CN102368740A - Network addressing method - Google Patents
Network addressing method Download PDFInfo
- Publication number
- CN102368740A CN102368740A CN201110393986XA CN201110393986A CN102368740A CN 102368740 A CN102368740 A CN 102368740A CN 201110393986X A CN201110393986X A CN 201110393986XA CN 201110393986 A CN201110393986 A CN 201110393986A CN 102368740 A CN102368740 A CN 102368740A
- Authority
- CN
- China
- Prior art keywords
- territory
- responsibility
- label
- network addressing
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a novel network addressing method, which is characterized in that the address of each network interface is composed of a responsibility domain label of a planer structure and an intra-domain label of a hierarchical structure, wherein each responsibility domain label is a hash value of a responsibility domain public key and in natural one-to-one correspondence to the responsibility domain public key; and in each responsibility domain, an identity-based signature algorithm is used for offline on demand, secret keys are distributed to network equipment, and thus, the corresponding public keys are addresses of a hybrid network addressing scheme of the network equipment. According to the network addressing method disclosed by the invention, not only do intrinsic and distributed trust models exist, but also the increase in deployment coast and the reduction in communication performance cannot be resulted in.
Description
Technical field
The present invention relates to a kind of network addressing method, in it can provide in whole network, distributed trust model, belong to network safety filed, particularly, belong to IP route and exchange field.
Background technology
AIP (Accountable Internet Protocol, but the network layer protocol of accountability) is through planned network addressing scheme again, and a kind of inherence, distributed trust model are provided.
There are many deficiencies in the network addressing scheme of AIP: the cost height is disposed in (1), and AIP has elongated address structure, and this requires 1. to change Routing Protocol in IP agreement, inter-domain routing protocol and the territory comprehensively; 2. redistribute host address, and revise the operating system of end main frame; 3. all application programs of upgrading; 4. expand DNS (Domain Name System, domain name analysis system) server capability.(2) communication performance is low, can be seen by Fig. 1, and the packet header of AIP is far longer than the packet header of IPv4 or IPv6.Because the restriction of maximum path transmission unit, onesize data need be divided into more transmitted in packets in AIP, and the propagation delay time that this can increase and decrease data greatly reduces communication performance end to end.
Summary of the invention
The purpose of this invention is to provide a kind of network addressing method, it not only has inherent, distributed trust model, and can not cause the increase of deployment cost and the reduction of communication performance.
For this reason, the invention provides a kind of network addressing method, it is characterized in that; The address of each network interface all is made up of the responsibility territory label of planar structure and the territory interior label mixing of hierarchical structure, and responsibility territory label is the Hash Value of responsibility territory PKI, and it is corresponding one by one natively with responsibility territory PKI; In the responsibility territory; Use for the network equipment distributes private key, makes that corresponding PKI is exactly their hybrid network addressing scheme address based on the signature algorithm of identity off-line as required.
Preferably, use the public affairs/private key in asymmetric cryptosystem generation responsibility territory right.
Preferably, asymmetric cryptosystem is RSA, DSA, ECDSA.
Preferably, the hybrid network addressing scheme is with the IPv6 Web-compatible, and the length of hybrid network addressing scheme address is 128 bits, and at this moment the length of responsibility territory label is 88 bits, and the length that keeps the territory is 8 bits, and the length of territory interior label is 32 bits.
Preferably, the inter-domain routing mechanism after the improvement comprises, all replaces to responsibility territory label with the AS that occurs in the BGP routing update message number with purpose IP prefix; With responsibility territory label is handle, organizes routing table and transmits.
Preferably, routing mechanism comprises in the territory after the improvement, improves Routing Protocol in the territory, makes them to adapt with hybrid network addressing scheme address.
Preferably, Routing Protocol comprises RIP, OSPF in the said territory.
Preferably, inter domain router is that the handle tissue is transmitted with the responsibility territory label of planar structure, when transmitting grouping, uses the accurately routing iinformation of the given destination address in location of Hash table.
