信息网络安全 ›› 2015, Vol. 15 ›› Issue (1): 24-31.doi: 10.3969/j.issn.1671-1122.2015.01.005

• 技术研究 • 上一篇    下一篇

一种路由设备服务可信属性定义方法与可信路由协议设计

赵玉东(), 徐恪, 朱亮   

  1. 清华大学计算机科学与技术系,北京100084
  • 收稿日期:2014-11-14 出版日期:2015-01-10 发布日期:2015-07-05
  • 作者简介:

    作者简介: 赵玉东(1974-),男,内蒙古,博士研究生,主要研究方向:网络安全、新一代互联网体系结构;徐恪(1974-),男,江苏,博士生导师,教授,博士,主要研究方向:新一代互联网体系结构、高性能路由器体系结构、P2P与应用层网络、新一代互联网路由协议、网络安全等;朱亮(1982-),男,安徽,博士研究生,主要研究方向:网络安全、新一代互联网体系结构。

  • 基金资助:
    国家自然科学基金[61170292, 61472212, 61161140454];国家科技重大专项[2012ZX03005001];国家重点基础研究发展计划(国家973项目)[2012CB315803];国家高技术研究发展计划(国家863项目)[2013AA013302]

ZHAO Yu-dong(), XU Ke, ZHU Liang   

  1. Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
  • Received:2014-11-14 Online:2015-01-10 Published:2015-07-05

摘要:

受主观意志和研发能力影响,路由设备生产商难以严格按其对用户承诺提供路由产品,导致设备及其组件中可能存在漏洞与后门,这将给核心网络带来严重的安全威胁。文章为此提出一种路由设备服务可信属性的定义和动态测量方法,并设计相应的可信路由协议,以优化核心网络服务可信属性,促进网络信息传输安全。文章首先分析核心网络范围内网络服务可信属性与信息传输安全的关系,论证通过量化路由设备服务可信属性,同时基于该属性设计可信路由协议,可实现设备资源受限条件下信息传输安全效益的最大化。其次引入“信任度”的概念定义路由设备服务可信属性,在设计基于设备信任度和当前互联网在用路由协议的域内域间可信路由协议的基础上,理论证明上述协议下最优可信路由的存在。接着提出一种基于分组可信路由与实际转发路径一致性检测的路由设备信任度动态量化技术。最后构造可信路由网络模型,检测可信路由协议的安全效益及其对传统路由开销的影响,结果显示可信路由可显著增加信息传输的安全性,其带来的传统路由开销的增长及路由变化的频率与幅度可容忍。

关键词: 服务可信属性, 核心网络, 信息安全, 信任度路由

Abstract:

Influenced by subjective will and development capability, manufacturers can hardly keep their promise to provide users the expected routers. Therefore there might be bugs and backdoor hidden inside routers or components. This may seriously threat security in core network. This paper presents a method to define and dynamically quantize the trustworthy attribute of router service, designs the trustworthy routing protocols, in order to optimize the trustworthy attribute of core network service. This paper first analyses the relationship between trustworthy attribute and communication security of core network , demonstrates that a core network can maximize its ability of secure communication by quantizing its routers’ trustworthy attributes, together with designing trustworthy routing protocols. Secondly, this paper uses the word of ‘trustworthy-degree’ to define the trustworthy attributes of routers, by designing intra-domain and inter-domain trustworthy routing protocols based on the trustworthy-degrees of the routers and the routing protocols of the Internet in use , proves theoretically the existence of the optimal trustworthy routing. Then this paper proposes the dynamic quantization technique of the routers’ trustworthy-degrees by detecting the uniformity between the trustworthy routing roads and the actual forward roads of packets. Finally, this paper builds a network model of trustworthy routing to detect the security benefit of trustworthy routing protocols and the impact to the traditional routing costs. The result shows that the trustworthy routing can distinctly improve the communication security of core networks, and the increasement of traditional routing costs and the frequency and the range of routing change are tolerable.

Key words: trustworthy attribute of service, core network, information security, trustworthy routing-degree

中图分类号: