Title :
CIDMS: A security connection identifier mapping system for Universal Network
Author :
Daochao Huang ; Dong Yang ; Fei Song ; Hongke Zhang
Author_Institution :
Sch. of Electron. & Inf. Eng., Beijing Jiaotong Univ., Beijing, China
Abstract :
The identifier split is a design principle for new Internet architectures such as Universal Network, Lisp, which make Internet more scalable, reliable and security. One important form of identifier split in Universal Network is connection identifier/access identifier (CID/AID) split which is introduced to improve security isolation during communication. Using CID/AID split, terminals communicate with each other without knowledge of the opponent´s access identifier, so as to eliminate targeted attacks such as denial-of-service attack. This spit relies on a mapping system to resolve a flat connection identifier that identifies a session to one or several appropriate access identifiers in response to mapping requests for specific connection identifier. In this paper we present a secure CID/AID split mechanism and its corresponding mapping system: CIDMS. We also present simulations of mapping system´s performance, evaluate its resolution delay and scalability.
Keywords :
Internet; computer network security; CID/AID; CIDMS; Internet architectures; connection identifier/access identifier; denial-of-service attack; flat connection identifier; opponents access identifier; security connection identifier mapping system; security isolation; universal network; connection identifier; distributed denial of service; identifier split; mapping system; universal network;
Conference_Titel :
Advanced Intelligence and Awareness Internet (AIAI 2011), 2011 International Conference on
Conference_Location :
Shenzhen
Electronic_ISBN :
978-1-84919-471-6
DOI :
10.1049/cp.2011.1435