Preferably, the trade mark enquiries center is set, is responsible for storage, distributes common parameter in all responsibility territory PKIs and the territory, and support the renewal of common parameter in responsibility territory label, PKI and the territory.
Preferably, keeping the territory is positioned between " responsibility territory label field " and " interior label territory, territory ".
Beneficial effect of the present invention is specific as follows:
(1) the distributed trust model of inherence: at first; Responsibility territory oneself guarantees the credible of its PKI, and responsibility territory credible through equipment PKI in the common parameter assurance territory in the guarantee territory, so; Each responsibility territory all is the trust anchor of equipment in the territory; There is not " root trust anchor " in the whole trust model, so, the invention provides a kind of distributed trust model.Secondly, distributed trust model provided by the invention is present in the routing infrastructure, need outside routing infrastructure, not dispose any mechanism, so trust model provided by the invention is inherent.
(2) lower deployment cost: the length of address of the present invention can be 128 bits; With these special circumstances is example; 1. the present invention has just changed the description mode of network number and host number in the end node address, can not change hardware, operating system and the application program of end node; 2. the present invention can not impact routing mechanism in intradomain router and the territory, and Routing Protocol in the existing territory still can be independently adopted in the responsibility territory flexibly.3. the present invention has changed inter-domain routing mechanism, requires upgrading bgp router and iBGP router; 4. the present invention can not change the DNS system.It is thus clear that deployment cost of the present invention will be far smaller than AIP.
(3) communication performance is high: the length of address of the present invention can be 128 bits, is example with these special circumstances, and at this moment packet header can adopt the stem form of IPv6, and the present invention can not reduce communication performance because increase packet header length as AIP.
The invention provides a kind of new-type network addressing method, itself just have inherent trust model, and because this trust model is distributed, so can not cause the battle of internet management power.
Description of drawings
Fig. 1 is the sketch map of the routing infrastructure of AIP.
Fig. 2 is the sketch map according to network addressing method of the present invention.
Embodiment
The researcher often uses asymmetric cryptosystem to solve network security problem.Be to use asymmetric cryptosystem to solve the prerequisite of network security problem and make up rational trust model.Here, trust model is meant, guarantees the technological means of " PKI is credible ", and wherein, " PKI is credible " can be understood according to following mode: suppose that (label is Q to network entity A
A) claim and have PKI pk
AIf network entity B believes pk
AReally be the PKI of A, perhaps pk
ACorresponding private key pr
AOnly by rights had, so just say that B believes the PKI pk of A by A
ACredible.
Suppose that the collection of network entities that safety approach relates to is Q, make one-to-one relationship
Expression conclusion " label Q
ACorresponding PKI is pk
A", then the trust model technique effect that should reach may be summarized to be:
If Q
xOutwards declare
So, other network entity can pick out through trust model
Whether credible.
In existing network security scheme, the researcher generally adopts centralized trust model.Particularly,
(1) trust anchor is set in network, its private key is pr, and corresponding PKI is pk, and the all-network entity all should obtain and store pk, and the all-network entity believes that all this trust anchor can arbitrate the credibility of PKI.
(2) (label is Q for the arbitrary network entity A
A), be pk if suppose its PKI
A, so, A outwards declares
Before, it is right at first to obtain trust anchor
The digital signature of corresponding relation.The digital signature can be written as
is
indicates a trust anchor that
is credible.(3) if A declares that to network entity B
A should submit to
B to use the PKI pk checking
of trust anchor to pass through if verify to B in the lump; B believes " CA thinks that
is believable " so; Because B believes trust anchor and can arbitrate the credibility of PKI; So B believes that
is credible.It is thus clear that above-mentioned steps has reached the technique effect of trust model requirement.
