Shengquan Liao,Chunming Wu,Qiang Yang,Ming Jiang

DOI: https://doi.org/10.4304/jnw.7.11.1837-1844

2012-01-01

Journal of Networks

Abstract:The information-centric network has been proposed for years. It received much attention in the research community until that the content-centric networking (CCN) became one of the fundamental components of Future Internet Architecture (FIA). Meanwhile, current CCN faces enormous technical challenges and one of the key issues is to properly design and evaluate the adaptive forwarding strategies. This paper aims to propose a high efficient routing protocol (ELRP) for the name resolving in CCN. The ELRP incorporates the merits of hierarchical structure, channel and rendezvous network. The demands of path latency are loosen in the proposed routing design, and other metrics, e.g. communication cost, load balancing and resource consumption, are also taken into the consideration. A collection of simulation experiments are carried out and the results show that ELRP can provide improved network performances in terms of these evaluation metrics. Such research outcome implies that a more comprehensive service can be deployed with improved network performance.

Qiang Wu,Chun-Ming Wu,Wen Luo

DOI: https://doi.org/10.1007/s11235-018-0518-1

2018-01-01

Telecommunication Systems

Abstract:The challenge to provide seamless mobility in the near future emerges as a key issue. By a brief analysis of the drawbacks of existing mobility management mechanisms, this paper presents the essential reasons why the traditional network model employing the IP protocol cannot provide mobility support for the end-host. This paper produces a distributed mobility management scheme with ID (identification)/locator split network-based, named IDN. It can provide more efficient mobility performance without Triangle Routing. By applying the IDN scheme to the legacy network, the hierarchy of the legacy network can be evolved into one layer ASN architecture instead of 2 layers. A mobility protocol performance analysis model is created, which is applied for a performance comparison between IDN scheme and the other existing mobility protocols. The simulation results show that the IDN scheme can save resources due to elimination of the Triangle Routing up to 18–64%. A qualitative comparison among those main existing network-based approaches is proposed, such as locator/ID separation protocol (LISP) and distributed mobility management (DMM) approaches. The four main weaknesses of host-based mobility management protocols can be overcame by the IDN scheme.

You Wang,Jun Bi

DOI: https://doi.org/10.1109/icnp.2012.6459957

2012-01-01

Abstract:Resolution from identifiers to locators serves as a key component of mapping-based mobility solutions. In this paper we address the weakness of current resolution methods in supporting diverse mobility scenarios and propose a Global Resolution Service offered by Resolution Service Providers. We present a preliminary design and simulation, and results show that our approach is able to provide better resolution service compared to existing solutions in terms of performance.

LI Dan,WU Jian-Ping,CUI Yong,XU Ke

DOI: https://doi.org/10.1360/jos161445

2005-01-01

Abstract:With the rapid growth of Internet, the structures and resolutions of Internet namespaces are facing with new challenges. IP address is overloaded in semantics because it is used to represent both the location and the identity of a device. The namespace resolution system DNS can't satisfy many new application demands with its unique service model, slow update speed, and weak capability in resource description. Many network middleboxes, such as NAT, various agents and firewalls, also destroy the Internet architecture and the Internet namespaces. Based on these, researchers bring forth many solutions to improve the structures and resolutions of Internet namespaces. This paper analyzes the problems in the structures and resolutions of current Internet namespaces, and then makes categories, surveys, and comparisons on the improvement solutions to them. Finally, future research trends on this area are discussed.

Yangyang Wang,Jun Bi,Jianping Wu

DOI: https://doi.org/10.1109/AFIN.2010.11

2010-01-01

Abstract:Internet routing system is the fundamental components of Internet. As the Internet growth, Internet routing system is facing the scaling issues of global routing table expanding due to the wide use of multi-homing, traffic engineering, and mobility. Existing proposed solutions need to change host protocol stack or routing architecture, hence, no incentive for practical deployment. In this paper, we describe a new mechanism for the scaling issue. This mechanism adding a name overlay layer on TCP/IP protocol stack, Comparing with current solutions, it is easier to be deployed. It benefits the Internet edge users from multi-homing, traffic engineering and mobility, and also facilitates the reduction the global routing table size.

