Non-repudiation Service Implementation Using Host Identity Protocol

New types of service usages emerge every day in the Internet. Service usage could be Wireless Local Area Network (WLAN) usage or watching a streamed movie. Many of these services are commercial, so payment is often involved in the service usage, which increases the risk of fraud or other misbehaviour in the interaction. To enhance the secu-rity of both service providers and service users, improvements are needed to the existing procedures. The non-repudiable service usage procedure was developed as part of the TIVIT Future Internet SHOK -project. In this model, the service user and the service provider are bound to the actual service usage with certificates. The charging of the service usage is done using hash chains which are bound to the certificates. Now the service user pays only for the service he or she gets. Time or traffic based charging scheme can be used in the service usage. Evidence is gathered from the service usage to help solve possible conflicts afterwards. An actual implementation based on this model was made using Host Identity Protocol for Linux and RADIUS protocol. RADIUS protocol was used to gather the created evidence of the service usage. The implementation was developed for Linux using C-language. The goal of the implementation was to evaluate the concept in actual use. Performance of the implementation was measured with various real use scenarios to evaluate the feasibility of the implementation. Results indicated that the performance of the model is sufficient to serve several simultaneous users. However, the architecture of Host Identity Protocol for Linux caused some performance issues in the implementation

Non-repudiation Service Implementation Using Host Identity Protocol

New types of service usages emerge every day in the Internet. Service usage could be Wireless Local Area Network (WLAN) usage or watching a streamed movie. Many of these services are commercial, so payment is often involved in the service usage, which increases the risk of fraud or other misbehaviour in the interaction. To enhance the secu-rity of both service providers and service users, improvements are needed to the existing procedures. The non-repudiable service usage procedure was developed as part of the TIVIT Future Internet SHOK -project. In this model, the service user and the service provider are bound to the actual service usage with certificates. The charging of the service usage is done using hash chains which are bound to the certificates. Now the service user pays only for the service he or she gets. Time or traffic based charging scheme can be used in the service usage. Evidence is gathered from the service usage to help solve possible conflicts afterwards. An actual implementation based on this model was made using Host Identity Protocol for Linux and RADIUS protocol. RADIUS protocol was used to gather the created evidence of the service usage. The implementation was developed for Linux using C-language. The goal of the implementation was to evaluate the concept in actual use. Performance of the implementation was measured with various real use scenarios to evaluate the feasibility of the implementation. Results indicated that the performance of the model is sufficient to serve several simultaneous users. However, the architecture of Host Identity Protocol for Linux caused some performance issues in the implementation

Secure mobility at multiple granularity levels over heterogeneous datacom networks

The goal of this thesis is to define a set of changes to the TCP/IP stack that allow connections between legacy applications to be sustained in a contemporary heterogeneous datacom environment embodying multiple granularities of mobility. In particular, the thesis presents a number of solutions for flow mobility, local mobility, network mobility, and address family agility that is mobility between different IP versions. The presented mobility solutions are based on the so-called identifier-locator split approach. Due to the split, the mobile and multi-homed hosts that employ the presented solution are able to simultaneously communicate via multiple access networks, even supporting different IP versions and link layer technologies. In addition to the mobility solutions, the thesis also defines a set of weak and strong security mechanisms. They are used to protect the mobility protocols from redirection, Denial-of-Service (DoS), and privacy related attacks. The defined security mechanisms are tightly bound to the presented mobility architecture, providing alternative ways to optimize mobility management signalling. The focus is on minimizing end-to-end signalling latency, optimizing the amount of signalling and optimizing packet forwarding paths. In addition, the architecture provides identity and location privacy for hosts. The presented work defines one specific kind of engineering balance between the security, privacy, and efficient mobility signalling requirements. This thesis indicates that the added security, indirection, backwards compatibility, and inter-operable mobility solutions can overcome several of the current TCP/IP restrictions. The presented mobility architecture also provides a migration path from the existing Internet architecture to a new cryptographic-identifier-based architecture