In a word, centralized trust model requires a trust anchor, and requires the all-network entity to believe that all this trust anchor can arbitrate the credibility of PKI.In current politics, social environment, how this trust anchor is set has become a difficult problem.For example, be arranged on still China of the U.S. actually,, still, all be difficult to confirm by China or Russia's management actually by the U.S. or NATO's management.The researcher generally is summarised as this deficiency, and centralized trust model is easy to cause the battle of internet management power, therefore, is difficult to obtain practical application.
To the above-mentioned deficiency of centralized trust model, the present invention has designed a kind of new-type network addressing method HAS (Hybrid Addressing Scheme mixes addressing scheme).HAS itself just has inherent trust model, and because this trust model is distributed, so can not cause the battle of internet management power.
AIP (Accountable Internet Protocol) is also through planned network addressing scheme again, and a kind of inherence, distributed trust model are provided.(Accountability Domain AD) is the basic element of network topology to AIP with the responsibility territory.The responsibility territory is the network that has the main body managed independently in the Internet, can be nested between the responsibility territory.The network that AIP is corresponding with the IP prefix is used as top responsibility territory, has only top responsibility territory just can participate in global route.Based on above-mentioned routing infrastructure, AIP has designed the address structure of stratification, and each level of address all be one from the authentication label
At first, each AD and the network equipment all have unique from the authentication label, and they mainly are made up of the Hash Value of corresponding PKI.Because hash algorithm has good one-way, so, be one to one from the authentication label with PKI.It should be noted that AIP requires to use the public affairs/private key in RSA Algorithm generation responsibility territory right, AIP does not provide concrete hash algorithm.
Secondly, the address of each network interface all has hierarchical structure, is made up of to label, network equipment label, the interface number (the rightest 8 bits of network equipment label) of all AD the place AD of this network interface institute top AD.It is thus clear that the length of AIP address is variable.
Based on above-mentioned network addressing method, AIP has designed a kind of special packet-forwarding method.
In Fig. 1, AD
1, AD
4Be the label of top AD, AD
2Be nested in AD
1In, AD
3Be nested in AD
2In, A place, terminal is in AD
3In, same AD
5Be nested in AD
4In, AD
6Be nested in AD
5In, B place, terminal is in AD
6In.At AD
1~AD
6In top responsibility territory AD is only arranged
1, AD
4Participate in global route, the border router in other responsibility territory is only known the route that arrives its higher level AD and the AD of subordinate.The label of A and B is respectively EID
1And EID
2, global address is respectively AD
1: AD
2: AD
3: EID
1And AD
4: AD
5: AD
6: EID
2
As shown in Figure 1, when A when B initiates communication, it need be with source label E ID
1, source TLD AD
1, purpose label E ID
2With purpose TLD AD
4Be filled into the relevant position of packet header, and with source end intermediate field (AD
2And AD
3) be attached to source storehouse SS, with destination intermediate field (AD
5And AD
6) be attached among the purpose storehouse DS.AD
3Border router receive grouping after, find that " purpose TLD " (label is 4 territory among Fig. 1) is not AD
1, just submit this grouping, AD to upper level AD
2Border router carry out same operation.Finally by AD
1Border router forward the packet to AD
4(because AD
1Border router have and arrive AD
4Route).AD
4Border router receive grouping after, from DS, take out the label A D in next stage territory
5, and " purpose TLD " replaced with AD
5, continue then to transmit to divide into groups.AD
5Border router carry out same operation, and " purpose TLD " replaced with AD
6The final purpose terminal B that arrives divides into groups.So just, accomplished the packet switching process one time.
Visible by foregoing, AIP has inherent, distributed trust model:
In AIP; Each AD and the network equipment all have unique from the authentication label; Corresponding relation between
does not need other network principal guarantee; Like this, each AD and the network equipment all become its trust anchor, do not have " root trust anchor " in the whole trust model; So the network addressing scheme of AIP makes it have distributed trust model.
The credibility of
relation is present in the network addressing scheme; Need outside routing architecture, not dispose any mechanism; So AIP has inherent trust model.
