Self-Protectable Secure Name Mapping System (S~2NMS)

摘要

In general network architectures, name mapping systems (NMS) are designed to map a host name to the corresponding locator and other related necessary information (RNI). However, NMS lacks security functions to protect itself from intrinsic security problems, such as impersonation attacks. The existing security mechanisms have their own limitations especially on scalability and may not be well suitable for NMS. To relieve these limitations, we intend to embed built-in security features in the architecture to enable the procedures in NMS to be proactively protected without involving trusted third parties (TTPs). For this purpose, we propose a self-protectable secure name mapping system (S~2NMS), which is mainly composed of secure registration, secure information exchange, secure resolution, mutual authentication, secure mapping update, and revocation. By the S~2NMS, hosts can register their information to the network securely, and then they can obtain secure information of destination hosts, authenticate identities each other, and securely update their RNIs without relying on TTP.%一般ネットワークアーキテクチャの重要な構成部で、ホストの名前からロケ一夕或いは別の関連情報にマッピングする機能が持っている名前マッピングシステムの様々な攻撃を防ぐため、我々は設計時にセキュリティをこのアーキテクチャに埋め込む自己保護安全的名前マッピングシステムS2NMSを提案する。S2NMSは主にセキュア登録と、セキュア情報交換、セキエア解決、相互認証、セキュアロケ一夕更新、廃止という六要素で構成し、名前マッピングシステムが頑丈に自己保護を可能にする。S2NMSにより、ホストは自分の情報をネットワークにセキエアに登録でき、通信先の真実情報を確認でき、そして、移動時に機器のロケ一夕を安全に更新できる。