基于XMPP的端到端连接建立机制的研究与实现
|
摘要
端到端通信是互联网络进行数据传输的重要通信模式。随着互联网的飞速发展,在网络边缘部署的大量中间盒设备和各种新型应用给传统的端到端通信带来了连通性、安全性等方面的问题。此外,多样的通信媒介、通信手段也给端到端通信提出了新的挑战。因此,研究适应网络发展的端到端通信机制,优化其性能是当前的一个重要课题,有着重要的现实意义。
本文从分析端到端通信当前面临的问题入手,详细分析了国内外的相关研究方案,并在深入研究名字路由技术、多跳连接建立技术以及DHT相关算法的基础上,提出了基于XMPP的端到端连接建立机制。该机制提高了端到端通信性能,并在一定程度上增强了系统安全性。
首先,本文提出了基于S-Pastry的系统部署方案,克服了现有方案中基于DNS架构面临的处理延时大、系统安全及健壮性较差等问题,通过对实验结果的对比分析证明,改进的系统不论在静态网络还是动态网络环境下较Pastry在路由性能与维护开销方面都具有较好的表现。接着通过采用基于XMPP的名字路由与地址路由相结合的方式,分别建立了信令通道与数据通道,经实验证明该方法能够实现数据的高效传输。然后,基于Hassan向量信任分布计算模型结合XMPP安全机制增强系统安全认证,提高了系统的安全性。最后,本文提出基于XMPP的端到端连接建立模型,该模型由端到端通信模块和安全认证模块、路由定位模块组成,并通过实验验证了该模型的有效性。
本文的上述工作对解决端到端通信当前面临的问题具有重要的参考价值,为端到端通信研究提供了理论和数据支撑。
The End-to-End communication is the important communication mode of the information transfer of Internet. With the rapid development of Internet technology, numbers of middle boxes widely deployed on the edge of network and new application have made the End-to-End communications difficult in connection and security. Furthermore, as various instruments appearing, End-to-End communications are facing with new challenges. Accordingly, research and improvement on an End-to-End approach to adapt the change of the network is an important subject, it has the value of practicality.
This paper begins with analyse the problem of the End-to-End communication, it analyse the correlative project that have been suggested detailedly, and then it studies the technology of Name-routed Signaling, the technology of the multi-hop connection establishment and the technology of DHT. Based on these, we suggest an End-to-End approach to connection establishment based on XMPP. This approach could enhance the ability of the End-to-End communication and improve the security of the system.
Firstly, this paper suggets a P2P system based on pastry, it could solve the problem aboat long latency and poor security. By comparing, we could find that under either static network or dynamic network the S-Pastry system would better than Pastry system on maintenance cost and orientation. And then we suggests uniting IP-routed Signaling and Name-routed Signaling based on XMPP, and establishing the Command connection and the Data connection separately, by experimenting we find that this solution could enhance the ability of information transfer. And then, bases on the Hassan vector model, we suggest uniting the security mechanism of XMPP to improve the security of the system. At last, we suggest an End-to-End approach to connection establishment based on XMPP model which is composed by End-to-End communication module, security authentication module and routing module. By experimenting we find that this solution is useful, it makes progress in efficiency of information transfer.
What we have done is useful for the problem of establishing an End-to-End connection, it could provide the theory and database for the further work.
本文从分析端到端通信当前面临的问题入手,详细分析了国内外的相关研究方案,并在深入研究名字路由技术、多跳连接建立技术以及DHT相关算法的基础上,提出了基于XMPP的端到端连接建立机制。该机制提高了端到端通信性能,并在一定程度上增强了系统安全性。
首先,本文提出了基于S-Pastry的系统部署方案,克服了现有方案中基于DNS架构面临的处理延时大、系统安全及健壮性较差等问题,通过对实验结果的对比分析证明,改进的系统不论在静态网络还是动态网络环境下较Pastry在路由性能与维护开销方面都具有较好的表现。接着通过采用基于XMPP的名字路由与地址路由相结合的方式,分别建立了信令通道与数据通道,经实验证明该方法能够实现数据的高效传输。然后,基于Hassan向量信任分布计算模型结合XMPP安全机制增强系统安全认证,提高了系统的安全性。最后,本文提出基于XMPP的端到端连接建立模型,该模型由端到端通信模块和安全认证模块、路由定位模块组成,并通过实验验证了该模型的有效性。
本文的上述工作对解决端到端通信当前面临的问题具有重要的参考价值,为端到端通信研究提供了理论和数据支撑。
The End-to-End communication is the important communication mode of the information transfer of Internet. With the rapid development of Internet technology, numbers of middle boxes widely deployed on the edge of network and new application have made the End-to-End communications difficult in connection and security. Furthermore, as various instruments appearing, End-to-End communications are facing with new challenges. Accordingly, research and improvement on an End-to-End approach to adapt the change of the network is an important subject, it has the value of practicality.
