HOME > 상세정보

상세정보

Distributed capability-based access control and SDN deployment of information-centric networking

Distributed capability-based access control and SDN deployment of information-centric networking

자료유형
학위논문
개인저자
차정환
서명 / 저자사항
Distributed capability-based access control and SDN deployment of information-centric networking / Jung-hwan Cha
발행사항
Seoul :   Graduate School, Korea University,   2017  
형태사항
xi, 93장 : 삽화, 도표 ; 26 cm
기타형태 저록
Distributed Capability-based Access Control and SDN Deployment of Information-Centric Networking   (DCOLL211009)000000076204  
학위논문주기
학위논문(박사)-- 고려대학교 대학원: 컴퓨터·전파통신공학과, 2017. 8
학과코드
0510   6YD36   331  
일반주기
지도교수: 민성기  
서지주기
참고문헌: 86-93
이용가능한 다른형태자료
PDF 파일로도 이용가능;   Requires PDF file reader(application/pdf)  
비통제주제어
Future Internet , Information Centric Networking (ICN) , Named Data Networking (NDN) , Software-Defined Networking (SDN),,
000 00000nam c2200205 c 4500
001 000045915414
005 20171012170716
007 ta
008 170626s2017 ulkad bmAC 000c eng
040 ▼a 211009 ▼c 211009 ▼d 211009
085 0 ▼a 0510 ▼2 KDCP
090 ▼a 0510 ▼b 6YD36 ▼c 331
100 1 ▼a 차정환
245 1 0 ▼a Distributed capability-based access control and SDN deployment of information-centric networking / ▼d Jung-hwan Cha
260 ▼a Seoul : ▼b Graduate School, Korea University, ▼c 2017
300 ▼a xi, 93장 : ▼b 삽화, 도표 ; ▼c 26 cm
500 ▼a 지도교수: 민성기
502 1 ▼a 학위논문(박사)-- ▼b 고려대학교 대학원: ▼c 컴퓨터·전파통신공학과, ▼d 2017. 8
504 ▼a 참고문헌: 86-93
530 ▼a PDF 파일로도 이용가능; ▼c Requires PDF file reader(application/pdf)
653 ▼a Future Internet ▼a Information Centric Networking (ICN) ▼a Named Data Networking (NDN) ▼a Software-Defined Networking (SDN)
776 0 ▼t Distributed Capability-based Access Control and SDN Deployment of Information-Centric Networking ▼w (DCOLL211009)000000076204
900 1 0 ▼a Cha, Jung-hwan, ▼e
900 1 0 ▼a Min, Sung-gi, ▼e 지도교수
900 1 0 ▼a 민성기, ▼e 지도교수
945 ▼a KLPA

전자정보

No. 원문명 서비스
1
Distributed capability-based access control and SDN deployment of information-centric networking (63회 열람)
PDF 초록 목차

소장정보

No. 소장처 청구기호 등록번호 도서상태 반납예정일 예약 서비스
No. 1 소장처 과학도서관/학위논문서고/ 청구기호 0510 6YD36 331 등록번호 123056935 도서상태 대출가능 반납예정일 예약 서비스 B M

컨텐츠정보

초록

The engineering principles and architecture of today’s IP-based network were designed in 1960’s and 1970’s based on host-centric communication model. It is unsuitable to meet the requirements of current content-oriented applications such as video streaming service and peer-to-peer application. 

Information-Centric Networking (ICN) has emerged as an alternative architecture to the traditional IP-based networking. In ICN, contents are treated as primitive elements of communication instead of location of the contents. It brings many advantages over traditional Internet to ICN in terms of content dispersion through the use of in-networking caching.

However, ICN is in the early stages of research and its principle and architecture is fundamentally different the legacy IP-based network. There are still numerous challenges to be addressed such as security concerns, deployment problem, naming, name-based routing, and mobility.

In this thesis, firstly, a distributed capability-based access control scheme is presented to address the access control issue of ICN. Enforcing access control policies in ICN is difficult as there can be multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. 

