doi:10.3969/j.issn.1671-1122.2015.01.005

Abstract

Abstract:

Influenced by subjective will and development capability, manufacturers can hardly keep their promise to provide users the expected routers. Therefore there might be bugs and backdoor hidden inside routers or components. This may seriously threat security in core network. This paper presents a method to define and dynamically quantize the trustworthy attribute of router service, designs the trustworthy routing protocols, in order to optimize the trustworthy attribute of core network service. This paper first analyses the relationship between trustworthy attribute and communication security of core network , demonstrates that a core network can maximize its ability of secure communication by quantizing its routers’ trustworthy attributes, together with designing trustworthy routing protocols. Secondly, this paper uses the word of ‘trustworthy-degree’ to define the trustworthy attributes of routers, by designing intra-domain and inter-domain trustworthy routing protocols based on the trustworthy-degrees of the routers and the routing protocols of the Internet in use , proves theoretically the existence of the optimal trustworthy routing. Then this paper proposes the dynamic quantization technique of the routers’ trustworthy-degrees by detecting the uniformity between the trustworthy routing roads and the actual forward roads of packets. Finally, this paper builds a network model of trustworthy routing to detect the security benefit of trustworthy routing protocols and the impact to the traditional routing costs. The result shows that the trustworthy routing can distinctly improve the communication security of core networks, and the increasement of traditional routing costs and the frequency and the range of routing change are tolerable.

Key words: trustworthy attribute of service, core network, information security, trustworthy routing-degree

CLC Number:

TP309

ZHAO Yu-dong, XU Ke, ZHU Liang. [J]. Netinfo Security, 2015, 15(1): 24-31.

Figures/Tables 9

References 16

[1]	Wikipedia. PRISM (surveillance program) [EB/OL]., 2014-10-31.
[2]	南华早报.斯诺登:美国政府长期窃取中国大陆及香港网络信息[EB/OL]. , 2013-6-12.
[3]	林闯,汪洋,李泉林. 网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956.
[4]	林闯,彭学海.可信网络研究[J].计算机学报,2005,28(5):751-758.
[5]	林闯,王元卓,田立勤.可信网络的发展及其面对的技术挑战[J].中兴通讯技术,2008,14(1):14-41.
[6]	罗安安,林闯,王元卓,等.可信网络连接的安全量化分析与协议改进[J].计算机学报,2009,32(5):887-898.
[7]	林闯,王元卓.基于随机博弈模型的网络安全分析与评价[M].北京:清华大学出版社,2012.
[8]	李小勇,桂小林,毛倩,等.基于行为监控的自适应动态信任度测模型[J]. 计算机学报,2009,32(4):664-674.
[9]	李小勇,桂小林.可信网络中基于多维决策属性的信任量化模型[J].计算机学报, 2009 ,32(3):405-416.
[10]	徐恪,朱亮,朱敏. 互联网地址安全体系与关键技术[J]. 软件学报, 2014,25(1):78-97.
[11]	徐恪,朱敏,林闯.互联网体系结构评估模型、机制及方法研究综述[J]. 计算机学报,2012,35(10):1985-2006.
[12]	Pierre Francois, Clarence Filsfils, John Evans, et al.Achieving SubSecond IGP Convergence in Large IP Networks[C]//Proc.SIGCOMM, 2005, 35(2):35-44.
[13]	Joao Luıs Sobrinho.Network Routing with Path Vector Protocols: Theory and Applications[C]// Proc.SIGCOMM,2003:49-60
[14]	张焕国,罗捷,金刚,等.可信计算研究进展[J]. 武汉大学学报, 2006,52(5):513-518.
[15]	张焕国,陈璐,张立强.可信网络连接研究[J].计算机学报,2010,33(1):706-717.
[16]	徐恪,徐明伟,陈文龙.高级计算机网络[M]. 北京:清华大学出版社,2012.

RichHTML

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 16

Related Articles 15

Recommended Articles

Metrics

Comments

[1]	WANG Wei, HU Yongtao, LIU Qingtao, WANG Kailun. Research on Softwaization Techniques for ERT Trusted Root Entity in Railway Operation Environment [J]. Netinfo Security, 2024, 24(5): 794-801.
[2]	YAN Hailong, WANG Shulan. Design and Implementation of Integrated Service Platform for Real Estate Registration Based on Domestic Cryptographic Technology [J]. Netinfo Security, 2024, 24(2): 303-308.
[3]	HU Yi, SHE Kun. Blockchain and Smart Contract Based Dual-Chain Internet of Vehicles System [J]. Netinfo Security, 2022, 22(8): 26-35.
[4]	YU Kechen, GUO Li, YIN Hongwei, YAN Xuesong. The High-Value Data Sharing Model Based on Blockchain and Game Theory for Data Centers [J]. Netinfo Security, 2022, 22(6): 73-85.
[5]	LI Li, LI Zequn, LI Xuemei, SHI Guozhen. FPGA Realization of Physical Unclonable Function Based on Cross-coupling Circuit [J]. Netinfo Security, 2022, 22(3): 53-61.
[6]	SONG Jing, DIAO Run, ZHOU Jie, QI Jianhuai. The Optimization Method of Industrial Control System Functional Safety and Information Security Policy [J]. Netinfo Security, 2022, 22(11): 68-76.
[7]	MENG Xi. Study on Counter Intelligence Mechanism and Optimization Strategy for Network Information Security [J]. Netinfo Security, 2022, 22(10): 76-81.
[8]	HU Bowen, ZHOU Chunjie, LIU Lu. Coordination of Functional Safety and Information Security for Intelligent Instrument Based on Fuzzy Multi-objective Decision [J]. Netinfo Security, 2021, 21(7): 10-16.
[9]	YU Kechen, GUO Li, YAO Mengmeng. Design of Blockchain-based High-value Data Sharing System [J]. Netinfo Security, 2021, 21(11): 75-84.
[10]	ZHANG Minqing, ZHOU Neng, LIU Mengmeng, KE Yan. Research on Reversible Data Hiding Technology in Homomorphic Encrypted Domain [J]. Netinfo Security, 2020, 20(8): 25-36.
[11]	Yihua ZHOU, Zhuqing LV, Yuguang YANG, Weimin SHI. Data Deposit Management System Based on Blockchain Technology [J]. Netinfo Security, 2019, 19(8): 8-14.
[12]	Lin LI, Xuxia ZHANG. National Secret Substitution of zk-snark Bilinear Pair [J]. Netinfo Security, 2019, 19(10): 10-15.
[13]	Yan CHEN, Jianyong GE, Jing LAI, Zhen LU. Security System of the Information System in the Cloud [J]. Netinfo Security, 2018, 18(4): 79-86.
[14]	Congdong LV, Zhen HAN. A Security Model of Cloud Computing Based on IP Model [J]. Netinfo Security, 2018, 18(11): 27-32.
[15]	Baoyuan KANG, Jiaqiang WANG, Dongyang SHAO, Chunqing LI. A Secure Authentication and Key Agreement Protocol for Heterogeneous Ad Hoc Wireless Sensor Networks [J]. Netinfo Security, 2018, 18(1): 23-30.