Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a...Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.展开更多
This paper presents the definition of multi-dimensional scalability of the Internet architecture, and puts forward a mathematical method to evaluate Internet scalability based on a variety of constraints. Then, the me...This paper presents the definition of multi-dimensional scalability of the Internet architecture, and puts forward a mathematical method to evaluate Internet scalability based on a variety of constraints. Then, the method is employed to study the Internet scalability problem in performance, scale and service scalability. Based on the examples, theoretical analysis and experimental simulation are conducted to address the scalability issue. The results show that the proposed definition and evaluation method of multi-dimensional Internet scalability can effectively evaluate the scalability of the Internet in every aspect, thus providing rational suggestions and methods for evaluation of the next generation Internet architecture.展开更多
The scalability and mobility issues in current Internet architecture have drawn a lot of attentions from researchers. However, there are still many problems in current solutions. In this paper, we argue that three spa...The scalability and mobility issues in current Internet architecture have drawn a lot of attentions from researchers. However, there are still many problems in current solutions. In this paper, we argue that three spaces, i.e., endpoint IDentifier(ID), Endpoint Locator(ELoc) and Routing Locator(RLoc), are necessary to realize two separations, i.e., separating identifier from locator and separating edge networks from the transit core. Following this argument, we design ID-ELoc-RLoc based architecture, i.e., IER, a separation approach to solve both mobility and scalability issues. After separating identifier from locator, mobile endpoints can ensure continuity of communications across IP address changes since their IDs do not change during moving. After separating edge networks from the transit core, the size and dynamics of global routing table would not be affected by traffic engineering, multi-homing, etc. in edge networks. In this paper, we introduce the definitions, framework, and implementation considerations of our IER architecture in details.展开更多
In Internet of Things(IoT), the devices or terminals are connected with each other, which can be very diverse over the wireless networks. Unfortunately, the current devices are not designed to communicate with the col...In Internet of Things(IoT), the devices or terminals are connected with each other, which can be very diverse over the wireless networks. Unfortunately, the current devices are not designed to communicate with the collocated devices which employ different communication technologies. Consequently, the communication between these devices will be realized only by using the gateway nodes. This will cause the inefficient use of wireless resources. Therefore, in this paper, a smart service system(SSS) architecture is proposed, which consists of smart service terminal(SST), and smart service network(SSN), to realize the Io T in a general environment with diverse communication networks, devices, and services. The proposed architecture has the following advantages: i) the devices in this architecture cover multiple types of terminals and sensor-actuator devices; ii) the communications network therein is a converged network, and will coordinate multiple kinds of existing and emerging networks. This converged network offers ubiquitous access for various sensors and terminals; iii) the architecture has services and applications covering all smart service areas. It also provides theadaptability to new services and applications. A SSS architecture-based smart campus system was developed and deployed. Evaluation experiments of the proposed smart campus system demonstrate the SSS's advantages over the existing counterparts, and verify the effectiveness of the proposed architecture.展开更多
The Internet today was designed in 1970s and is suffering various serious issues such as security, mobility and scalability. In order to deal with these issues, a national research project, supported by the prestigiou...The Internet today was designed in 1970s and is suffering various serious issues such as security, mobility and scalability. In order to deal with these issues, a national research project, supported by the prestigious National Basic Research Program (also called the "973 program") of China, was launched in May 2007. This project adopts a clean-slate approach and aims to design a novel future Internet that not only inherits the merit of the Internet today but also overcomes the drawbacks of the current Internet. In this paper, we make an overview of this project with a focus on its objectives, basic ideas, and progresses. Although this is a basic research project, its success will bring significant benefits to China as well as all other countries in the world.展开更多
Physical objects are getting connected to the Internet at an exceptional rate,making the idea of the Internet of Things(IoT)a reality.The IoT ecosystem is evident everywhere in the form of smart homes,health care syst...Physical objects are getting connected to the Internet at an exceptional rate,making the idea of the Internet of Things(IoT)a reality.The IoT ecosystem is evident everywhere in the form of smart homes,health care systems,wearables,connected vehicles,and industries.This has given rise to risks associated with the privacy and security of systems.Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture.To counter these issues,we need to implement privacy and security right from the building blocks of IoT.The IoT architecture has evolved over the years,improving the stack of architecture with new solutions such as scalability,management,interoperability,and extensibility.This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns.In this study,we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards.We propose an architecture,the privacy-federated IoT security reference architecture(PF-IoT-SRA),which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment.It is a step toward the standardization of the domain architecture.We effectively validate our proposed reference architecture using the architecture trade-off analysis method(ATAM),an industry-recognized scenario-based approach.展开更多