This paper begins with analyse the problem of the End-to-End communication, it analyse the correlative project that have been suggested detailedly, and then it studies the technology of Name-routed Signaling, the technology of the multi-hop connection establishment and the technology of DHT. Based on these, we suggest an End-to-End approach to connection establishment based on XMPP. This approach could enhance the ability of the End-to-End communication and improve the security of the system.
Firstly, this paper suggets a P2P system based on pastry, it could solve the problem aboat long latency and poor security. By comparing, we could find that under either static network or dynamic network the S-Pastry system would better than Pastry system on maintenance cost and orientation. And then we suggests uniting IP-routed Signaling and Name-routed Signaling based on XMPP, and establishing the Command connection and the Data connection separately, by experimenting we find that this solution could enhance the ability of information transfer. And then, bases on the Hassan vector model, we suggest uniting the security mechanism of XMPP to improve the security of the system. At last, we suggest an End-to-End approach to connection establishment based on XMPP model which is composed by End-to-End communication module, security authentication module and routing module. By experimenting we find that this solution is useful, it makes progress in efficiency of information transfer.
What we have done is useful for the problem of establishing an End-to-End connection, it could provide the theory and database for the further work.
引文
[1] Antonio Vilei, Gabriella Convertino, Fabrizio Crudo. A new UPnP architecture for distributed video. Proceedings of the 5th international conference. New York:ACM, 2006:2~3.
[2] J. Rosenberg, J. Weinberger, C. Huitema, R. Mahy. STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs). http: //www. faqs. org /rfcs/rfc3489.txt.
[3] J. Rosenberg, J. Weinberger, R. Mahy, C. Huitema. Traversal Using Relay NAT (TURN). http: //www.jdrosen.net/midcom_turn.html.
[4] P. Srisuresh, J. Kuthan, J. Rosenberg, A. Molitor, A. Rayhan. Middlebox communication architecture and framework. http://www.faqs.org/rfcs/rfc 3303.txt.
[5] M. Holdrege, P. Srisuresh. Protocol Complications with the IP Network Address Translator. http: //www. faqs. org /rfcs/rfc3027.txt.
[6] Saikat Guha, Paul Francis. Simple traversal of UDP through NATs and TCP too (STUNT). http://nutss.gforge.cis.cornell.edu/.
[7] BIGGADIKE, A., FERULLO, D., WILSON, G., PERRIG, A. NAT BLASTER: Establishing TCP connections between hosts behind NATs. In Proceedings of ACM SIGCOMM ASIA Workshop. China:Beijing.
[8] Jason Thomas, Andrew Mickish, Susheel Daswani. Push Proxy Gateway. http: //en.wikipedia.org /wiki/push_proxy_gateway.
[9] M. Gritter, D. Cheriton. An Architecture for Content Routing Support in the Internet . In Proceedings of the USITS '01. CA:San Francisco, 2001:189~191.
[10] FRANCIS, P., GUMMADI, R. IPNL: A NAT-extended internet architecture. In Proceedings of the SIGCOMM '01. CA: San Diego, 2001:321~323.
[11] Ford B. Unmanaged internet protocol: Taming the edge network management crisis . In Proceedings Of the ACM Hotnets Workshop 2003. 2003:93~98.
[12] STOICA, I., ADKINS, D., ZHUANG, S., SHENKER, S., SURANA, S. Internet Indirection Infrastructure. In Proceedings of the SIGCOMM '02. PA :Pittsburgh, 2002:422~425.
