Hui Li,Xin Yang

DOI: https://doi.org/10.1007/978-981-16-2670-8_4

2021-01-01

Abstract:AbstractIn order to realize all functions of the sovereignty network while guarantee the security at the same time, what key technologies should be used in the architecture? This chapter will elaborate on the key technologies of the sovereignty network. Firstly, on application layer, we proposed a large-scale multilateral managed consortium blockchain technology named as Proof of Vote to construct the multi-identifier system (MIS) for all nations in the world to jointly and equally co-manage the top-level identifiers, which assures the intercommunication between different nations. Meanwhile, each nation owns autonomy on low-level identifiers of its corresponding top-level identifiers, which reflects independent of cyberspace sovereignty. Then, we proposed some efficient algorithms to support inter-translating and addressing for multi-identifier and huge size of hundred billion identifiers, together with the hyperbolic routing scheme forming the core technologies of network layer in MIN Architecture. Technologies for guaranteeing privacy, security, and transmission control, etc. were also presented.

Hui Li,Xin Yang

DOI: https://doi.org/10.1007/978-981-16-2670-8_5

2021-01-01

Abstract:Multi-Identifier Network (MIN) is compatible with IP network, and supports naturally and gradually de-IP, which will be promoted by users and the market for its performance gains rather than by compulsively. It is a predictable circumstance that the IP network may still be mainstream at United States of American in the future. But other countries will move away from IP to MIN in order to safeguard their sovereignty over cyberspace, and the connectivity between them and IP network are guaranteed through MIN. In other words, IP network will become the internal network of the United States, while other countries will constitute a multilateral governance network system based on MIN. In brief, the applications scenarios of Co-governed Sovereignty Network based on MIN could be classified into three scales: the small-scale scenarios such as high-security private networks for enterprises, industries, and government departments; the medium-scale scenarios of industrial Internet, private network of Internet of vehicles and smart city; the United Nations of Cyberspace: raplacing the current IP network with the large-scale high-security cyberspace for multilateral condominium and sovereign autonomy.

liu han

2016-01-01

Abstract:The institutional framework of global Internet governance depends upon the conception of the Internet,the cardinal question of which is whether traditional conception of sovereignty applies in cyberspace.Since the Internet’s birth,two conceptions have been colliding:one holds that the Internet creates an independent space separate from sovereign states;the other holds that Internet governance still follows the logic of state sovereignty.While the former conception is popular,the history of DNS governance suggests otherwise.A single state as the de facto sovereign controls the root of DNS by privatizing the power of managing domain names and addresses.As this model has been criticized heavily in recent years,the struggle for ruling the root has entered the domain of traditional international law and politics.Global Internet governance,then,needs to reconcile the two conceptions of the Internet and balance information freedom and public order.

Hui Li,Xin Yang

DOI: https://doi.org/10.1007/978-981-16-2670-8_1

2021-01-01

Abstract:AbstractNational sovereignty is the basic subject of the theory and practice of contemporary international law, occupies a crucial position. In order to studying the sovereignty of internet, we need to have an accurate cognition on the traditional concept of sovereignty. In this chapter, we introduce sovereignty from three perspectives: the historical background of traditional sovereignty, the adaptability of sovereignty in cyberspace or network sovereignty, and the sovereignty in the cyber era. Finally, we define sovereignty in cyberspace from the perspective of jurisprudence.

Hui Li,Xin Yang

DOI: https://doi.org/10.1007/978-981-16-2670-8_2

2021-01-01

Abstract:AbstractIn recent years, with the integration of the Internet and various economic and social fields, the security situation in cyberspace has been changing rapidly. There are more and more network games at the national level and the network attack and defense have become more intense. Network sovereignty has become one of sovereignty that all states are striving for. Cyber war against national targets has emerged and will not abate. Major countries have successively set up cyberspace forces. These facts have demonstrated the existence of a new frontier for humanity, national interests, and digital sovereignty in cyberspace, and demonstrated the absence of international rules or laws that effectively coordinate the management of this space. The chaos in the online media during the US presidential election in 2020, in which the incumbent US president has been banned from several public accounts by major online social media, shows that there is still a long way to go in terms of citizens’ digital human rights and the reasonable and orderly legislative and judicial administration of domestic cyberspace management. All of these topics are discussed in detail in this chapter.

