摘要
信息中心网络(information-centric networking,ICN)已经成为下一代网络架构研究的新热点。针对NetInf(network of information)架构下,由于无效的数据注册,NRS在发布阶段容易受伪装和内容投毒攻击,提出在发布和检索之前增加一个注册阶段,并集成认证和授权方案;该阶段在主机访问Net Inf系统之前,对其进行身份认证并采用基于能力的访问策略来解决未经授权的访问问题。通过形式化方法验证,该方法提高了Net Inf框架的安全性。
Information-eentric networking(ICN) has been a novel hotspot in the field of future Internet architecture. Aiming at NRS is vulnerable to masquerading and content poisoning attacks in the NetInf, because of invalid data registration, this paper proposed a registration stage, which integrated authentication and authorization scheme and took place before the publication and retrieval. The stage authenticated hosts before they accessed the NetInf system. In addition, the registration stage used the capability-based access policies to solve the problem of unauthorized access. It formally verified the proposed schemes by using formal methods. The results show the schemes improves the security of the NetInf framework.
出处
《计算机应用研究》
CSCD
北大核心
2015年第11期3416-3420,3429,共6页
Application Research of Computers
基金
国家自然科学基金资助项目(61272500)
关键词
信息网络
信息中心网络
形式化方法
身份认证
授权
network of information
information-centric networking
formal methods
authentication
authorization