摘要
故障定位协议能够确保网络路由节点按照用户意图传输数据,从而避免流量窃听、中间人攻击等网络威胁,从根本上提升网络安全能力。现有协议主要包括传统故障定位协议及安全故障定位协议。传统故障定位协议以网络路由节点与用户相互信任为基础,由于现有互联网本身不存在信任基础,很难直接应用于安全强度要求较高的场景。因此,安全故障定位协议研究如何在缺乏信任关系的路由节点与用户端节点之间建立可信基础,成为跨域通信的研究。详细分析了两类故障定位协议,重点探讨了安全故障定位协议的特点和不足,并提出了通过分布式密钥基础设施建设、路由设备开销降低、专用网络逐步部署等方式在互联网范围内实现安全高效故障定位的思路。
Fault localization protocol enables the network to locate malicious routers or links that damage network delivery,which is generally recognized as an important way to guarantee network availability as well as security to avoid network threats such as traffic eavesdropping and man-in-the-middle attack.The traditional fault localization protocols mainly on the basis that the routers and the hosts trust each other,unfortunately,there is no trust foundation on today’s Internet.On the other hand,secure fault localization establishes a certain trust mechanism through key infrastructure,which can guarantee the fault localization capability under variety of attacks.Some mechanisms devote to the establishment of the trustworthy infrastructure between the network routers and the host towards a lightweight secure fault localization protocol.In this paper,we analyze the traditional fault localization as well as the secure fault localization in detail,mainly discuss the characteristics and shortcomings of secure fault localization protocols,and propose the advice,which includes the construction of distributed key infrastructure,the decreasing of cost in routers,as well as the gradual deployment in the dedicated network,towards a secure fault localization mechanism on Internet.
作者
吕游
邹乾友
杨爱玲
高镇
付松涛
LYU You;ZOU Qianyou;YANG Ailing;GAO Zhen;FU Songtao(Unit 32039,Beijing 100094,China;Unit 32033,Haikou 571100,China)
出处
《信息工程大学学报》
2021年第4期462-472,共11页
Journal of Information Engineering University
关键词
互联网
网络安全
数据面
软件定义网络
故障定位
Internet
network security
data plane
software-defined networks
fault localization