Hui Li,Jiangxing Wu,Kaixuan Xing,Peng Yi,Julong Lan,Xinsheng Ji,Qinrang Liu,Shisheng Chen,Wei Liang,Jinwu Wei,Wei Li,Fusheng Zhu,Kaiyan Tian,Jiang Zhu,Yiqin Lu,Ke Xu,Jiaxing Song,Yijun Liu,Junfeng Ma,Rui Xu,Jianming Que,Weihao Yang,Weihao Miu,Zefeng Zheng,Guohua Wei,Jiuhua Qi,Yongjie Bai,Chonghui Ning,Han Wang,Xinchun Zhang,Xin Yang,Jiansen Huang,Sai Lv,Xinwei Liu,Gengxin Li

DOI: https://doi.org/10.48550/arxiv.1906.06901

2019-01-01

Abstract:The Internet has become the most important infrastructure of modern society, while the existing IP network is unable to provide high-quality service. The unilateralism IP network is unable to satisfy the Co-managing and Co-governing demands to Cyberspace for most Nations in the world as well. Facing this challenge, we propose a novel Decentralized Multilateral Co-Governing Post-IP Internet architecture. To verify its effectiveness, we develop the prototype on the operator's networks including China Mainland, Hong Kong, and Macao. The experiments and testing results show that this architecture is feasible for co-existing of Content-Centric Networking and IP network, and it might become a Chinese Solution to the world.

Ashok Anand,Fahad R. Dogar,Dongsu Han,Boyan Li,Hyeontaek Lim,Michel Machado,Wenfei Wu,Aditya Akella,David G. Andersen,John W. Byers,Srinivasan Seshan,Peter Steenkiste

DOI: https://doi.org/10.1145/2070562.2070564

2011-01-01

Abstract:ABSTRACTMotivated by limitations in today's host-based IP network architecture, recent studies have proposed clean-slate network architectures centered around alternative first-class principals, such as content, services, or users. However, much like the host-centric IP design, elevating one principal type above others hinders communication between other principals and inhibits the network's capability to evolve. Our work presents the eXpressive Internet Architecture (XIA), an architecture with native support for multiple principals and the ability to evolve its functionality to accommodate new, as yet unforeseen, principals over time. XIA also provides intrinsic security: communicating entities validate that their underlying intent was satisfied correctly without relying on external databases or configuration. In this paper, we focus on core architectural issues in the XIA data plane. We outline key design requirements relating to native support for multiple principals and intrinsic security. We then use case studies to demonstrate how the XIA design facilitates evolvability and flexibility.

YANG Xin,LI Hui,QUE Jianming,MA Zhentai,LI Gengxin,YAO Yao,WANG Bin,JIANG Fuli

DOI: https://doi.org/10.11896/jsjkx.220600265

2023-01-01

Abstract:Traditional IP-based Internet offers an end-to-end data transport service and has developed rapidly in the past half-century.However,serious security incidents emerged from attacks based on traditional networks.Traditional security mechanisms(e.g.,firewalls,intrusion detection systems) enhance security.However,most of them only provide some remedial strategies rather than solve the address-security problem radically due to the lack of change in network design.The overall in-depth security of the networked system cannot be guaranteed without a fundamental change.In order to meet the development requirements of the next generation of an endogenous security network,one of the future networks,the multi-identifier network(MIN),is introduced as our research background.This paper proposes an efficient scheme in hieratical architecture that provides comprehensive protection by addressing the security aspects pertaining to the network and application layers.At the network layer,the proposed architecture develops a multi-identifier routing scheme with embedded identity-based authentication and packet signature mechanisms to provide data tamper-resistance and traceability.At the application layer,the proposed architecture designs a mimic defensive scheme combined with weighted network centrality measures.This scheme focuses on protecting the core components of the whole network to improve the service's robustness and efficiently resist potential attacks.This paper tests and evaluates the proposed scheme from a theoretical and practical perspective.An analytical model is built based on the random walk for theoretical evaluation.In experiments,the proposed scheme is developed in MIN as MIN-VPN.Then considering IP-VPN as a baseline,anti-attack tests are conducted on IP-VPN and MIN-VPN.The results of theoretical evaluations and experiments show that the proposed scheme provides excellent transmission performance and successful defense against various TCP/IP-based attacks with acceptable defensive cost,demonstrating this security mechanism's effectiveness.In addition,after long-period penetration testing in three international elite security contests,the proposed method is effectively immune to all TCP/IP-based attacks from thousands of professional teams,thus verifying its strong security.