[13] Saikat Guha, Yutaka Takeday, Paul Francis. NUTSS: A SIP-based approach to UDP and TCP Network Connectivity. In SIGCOMM 2004 Workshops. New York:ACM, 2004:43~48.
[14] S. Guha, P. Francis. An End-Middle-End Approach to Connection Establishment. ACM SIGCOMM Computer Communication Review, 2007, 37(4):193~204.
[15] KOPONEN, T., CHAWLA, M., CHUN, B.-G., ERMOLINSKIY, A., KIM, K. H., SHENKER, S., STOICA, I. A Data-Oriented (and Beyond) Network Architecture. In Proceedings of SIGCOMM'07. Japan:ACM, 2007:156~159.
[16] CLARKD, BRADEN R, FALKA, et al. FARA: Reorganizing the Addressing Architecture. http: //www. isi. edu /newarch.
[17] Raj Jain. Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next Generation. Military Communications Conference. Washington, DC:ACM, 2006:116~125.
[18] P. Saint-Andre, Ed. Extensible Messaging and Presence Protocol (XMPP): Core. http://www. faqs. org /rfcs/rfc3920.txt.
[19] P. Saint-Andre, Ed. Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence. http://www.faqs.org/rfcs/rfc3921.txt.
[20] P. Saint-Andre. Mapping the Extensible Messaging and Presence Protocol (XMPP) to Common Presence and Instant Messaging (CPIM). http: //www. faqs. org /rfcs/rfc3922.txt.
[21] P. Saint-Andre. End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP). http: //www. faqs. org /rfcs /rfc3923.txt.
[22] Google. Google Talk for Developers. http://code.google.com/apis/talk /libjingle/.
[23] Hassan Jameel, Le Xuan Hung, Umar Kalim, et, al.A Trust Model for Ubiquitous Systems based on Vectors of Trust Values. Proceedings of the Seventh IEEE International Symposium on Multimedia (ISM'2005). USA:IEEE Computer Society, 2005:674~679.
[24] Rossana Motta, Wickus Nienaber, Jon Jenkins. Gnutella:integrating performance and security in fully decentralized P2P models. Proceedings of the 46th Amnual Southeast Regional Conference. New York:ACM, 2008:272~277.
[25] Nathaniol S.Good, Aaron Krekelberg. Usability and privacy:A study of Kazaa P2P file-sharing. Proceedings of the SIGCHI conference. NewYork:ACM, 2003: 137~144.
[26] Stoica I., Morris R., Karger D. R., et al. Chord: A scalable peer-to-peer lookup service for Internet applications. IEEE/ACM Trans Networking, 2003, 11(1): 17~32.
[27] Ratnasamy S., Francis P., Handley M., et al. A scalable content addressable network . In SIGCOMM 2001. San Diego: ACM Press, 2001: 161~172.
[28] Rowstron A., Druschel. Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems. IFIP/ACM International Conference on Distributed Systems Platforms (Middleware). Germany:Heidelberg, 2001:329~350.
[29] Moskowitz R, Nikander P. Host Identity Protocol (HIP) Architecture. http: //www. faqs. org /rfcs/rfc4423.txt.
[30] Ahlgren B, Arkko J, Eggert L, Rajahalme J. A Node Identity Internetworking Architecture. In IEEE Global Internet Symposium. Spain:Barcelona, 2006: 423~426.
[31] Caesar M, Condie T, Kannan J, et al. ROFL: Routing on Flat Labels. In: Proc. of the ACM SIGCOMM Conf. Italy: ACM, 2006:363~374.
[32] Nordmark E, Bagnulo M. Shim6: Level 3 Multihoming Shim Protocol for IPv6. Internet Draft, Feb. 2008, draft-ietf-shim6-proto-10.txt. http:// tools.ietf.org/ id/ draft-ietf-shim6-proto.
[33] Vogt C. Six/One router: a scalable and backwards compatible solution for provider-independent addressing. Proceedings of the 3rd international workshop. NewYork:ACM, 2008:13~18.
[34] Meyer D. The Locator Identity Separation Protocol (LISP). The Internet Protocol Journal, 2008, 11(1): 23~36.
[35]林闯,雷蕾.下一代互联网体系结构研究.计算机学报,2007, 30(5):45~47.