The distributed capability access control scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from a content requester. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contacting access control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. 

This thesis also explains a dual naming architecture for the deployment problem of Named Data Networking (NDN), the most notable ICN architecture. Currently, most NDN is deployed over IP networks, but such an overlay deployment increases the transport network overhead due to the use of dual network control planes (NDN and IP routing). Software-Defined Networking (SDN) can be used to mitigate the network overhead by forwarding NDN packets without the use of IP routing. 

To deploy NDN over SDN, a variable NDN content name needs to be mapped to a fixed-size match field in an OpenFlow switch flow table. The proposed architecture uses dual names for content forwarding: content name and Name Tag (NT). NT is derived from the content name and is a legitimate IPv6 address. By using NT, OpenFlow-based SDN can transport an IPv6 packet that encapsulates an NDN packet with an NDN routing without IP routing.

목차

Chapter 1 Introduction	1
1.1 Background	1
1.2 Problem Statement and Objective	2
1.2.1 Access Control in Information-Centric Networking	2
1.2.2 Named Data Networking Deployment over Software-Defined Networking	3
1.3 Approaches	4
1.3.1 Distributed Capability-based Access Control Scheme	4
1.3.2 Named Data Networking Deployment over Software-Defined Networking using Fixed Size Content Names	6
1.4 Organization of the thesis	7
Chapter 2 Related Works	8
2.1 Information-Centric Networking Protocols	8
2.1.1 Named Data Networking (NDN)	8
2.1.2 Data-Oriented Network Architecture (DONA)	12
2.1.3 Publish-Subscribe Internet Technologies (PURSUIT)	13
2.1.4 Content-Centric Inter -Network Architecture (CONET)	15
2.2 Access Control Scheme in ICN	17
2.3 ICN Deployment Scheme over SDN	18
2.3.1 Software Defined Networking (SDN)	19
2.3.2 OpenFlow Protocol	21
2.3.2.1 OpenFlow Tables	23
2.3.2.2 OpenFlow Channel and Protocol	28
2.3.3 ICN Deployment Schemes over SDN	31
Chapter 3 A Distributed Capability Access Control	33
Scheme in Information-Centric Networking	33
3.1 Introduction	33
3.2 A Distributed Capability Access Control Scheme	34
3.2.1 System Overview	34
3.2.2 Packet Structure	35
3.2.3 A Distributed Capability Access Control Scheme	37
3.2.4 The Distributed Capability	41
3.2.4.1 Internal Capability	41
3.2.4.2 External Capability	42
3.2.4.3 Verification Procedure	43
3.2.4.4 Revocation of Capabilities	45
3.2.5 Preserving Consumer Privacy	46
3.3. Security Evaluation	46
3.4. Performance Evaluation	50
3.4.1 Network Model	51
3.4.2 The Proposed Scheme, PURSUIT and CCNx Messages	52
3.4.3 Analytical Investigation	54
3.4.3.1 The Distributed Capability-based Access Control Scheme	54
3.4.3.2 PURSUIT	54
3.4.3.3 CCNx	55
3.4.3.4 Analytical and Numerical Results	56
3.4.4 Simulation Investigation	57
3.4.4.1 Simulation Environment	57
3.4.4.2 Authorization Delay	58
3.4.4.3 Authorization Delay for Cached Content	59
Chapter 4 Named Data Networking over a Software-Defined Network Using Fixed-Size Content Names	61
4.1 Introduction	61
4.2 Named Data Networking over a Software-Defined Network System Architecture	62
4.2.1 NDN Consumer	63
4.2.2 NDN Node	64
4.2.3 SDN Controller	65
4.2.4 OpenFlow Switch	66
4.3 Name Tag	66
4.3.1 Analytical Investigation of NameTag	69
4.4 System Operation	71
4.4.1 Interest Forwarding	71
4.4.2 Data Forwarding	75
4.5 Experimental Implementation	77
4.6 Discussion	82
Chapter 5 Conclusions	84
Bibliography	86

관련분야 신착자료