The present invention is more superior than AIP performance.According to one embodiment of present invention, performing step comprises:
The 1st step:
Given routing infrastructure, this routing infrastructure is an element with the responsibility territory
The network that has the main body managed independently in the Internet is used as the responsibility territory, is the basic element of network topology with the responsibility territory.Like this, whole network shows as " associating in numerous responsibilities territory ", and single responsibility territory then shows as the element form of network topology.The particle size variable in responsibility territory: network size no matter; Any possess single, as to manage main body independently network and can become the responsibility territory, and for example fixedly subnet (enterprise network or campus network), mobile subnetwork (subnet on train, the steamer) and autonomous system etc. all might be taken as independently responsibility territory.
The 2nd step:
Based on above-mentioned routing infrastructure, the planned network addressing method
This network addressing method is: the address of each network interface all is made up of the responsibility territory label d of planar structure and the territory interior label f mixing of hierarchical structure, and note is made d:f, is called for short the HAS address.
As shown in Figure 2, d is unique expression responsibility territory identity in network-wide basis, the address of f unique expression network interface in the responsibility territory.
(1) in the time of need be with other Web-compatible, can further limit the length of d and f
For example, for the IPv6 Web-compatible, length that can regulation d is 88 bits, and the length that keeps the territory is 8 bits, and the length of f is 32 bits, and the total length of address is 128 bits like this, and is identical with the length of IPv6 address.
(2) the responsibility territory label of planar structure is set based on asymmetric cryptosystem and hash function
Responsibility territory label is the Hash Value of responsibility territory PKI.Particularly, for responsibility territory i, its label d
iCan generate according to formula (1):
d
i=P
rf
i(pk
i) (1)
In the formula (1), pk
iThe autonomous PKI that generates of expression responsibility territory i, the corresponding private key note is made pr
iPrf
iThe hash function that (.) expression responsibility territory i selects has good one-way.Particularly,
1) can use asymmetric cryptosystem, like RSA, DSA, ECDSA (Elliptic Curve Digital Signature Algorithm, ECDSA) etc., the public affairs/private key that generates the responsibility territory is right.
2) can use common hash function (like SHA, MD-5 etc.) to handle responsibility territory PKI, to generate responsibility territory label; Also can make up hash function with standard method ISO/IEC 10118-2, use this hash function to handle responsibility territory PKI then, to generate responsibility territory label based on DSE arithmetic AES.
(3) the reservation territory is set
As shown in Figure 2, keep the territory and be positioned between " responsibility territory label field " and " interior label territory, territory ".It should be noted that the length that keeps the territory is unfixing, it is a fill field, does not have any semanteme, and the value in this territory can be set at complete zero.
(4) the territory interior label is set
The territory interior label adopts the hierarchical structure of CIDR (Classless Inter-Domain Routing, CIDR) pattern, supports subnet to divide and the prefix polymerization.The autonomous allocation domain interior label in responsibility territory.
(5) the responsibility territory is provided with the private key of terminal equipment, and corresponding PKI is exactly its HAS address
In the responsibility territory, use signature algorithm (for example JYH algorithm), distribute private key, make that corresponding PKI is exactly their HAS addresses separately by the network equipment that is required to be in the territory based on identity.
The 3rd step:
Based on above-mentioned network addressing method, routing mechanism between design domain
Improve bgp protocol (Border Gateway Protocol; Border Gateway Protocol); Use the bgp protocol after improving to accomplish inter-domain routing: (1) all replaces to responsibility territory label with the AS that occurs in the BGP routing update message (Autonomous System, autonomous system) number with purpose IP prefix.(2) be handle with responsibility territory label, organize routing table and transmit.
The 4th step:
Based on above-mentioned network addressing method, routing mechanism in the design domain
Because the territory interior label has hierarchical structure; Therefore can; (1) improves RIP (Routing Information Protocol; Routing information protocol), Routing Protocol in the OSPF territories such as (Open Shortest-Path First Interior Gateway Protocol, Open Shortest Path First), make them to adapt with the HAS address; Routing Protocol is accomplished the routing function in the responsibility territory in the territories such as RIP after (2) employing improves or OSPF.
