计算机与现代化

• 信息安全 • 上一篇    下一篇

基于加密传输的标识解析模型研究

  

  1. (中国互联网络信息中心,北京100190)
  • 收稿日期:2019-07-16 出版日期:2020-04-22 发布日期:2020-04-24
  • 作者简介:左鹏(1985-),男,安徽池州人,工程师,硕士,研究方向:互联网基础资源,分布式系统,E-mail: zuopeng@cnnic.cn; 贺智谋(1985-),女,湖南郴州人,工程师,本科,研究方向:互联网基础资源,分布式系统; 通信作者:袁梦(1994-),男,北京人,助理工程师,硕士,研究方向:分布式系统,软件工程; 张海阔(1981-),男,河北唐山人,工程师,博士,研究方向:分布式系统,并行计算; 杨卫平(1978-),男,山东德州人,高级工程师,硕士,CCF会员,研究方向:DNS数据管理与解析技术。
  • 基金资助:
    国家自然科学基金资助项目(61303242)

Identifier Resolution Model Based on Encryption Transmission

  1. (China Internet Network Information Center, Beijing 100190, China)
  • Received:2019-07-16 Online:2020-04-22 Published:2020-04-24

摘要: 标识解析系统是互联网稳定运行和发展的基石,其隐私保护和数据安全问题日益引起关注。基于签名技术的DNSSEC和基于加密技术的DoT等机制解决了部分安全问题,但无法实现标识解析全流程的用户隐私保护。结合当前技术研究现状,提出一种新的基于加密传输的标识解析信任模型,建立信任链实现标识解析系统各节点的信任传递,通过全流程加密通信,保护标识解析过程中用户隐私和数据安全。首先简要介绍域名领域安全技术的研究现状,然后详细描述模型的整体架构、信任链模型和工作流程,最后通过5组实验,对模型在不同加密方法和传输协议下的时延、性能、安全性进行测试和分析,并结合现网DNS测试结果对模型的现实可行性进行验证。

关键词: 标识解析系统, 加密传输, 信任链, 隐私保护

Abstract: Identifier resolution system is the foundation for the stable operation and development of Internet. The privacy protection and data security issues of identifier resolution system draw significantly more attention. Technologies including DNSSEC based on digital signature and DoT based on encryption technology can solve the security problem partially, but cannot realize the user privacy protection of the whole process of identifier resolution. Based on the current status of technology research, a new identifier resolution trust model based on encryption transmission is proposed, and a trust chain is established to realize the trust transfer of each node in the identifier resolution system, and through the whole process of encryption communication, the user privacy and data security during identifier parsing are protected. Firstly, the research status of security technology in domain name area is introduced, then the whole structure, trust chain model and work flow of the proposed model are described, finally by five group experiments, the delay, performance and security of the model under different encryption methods and transfer protocols are tested and analyzed, and the feasibility of the model is verified by combining with the test results of live DNS.

Key words: identifier resolution system, encryption transmission, trust chain, privacy protection

中图分类号: