安全可信的互联网体系结构与端到端传送关键技术  被引量:1

Secure and Trusted Internet Architecture and Key Technologies of End-to-End Transmission

在线阅读下载全文

作  者:徐恪[1] 冯学伟 李琦[1] 朱敏[1] XU Ke;FENG Xuewei;LI Qi;ZHU Min(Tsinghua University,Beijing 100084,China)

机构地区:[1]清华大学,中国北京100084

出  处:《中兴通讯技术》2022年第6期17-22,共6页ZTE Technology Journal

基  金:国家自然科学基金(61825204、61932016、62132011);北京卓越青年科学家计划项目(BJJWZYJH01201910003011)。

摘  要:围绕无连接网络中安全可信的端到端传送关键问题,从互联网的工作原理出发,提出了具备安全可信和主动防御能力的互联网端到端传送关键技术,包括层间交互、语义一致的协议栈安全漏洞检测与防御,随机标识、层次验证的分组转发正确性检测,以及频域分析、交互图构造的传送连接可信检测,实现了分组数据可靠生成、安全传输、可信应用3个阶段全生命周期的安全闭环,有效增强了互联网的整体安全性。在实际网络环境中进行规模化应用及部署的结果表明,所提出的技术方法能够有效抵御拒绝服务(DoS)、流量劫持、身份欺骗、路由篡改等针对互联网的各种攻击威胁。The key issues of secure and trusted end-to-end transmissions in connectionless are addressed. Aiming to ensure the consistency between network policies and the end-to-end transmission behavior, a new technique based on the working principles of the Internet is presented, i.e., identifying and mitigating vulnerabilities in protocol stacks by leveraging cross-layer interactions and semantic consistency analysis, detecting the correctness of packets forwarding path by leveraging random labels and hierarchical verification, as well as identifying the reliability of transmission connections by leveraging frequency domain analysis and interaction graph construction. Our technique can ensure the reliable generation, safe transmission and trusted application of IP packets in the three-stage life cycle, thus enhancing the security of the Internet. Through large-scale applications and deployments in the real world, experimental results show that our technique can effectively mitigate the threats of denial of service(DoS), traffic hijacking, identity spoofing, and route tampering.

关 键 词:互联网体系结构 端到端传送 语义一致性 路径验证 恶意流量检测 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象