Alexandra Yankova

DOI: https://doi.org/10.31857/s013128120026886-5

2023-01-01

Problemy Dalnego Vostoka

Abstract:Modern China shares the position that national security is impossible without network security. The state builds cyber diplomacy based on the traditional dominants of its foreign policy — inviolability of borders, non-interference, respect for sovereignty. Naturally expanding into the digital space, the last of them has acquired a new form of cyber-sovereignty, become an integral part of the Chinese discursive force and the cornerstone of the PRC’s approach to global Internet governance. Beijing, not satisfied with the current unfair digital world order and concerned about the need to ensure constant control over internal networks for the regime security, advocates institutional reform of the existing system of global cyberspace governance. Over the past two decades, the state has turned from a recipient into a creator and propagandist of cyber norms. The cases of Chinese regulatory entrepreneurship attract an increasing number of supporters, primarily among developing countries. Several major initiatives, including the World Internet Conference, the Community with a Shared Future in Cyberspace, the Digital Silk Road, have become the personification of China’s competitive strategy in this direction. All of them aim to convey to an international audience a concrete message about China’s intention to adhere to cyber sovereignty in all foreign policy affairs and a call to formalize this principle as a confirmation of the state’s right to manage the Internet at their discretion. Based on primary sources, the article attempts to trace the origins of the PRC’s cyber sovereignty concept, analyze its evolution, institutional design, goal setting, content, limitations, and using the construction of an object-oriented architecture to present it as a three levels system, visualized for a better understanding of the links between levels. Acknowledgements: The author expresses gratitude to her supervisor, Vasily B. Kashin, Ph.D. (Political Sciences), Director of the Centre for Comprehensive European and International Studies (CCEIS) at the HSE University, for his assistance.

Hui Li,Fusheng Zhu,Yiqin Lu,Wai Ho Mow,Yeung Wai-Ho,Zefeng Zheng,Peng Yi,Xinsheng Ji,Qinrang Liu,Wei Li,Kaiyan Tian,Jiangxing Wu,Jiang Zhu,Jiaxing Song,Yijun Liu,Junfeng Ma,Jiawei Hu,Jiansen Huang,Guohua Wei,Jiuhua Qi,Ting Huang,Kaixuan Xing,Xin Yang,Han Wang,Julong Lan,Ke Xu,Hua Tan,Jinwu Wei,Wei Liang

DOI: https://doi.org/10.1109/access.2020.2974327

IF: 3.9

2020-01-01

IEEE Access

Abstract:IP protocol is the core of TCP/IP network layer. However, since IP address and its Domain Name are allocated and managed by a single agency, there are risks of centralization. The semantic overload of IP address also reduces its scalability and mobility, which further hinders the security. This paper proposes a co-governing Multi-Identifier Network (MIN) architecture that constructs a network layer with parallel coexistence of multiple identifiers, including identity, content, geographic information, and IP address. On the management plane, we develop an efficient management system using consortium blockchain with voting consensus, so the network can simultaneously manage and support by hundreds or thousands of nodes with high throughput. On the data plane, we propose an algorithm merging hash table and prefix tree (HTP) for FIB, which avoids the false-negative error and can inter-translate different identifiers with tens of billions of entries. Further, we propose a scheme to transport IP packets using CCN as a tunnel for supporting progressive deployment. We deployed the prototype of MIN to the largest operators' network in Mainland China, Hongkong and Macao, and demonstrated that the network can register identifier under co-governing consensus algorithm, support VoD service very well.

You Wang,J. Bi,Bingyang Liu,Guang Yao

2009-01-01

Abstract:In this paper we present a new architecture focused on improving the management of the network as well as solving the host mobility and security problem. First we analyze several challenges the Internet is facing today, then we describe our architecture with comparison to other similar approaches and then give the design details. In our proposal, network has a hierarchical structure which can be constructed through virtualization. We show that better management and security can be achieved in this architecture. Based on ID/Loc-split, we can support host mobility with a more scalable mapping system. Compared with the Internet today, our scheme may be more suitable for specific networks.

