Nowadays more and more IoT devices, including a large number of IoT servers, have been deployed on the Internet. The security of IoT servers has always been a challenge. In this paper, a new model named addressless IoT server is proposed, which allows people to use the large IPv6 address space to protect IoT server security. The server is allocated an IPv6 prefix instead of an address. When the authenticated client initiates communication, it uses an encryption mechanism to generate a specific destination address under the prefix. The server verifies the destination address when receiving the packet, and discards the packet if the verification fails. In this way, the model can prevent attackers from perceiving the server and launching scans or attacks, while remains compatible with the current Internet. The prototype is implemented and an extensive set of experiments are conducted in this paper. The results demonstrate that the model can better protect server security. INDEX TERMS IPv6, IPv6 address space, Internet of Things, network security, prefix delegation.
Eliminating unnecessary exposure is a principle of server security. The huge IPv6 address space enhances security by making scanning infeasible, however, with recent advances of IPv6 scanning technologies, network scanning is again threatening server security. In this paper, we propose a new model named addressless server, which separates the server into an entrance module and a main service module, and assigns an IPv6 prefix instead of an IPv6 address to the main service module. The entrance module generates a legitimate IPv6 address under this prefix by encrypting the client address, so that the client can access the main server on a destination address that is different in each connection. In this way, the model provides isolation to the main server, prevents network scanning, and minimizes exposure. Moreover it provides a novel framework that supports flexible load balancing, high-availability, and other desirable features. The model is simple and does not require any modification to the client or the network. We implement a prototype and experiments show that our model can prevent the main server from being scanned at a slight performance cost.
As a powerful information means, big data technology has the characteristics of strong permeability, wide coverage and high concealment. With the gradual deepening of the deconstruction of historical nihilism by mainstream ideology, historical nihilism has gradually shifted its main position from academic field to life field, offline to online, from researchers to netizens, and evolved new communication characteristics through big data, resulting in the erosion of mainstream ideology There are three major hazards: the pollution of the network public opinion environment and the misleading of netizens' historical cognition. In view of this, this paper will focus on the interaction between the three variables of technological progress, morphological evolution and governance change, and build an integrated theoretical model combined with the general political system theory. Based on the big data public opinion governance paradigm of "co construction, CO governance and sharing", improve the supervision system of big data platform, create a scientific and dialectical dialogue environment, and cultivate network citizens who know history and reason.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.