The basic function of the Internet is to delivery data(what) to serve the needs of all applications. IP names the attachment points(where) to facilitate ubiquitous interconnectivity as the current way to deliver data....The basic function of the Internet is to delivery data(what) to serve the needs of all applications. IP names the attachment points(where) to facilitate ubiquitous interconnectivity as the current way to deliver data. The fundamental mismatch between data delivery and naming attachment points leads to a lot of challenges, e.g., mapping from data name to IP address, handling dynamics of underlying topology, scaling up the data distribution, and securing communication, etc. Informationcentric networking(ICN) is proposed to shift the focus of communication paradigm from where to what, by making the named data the first-class citizen in the network, The basic consensus of ICN is to name the data independent from its container(space dimension) and session(time dimension), which breaks the limitation of point-to-point IP semantic. It scales up data distribution by utilizing available resources, and facilitates communication to fit diverse connectivity and heterogeneous networks. However, there are only a few consensuses on the detailed design of ICN, and quite a few different ICN architectures are proposed. This paper reveals the rationales of ICN from the perspective of the Internet evolution, surveys different design choices, and discusses on two debatable topics in ICN, i.e.,self-certifying versus hierarchical names, and edge versus pervasive caching. We hope this survey helps clarify some mis-understandings on ICN and achieve more consensuses.展开更多
Given the emerging problems of today’s Internet,many new Internet architectures have been proposed by the net-working community.In general,the new approaches can be categorized into two types:evolutionary approaches ...Given the emerging problems of today’s Internet,many new Internet architectures have been proposed by the net-working community.In general,the new approaches can be categorized into two types:evolutionary approaches and clean-slate approaches.The representative evolutionary solution is IPv6,while representative clean-slate approaches are NDN(Named Data Networking),MobilityFirst,NEBULA,XIA(Expressive Internet Architecture),and SDN(Software-Defined Networking).A comprehensive survey of these approaches are presented.Additionally,a novel network architecture that we recently proposed:ADN(Address-Driven Networking)is described,which intends to address the challenges faced by today’s Internet via the flexible and innovative utilization of IP addresses.展开更多
Locator/identifier separation paradigm(LISP)is an emerging Internet architecture evolution trend that decouples the identifier and location of an entity attached to the Internet.Due to its flexibility,LISP has seen it...Locator/identifier separation paradigm(LISP)is an emerging Internet architecture evolution trend that decouples the identifier and location of an entity attached to the Internet.Due to its flexibility,LISP has seen its application in various fields such as mobile edge computing,and V2X networks.However,LISP relies on a DNS-like mapping system to associate identifiers and locations before connection establishment.Such a procedure incurs an extra latency overhead and thus hinders the adoption of LISP in delay-sensitive use cases.In this paper,we propose a novel RNN-based mapping prediction scheme to boost the performance of the LISP mapping resolution,by modeling the mapping procedure as a time series prediction problem.The key idea is to predict the mapping data regarding services to be utilized by users in edge networks administered by xTRs and proactively cache the mapping information within xTRs in advance.We compare our approach with several baseline methods,and the experiment results show a 30.02%performance gain in LISP cache hit ratio and 55.6%delay reduction compared with the case without mapping prediction scheme.This work preliminarily proves the potential of the approach in promoting lowlatency LISP-based use cases.展开更多
基金supported by NSFC (No.61672060)National High Technology Research and Development Program of China (863 Program, No.2015AA015701)
文摘Integrating mobility and security in the network layer has become a key factor for Future Internet Architecture(FIA). This paper proposes a secure mobility support mechanism in e Xpressive Internet Architecture(XIA),a new FIA currently under development as part of the US National Science Foundation's(NSF) program. Utilizing the natural features of ID/locator decoupling and versatile routing in XIA, a general mechanism to support host mobility is proposed. Exploiting the self-certifying identifier, a secure binding update protocol to overcome the potential threats introduced by the proposed mobility support mechanism is also given. We demonstrate that our design in XIA outperforms IP based solutions in terms of efficiency and flexibility. We also outline our initial design to illustrate one derivative benefit of an evolvable architecture:mobility support customizability with no sacrifice of architectural generality.
