Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a...Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.展开更多
This paper presents the definition of multi-dimensional scalability of the Internet architecture, and puts forward a mathematical method to evaluate Internet scalability based on a variety of constraints. Then, the me...This paper presents the definition of multi-dimensional scalability of the Internet architecture, and puts forward a mathematical method to evaluate Internet scalability based on a variety of constraints. Then, the method is employed to study the Internet scalability problem in performance, scale and service scalability. Based on the examples, theoretical analysis and experimental simulation are conducted to address the scalability issue. The results show that the proposed definition and evaluation method of multi-dimensional Internet scalability can effectively evaluate the scalability of the Internet in every aspect, thus providing rational suggestions and methods for evaluation of the next generation Internet architecture.展开更多
The scalability and mobility issues in current Internet architecture have drawn a lot of attentions from researchers. However, there are still many problems in current solutions. In this paper, we argue that three spa...The scalability and mobility issues in current Internet architecture have drawn a lot of attentions from researchers. However, there are still many problems in current solutions. In this paper, we argue that three spaces, i.e., endpoint IDentifier(ID), Endpoint Locator(ELoc) and Routing Locator(RLoc), are necessary to realize two separations, i.e., separating identifier from locator and separating edge networks from the transit core. Following this argument, we design ID-ELoc-RLoc based architecture, i.e., IER, a separation approach to solve both mobility and scalability issues. After separating identifier from locator, mobile endpoints can ensure continuity of communications across IP address changes since their IDs do not change during moving. After separating edge networks from the transit core, the size and dynamics of global routing table would not be affected by traffic engineering, multi-homing, etc. in edge networks. In this paper, we introduce the definitions, framework, and implementation considerations of our IER architecture in details.展开更多
Physical objects are getting connected to the Internet at an exceptional rate,making the idea of the Internet of Things(IoT)a reality.The IoT ecosystem is evident everywhere in the form of smart homes,health care syst...Physical objects are getting connected to the Internet at an exceptional rate,making the idea of the Internet of Things(IoT)a reality.The IoT ecosystem is evident everywhere in the form of smart homes,health care systems,wearables,connected vehicles,and industries.This has given rise to risks associated with the privacy and security of systems.Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture.To counter these issues,we need to implement privacy and security right from the building blocks of IoT.The IoT architecture has evolved over the years,improving the stack of architecture with new solutions such as scalability,management,interoperability,and extensibility.This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns.In this study,we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards.We propose an architecture,the privacy-federated IoT security reference architecture(PF-IoT-SRA),which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment.It is a step toward the standardization of the domain architecture.We effectively validate our proposed reference architecture using the architecture trade-off analysis method(ATAM),an industry-recognized scenario-based approach.展开更多
Given the emerging problems of today’s Internet,many new Internet architectures have been proposed by the net-working community.In general,the new approaches can be categorized into two types:evolutionary approaches ...Given the emerging problems of today’s Internet,many new Internet architectures have been proposed by the net-working community.In general,the new approaches can be categorized into two types:evolutionary approaches and clean-slate approaches.The representative evolutionary solution is IPv6,while representative clean-slate approaches are NDN(Named Data Networking),MobilityFirst,NEBULA,XIA(Expressive Internet Architecture),and SDN(Software-Defined Networking).A comprehensive survey of these approaches are presented.Additionally,a novel network architecture that we recently proposed:ADN(Address-Driven Networking)is described,which intends to address the challenges faced by today’s Internet via the flexible and innovative utilization of IP addresses.展开更多
Locator/identifier separation paradigm(LISP)is an emerging Internet architecture evolution trend that decouples the identifier and location of an entity attached to the Internet.Due to its flexibility,LISP has seen it...Locator/identifier separation paradigm(LISP)is an emerging Internet architecture evolution trend that decouples the identifier and location of an entity attached to the Internet.Due to its flexibility,LISP has seen its application in various fields such as mobile edge computing,and V2X networks.However,LISP relies on a DNS-like mapping system to associate identifiers and locations before connection establishment.Such a procedure incurs an extra latency overhead and thus hinders the adoption of LISP in delay-sensitive use cases.In this paper,we propose a novel RNN-based mapping prediction scheme to boost the performance of the LISP mapping resolution,by modeling the mapping procedure as a time series prediction problem.The key idea is to predict the mapping data regarding services to be utilized by users in edge networks administered by xTRs and proactively cache the mapping information within xTRs in advance.We compare our approach with several baseline methods,and the experiment results show a 30.02%performance gain in LISP cache hit ratio and 55.6%delay reduction compared with the case without mapping prediction scheme.This work preliminarily proves the potential of the approach in promoting lowlatency LISP-based use cases.展开更多
基金supported by NSFC (No.61672060)National High Technology Research and Development Program of China (863 Program, No.2015AA015701)
文摘Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.
