The locator/ID separation paradigm has been widely discussed to resolve the serious scalability issue that today's Internet is facing. Many researches have been carried on with this issue to alleviate the routing ...The locator/ID separation paradigm has been widely discussed to resolve the serious scalability issue that today's Internet is facing. Many researches have been carried on with this issue to alleviate the routing burden of the Default Free Zone (DFZ), improve the traffic engineering capabilities and support efficient mobility and multi-homing. However, in the locator/ID split networks, a third party is needed to store the identifier-to-locator pairs. How to map identifiers onto locators in a scalable and secure way is a really critical challenge. In this paper, we propose SS-MAP, a scalable and secure locator/ID mapping scheme for future Internet. First, SS-MAP uses a near-optimal DHT to map identifiers onto locators, which is able to achieve the maximal performance of the system with reasonable maintenance overhead relatively. Second, SS-MAP uses a decentralized admission control system to protect the DHT-based identifier-to-locator mapping from Sybil attacks, where a malicious mapping server creates numerous fake identities (called Sybil identifiers) to control a large fraction of the mapping system. This is the first work to discuss the Sybil attack problem in identifier-to-locator mapping mechanisms with the best knowledge of the authors. We evaluate the performance of the proposed approach in terms of scalability and security. The analysis and simulation results show that the scheme is scalable for large size networks and can resistant to Sybil attacks.展开更多
基金supported in part by National Key Basic Research Program of China (973 program) under Grant No.2007CB307101,2007CB307106National Key Technology R&D Program under Grant No.2008BAH37B03+2 种基金Program of Introducing Talents of Discipline to Universities (111 Project) under Grant No. B08002National Natural Science Foundation of China under Grant No.60833002China Fundamental Research Funds for the Central Universities under Grant No.2009YJS016
文摘The locator/ID separation paradigm has been widely discussed to resolve the serious scalability issue that today's Internet is facing. Many researches have been carried on with this issue to alleviate the routing burden of the Default Free Zone (DFZ), improve the traffic engineering capabilities and support efficient mobility and multi-homing. However, in the locator/ID split networks, a third party is needed to store the identifier-to-locator pairs. How to map identifiers onto locators in a scalable and secure way is a really critical challenge. In this paper, we propose SS-MAP, a scalable and secure locator/ID mapping scheme for future Internet. First, SS-MAP uses a near-optimal DHT to map identifiers onto locators, which is able to achieve the maximal performance of the system with reasonable maintenance overhead relatively. Second, SS-MAP uses a decentralized admission control system to protect the DHT-based identifier-to-locator mapping from Sybil attacks, where a malicious mapping server creates numerous fake identities (called Sybil identifiers) to control a large fraction of the mapping system. This is the first work to discuss the Sybil attack problem in identifier-to-locator mapping mechanisms with the best knowledge of the authors. We evaluate the performance of the proposed approach in terms of scalability and security. The analysis and simulation results show that the scheme is scalable for large size networks and can resistant to Sybil attacks.
基金funded by the European Commission funded ICT-FP7 IP Project EFIPSANS under Grant No. INFSO-ICT-215549the National Basic Research Program of China ("973"Program) under Grant No. 2009CB320504