[36]昝风彪,徐明伟,吴建平.主机标识协议(HIP)研究综述.小型微型计算机系统,2007, 28(2):36~39.
[37] Mark Gritter, David Cheriton. Name-based Routing Protocol Specification. Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems. CA:Berkeley, 2006:2~3.
[38] David R. Cheriton, Chetan Rai. Wide-area Relay Addressing Protocol (WRAP): Packet Delivery in TRIAD. Stanford networking seminar. CA:Berkeley, 1999: 56~59.
[39]龚正虎,黄剑,侯婕.基于XMPP的多跳TCP连接通信方案研究.北京工业大学学报,2008,34(Supp):32~35.
[40] Saroiu S, Gummadi P K, Gribble S D. A measurement study of peer to peer file sharing systems. Proceedings of the 2002 Multimedia Computing and Networking. USA: The International Society for Optical Engineering, 2002:156~170.
[41] Ying C, Shi ML. QoS routing in ad-hoc network. Chinese Journal of Computers, 2001, 24(10): 1026~1033.
[2] J. Rosenberg, J. Weinberger, C. Huitema, R. Mahy. STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs). http: //www. faqs. org /rfcs/rfc3489.txt.
[3] J. Rosenberg, J. Weinberger, R. Mahy, C. Huitema. Traversal Using Relay NAT (TURN). http: //www.jdrosen.net/midcom_turn.html.
[4] P. Srisuresh, J. Kuthan, J. Rosenberg, A. Molitor, A. Rayhan. Middlebox communication architecture and framework. http://www.faqs.org/rfcs/rfc 3303.txt.
[5] M. Holdrege, P. Srisuresh. Protocol Complications with the IP Network Address Translator. http: //www. faqs. org /rfcs/rfc3027.txt.
[6] Saikat Guha, Paul Francis. Simple traversal of UDP through NATs and TCP too (STUNT). http://nutss.gforge.cis.cornell.edu/.
[7] BIGGADIKE, A., FERULLO, D., WILSON, G., PERRIG, A. NAT BLASTER: Establishing TCP connections between hosts behind NATs. In Proceedings of ACM SIGCOMM ASIA Workshop. China:Beijing.
[8] Jason Thomas, Andrew Mickish, Susheel Daswani. Push Proxy Gateway. http: //en.wikipedia.org /wiki/push_proxy_gateway.
[9] M. Gritter, D. Cheriton. An Architecture for Content Routing Support in the Internet . In Proceedings of the USITS '01. CA:San Francisco, 2001:189~191.
[10] FRANCIS, P., GUMMADI, R. IPNL: A NAT-extended internet architecture. In Proceedings of the SIGCOMM '01. CA: San Diego, 2001:321~323.
[11] Ford B. Unmanaged internet protocol: Taming the edge network management crisis . In Proceedings Of the ACM Hotnets Workshop 2003. 2003:93~98.
[12] STOICA, I., ADKINS, D., ZHUANG, S., SHENKER, S., SURANA, S. Internet Indirection Infrastructure. In Proceedings of the SIGCOMM '02. PA :Pittsburgh, 2002:422~425.
[13] Saikat Guha, Yutaka Takeday, Paul Francis. NUTSS: A SIP-based approach to UDP and TCP Network Connectivity. In SIGCOMM 2004 Workshops. New York:ACM, 2004:43~48.
[14] S. Guha, P. Francis. An End-Middle-End Approach to Connection Establishment. ACM SIGCOMM Computer Communication Review, 2007, 37(4):193~204.
[15] KOPONEN, T., CHAWLA, M., CHUN, B.-G., ERMOLINSKIY, A., KIM, K. H., SHENKER, S., STOICA, I. A Data-Oriented (and Beyond) Network Architecture. In Proceedings of SIGCOMM'07. Japan:ACM, 2007:156~159.
[16] CLARKD, BRADEN R, FALKA, et al. FARA: Reorganizing the Addressing Architecture. http: //www. isi. edu /newarch.
[17] Raj Jain. Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next Generation. Military Communications Conference. Washington, DC:ACM, 2006:116~125.
[18] P. Saint-Andre, Ed. Extensible Messaging and Presence Protocol (XMPP): Core. http://www. faqs. org /rfcs/rfc3920.txt.