Jun Bi

2010-01-01

Abstract:Page 1. Name and Addressing in Future Internet Jun Bi Tsinghua University 2010.11.03 Page 2. Outline • Background • Requirements of New ID Space • Identifier Designs, Proposals and Solutions • Design Suggestions Page 3. Background Page 4. Namespaces in the Internet Today • Namespace in global scope – MAC addresses: used to identify interfaces in layer two – IP addresses: used for data transmission between hosts – Domain names: used by applications – TCP/UDP ports (together with IP addresses): used to identify processes in application layer • IP addresses are overloaded – Problems in mobility, security and so on mostly regarding IP addresses Page 5. Name and Addressing in today's Internet • IP addresses – identify interfaces connected to the Internet – Classful scheme: A, B, C, D before year 1992. – Class-less Inter-Domain Routing (CIDR, RFC1519) • Domain names …

YuJia Zhai,XinYu Mao,Yue Wang,Jian Yuan,Yong Ren

DOI: https://doi.org/10.1007/s11432-012-4662-z

2012-01-01

Science China Information Sciences

Abstract:Several researches propose the identifier/locator separation architecture to address the scaling problems of today's Internet routing and addressing system. And scalable and seamless mobility support is an important task in mobile identifier/locator separation networks. In this paper, by analyzing the features, such as direct separation, flexible mapping and identifier replacement, we show that the new architecture delivers data packets more efficiently and protects location privacy better than traditional mobile IP networks, and is convenient to implement soft handover. Then we present a fast handover management scheme for the new architecture, which improves the reactive handover mode of FMIPv6 and eliminates the duplicate address detection (DAD) and return routability (RR) processes in MIPv6. The numerical results show that the scheme has good scalability and low handover latency, and has great advantages in the signaling cost and fast mobility support.

Chen Fuxing,Liu Weiyang,Li Hui,Zhu Zhipu

DOI: https://doi.org/10.1007/978-3-319-13326-3_43

2014-01-01

Abstract:Dedicated to overcoming weakness of current Internet architecture, some novel internet architectures have been proposed recently. Examples of these architectures contain Information Centric Networking (ICN), Name Data Networking (NDN), reconfigurable networking etc. As far as we know, the most efficient name based routing mechanism which suites the new architectures has not been found yet. This paper proposed a Semi-Centralized Name Routing (SCNR) protocol for reconfigurable network to enhance the routing efficiency. Results of this paper show that SCNR has good performance in ICN, which can be regarded as one of the many sub-networks in reconfigurable network. © Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2014.

Shi Liu,Jun Bi,Yangyang Wang

DOI: https://doi.org/10.1109/afin.2009.19

2009-01-01

Abstract:Today's Internet is facing routing scalability issues, which could degrade network performance seriously. To solve that, several solutions are currently being discussed. Among them, one promising approach is to set up a new architecture which separates the locator and the identifier roles of current IP addresses. A key question for the solution is how to provide an efficient and reliable service for mapping the identifiers to the locators in the new architecture. We propose a mapping system design based on Distributed Hash Tables (DHTs).

Jie Li,Jianping Wu,Ke Xu

DOI: https://doi.org/10.1109/glocom.2011.6133740

2012-01-01

Chinese Journal of Computers

Abstract:Next generation Internet is highly concerned with the issue of trustworthy. An important foundation of trustworthy is authentication of the source IP address. With existing signature-and-verification based defense mechanisms, there is a lack of hierarchical architecture, which makes the structure of the trust alliance excessively flat and single. Moreover, with the increasing scale of trust alliances, costs of validation grow so quickly that they do not adapt to incremental deployment. Via comparison with traditional solutions, this article proposes a hierarchical, inter-domain authenticated source address validation solution named SafeZone. SafeZone employs two intelligent designs: lightweight tag replacement and a hierarchical partitioning scheme, each of which helps to ensure that SafeZone can construct trustworthy and hierarchical trust alliances without the negative influences and complex operations on de facto networks. Extensive experiments also indicate that SafeZone can effectively obtain the design goals of a hierarchical architecture, along with lightweight, loose coupling and "multi-fence support" as well as supporting incremental deployment.

