摘要
提出了一种基于身份和位置分离思想的网络架构,确保用户身份标识的真实可信,并在结构上将用户和核心网络隔离,屏蔽用户侧攻击,提升了网络的安全性能。认为基于身份标识的网络安全管理应用可以提高网络的攻击源识别能力和溯源效率,实现主动防御;同时,这种虚拟身份和可信身份的绑定,既能丰富互联网应用,又有助于实现网络信息的分级保护,净化网络环境。
A network architecture based on separation of location and identity is proposed in this paper. Under the architecture, user identity is trusted, isolation between user side and core network side is achieved. Thus, network attack from user side is avoided, the security performance is promoted. Additionally, security management applications based on the architecture can both improve the capability of attack source identification and boost the efficiency of source tracing. Meanwhile,it can not only enrich internet applications, but also realize the hierarchical protection of network information to clean network environment.
出处
《中兴通讯技术》
2017年第3期58-61,共4页
ZTE Technology Journal
关键词
可信身份网络
身份标识
位置标识
网络安全
trusted identity network
access identifier
router identifier
network security
