摘要
作者在融合物联网的新一代互联网网络环境下,提出了基于IPv6的源地址验证整体架构.基于该架构,考虑物联网节点资源受限特点,并结合物联网末梢网络的拓扑形态及其路由方式上的特征,设计了基于IPv6的物联网末梢网络分布式源地址验证方案.分别讨论了静态指定、SLAAC(Stateless Address AutoConfiguration)、DHCPv6(Dynamic Host Configuration Protocol Version 6)以及DHCPv6与SLAAC混合情况下的物联网节点IP地址分配及其验证机制.模拟实验表明,该方案仅以微小的代价实现了物联网节点IP地址的分配,同时还保证了物联网节点之间、物联网节点与互联网端系统之间端到端通信时双方IP地址的真实可靠性,从而整体上增强了物联网的安全性.
Under the background of Next-Generation of Internet based on the Internet of Things(IoT),an architecture of IP source address validation is proposed in this paper.Considering the resource-restraint of IoT nodes,the distributed IPv6 source address validation scheme is designed according to this architecture as well as the topology and routing manner in end-edge network of IoT.Meanwhile,IPv6 address allocation methods for IoT nodes and their authentication mechanisms are respectively discussed under the scenarios of static assignation,DHCPv6,SLAAC and DHCPv6-SLAAC mixed.The simulation has proved that our scheme can not only implement IP address allocation,but also keep the IP address authenticity with slight cost among IoT nodes,as well as between IoT nodes and Internet end-host.As a result,the whole security in IoT is enhanced.
出处
《计算机学报》
EI
CSCD
北大核心
2012年第3期518-528,共11页
Chinese Journal of Computers
基金
国家"九七三"重点基础研究发展规划项目基金(2009CB320501)
国家"八六三"高技术研究发展计划项目基金(2008AA01A323
2008AA01A326
2009AA01A334)
"新一代宽带无线移动通信网"国家科技重大专项项目基金(2012ZX03005001-001)资助~~