[19] P. Saint-Andre, Ed. Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence. http://www.faqs.org/rfcs/rfc3921.txt.
[20] P. Saint-Andre. Mapping the Extensible Messaging and Presence Protocol (XMPP) to Common Presence and Instant Messaging (CPIM). http: //www. faqs. org /rfcs/rfc3922.txt.
[21] P. Saint-Andre. End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP). http: //www. faqs. org /rfcs /rfc3923.txt.
[22] Google. Google Talk for Developers. http://code.google.com/apis/talk /libjingle/.
[23] Hassan Jameel, Le Xuan Hung, Umar Kalim, et, al.A Trust Model for Ubiquitous Systems based on Vectors of Trust Values. Proceedings of the Seventh IEEE International Symposium on Multimedia (ISM'2005). USA:IEEE Computer Society, 2005:674~679.
[24] Rossana Motta, Wickus Nienaber, Jon Jenkins. Gnutella:integrating performance and security in fully decentralized P2P models. Proceedings of the 46th Amnual Southeast Regional Conference. New York:ACM, 2008:272~277.
[25] Nathaniol S.Good, Aaron Krekelberg. Usability and privacy:A study of Kazaa P2P file-sharing. Proceedings of the SIGCHI conference. NewYork:ACM, 2003: 137~144.
[26] Stoica I., Morris R., Karger D. R., et al. Chord: A scalable peer-to-peer lookup service for Internet applications. IEEE/ACM Trans Networking, 2003, 11(1): 17~32.
[27] Ratnasamy S., Francis P., Handley M., et al. A scalable content addressable network . In SIGCOMM 2001. San Diego: ACM Press, 2001: 161~172.
[28] Rowstron A., Druschel. Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems. IFIP/ACM International Conference on Distributed Systems Platforms (Middleware). Germany:Heidelberg, 2001:329~350.
[29] Moskowitz R, Nikander P. Host Identity Protocol (HIP) Architecture. http: //www. faqs. org /rfcs/rfc4423.txt.
[30] Ahlgren B, Arkko J, Eggert L, Rajahalme J. A Node Identity Internetworking Architecture. In IEEE Global Internet Symposium. Spain:Barcelona, 2006: 423~426.
[31] Caesar M, Condie T, Kannan J, et al. ROFL: Routing on Flat Labels. In: Proc. of the ACM SIGCOMM Conf. Italy: ACM, 2006:363~374.
[32] Nordmark E, Bagnulo M. Shim6: Level 3 Multihoming Shim Protocol for IPv6. Internet Draft, Feb. 2008, draft-ietf-shim6-proto-10.txt. http:// tools.ietf.org/ id/ draft-ietf-shim6-proto.
[33] Vogt C. Six/One router: a scalable and backwards compatible solution for provider-independent addressing. Proceedings of the 3rd international workshop. NewYork:ACM, 2008:13~18.
[34] Meyer D. The Locator Identity Separation Protocol (LISP). The Internet Protocol Journal, 2008, 11(1): 23~36.
[35]林闯,雷蕾.下一代互联网体系结构研究.计算机学报,2007, 30(5):45~47.
[36]昝风彪,徐明伟,吴建平.主机标识协议(HIP)研究综述.小型微型计算机系统,2007, 28(2):36~39.
[37] Mark Gritter, David Cheriton. Name-based Routing Protocol Specification. Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems. CA:Berkeley, 2006:2~3.
[38] David R. Cheriton, Chetan Rai. Wide-area Relay Addressing Protocol (WRAP): Packet Delivery in TRIAD. Stanford networking seminar. CA:Berkeley, 1999: 56~59.
[39]龚正虎,黄剑,侯婕.基于XMPP的多跳TCP连接通信方案研究.北京工业大学学报,2008,34(Supp):32~35.
[40] Saroiu S, Gummadi P K, Gribble S D. A measurement study of peer to peer file sharing systems. Proceedings of the 2002 Multimedia Computing and Networking. USA: The International Society for Optical Engineering, 2002:156~170.
[41] Ying C, Shi ML. QoS routing in ad-hoc network. Chinese Journal of Computers, 2001, 24(10): 1026~1033.