摘要
由于现有的TCP/IP没有对地址、身份等信息进行认证,造成源地址欺骗、路由劫持等大量攻击的发生,严重威胁到网络安全。而现有基于PKI体系的CA认证机构的管理效率低、没有统一性,不适合在全网统一范围进行认证。为了能够高效地管理、认证和存储公钥信息,建立全网统一的网络层可信身份认证与管理机制,提出了基于ZooKeeper的全网统一信任锚模型。该模型利用ZooKeeper的负载均衡、数据一致性等优点,采用分布式架构来共同管理信任锚,以一种全网统一的ID标志信息来解决身份与地址真实性鉴别问题,实现网络的平等互联、安全可信。
Because of the existing TCP/IP protocol does not authenticate the address and identity,a large number of attacks such as source address spoofing and route hijacking occur,which seriously threaten the security of the network.And the CA based on the PKI system has low management efficiency and no uniformity,and is not suitable for authentication in the entire network.In order to efficiently manage the storage of public key information and establish a network-wide trusted identity authentication and management mechanism,this paper proposed a unified trust anchor model based on ZooKeeper.This model utilized ZooKeeper load balancing,high availability and other advantages to jointly manage the trust anchor,solved the identity and address authenticity identification problem with a unified ID identification information of the entire network,and achieved equal network interconnection,security and credibility.
作者
史博轩
章峰
蒋文保
Shi Boxuan;Zhang Feng;Jiang Wenbao(School of Information Management,Beijing Information Science&Technology University,Beijing 100192,China)
出处
《计算机应用研究》
CSCD
北大核心
2020年第12期3722-3725,共4页
Application Research of Computers
基金
网络空间安全学科创新平台建设资助项目(77F1910917)
国家重点研发计划资助项目(2018YFB1800100)。
