Design and Implementation of Security for HIMALIS Architecture of Future Networks
スポンサーリンク
概要
- 論文の詳細を見る
For flexibility in supporting mobility and multihoming in edge networks and scalability of the backbone routing system, future Internet is expected to be based on the concept of ID/locator split. Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation (HIMALIS) has been designed as a generic future network architecture based on ID/locator split concept. It can natively support mobility, multihoming, scalable backbone routing and heterogeneous protocols in the network layer of the new generation network or future Internet. However, HIMALIS still lacks security functions to protect itself from various attacks during the procedures of storing, updating, and retrieving of ID/locator mappings, such as impersonation attacks. Therefore, in this paper, we address the issues of security functions design and implementation for the HIMALIS architecture. We present an integrated security scheme consisting of mapping registration and retrieval security, network access security, communication session security, and mobility security. Through the proposed scheme, the hostname to ID and locator mapping records can be securely stored and updated in two types of name registries, domain name registry and host name registry. Meanwhile, the mapping records retrieved securely from these registries are utilized for securing the network access process, communication sessions, and mobility management functions. The proposed scheme provides comprehensive protection of both control and data packets as well as the network infrastructure through an effective combination of asymmetric and symmetric cryptographic functions.
- The Institute of Electronics, Information and Communication Engineersの論文
著者
-
HARAI Hiroaki
National Institute of Information and Communications Technology (NICT)
-
Harai Hiroaki
National Inst. Of Information And Communications Technol.
-
Li Ruidong
National Institute of Information and Communications Technology
-
Inoue Daisuke
National Institute Of Information And Communicarions Technology
-
Kafle Ved
National Inst. Of Information And Communications Technol. (nict)
関連論文
- Optical Access Architecture Designs Based on WDM-Direct toward New Generation Networks
- 招待講演 nicter: An Incident Analysis System for the Global Internet using Correlation between Network Monitoring and Malware Analysis
- 招待講演 nicter: An Incident Analysis System for the Global Internet using Correlation between Network Monitoring and Malware Analysis
- Design Guidelines for New Generation Network Architecture
- BS-7-26 Comparison between Two Signaling-Based Distributed Wavelength Assignment and 3R Allocation Approaches in WSONs(BS-7. Network Planning, Control and Management)
- Optical Access Architecture Designs Based on WDM-Direct toward New Generation Networks
- BS-10-11 Provisioning of Bidirectional Lightpath with Same Wavelength in An Optical Grid Infrastructure(BS-10.Network Planning, Control, and Management,symposium)
- On-Demand End-to-End Optical Network Construction for Grid Applications with Adaptive and Distributed Control over Multi-Domain WSONs
- BS-4-1 On-Demand Optical Grid Networks Construction over Multi-Domain WSONs(BS-4. System, control and design technologies for emerging network)
- BS-12-29 Asymmetric Wavelength Lightpaths Group for Content Delivery on Asymmetric Traffic Demands(BS-12. Network Planning, Control, and Management)
- End-to-End Lightpath Establishment Based on Rank Accounting in Multi-Domain WDM Networks(Fiber-Optic Transmission for Communications)
- Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis
- Malware Sandbox Analysis for Secure Observation of Vulnerability Exploitation
- Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities
- Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring
- HIMALIS : Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation in New Generation Network
- BS-9-1 Optical Ring GRID in GMPLS Based Networks(BS-9. Latest Trends on Information Networking Technologies)
- A Distributed Clustering Method for Hierarchical Routing in Large-Scaled Wavelength Routed Networks(Next Generation Photonic Network Technologies)
- Multi-Stage Fiber Delay Line Buffer in Photonic Packet Switch for Asynchronously Arriving Variable-Length Packets(Internet)
- BS-4-27 Queueing Analysis on Capacity of Community Mesh Network(BS-4. System, control and design technologies for emerging network)
- O-means : An Optimized Clustering Method for Analyzing Spam Based Attacks
- A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data
- NerveNet : A Regional Platform Network for Context-Aware Services with Sensors and Actuators
- An approach to optical grid network construction in large scale open optical networks (ネットワークシステム)
- A Heuristic Algorithm of Process Mapping in Heterogeneous Grid Computing Environment over WAN
- P2P Network Traffic Analysis Using Data Mining Engines
- Requirements for Distributed Locator Space Renumbering Hierarchical Automatic Locator Number Allocation(HANA)(Future Internet, etc.)
- A Novel Malware Clustering Method Using Frequency of Function Call Traces in Parallel Threads
- Secure and Robust Framework for ID/Locator Mapping System
- Malware Sandbox Analysis with Efficient Observation of Herder's Behavior
- Malware Sandbox Analysis with Efficient Observation of Herder's Behavior
- Incremental Distributed Construction Method of Delaunay Overlay Network on Detour Overlay Paths
- Catching the Behavioral Differences between Multiple Executions for Malware Detection
- An Accurate Packer Identification Method Using Support Vector Machine
- Design and Implementation of Security for HIMALIS Architecture of Future Networks
- A Design of Inter-AS Address Space (Re) Allocation Planning Scheme in Hierarchical and Automatic Number Allocation (HANA)
- Automatic Route Switching Method on HANA-based Multihomed Network
- Catching the Behavioral Differences between Multiple Executions for Malware Detection