Enkeleda Bardhi,Mauro Conti,Riccardo Lazzeretti,Eleonora Losiouk

2023-07-11

Abstract:Today Internet is experiencing a massive number of users with a continuously increasing need for data, which is the leading cause of introduced limitations among security and privacy issues. To overcome these limitations, a shift from host-centric to data-centric is proposed, and in this context, Information-Centric Networking (ICN) represents a promising solution. Nevertheless, unsettling the current Internet network layer, i.e., Internet Protocol (IP), with ICN is a challenging, expensive task since it requires worldwide coordination among Internet Service Providers (ISPs), backbone, and Autonomous Services (AS). Therefore, researchers foresee that the replacement process of the current Internet will transition through the coexistence of IP and ICN. In this perspective, novel architectures combine IP and ICN protocols. However, only a few of the proposed architectures place the security-by-design feature. Therefore, this article provides the first comprehensive Security and Privacy (SP) analysis of the state-of-the-art IP-ICN coexistence architectures by horizontally comparing the SP features among three deployment approaches, i.e., overlay, underlay, and hybrid, and vertically comparing among the ten considered SP features. Lastly, the article sheds light on the open issues and possible future directions for IP-ICN coexistence. Our analysis shows that most architectures fail to provide several SP features, including data and traffic flow confidentiality, availability, and anonymity of communication. Thus, this article shows the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

LI Dan,WU Jian-Ping,CUI Yong,XU Ke

DOI: https://doi.org/10.1360/jos161445

2005-01-01

Abstract:With the rapid growth of Internet, the structures and resolutions of Internet namespaces are facing with new challenges. IP address is overloaded in semantics because it is used to represent both the location and the identity of a device. The namespace resolution system DNS can't satisfy many new application demands with its unique service model, slow update speed, and weak capability in resource description. Many network middleboxes, such as NAT, various agents and firewalls, also destroy the Internet architecture and the Internet namespaces. Based on these, researchers bring forth many solutions to improve the structures and resolutions of Internet namespaces. This paper analyzes the problems in the structures and resolutions of current Internet namespaces, and then makes categories, surveys, and comparisons on the improvement solutions to them. Finally, future research trends on this area are discussed.

Samantha Bradshaw,Laura DeNardis

DOI: https://doi.org/10.1177/1461444816662932

2016-08-08

Abstract:One of the most contentious and longstanding debates in Internet governance involves the question of oversight of the Domain Name System (DNS). DNS administration is sometimes described as a “clerical” or “merely technical” task, but it also implicates a number of public policy concerns such as trademark disputes, infrastructure stability and security, resource allocation, and freedom of speech. A parallel phenomenon involves governmental and private forces increasingly altering or co-opting the DNS for political and economic purposes distinct from its core function of resolving Internet names into numbers. This article examines both the intrinsic politics of the DNS in its operation and specific examples and techniques of co-opting or altering DNS’ technical infrastructure as a new tool of global power. The article concludes with an analysis of the implications of this infrastructure-mediated governance on network security, architectural stability, and the efficacy of the Internet governance ecosystem.

communication

Dongsu Han,Ashok Anand,Fahad R. Dogar,Boyan Li,Hyeontaek Lim,Michel Machado,Arvind Mukundan,Wenfei Wu,Aditya Akella,David G. Andersen,John W. Byers,Srinivasan Seshan,Peter Steenkiste

2012-01-01

Abstract:Motivated by limitations in today's host-centric IP network, recent studies have proposed clean-slate network architectures centered around alternate first-class principals, such as content, services, or users. However, much like the host-centric IP design, elevating one principal type above others hinders communication between other principals and inhibits the network's capability to evolve. This paper presents the eXpressive Internet Architecture (XIA), an architecture with native support for multiple principals and the ability to evolve its functionality to accommodate new, as yet unforeseen, principals over time. We describe key design requirements, and demonstrate how XIA's rich addressing and forwarding semantics facilitate flexibility and evolvability, while keeping core network functions simple and efficient. We describe case studies that demonstrate key functionality XIA enables.

Wu Jianping,Liu Lili,Li Dan

DOI: https://doi.org/10.1007/bf03391548

2016-01-01

Journal of Communications and Information Networks

Abstract:Given the emerging problems of today’s Internet, many new Internet architectures have been proposed by the net- working community. In general, the new approaches can be categorized into two types: evolutionary approaches and clean-slate approaches. The representative evolutionary solution is IPv6, while representative clean-slate approaches are NDN (Named Data Networking), MobilityFirst, NEBULA, XIA (Expressive Internet Architecture), and SDN (Software-Defined Networking). A comprehensive survey of these approaches is presented. Additionally, a novel network architecture that we recently proposed: ADN (Address-Driven Networking) is described, which intends to address the challenges faced by today’s Internet via the flexible and innovative utilization of IP addresses.

