB1800600);国家自然科学基金项目(No.61772305);广东省重点研发计划项目(No.2018B010113001)。
摘 要:互联网架构设计之初,假设所有网络成员都是可信的,并没有充分考虑不可信网络成员带来的安全威胁。在很长一段时间内,路由器只根据报文的目的IP地址转发消息,不对报文的源IP地址的真实性进行验证。数据分组真实性验证的缺乏会导致报文头部信息被恶意篡改。提出了基于边界路由动态同步的互联网地址域内真实源地址验证方法。该机制基于前缀拓扑信息同步的方法构建过滤表,解决了路由不对称导致过滤表和实际路由状态不一致的问题,避免了验证过程中的假阳性和假阴性,实现了低开销、低时延的地址域内IP地址前缀级粒度的真实源地址验证。At the beginning of the design of the Internet architecture,it assumed that all network members were trusted,and did not fully consider the security threat brought by the untrusted network members.For a long time,routers only forward packets based on the destination IP address of the packet,and do not carry out any verification on the source IP address of the packet.The lack of packet level authenticity on the Internet results in the header being maliciously altered.A real source address verification mechanism with routing synchronization and dynamic filtering were proposed.This mechanism constructs the filter table based on the prefix-topology mapping synchronization,the problem of inconsistent state between the filter table and the route caused by routing asymmetry were solved,false positives and false negatives was avoided,and a low-overhead and low-latency source address verification of the IP address prefix level granularity in the address domain were realized.
分 类 号:TN929[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49