基金the National Basic Research Program of China (973 Program) (Grant No. 2003CB314801)the National High-Tech Research & Development Program of China (863 Program) (Grant Nos. 2008AA01A326, 2006AA01Z205, 2006AA01Z209)the National Natural Science Foundation of China (Grant No. 90704001)
文摘This paper presents the definition of multi-dimensional scalability of the Internet architecture, and puts forward a mathematical method to evaluate Internet scalability based on a variety of constraints. Then, the method is employed to study the Internet scalability problem in performance, scale and service scalability. Based on the examples, theoretical analysis and experimental simulation are conducted to address the scalability issue. The results show that the proposed definition and evaluation method of multi-dimensional Internet scalability can effectively evaluate the scalability of the Internet in every aspect, thus providing rational suggestions and methods for evaluation of the next generation Internet architecture.
基金Supported by the National Natural Science Foundation of China(Nos.61202356,61170211)Tsinghua-Cisco Joint Research Lab(No.20133000186)Tsinghua University Initiative Scientific Research Program(No.20121302141)
文摘The scalability and mobility issues in current Internet architecture have drawn a lot of attentions from researchers. However, there are still many problems in current solutions. In this paper, we argue that three spaces, i.e., endpoint IDentifier(ID), Endpoint Locator(ELoc) and Routing Locator(RLoc), are necessary to realize two separations, i.e., separating identifier from locator and separating edge networks from the transit core. Following this argument, we design ID-ELoc-RLoc based architecture, i.e., IER, a separation approach to solve both mobility and scalability issues. After separating identifier from locator, mobile endpoints can ensure continuity of communications across IP address changes since their IDs do not change during moving. After separating edge networks from the transit core, the size and dynamics of global routing table would not be affected by traffic engineering, multi-homing, etc. in edge networks. In this paper, we introduce the definitions, framework, and implementation considerations of our IER architecture in details.
文摘Physical objects are getting connected to the Internet at an exceptional rate,making the idea of the Internet of Things(IoT)a reality.The IoT ecosystem is evident everywhere in the form of smart homes,health care systems,wearables,connected vehicles,and industries.This has given rise to risks associated with the privacy and security of systems.Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture.To counter these issues,we need to implement privacy and security right from the building blocks of IoT.The IoT architecture has evolved over the years,improving the stack of architecture with new solutions such as scalability,management,interoperability,and extensibility.This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns.In this study,we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards.We propose an architecture,the privacy-federated IoT security reference architecture(PF-IoT-SRA),which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment.It is a step toward the standardization of the domain architecture.We effectively validate our proposed reference architecture using the architecture trade-off analysis method(ATAM),an industry-recognized scenario-based approach.
基金supported by The National Basic Research Program of China(973 program)(2014CB347800)The National Natural Science Foundation of China(No.61522205,No.61432002,No.61133006)+1 种基金The National High Techndogy Research Development Program of China(863 program)(No.2013AA013303,No.2015AA01A705,No.2015AA016102)ZTE communications and Tsinghua University Initiative Scientific Research Program.
文摘Given the emerging problems of today’s Internet,many new Internet architectures have been proposed by the net-working community.In general,the new approaches can be categorized into two types:evolutionary approaches and clean-slate approaches.The representative evolutionary solution is IPv6,while representative clean-slate approaches are NDN(Named Data Networking),MobilityFirst,NEBULA,XIA(Expressive Internet Architecture),and SDN(Software-Defined Networking).A comprehensive survey of these approaches are presented.Additionally,a novel network architecture that we recently proposed:ADN(Address-Driven Networking)is described,which intends to address the challenges faced by today’s Internet via the flexible and innovative utilization of IP addresses.
基金supported in part by the National Key Research and Development Program of China(2021YFB3101304)in part by the Natural Science Basic Research Program of Shaanxi(2022JQ-621,2022JQ-658,2021JQ-207)+2 种基金in part by the National Natural Science Foundation of China(62002278)in part by the Fundamental Research Funds for the Central Universities of Ministry of Education of China(XJS211507,XJS211508)in part by the Fundamental Research Funds for the Central Universities(ZYTS23165).
文摘Locator/identifier separation paradigm(LISP)is an emerging Internet architecture evolution trend that decouples the identifier and location of an entity attached to the Internet.Due to its flexibility,LISP has seen its application in various fields such as mobile edge computing,and V2X networks.However,LISP relies on a DNS-like mapping system to associate identifiers and locations before connection establishment.Such a procedure incurs an extra latency overhead and thus hinders the adoption of LISP in delay-sensitive use cases.In this paper,we propose a novel RNN-based mapping prediction scheme to boost the performance of the LISP mapping resolution,by modeling the mapping procedure as a time series prediction problem.The key idea is to predict the mapping data regarding services to be utilized by users in edge networks administered by xTRs and proactively cache the mapping information within xTRs in advance.We compare our approach with several baseline methods,and the experiment results show a 30.02%performance gain in LISP cache hit ratio and 55.6%delay reduction compared with the case without mapping prediction scheme.This work preliminarily proves the potential of the approach in promoting lowlatency LISP-based use cases.
