Design and Implementation of a Central-Controllable and Secure Multicast System Based on Universal Identifier Network

Jianfeng Guan, Xuan Liu, Su Yao, Zhongbai Jiang
2018 Sensors  
With the rapid increase of network users and services, the breadth and depth of Internet have greatly changed. The mismatch between current network requirements and original network architecture design has spurred the evolution or revolution of Internet to remedy this gap. Lots of research projects on future network architecture have been launched, in which Universal Identifier Network (UIN) architecture that is based on the identifier/location separation, access/core separation and
more » ... arding separation can provide better mobility, security and reliability. On the other hand, the demand of group communication has increased due to the fine-grained network services and successive booming of new applications such as IoT (Internet of Things). Most of current multicast schemes are based on the open group model with open group membership (multicast only care the multicast group state, not the group member) and open access to send/receive multicast data, which are beneficial to multicast routing for its simplification. However, the open group membership makes the group member management difficult to be realized, and open access may result in lots of security vulnerabilities such as Denial of service (DoS), eavesdropping and masquerading, which make deployment more difficult. Therefore, in this paper we propose a Central-Controllable and Secure Multicast (CCSM) system based on the UIN architecture, and redesign the multicast service procedures including registration, join/leave, multicast routing construction and update with objective to achieve better mobility support, security, scalability and controllable. More specifically, we design a new group management scheme to perform the multicast members join/leave with authentication and a central-controllable multicast routing scheme to provide a secure way to set up multicast entries on routers. The CCSM inherits the characteristics of UIN in terms of mobility and security, and it can provide the centralized multicast routing computation and distributes the multicast routing into forwarders. We compare CCSM with Protocol Independent Multicast-Sparse Mode (PIM-SM), and the results show that CCSM reduces the multicast join delay, and performs better than PIM-SM in term of reconstruction cost under low multicast density. Sensors 2018, 18, 2135 2 of 22 unprecedented challenges such as poor security, low mobility, and high energy consumption [4] . Besides, the original Internet is designed for a trusted environment with a small number of hosts which are usually from specific organizations and departments. While after 50 years development, with booming of various network technologies, the connotation and denotation of Internet are in the evolution. More specifically, the Internet terminals have shifted from traditional personal computer, notebook, tablet computer and smart-phone to more general things such as various IoT devices, and the Internet services have extended from text-based applications such as web and email to rich media such as live video even Virtual Reality (VR). At the same time, the demand of IP address is also increased greatly which speeds up the transition from IPv4 to IPv6. These shifts are spurring the evolution and the revolution of Internet architecture in terms of mobility, security and scalable. Therefore, lots of future Internet design schemes were proposed in the past several years aiming to alleviate these challenges. The most recent research has shown that the root causes of current Internet problems are so-called triple bindings, which are resource/location binding, user/network binding and control/data binding [5] . As an representative evolution scheme, Software Defined Network (SDN)/Network Function Virtualization (NFV) is designed to separate the control and forwarding, and decouple the hardware and software, which has been considered as a key technology in 5G core network to provide the programmability [6]. SDN/NFV adopts the softwarization idea to set up network in a software way which is beneficial to network setup, operation, upgrade and management. On the other hand, the revolution schemes such as Information Centric Network (ICN) [7] suggest that Internet should been replaced by clean-state network architecture that takes the information or content as the basic element of network replacing the IP address. ICN aims to decouple the mapping between resource and location, and it introduces the in-network cache to improve the network performance. Different to SDN and ICN, Universal Identifier Network (UIN) [8-10] divides the network protocol stack into pervasive service layer and infrastructure layer, and introduces four identifiers and three mapping mechanisms to decouple the triple bindings. The pervasive service layer consists of virtual service and virtual connection, and it is responsible for session, control and management operations of various services. The virtual service introduces the Service IDentifier (SID) to describe and present various service, and virtual connection provides the various connections identified by Connection IDentifier (CID) for services through the mapping between SID and CID. Based on the SID-CID mapping, UIN decouples the resource/location binding. The infrastructure layer divides the networks into virtual access and virtual backbone. The virtual access is noted as access network, which is designed to handle massive accessing of isomeric users, and adopts the Accessing IDentifier (AID) to identity the various terminals. The virtual backbone is noted as core network, which consists of various network devices and adopts the Routing IDentifier (RID) for routing and data forwarding. Based on this access and core separation mechanism, UIN decouples the user/network binding, and introduces control plane and forwarding plane to decouple the control/data binding. UIN is a promising schemes which has been evolved into Smart Identifier Network (SINET) [11, 12] and applied in multiple domains such as vehicular communication [13] [14] [15] , satellite-terrestrial networks [16] , wireless sensor networks [17] and smart grid [18] . Figure 1 shows the basic network architecture of UIN. As for infrastructure layer, it is composed by three planes including control plane, forwarding plane and user plane. The control plane consists of various control functions, and the basic UIN architecture mainly contains the Authentication Centre (AC) and IDentifier Mapping System (IDMS). AC is responsible for authenticating the attaching users, and IDMS is in charge of the mapping between AID and RID. The forwarding plane consists of access network and core network. The router in core network is called Core Router (CR) and adopts RID as the identifier, while the router in access network is called as Access Router (AR) and uses AID as the identifier. Therefore, there are two addressing spaces in UIN. The user plane consists of various user devices which attach to different access networks. Each device connected to access network will be assigned an AID, and performs the authentication procedure with AC at first. After that, IDMS will multicast member, AR, ASR and CR. Once packets traverses the boundary between access network and core network, ASR will perform the mappings of AID-RID and MSI-MGI.
doi:10.3390/s18072135 pmid:29970824 pmcid:PMC6069298 fatcat:apy5saumarf4fp4trvjnwr7ira