基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案

况鹏; 刘莹; 何林; 任罡

doi:10.11959/j.issn.1000-0801.2019289

您当前的位置：

首页 >

文章列表页 >

基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案

专题：IPv6技术与应用 | 更新时间：2024-06-05

- 基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案
- IEEE 802.1x-based user identity-embedded IPv6 address generation scheme
- 电信科学 2019年35卷第12期页码：15-23
- 作者机构：
- 作者简介：
  
  [ "况鹏（1995- ），男，清华大学网络科学与网络空间研究院硕士生，主要研究方向为可编程网络和下一代互联网结构" ]
  [ "刘莹（1973- ），女，清华大学网络科学与网络空间研究院副研究员，主要研究方向为网络结构设计、下一代互联网结构、路由算法和协议" ]
  [ "何林（1991- ），男，清华大学网络科学与网络空间研究院博士后，主要研究方向为网络结构和协议设计" ]
  [ "任罡（1979- ），男，清华大学网络科学与网络空间研究院副研究员，主要研究方向为网络结构设计、下一代互联网结构和网络安全" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61772307);国家自然科学基金资助项目;The National Natural Science Foundation of China(61402257);国家重点研发计划基金资助项目;The National Key Research and Development Program of China(2018YFB1800405);国家重点研发计划基金资助项目;The National Key Research and Development Program of China(2018YFB1800404);国家重点研发计划基金资助项目;The National Key Research and Development Program of China(2017YFB0801701)
- DOI：10.11959/j.issn.1000-0801.2019289
  中图分类号： TP393
- 网络出版日期：2019-12，
  
  纸质出版日期：2019-12-20
- 稿件说明：
移动端阅览
况鹏, 刘莹, 何林, 等. 基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案[J]. 电信科学, 2019,35(12):15-23.

Peng KUANG, Ying LIU, Lin HE, et al. IEEE 802.1x-based user identity-embedded IPv6 address generation scheme[J]. Telecommunications science, 2019, 35(12): 15-23.
况鹏, 刘莹, 何林, 等. 基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案[J]. 电信科学, 2019,35(12):15-23. DOI： 10.11959/j.issn.1000-0801.2019289.

Peng KUANG, Ying LIU, Lin HE, et al. IEEE 802.1x-based user identity-embedded IPv6 address generation scheme[J]. Telecommunications science, 2019, 35(12): 15-23. DOI： 10.11959/j.issn.1000-0801.2019289.

摘要

将可扩展的用户身份标识嵌入IPv6地址中，不仅为追溯用户身份和精细管控用户行为提供可能，而且有利于提高互联网的安全性、可审计性和可信性。目前提出的嵌入用户身份标识的IPv6地址生成方案存在DHCPv6 客户端开发复杂或临时地址租约难以管理等问题，均不易于实际部署。考虑到身份认证与地址分配之间的时序逻辑，提出一种基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案，通过在二层进行用户身份认证，随后进行IPv6地址分配，解耦了身份认证与地址分配过程，避免了为各操作系统开发新的扩展DHCPv6客户端以及为DHCPv6服务器维护临时地址租约等限制，更加具备可部署性。

Abstract

Embedding extensible user identities into IPv6 addresses not only provides the possibility of tracing the user identity and finely controlling the user behavior

but also helps to improve the security

auditability and credibility of the Internet.Current schemes that embed user identity within IPv6 address are hard to deploy in practice due to the complexity of DHCPv6 client development or the complicated management of temporary address.Considering the sequential logic between identity authentication and address allocation

a IEEE 802.1x-based user identity-embedded IPv6 address generation scheme was proposed.By conducting identity authentication using layer-2 mechanisms and then assigning IPv6 addresses

this scheme decoupled the process of identity authentication and address allocation

and avoided the limitation of developing new extended DHCPv6 clients for each operating system and maintaining temporary address leases on DHCPv6 servers

which was more deployable.

关键词

Keywords

references

叶水勇 . 基于网络接入认证对终端设备的管控研究 [J ] . 电力信息与通信技术 , 2018 , 16 ( 5 ): 41 - 46 .

YE S Y . Research on management and control of terminal equipment based on network access authentication [J ] . Electric Power Information and Communication Technology , 2018 , 16 ( 5 ): 41 - 46 .

WU J , BI J , LI X , et al . A source address validation architecture (sava) testbed and deployment experience [R ] . 2008 .

WU J , BI J , BAGNULO M , et al . Source address validation improvement (SAVI) framework [R ] . 2013 .

ANDERSEN D G , BALAKRISHNAN H , FEAMSTER N , et al . Accountable internet protocol (AIP) [C ] // ACM SIGCOMM 2008 Conference on Data Communication,August 17-22,2008,Seattle,WA,USA . New York:ACM Press , 2008 : 339 - 350 .

NAYLOR D , MUKERJEE M K , STEENKISTE P . Balancing accountability and privacy in the network [J ] . ACM SIGCOMM Computer Communication Review , 2014 , 44 ( 4 ): 75 - 86 .

LEE T , PAPPAS C , BARRERA D , et al . Source accountability with domain-brokered privacy [C ] // The 12th International on Conference on emerging Networking Experiments and Technologies,December 12-15,2016,Irvine,California,USA . New York:ACM Press , 2016 : 345 - 358 .

LIU Y , REN G , WU J P , et al . Building an IPv6 address generation and traceback system with NIDTGA in address driven network [J ] . Science China Information Sciences , 2015 , 58 ( 12 ): 1 - 14 .

LIU Y , REN G , WU J , et al . Building an IPv6 address generation and traceback system with NIDTGA in address driven network [J ] . Science China Information Sciences , 2015 , 58 ( 12 ): 1 - 14 .

李智涛 , 刘莹 , 任罡 . IPv6地址生成系统基于Web portal的无客户端迁移方案 [J ] . 东南大学学报(自然科学版) , 2017 ( S1 ): 80 - 85 .

LI Z T , LIU Y , REN G . Non-client migration scheme for IPv6 address generation system based on Web portal [J ] . Journal of Southeast University(Natural Science Edition) , 2017 ( S1 ): 80 - 85 .

李晓伟 , 杨邓奇 , 陈本辉 , 等 . 基于生物特征和口令的双因子认证与密钥协商协议 [J ] . 通信学报 , 2017 , 38 ( 7 ): 89 - 95 .

LI X W , YANG D Q , CHEN B H , et al . Two-factor authenticated key agreement protocol based on biometric feature and password [J ] . Journal on Communications , 2017 , 38 ( 7 ): 89 - 95 .

DROMS R , BOUND J , VOLZ B , et al . Dynamic host configuration protocol for IPv6 (DHCPv6) [R ] . 2003 .

THOMSON S , NARTEN T , JINMEI T . IPv6 stateless address autoconfiguration [R ] . 2007 .

HALWASIA G , BHANDARI S , DEC W . Client link-layer address option in DHCPv6 [R ] . 2013 .

浏览量

393

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据