The 5th step:
Based on above-mentioned network addressing method, design packet forward flow process
After adopting the HAS address, (1) each packet header mainly comprises information such as source address and destination address.Distinguishingly, if the length of HAS address is defined as 128 bits, packet header can adopt the stem form of IPv6 so.(2) inter domain router is that handle is organized the inter-domain routing table and transmitted with the responsibility territory label of planar structure); When transmitting grouping; Inter domain router can be abandoned the longest prefix match algorithm among the Internet, then uses the accurately routing iinformation of the given destination address in location of Hash table.
The 6th step:
Based on above-mentioned network addressing method, design public key management mechanism
Public key management mechanism mainly is made up of PSR (Public Shared Registry, trade mark enquiries center).All responsibility territory PKIs are responsible for storing, distributing in this trade mark enquiries center, and support dynamically updating of responsibility territory label, PKI.The operation principle of PSR is following:
(1) PSR comprises a public key information tabulation.Each responsibility territory label is a list item to tabulating all.The information that each list item comprises has: " responsibility territory label ", " PKI ", " generation parameter ", " common parameter in the territory " are (for responsibility territory i; Suppose that it has adopted certain signature algorithm based on identity; The special parameter that this algorithm is required is called common parameter in the territory of responsibility territory i, and note is made π
i), " rise time ", " term of validity ", " state value ", " list item position ", " digital signature ".Wherein " state value " item is 0 o'clock, representes that this list item is still effective, and " state value " item is 1 o'clock, representes that this list item is abrogated." list item position " item is optional, when " state value " item is 1, and " list item position " corresponding list item position of the new label of expression." digital signature " stored the responsibility territory to PKI ", " generation parameter ", " common parameter in the territory ", " rise time ", " term of validity ", " state value ", the digital signature of " list item position ".
(2) distribution: PSR is periodically inquired about in each responsibility territory, with information such as common parameters in the label in other responsibility territory of real-time update, PKI, the territory.
(3) upgrade: in order to resist contingent key strength degenerate problem; Three kinds of responsibility territory tag update methods have been designed: 1. regularly upgrade; Any responsibility territory is before the time surpasses the term of validity; All must generate new public affairs/private key to common parameter in, label and the territory, and in PSR, abrogate old list item, register new storage item; 2. upgrade, public affairs/private key can initiatively be upgraded at any time to common parameter in, label and the territory in each responsibility territory temporarily, and interim renewal need be abrogated old list item equally, registers new list item; 3. partial update allows " common parameter in the territory " attribute in the independent updated stored list item in responsibility territory.In addition, when taking place regularly to upgrade with interim the renewal, each responsibility territory all need with routing table, transmit or the mapping relations table in old responsibility territory label replace to new responsibility territory label.
Claims (10)
1. a new network addressing method is characterized in that, the address of each network interface all is made up of the responsibility territory label of planar structure and the territory interior label mixing of hierarchical structure; Responsibility territory label is the Hash Value of responsibility territory PKI; It is corresponding one by one natively with responsibility territory PKI, in the responsibility territory, uses based on the signature algorithm of identity off-line as required; For the network equipment distributes private key, make that corresponding PKI is exactly their hybrid network addressing scheme address.
2. network addressing method as claimed in claim 1 is characterized in that, uses the public affairs/private key in asymmetric cryptosystem generation responsibility territory right.
3. network addressing method as claimed in claim 2 is characterized in that, asymmetric cryptosystem is RSA, DSA, ECDSA.
4. network addressing method as claimed in claim 1; It is characterized in that; The hybrid network addressing scheme is with the IPv6 Web-compatible, and the length of hybrid network addressing scheme address is 128 bits, and at this moment the length of responsibility territory label is 88 bits; The length that keeps the territory is 8 bits, and the length of territory interior label is 32 bits.
