A proactive scheme for securing ID/locator split architecture

摘要

The ID/locator split-based approach has been widely recognized as a promising approach for the design of future networks. However, the existing ID/locator split architectures are still vulnerable to various attacks, such as impersonation attacks and man-in-the-middle attacks. They cannot be simply protected by the existing security mechanisms, which have the limitations especially on scalability. To solve these problems, we propose a proactive scheme for securing ID/locator split architecture, which embeds built-in security features to enable proactive protections of the architecture. Through this scheme, hosts register their information to the network securely, obtain trustworthy information of destination hosts, authenticate each other, and securely update their locators without requiring an involvement of a trusted third party (TTP). Compared to other existing security mechanisms, the proposed scheme does not require additional authentication mechanism and it can provide the thorough protections of the whole architecture.