Design and Implementation of Security for HIMALIS Architecture of Future Networks

Ved P. KAFLE  Ruidong LI  Daisuke INOUE  Hiroaki HARAI  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E96-D   No.2   pp.226-237
Publication Date: 2013/02/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E96.D.226
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on The Internet Architectures, Protocols, and Applications for Diversified Futures)
Category: 
Keyword: 
ID/locator split architecture,  security,  new generation network,  future network,  

Full Text: PDF(2.1MB)>>
Buy this Article




Summary: 
For flexibility in supporting mobility and multihoming in edge networks and scalability of the backbone routing system, future Internet is expected to be based on the concept of ID/locator split. Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation (HIMALIS) has been designed as a generic future network architecture based on ID/locator split concept. It can natively support mobility, multihoming, scalable backbone routing and heterogeneous protocols in the network layer of the new generation network or future Internet. However, HIMALIS still lacks security functions to protect itself from various attacks during the procedures of storing, updating, and retrieving of ID/locator mappings, such as impersonation attacks. Therefore, in this paper, we address the issues of security functions design and implementation for the HIMALIS architecture. We present an integrated security scheme consisting of mapping registration and retrieval security, network access security, communication session security, and mobility security. Through the proposed scheme, the hostname to ID and locator mapping records can be securely stored and updated in two types of name registries, domain name registry and host name registry. Meanwhile, the mapping records retrieved securely from these registries are utilized for securing the network access process, communication sessions, and mobility management functions. The proposed scheme provides comprehensive protection of both control and data packets as well as the network infrastructure through an effective combination of asymmetric and symmetric cryptographic functions.