Hongwei Meng,Zhong Chen,Jian-bin Hu,Zhi Guan

DOI: https://doi.org/10.1145/2935663.2935676

2016-01-01

Abstract:In order to enable intrinsic security without the Public Key Infrastructure (PKI) deployment, flat self-certifying addresses have been involved into the future Internet architecture (FIA) designs. In contrast to deriving a self-certifying address from hashing of a correspondent prepared public key, we build up this self-certifying relationship along the reverse path using Combined Public Key (CPK). Our design develop the chain of trust embedded in the Internet name/address registration and allocation process for domains, hosts, services and content, to establish intrinsic bindings between three different identities: user-level human-readable names, network-level routable flat identifiers and the correspondent public keys. This binding connects the accountability between real-world space and network space. The use cases of our design are also given in named data networking (NDN) and identity/locator splitting network architecture, i.e. XIA and MobilityFirst. The analysis also shows that identity authentication based on CPK is capable of resource-constrained nodes in large-scale networks without scalability tradeoffs.

Wei Xie,Jiali You,Jinlin Wang

DOI: https://doi.org/10.3390/electronics11152425

IF: 2.9

2022-08-05

Electronics

Abstract:Information-centric networking (ICN) shifts the communication model from a host-centric paradigm to an information-centric paradigm, and is promising for solving several problems on today's Internet. For more efficient information dissemination, most ICN architectures are based on the Identifier/Locator split design. Therefore, how to map an identifier to a routable locator is an important problem for efficient data transmission. Nowadays, many new network services such as industrial control and telemedicine are highly latency-sensitive and require deterministic service response latency. To meet such requirements, name resolution with a deterministic latency guarantee is needed, but less discussed. This paper proposes a tree-based resolution system structure for deterministic latency resolution, which can support the Local Name Mapping Resolution System (LNMRS) in the new ICN network architecture—SEANet—to provide deterministic name resolution service in latency-sensitive scenarios like industrial control and telemedicine. The correctness of such a structure is the key to achieving deterministic latency resolution. To ensure the structure's correctness in a distributed manner, a tree structure protocol based on delay measurement is also proposed for structure generation and maintenance. Simulation results show that the protocol is effective in generating a correct structure that has good performance in terms of service capability for deterministic name resolution and system scalability.

engineering, electrical & electronic,computer science, information systems,physics, applied

You Wang,Jun Bi,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/mnet.2016.7389834

IF: 10.294

2016-01-01

IEEE Network

Abstract:This article surveys one Internet mobility approach that is highlighted by the employment of an identifier namespace. This approach uses identifiers other than traditional IP addresses to name mobile hosts, contents, or other entities, and introduces a mapping function to locate the entities in the global scope. Although this approach has been adopted by many Internet mobility solutions and is also considered as a promising way to support mobility in the future Internet, there lacks a comprehensive review and analysis of this approach together with related solutions, especially the ones proposed in recent years. This article describes the emergence, evolution, and state of the art of the approach, and gives a classification, a review, and a comparison of typical solutions related to the approach. This article also presents discussions of open issues, challenges, and research trends on designing future Internet mobility solutions.

Jessie Hui Wang,Yang Wang,Mingwei Xu,Jiahai Yang

DOI: https://doi.org/10.1109/icc.2012.6363725

2012-01-01

Abstract:Although most researchers have agreed that the locator/identifier separation is beneficial for the Internet, there is no consensus on how to define the “identifier”. In this paper, we propose a scheme in which identifiers are distributed by authorities to endpoints, and the authorities are responsible for maintaining real-time locators of endpoints with identifiers they distributed. This scheme can be helpful to accounting, security and other network management tasks. We also present in details how to implement this scheme with extended DNS and a new infrastructure, i.e., ID Mapping System (IDMS).

LIU Jian-qiang,CHENG Dong-nian,WU Jiang-xing,ZHANG Jian-wei,LAN Ju-long

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.09.071

2010-01-01

Abstract:Universal network is a new architecture based on identity/locator separating. A challenge from the separating is how to find a locator for a identity. This paper designed a three tiers system for mapping entries storing and resolving. Stored mapping entries in different tier with the difference frequency odds of the remote communication terminal called,and flowed from one tier to another. In order to reduce the cost of large scale mobility,policy of report to the top tier was different. It shows that the resolving system satisfies the require of universal network identity mapping resolving.

Daojing He,Sammy Chan,Chun Chen,Jiajun Bu,Rong Fan

DOI: https://doi.org/10.1007/s11277-010-0033-5

IF: 2.017

2010-01-01

Wireless Personal Communications

Abstract:Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.

