
发布时间:2017-06-16 作者:毛玉欣,郝振武,江家仁

[摘要] 提出了一种基于身份和位置分离思想的网络架构,确保用户身份标识的真实可信,并在结构上将用户和核心网络隔离,屏蔽用户侧攻击,提升了网络的安全性能。认为基于身份标识的网络安全管理应用可以提高网络的攻击源识别能力和溯源效率,实现主动防御;同时,这种虚拟身份和可信身份的绑定,既能丰富互联网应用,又有助于实现网络信息的分级保护,净化网络环境。

[关键词] 可信身份网络;身份标识;位置标识;网络安全

[Abstract] A network architecture based on separation of location and identity is proposed in this paper. Under the architecture, user identity is trusted, isolation between user side and core network side is achieved. Thus, network attack from user side is avoided, the security performance is promoted. Additionally, security management applications based on the architecture can both improve the capability of attack source identification and boost the efficiency of source tracing. Meanwhile, it can not only enrich internet applications, but also realize the hierarchical protection of network information to clean network environment.

[Keywords] trusted identity network; access identifier; router identifier; network security

下载阅览: PDF