5. network addressing method as claimed in claim 1 is characterized in that, the inter-domain routing mechanism after the improvement comprises, all replaces to responsibility territory label with the AS that occurs in the BGP routing update message number with purpose IP prefix; With responsibility territory label is handle, organizes routing table and transmits.
6. network addressing method as claimed in claim 1 is characterized in that routing mechanism comprises in the territory after the improvement, improves Routing Protocol in the territory, makes them to adapt with hybrid network addressing scheme address.
7. network addressing method as claimed in claim 6 is characterized in that Routing Protocol comprises RIP, OSPF in the said territory.
8. network addressing method as claimed in claim 1 is characterized in that, inter domain router is that the handle tissue is transmitted with the responsibility territory label of planar structure, when transmitting grouping, uses the accurately routing iinformation of the given destination address in location of Hash table.
9. network addressing method as claimed in claim 1 is characterized in that, the trade mark enquiries center is set, and is responsible for storage, distributes common parameter in all responsibility territory PKIs and the territory, and support the renewal of common parameter in responsibility territory label, PKI and the territory.
10. network addressing method as claimed in claim 1 is characterized in that, keeps the territory and is positioned between " responsibility territory label field " and " interior label territory, territory ".
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110393986XA CN102368740A (en) | 2011-12-01 | 2011-12-01 | Network addressing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110393986XA CN102368740A (en) | 2011-12-01 | 2011-12-01 | Network addressing method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102368740A true CN102368740A (en) | 2012-03-07 |
Family
ID=45761290
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110393986XA Pending CN102368740A (en) | 2011-12-01 | 2011-12-01 | Network addressing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102368740A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103414691A (en) * | 2013-07-17 | 2013-11-27 | 中国人民解放军国防科学技术大学 | Self-trusted network address and secret key distributing method based on address (public key) |
CN105072116A (en) * | 2015-08-13 | 2015-11-18 | 中国人民解放军国防科学技术大学 | Self-trusting route resource identifier and secret key distributing method based on identifier, namely public key |
CN105141597A (en) * | 2015-08-13 | 2015-12-09 | 中国人民解放军国防科学技术大学 | Self-representation secure routing authorization method based on identity, namely, public key |
CN108809827A (en) * | 2018-05-18 | 2018-11-13 | 清华大学 | The Border Gateway Protocol improved method and device of combination stability and safety |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1636378A (en) * | 2001-10-26 | 2005-07-06 | 艾利森电话股份有限公司 | Addressing mechanisms in mobile ip |
US20090006849A1 (en) * | 2002-04-29 | 2009-01-01 | Microsoft Corporation | Peer-to-peer name resolution protocol (pnrp) security infrastructure and method |
-
2011
- 2011-12-01 CN CN201110393986XA patent/CN102368740A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1636378A (en) * | 2001-10-26 | 2005-07-06 | 艾利森电话股份有限公司 | Addressing mechanisms in mobile ip |
US20090006849A1 (en) * | 2002-04-29 | 2009-01-01 | Microsoft Corporation | Peer-to-peer name resolution protocol (pnrp) security infrastructure and method |
Non-Patent Citations (5)
Title |
---|
JUNG HEE CHEON等: "A new ID-based signature with batch verification", 《CRYPTOLOGY EPRINT ARCHIVE》, 31 December 2004 (2004-12-31), pages 119 - 131 * |
NING-NING LU;HUA-CHUN ZHOU;HONG-KE ZHANG: "《Information Assurance and Security,2009.IAS "09.》", 30 December 2009, article "A New Source Address Validation Scheme Based on IBS", pages: 334-337 * |
NING-NING LU等: "IPas++:A Novel Accountable and Scalable Internet Protocol for Future Internet", 《网际网路技术学刊》, vol. 12, no. 5, 1 September 2011 (2011-09-01), pages 769 - 780 * |