Secure Connectivity With Persistent Identities

In the current Internet the Internet Protocol address is burdened with two roles. It serves as the identifier and the locator for the host. As the host moves its identity changes with its locator. The research community thinks that the Future Internet will include identifier-locator split in some form. Identifier-locator split is seen as the solution to multiple problems. However, identifier-locator split introduces multiple new problems to the Internet. In this dissertation we concentrate on: the feasibility of using identifier-locator split with legacy applications, securing the resolution steps, using the persistent identity for access control, improving mobility in environments using multiple address families and so improving the disruption tolerance for connectivity. The proposed methods achieve theoretical and practical improvements over the earlier state of the art. To raise the overall awareness, our results have been published in interdisciplinary forums.Nykypäivän Internetissä IP-osoite on kuormitettu kahdella eri roolilla. IP toimii päätelaitteen osoitteena, mutta myös usein sen identiteetinä. Tällöin laitteen identiteetti muuttuu laitteen liikkuessa, koska laitteen osoite vaihtuu. Tutkimusyhteisön mielestä paikan ja identiteetin erottaminen on välttämätöntä tulevaisuuden Internetissä. Paikan ja identiteetin erottaminen tuo kuitenkin esiin joukon uusia ongelmia. Tässä väitöskirjassa keskitytään selvittämään paikan ja identiteetin erottamisen vaikutusta olemassa oleviin verkkoa käyttäviin sovelluksiin, turvaamaan nimien muuntaminen osoitteiksi, helpottamaan pitkäikäisten identiteettien käyttöä pääsyvalvonnassa ja parantamaan yhteyksien mahdollisuuksia selviytyä liikkumisesta usean osoiteperheen ympäristöissä. Väitöskirjassa ehdotetut menetelmät saavuttavat sekä teoreettisia että käytännön etuja verrattuna aiempiin kirjallisuudessa esitettyihin menetelmiin. Saavutetut tulokset on julkaistu eri osa-alojen foorumeilla

HIP based mobility for Cloudlets

Computation offloading can be used to leverage the resources of nearby computers to ease the computational burden of mobile devices. Cloudlets are an approach, where the client's tasks are executed inside a virtual machine (VM) on a nearby computing element, while the client orchestrates the deployment of the VM and the remote execution in it. Mobile devices tend to move, and while moving between networks, their address is prone to change. Should a user bring their device close to a better performing Cloudlet host, migration of the original Cloudlet VM might also be desired, but their address is then prone to change as well. Communication with Cloudlets relies on the TCP/IP networking stack, which resolves address changes by terminating connections, and this seriously impairs the usefulness of Cloudlets in presence of mobility events. We surveyed a number of mobility management protocols, and decided to focus on Host Identity Protocol (HIP). We ported an implementation, HIP for Linux (HIPL), to the Android operating system, and assessed its performance by benchmarking throughput and delay for connection recovery during network migration scenarios. We found that as long as the HIPL hipfw-module, and especially the Local Scope Identifier (LSI) support was not used, the implementation performed adequately in terms of throughput. On the average, the connection recovery delays were tolerable, with an average recovery time of about 8 seconds when roaming between networks. We also found that with highly optimized VM synthesis methods, the recovery time of 8 seconds alone does not make live migration favourable over synthesizing a new VM. We found HIP to be an adequate protocol to support both client mobility and server migration with Cloudlets. Our survey suggests that HIP avoids some of the limitations found in competing protocols. We also found that the HIPL implementation could benefit from architectural changes, for improving the performance of the LSI support.Liikkuvassa tietojenkäsittelyssä laskennan ulkoistaminen on menetelmä, jolla voidaan käyttää ympäristössä olevien tietokoneiden resursseja keventämään mobiililaitteeseen kohdistuvaa laskennallista rasitusta. Cloudletit ovat eräs ratkaisu mobiililaskennan ulkoistamiseen, jossa laitteessa suoritettavia tehtäviä siirretään suoritettavaksi tietokoneessa ajettavaan virtuaalikoneeseen. Mobiililaite ohjaa virtuaalikoneen luomista ja siinä tapahtuvaa laskentaa verkon yli. Mobiililaitteen taipumus liikkua käyttäjänsä mukana aiheuttaa haasteita nykyisen TCP/IP protokollapinon joustavuudelle. Mobiililaitteen siirtyessä verkosta toiseen, on tyypillistä että sen IP-osoite vaihtuu. Mikäli mobiililaite siirtyy lähelle Cloudlet-isäntäkonetta, joka olisi resurssiensa ja tietoliikenneyhteyksiensä puolesta suotuisampi käyttäjän tarpeisiin, voi käyttäjän Cloudlet-virtuaalikoneen siirtäminen olla toivottavaa. Tällöin kuitenkin myös virtuaalikoneen osoite voi vaihtua. TCP/IP ratkaisee osoitteen vaihtumisen katkaisemalla yhteyden, mikä käyttäjien liikkuvuutta rajoittavana tekijänä tekee Cloudlet-ratkaisun käytöstä vähemmän houkuttelevaa. Tässä tutkielmassa tutustuimme joukkoon sopivaksi arvioimiamme liikkuvuutta tukevia protokollia, ja valitsimme niistä HIP -protokollan lähempää tarkastelua varten. Teimme HIP for Linux -protokollaohjelmistosta sovituksen Android-käyttöjärjestelmälle ja tutkimme sen soveltuvuutta liikkuvuuden tukemiseen mittaamalla sen avulla muodostetuilla yhteyksillä saavutettavia siirtonopeuksia sekä yhteyden palautumiseen kuluvaa aikaa osoitteenvaihdosten yhteydessä. Mikäli HIPL:in hipfw-moduuli, ja erityisesti sen LSI-tuki (IPv4-sovellusrajapinta) ei ollut käytössä, mittaustemme mukaan protokollatoteutus suoriutui Cloudlet-käyttöön riittävän hyvin siirtonopeuksien suhteen. Lisäksi yhteyksien palauttaminen osoitteenvaihdosten yhteydessä sujui siedettävässä ajassa, keskimäärin noin kahdeksassa sekunnissa. Hyvin optimoitujen Cloudlet-virtuaalikoneiden synteesimenetelmien vuoksi kahdeksan sekunnin toipumisaika yksinään ei tarjoa virtuaalikoneen siirtämisestä merkittävää etua uuden luomiseen nähden. HIP protokolla soveltuu yhteydenpitoon sekä mobiililaitteesta Cloudlet-isäntäkoneille, että Cloudlet-virtuaalikoneeseen; pienehkön kirjallisuuskatsauksen perusteella muita oleellisia protokollia hieman paremmin. Tunnistimme myös uudistamistarpeen HIPL-toteutuksen arkkitehtuurissa LSI-tuen suorituskyvyn parantamiseksi