Qi Li,Xingqun Qi,Jiaming Liu,Hongfeng Han

DOI: https://doi.org/10.1109/icctec.2017.00303

2017-01-01

Abstract:Hosts need to identify their location on the Internet. One way is to use an IP address. In IPV4 networks, each computer is identified by a unique 4-byte number, which is generally written as a four-point format, such as 199.1.35.90. When data are transmitted via the network, the header of the packet will contain the IP address of the destination host. Another method is to use the host name to identify themselves, such as www.yahoo.com, www.google.com. Compared with the IP address, it is more memorable. However, the host name provides little or no information about the host's location in the network. In addition, since host names are usually composed of alphanumeric characters of varying lengths, routers are better at handling fixed-length, hierarchical IP addresses. Therefore, domain name system (DNS) has been developed for converting host names that are easy to be remembered by humans into digital Internet addresses. But the use of DNS sometimes reduces the efficiency of accessing the network because the network environment varies all the time, which results in the transmission rate of information between the client and the DNS server. If the package losses due to timeout, the respond of the DNS server cannot be received. As a result, this paper designs a model that can decrease the probability of these problems by introducing a local DNS database.

Yu Guan,Lemei Huang,Xinggong Zhang,Zongming Guo

DOI: https://doi.org/10.1109/ICC.2018.8422320

2018-01-01

Abstract:Name-based routing is one of the core ideas in Information-centric network (ICN). In name-based routing, there is a tradeoff between the cost of name announcement and name lookup. Some ICN architectures introduce an efficient way of name lookup but pay high price in name announcement, others cut off most information exchange in name announcement yet introduce heavy burden in name lookup.In order to solve this problem and balance the cost of name announcement and lookup, we propose Name-based routing with On-Path Name Lookup (OPNL). OPNL looks up name prefixes on the path to name's guaranteed destination. It accomplishes distributed name lookup with lighter burden while maintaining little information exchange in name announcement. Results of simulation experiments show that OPNL makes a tradeoff between the cost of name announcement and lookup to have better scalability, eliminates storage overhead and communication overhead compared with prior works and attains even better performance.

Li Zang,Yanyong Zhang,Wade Trappe,Badri Nath

2004-01-01

Abstract:The infrastructure provided by wireless networks promises to have a significant impact on the way computing is performed. Not only will information be available while we are on the go, but new locationaware computing paradigms along with location-sensitive security policies will emerge. Already, many techniques have emerged to provide the ability to localize a communicating device [?], [1]–[4]. Enforcement of location-aware security policies (e.g., this laptop should not be taken out of this building, or this file should not be opened outside of a secure room) requires trusted location information. As more of these location-dependent services get deployed, the very mechanisms that provide location information will become the target of misuse and attacks. Therefore, as we move forward with deploying wireless systems that support location services, it is prudent to integrate security into the protection of localization techniques. The purpose of this paper is to examine the problem of secure localization from a viewpoint different from traditional network security services. In addition to the different attacks and misuse faced by wireless localization mechanisms, it is our viewpoint that these vulnerabilities can be mitigated by exploiting the redundancy present in typical wireless deployments. Rather than introducing countermeasures for every possible attack, our approach is to provide localization-specific, attack-tolerant mechanisms that shield the localization infrastructure from threats that bypass traditional security defenses. The idea is to live with bad nodes rather than eliminate all possible bad nodes.

Stephanos Matsumoto,Raphael M. Reischuk,Pawel Szalachowski,Tiffany Hyun-Jin Kim,Adrian Perrig

DOI: https://doi.org/10.48550/arXiv.1506.03392

2015-06-13

Abstract:We address the problem of scaling authentication for naming, routing, and end-entity certification to a global environment in which authentication policies and users' sets of trust roots vary widely. The current mechanisms for authenticating names (DNSSEC), routes (BGPSEC), and end-entity certificates (TLS) do not support a coexistence of authentication policies, affect the entire Internet when compromised, cannot update trust root information efficiently, and do not provide users with the ability to make flexible trust decisions. We propose a Scalable Authentication Infrastructure for Next-generation Trust (SAINT), which partitions the Internet into groups with common, local trust roots, and isolates the effects of a compromised trust root. SAINT requires groups with direct routing connections to cross-sign each other for authentication purposes, allowing diverse authentication policies while keeping all entities globally verifiable. SAINT makes trust root management a central part of the network architecture, enabling trust root updates within seconds and allowing users to make flexible trust decisions. SAINT operates without a significant performance penalty and can be deployed alongside existing infrastructures.

Cryptography and Security