基金the National Basic Research Program of China (973 Program) (Grant No. 2003CB314801)the National High-Tech Research & Development Program of China (863 Program) (Grant Nos. 2008AA01A326, 2006AA01Z205, 2006AA01Z209)the National Natural Science Foundation of China (Grant No. 90704001)
文摘This paper presents the definition of multi-dimensional scalability of the Internet architecture, and puts forward a mathematical method to evaluate Internet scalability based on a variety of constraints. Then, the method is employed to study the Internet scalability problem in performance, scale and service scalability. Based on the examples, theoretical analysis and experimental simulation are conducted to address the scalability issue. The results show that the proposed definition and evaluation method of multi-dimensional Internet scalability can effectively evaluate the scalability of the Internet in every aspect, thus providing rational suggestions and methods for evaluation of the next generation Internet architecture.
基金Supported by the National Natural Science Foundation of China(Nos.61202356,61170211)Tsinghua-Cisco Joint Research Lab(No.20133000186)Tsinghua University Initiative Scientific Research Program(No.20121302141)
文摘The scalability and mobility issues in current Internet architecture have drawn a lot of attentions from researchers. However, there are still many problems in current solutions. In this paper, we argue that three spaces, i.e., endpoint IDentifier(ID), Endpoint Locator(ELoc) and Routing Locator(RLoc), are necessary to realize two separations, i.e., separating identifier from locator and separating edge networks from the transit core. Following this argument, we design ID-ELoc-RLoc based architecture, i.e., IER, a separation approach to solve both mobility and scalability issues. After separating identifier from locator, mobile endpoints can ensure continuity of communications across IP address changes since their IDs do not change during moving. After separating edge networks from the transit core, the size and dynamics of global routing table would not be affected by traffic engineering, multi-homing, etc. in edge networks. In this paper, we introduce the definitions, framework, and implementation considerations of our IER architecture in details.
基金supported by the national 973 project of China under Grants 2013CB329104the Natural Science Foundation of China under Grants 61372124, 61427801+1 种基金the Natural Science Foundation of the Jiangsu Higher Education Institutions (Grant No.13KJB520029)the Jiangsu Province colleges and universities graduate students scientific research and innovation program CXZZ13_0477,NUPTSF(Grant No.NY214033)
文摘In Internet of Things(IoT), the devices or terminals are connected with each other, which can be very diverse over the wireless networks. Unfortunately, the current devices are not designed to communicate with the collocated devices which employ different communication technologies. Consequently, the communication between these devices will be realized only by using the gateway nodes. This will cause the inefficient use of wireless resources. Therefore, in this paper, a smart service system(SSS) architecture is proposed, which consists of smart service terminal(SST), and smart service network(SSN), to realize the Io T in a general environment with diverse communication networks, devices, and services. The proposed architecture has the following advantages: i) the devices in this architecture cover multiple types of terminals and sensor-actuator devices; ii) the communications network therein is a converged network, and will coordinate multiple kinds of existing and emerging networks. This converged network offers ubiquitous access for various sensors and terminals; iii) the architecture has services and applications covering all smart service areas. It also provides theadaptability to new services and applications. A SSS architecture-based smart campus system was developed and deployed. Evaluation experiments of the proposed smart campus system demonstrate the SSS's advantages over the existing counterparts, and verify the effectiveness of the proposed architecture.
基金The research of this work is supported in part by the National Basic Research Program ("973 program") of China under grant no. 2007CB307100in part by the "111 Program" of China under contract No. B08002
文摘The Internet today was designed in 1970s and is suffering various serious issues such as security, mobility and scalability. In order to deal with these issues, a national research project, supported by the prestigious National Basic Research Program (also called the "973 program") of China, was launched in May 2007. This project adopts a clean-slate approach and aims to design a novel future Internet that not only inherits the merit of the Internet today but also overcomes the drawbacks of the current Internet. In this paper, we make an overview of this project with a focus on its objectives, basic ideas, and progresses. Although this is a basic research project, its success will bring significant benefits to China as well as all other countries in the world.
