SAVI DHCPv6数据报文源地址验证方法研究
由于现今的网络缺乏源地址验证机制,导致多种依靠IP欺骗的恶意攻击时有发生。在DHCPv6场景中防止IP欺骗的源地址验证改进(SAVI)工作,目前正由互联网工程任务组(IETF)驱动,但尚未给出确切的源地址验证方法。为此,提出两个验证方法:改进的多比特Trie树算法和改进的哈希查找算法,实现了SAVI DHCPv6的仿真系统,并使用该系统进行不同验证方法的对比实验。结果表明,提出的两种改进方法比顺序查找方法具有更优的时间性能。...
Saved in:
| Published in | 计算机应用研究 Vol. 34; no. 1; pp. 166 - 169 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | Chinese |
| Published |
中国科学院计算机网络信息中心,北京 100190
2017
中国科学院计算机网络信息中心,北京 100190%中国科学院计算机网络信息中心,北京 100190 北龙中网 北京 科技有限责任公司,北京 100190 北龙中网 北京 科技有限责任公司,北京 100190%中国科学院大学,北京 100190 中国科学院大学,北京 100190 |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1001-3695 |
| DOI | 10.3969/j.issn.1001-3695.2017.01.036 |
Cover
| Summary: | 由于现今的网络缺乏源地址验证机制,导致多种依靠IP欺骗的恶意攻击时有发生。在DHCPv6场景中防止IP欺骗的源地址验证改进(SAVI)工作,目前正由互联网工程任务组(IETF)驱动,但尚未给出确切的源地址验证方法。为此,提出两个验证方法:改进的多比特Trie树算法和改进的哈希查找算法,实现了SAVI DHCPv6的仿真系统,并使用该系统进行不同验证方法的对比实验。结果表明,提出的两种改进方法比顺序查找方法具有更优的时间性能。 |
|---|---|
| Bibliography: | 51-1196/TP Huang Shenglin1,2,3, Lyu Fengchang1,2, Wang Wei2,3 ( 1. University of Chinese Academy of Sciences, Beijing 100190, China ; 2. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China; 3. Knez Co. , Ltd, Beijing 100190, China) Current Intemet was lack of source address validation mechanism, resuhed in a variety of malicious attacks relying on IP spoofing. Source address validation improvements in DI4CPv6 scenario was an in-progress mechanism against IP spoofing driven by Internet Engineering Task Force, but still lack of data packet source address validation solutions. This paper proposed two solutions: improved multi-bits Trie algorithm and improved hash lookup algorithm. Then it implemented a SAVI DHCPv6 simulation system to test their performance. The result shows that the two improved solutions in this paper have better time performance than sequential lookup method. SAVI DHCPv6; source address validation; improved multi-bits Trie; improved hash with chaining |
| ISSN: | 1001-3695 |
| DOI: | 10.3969/j.issn.1001-3695.2017.01.036 |