摘要
为了在确保网络拓扑信息安全的同时,保留网络的灵活性和可调性,提出了一种多机制融合的可信探测认证技术,旨在对类Traceroute的拓扑探测流量进行认证。该技术通过基于IP地址的可信认证、基于令牌的可信认证以及基于哈希链的可信认证三种机制融合,实现了效率与安全的平衡。通过这种方法,网络管理员可以在不阻断合法拓扑探测的前提下,保护网络拓扑信息。开发了一种支持该技术的拓扑探测工具,并利用Netfilter技术在Linux主机上实现了该技术。实验结果表明,该技术能够有效识别可信探测,其延迟相比传统Traceroute略有提升。
To ensure the security of network topology information while maintaining the network′s flexibility and tunability,this paper introduced an authentication technology for trusted network probing that integrates multiple mechanisms.This technology combines trusted authentication based on IP addresses,token-based authentication,and hash chain-based authentication,balancing efficiency and security.Through this method,network administrators can protect network topology information without blocking legitimate topology probing.A topology probing tool supporting this technology was developed,and the technique was implemented on Linux hosts using Netfilter technology.Experimental results demonstrated that this technology can effectively identify trusted probes,with a slight increase in latency compared to traditional Traceroute.
作者
王斌
李琪
张宇
史建焘
朱国普
Wang Bin;Li Qi;Zhang Yu;Shi Jiantao;Zhu Guopu(School of Cyberspace Science,Harbin Institute of Technology,Harbin 150001,China)
出处
《网络安全与数据治理》
2024年第6期23-32,共10页
CYBER SECURITY AND DATA GOVERNANCE
基金
国家重点研发计划(2022YFB3102903)。