Yu Hong,G. Thomas Goodnight

DOI: https://doi.org/10.1080/17544750.2019.1687536

IF: 3.698

2019-01-01

Chinese Journal of Communication

Abstract:The cybersphere constitutes a global disagreement space where the contested, ongoing ties that link states and the internet come into being. In this paper, a critique of sovereignty and political economy is offered to evaluate contemporary controversies concerning authority, independence, regulation, and access to communications as matters of relationality, materiality, and disagreement. We review China's promotion of cyber sovereignty as a complicating episode that reflects the development stresses of the sphere. China wishes to establish guardrails for the practices of multipolar global digital capitalism; yet, it has ushered in a variety of internet-related global issues, including in security, privacy, material well-being, developmental justice, and planetary futures. These complex aims invite and expand the dialectical spaces animating the cybersphere.

Jie Li,Jianping Wu,Ke Xu

DOI: https://doi.org/10.1109/glocom.2011.6133740

2012-01-01

Chinese Journal of Computers

Abstract:Next generation Internet is highly concerned with the issue of trustworthy. An important foundation of trustworthy is authentication of the source IP address. With existing signature-and-verification based defense mechanisms, there is a lack of hierarchical architecture, which makes the structure of the trust alliance excessively flat and single. Moreover, with the increasing scale of trust alliances, costs of validation grow so quickly that they do not adapt to incremental deployment. Via comparison with traditional solutions, this article proposes a hierarchical, inter-domain authenticated source address validation solution named SafeZone. SafeZone employs two intelligent designs: lightweight tag replacement and a hierarchical partitioning scheme, each of which helps to ensure that SafeZone can construct trustworthy and hierarchical trust alliances without the negative influences and complex operations on de facto networks. Extensive experiments also indicate that SafeZone can effectively obtain the design goals of a hierarchical architecture, along with lightweight, loose coupling and "multi-fence support" as well as supporting incremental deployment.

Wei Zhang,Jun Bi,Jianping Wu,Sen Wang,Hongcheng Tian

DOI: https://doi.org/10.1145/2089016.2089040

2011-01-01

Abstract:The Internet is becoming the global digital infrastructure; however, its current architecture faces many challenges in terms of scalability, security and other aspects. For example, the BGP routing table keeps growing rapidly as the Internet scales up; Source IP address spoofing and prefix hijacking undermine the security of fundamental Internet applications. Motivated by seeking evolvable architecture solutions, we propose an enhanced inter-domain routing architecture to address these problems. In our architecture, we first introduce two routing hierarchies: local routing on specific network layer protocols/addresses and global routing on a coarser granularity in order to improve the routing scalability. The end-to-end routes are composed of local IP-level forwarding and global transit tunnels on higher routing hierarchy. Secondly we propose "pair-wise" routing on the coarser granularity which may facilitate source authentication and inter-domain accountability. On the data plane, an inter-domain path is composed of concatenated local transit tunnels within administration boundaries which should comply with corresponding local transit policies. In addition to enhanced scalability, security and accountability, our new routing architecture may facilitate Internet-wide deployment of new network layer protocols and leverage IP evolution in the long run.

Hao Xu,Yunqing Sun,Zihao Li,Yao Sun,Lei Zhang,Xiaoshuai Zhang

DOI: https://doi.org/10.1109/MCOM.005.2200481

2023-06-13

Abstract:Web3 brings an emerging outlook for the value of decentralization, boosting the decentralized infrastructure. People can benefit from Web3, facilitated by the advances in distributed ledger technology, to read, write and own web content, services and applications more freely without revealing their real identities. Although the features and merits of Web3 have been widely discussed, the network architecture of Web3 and how to achieve complete decentralization considering law compliance in Web3 are still unclear. Here, we propose a perspective of Web3 architecture, deController, consisting of underlay and overlay network as Web3 infrastructures to underpin services and applications. The functions of underlay and overlay and their interactions are illustrated. Meanwhile, the security and privacy of Web3 are analyzed based on a novel design of three-tier identities cooperating with deController. Furthermore, the impacts of laws on privacy and cyber sovereignty to achieve Web3 are discussed.

Networking and Internet Architecture,Systems and Control