卢宁宁;周华春;张宏科: "一体化网络体系架构中一种新型接入机制", 《北京交通大学学报》, vol. 33, no. 2, 15 April 2009 (2009-04-15), pages 44 - 49 * |
周三奇;陈佳;张宏科: "《2011全国无线及移动通信学术大会论文集》", 15 September 2011, article "新型平面标识域内路由协议", pages: 214-217 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103414691A (en) * | 2013-07-17 | 2013-11-27 | 中国人民解放军国防科学技术大学 | Self-trusted network address and secret key distributing method based on address (public key) |
CN103414691B (en) * | 2013-07-17 | 2017-02-08 | 中国人民解放军国防科学技术大学 | Self-trusted network address and secret key distributing method based on address (public key) |
CN105072116A (en) * | 2015-08-13 | 2015-11-18 | 中国人民解放军国防科学技术大学 | Self-trusting route resource identifier and secret key distributing method based on identifier, namely public key |
CN105141597A (en) * | 2015-08-13 | 2015-12-09 | 中国人民解放军国防科学技术大学 | Self-representation secure routing authorization method based on identity, namely, public key |
CN105141597B (en) * | 2015-08-13 | 2018-08-14 | 中国人民解放军国防科学技术大学 | It is a kind of that Security routing authorization method is indicated based on the i.e. public key of mark certainly |
CN105072116B (en) * | 2015-08-13 | 2018-09-18 | 中国人民解放军国防科学技术大学 | It is the route resource of the trust certainly mark and method for distributing key of public key based on mark |
CN108809827A (en) * | 2018-05-18 | 2018-11-13 | 清华大学 | The Border Gateway Protocol improved method and device of combination stability and safety |
CN108809827B (en) * | 2018-05-18 | 2020-06-02 | 清华大学 | Method and device for improving border gateway protocol by combining stability and security |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2356792B1 (en) | Network nodes and methods for data authorization in distributed storage networks | |
CN103841022B (en) | For setting up the method and device in tunnel | |
CN104378298A (en) | Flow table entry generating method and corresponding device | |
CN102647394B (en) | Routing device identity identifying method and device | |
CN101588343A (en) | Management method of mapping relation between prefix and autonomous system (AS), message processing method and device | |
CN103079198B (en) | The key updating method and system of sensor node | |
Fang et al. | Hierarchical SDN for the hyper-scale, hyper-elastic data center and cloud | |
WO2016082275A1 (en) | Bgp route authentication method based on hop-by-hop monitoring | |
Krähenbühl et al. | Deployment and scalability of an inter-domain multi-path routing infrastructure | |
CN103825826B (en) | The implementation method and device of a kind of dynamic routing | |
CN102368740A (en) | Network addressing method | |
CN104202183A (en) | Method and device for solving SDN (software defined networking) flow level configuration consistency updating | |
CN102763377B (en) | For the distribution method of the routing iinformation of redundancy link | |
CN108833113B (en) | Authentication method and system for enhancing communication safety based on fog calculation | |
CN106936714A (en) | The processing method and PE equipment and system of a kind of VPN | |
JP2012156957A (en) | Network system, control device, computer and network device | |
US20160142213A1 (en) | Authentication service and certificate exchange protocol in wireless ad hoc networks | |
CN102546419B (en) | Routing method, routing device, packet forwarding method and packet forwarding system | |
CN108092897B (en) | Trusted routing source management method based on SDN | |
EP2276206A1 (en) | A method, device and communication system for managing and inquiring mapping information | |
Liu et al. | Secure name resolution for identifier-to-locator mappings in the global internet | |
Papadimitriou | OSPFv2 Routing Protocols Extensions for Automatically Switched Optical Network (ASON) Routing | |
CN106576076A (en) | Route control for internet exchange point | |
CN114079632B (en) | Trusted inter-domain routing method and system based on blockchain | |
CN102710800B (en) | Method and network device for configuring RD (route distinguisher) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120307 |