Research On Optimization Of Trusted Access And Multipath Transmission In The Integration Network

With the development of various access methods and network types,the integration network has gradually become the main mode of the network environment that users are now facing.However,the increasingly serious cybersecurity issues bring a variety of challenges to the integration network.Since the current Internet architecture does not verify the source address of the packet,the source address is easily forged by an attacker.This problem brings a series of challenges to the integration network.Source address verification technologies solve the problem of the forging source addresses,and provides a trusted network environment.However,for a long period of time in the future,there are still many untrusted scenarios in the current network.In face of new demands and new scenarios brought about by the integration network,current source address verification technologies still have certain limitations.Therefore,in view of this background,this thesis mainly studies the trusted access and multi-path transmission optimization in the integration network.The specific contents are as follows:First of all,this thesis starts from the trusted network environment,and solves the problem of identity access and accountability,which enhances the conditions of "identity trust and accountability" for the trusted network.This thesis proposes a trusted access and accountability mechanism(CAIP)based on 802.1X and SAVI.CAIP analyzes and solves the problems and challenges when authentication methods and SAVI's trusted address assignment work cooperately,and implements an efficient and transparent authentication and accountability solution.Compared with previous studies,CAIP has higher adaptability and scalability to terminals and networks,which also has better performance.Finally,by analyzing the security,privacy and mobility of CAIP,we can prove that CAIP can realize trusted access and transparent mobility for users.Secondly,this thesis extends the security measures from trusted networks to the integration network,and uses the trusted network to protect the entire integration network,which enhances the security of the overall network.This security optimization mechanism(TMPTCP)effectively utilizes the protection of the trusted network infrastructure to the source address,which extends the communication interface of the network layer and the transport layer.So that the transport layer can obtain the trusted address information from the network layer.Thereby it enhances the source addresses' security in untrusted networks.Compared with the traditional encryption or authentication methods,TMPTCP can save the loss of system performance and network bandwidth caused by unnecessary encrypted transmission.It can also transfer vulnerable packets on the converged network to the trusted network for transmission,which enhances the security of the entire integration network.Finally,through the experiment and verification of the prototype in the integrated experimental platform system,this thesis verifies the effectiveness,efficiency and scalability of the proposed mechanism.The integrated experimental platform covers the wireless network architecture(trusted network,Thin AP with AC),Fat AP network,SDR network and mobile communication network.In addition,we also collected the network log data of real and large-scale wireless network environment,and used these data to theoretically simulate and analyze the performance of our experimental mechanism.This thesis proves that CAIP and TMPTCP can work normally,and have lower communication delay and energy consumption than previous studies.