文摘Physical objects are getting connected to the Internet at an exceptional rate,making the idea of the Internet of Things(IoT)a reality.The IoT ecosystem is evident everywhere in the form of smart homes,health care systems,wearables,connected vehicles,and industries.This has given rise to risks associated with the privacy and security of systems.Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture.To counter these issues,we need to implement privacy and security right from the building blocks of IoT.The IoT architecture has evolved over the years,improving the stack of architecture with new solutions such as scalability,management,interoperability,and extensibility.This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns.In this study,we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards.We propose an architecture,the privacy-federated IoT security reference architecture(PF-IoT-SRA),which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment.It is a step toward the standardization of the domain architecture.We effectively validate our proposed reference architecture using the architecture trade-off analysis method(ATAM),an industry-recognized scenario-based approach.
基金supported by the National High-tech R&D Program("863"Program)of China(No.2013AA013505)the National Science Foundation of China(No.61472213)State Scholarship Fund from China Scholarship Council(No.201406210270)
文摘The basic function of the Internet is to delivery data(what) to serve the needs of all applications. IP names the attachment points(where) to facilitate ubiquitous interconnectivity as the current way to deliver data. The fundamental mismatch between data delivery and naming attachment points leads to a lot of challenges, e.g., mapping from data name to IP address, handling dynamics of underlying topology, scaling up the data distribution, and securing communication, etc. Informationcentric networking(ICN) is proposed to shift the focus of communication paradigm from where to what, by making the named data the first-class citizen in the network, The basic consensus of ICN is to name the data independent from its container(space dimension) and session(time dimension), which breaks the limitation of point-to-point IP semantic. It scales up data distribution by utilizing available resources, and facilitates communication to fit diverse connectivity and heterogeneous networks. However, there are only a few consensuses on the detailed design of ICN, and quite a few different ICN architectures are proposed. This paper reveals the rationales of ICN from the perspective of the Internet evolution, surveys different design choices, and discusses on two debatable topics in ICN, i.e.,self-certifying versus hierarchical names, and edge versus pervasive caching. We hope this survey helps clarify some mis-understandings on ICN and achieve more consensuses.
基金supported by The National Basic Research Program of China(973 program)(2014CB347800)The National Natural Science Foundation of China(No.61522205,No.61432002,No.61133006)+1 种基金The National High Techndogy Research Development Program of China(863 program)(No.2013AA013303,No.2015AA01A705,No.2015AA016102)ZTE communications and Tsinghua University Initiative Scientific Research Program.
文摘Given the emerging problems of today’s Internet,many new Internet architectures have been proposed by the net-working community.In general,the new approaches can be categorized into two types:evolutionary approaches and clean-slate approaches.The representative evolutionary solution is IPv6,while representative clean-slate approaches are NDN(Named Data Networking),MobilityFirst,NEBULA,XIA(Expressive Internet Architecture),and SDN(Software-Defined Networking).A comprehensive survey of these approaches are presented.Additionally,a novel network architecture that we recently proposed:ADN(Address-Driven Networking)is described,which intends to address the challenges faced by today’s Internet via the flexible and innovative utilization of IP addresses.
基金supported in part by the National Key Research and Development Program of China(2021YFB3101304)in part by the Natural Science Basic Research Program of Shaanxi(2022JQ-621,2022JQ-658,2021JQ-207)+2 种基金in part by the National Natural Science Foundation of China(62002278)in part by the Fundamental Research Funds for the Central Universities of Ministry of Education of China(XJS211507,XJS211508)in part by the Fundamental Research Funds for the Central Universities(ZYTS23165).
文摘Locator/identifier separation paradigm(LISP)is an emerging Internet architecture evolution trend that decouples the identifier and location of an entity attached to the Internet.Due to its flexibility,LISP has seen its application in various fields such as mobile edge computing,and V2X networks.However,LISP relies on a DNS-like mapping system to associate identifiers and locations before connection establishment.Such a procedure incurs an extra latency overhead and thus hinders the adoption of LISP in delay-sensitive use cases.In this paper,we propose a novel RNN-based mapping prediction scheme to boost the performance of the LISP mapping resolution,by modeling the mapping procedure as a time series prediction problem.The key idea is to predict the mapping data regarding services to be utilized by users in edge networks administered by xTRs and proactively cache the mapping information within xTRs in advance.We compare our approach with several baseline methods,and the experiment results show a 30.02%performance gain in LISP cache hit ratio and 55.6%delay reduction compared with the case without mapping prediction scheme.This work preliminarily proves the potential of the approach in promoting lowlatency LISP-based use cases.