Utilisation d'identifiants cryptographiques pour la sécurisation IPv6

IPv6, protocole succédant à IPv4, est en cours de déploiement dans l Internet. Il repose fortement sur le mécanisme Neighbor Discovery Protocol (NDP). Celui-ci permet non seulement à deux nœuds IPv6 de pouvoir communiquer, à l instar du mécanisme Address Resolution Protocol (ARP) en IPv4, mais il apporte aussi de nouvelles fonctionnalités, telles que l autoconfiguration d adresse IPv6. Aussi, sa sécurisation pour le bon fonctionnement de l Internet en IPv6 est critique. Son mécanisme de sécurité standardisée à l Internet Engineering Task Force (IETF) se nomme Secure Neighbor Discovery (SEND). Il s appuie à la fois sur l utilisation d identifiants cryptographiques, adresses IPv6 appelées Cryptographically Generated Addresses (CGA) et qui sont générées à partir d une paire de clés publique/privée, et de certificats électroniques X.509. L objet de cette thèse est l étude de ces identifiants cryptographiques, les adresses CGA, ainsi que le mécanisme SEND les employant, et leurs réutilisations potentielles pour la sécurisation IPv6. Dans une première partie de cette thèse, tout d abord, nous posons l état de l art. Dans une deuxième partie de cette thèse, nous nous intéressons à la fiabilité du principal mécanisme connu employant les adresses CGA, le mécanisme SEND. Dans une troisième et dernière partie de cette thèse, nous présentons des utilisations des identifiants cryptographiques pour la sécurisation IPv6IPv6, next Internet protocol after IPv4, is under deployment in the Internet. It is strongly based on the Neighbor Discovery Protocol (NDP) mechanism. First, it allows two IPv6 nodes to communicate, like the Address Resolution Protocol (ARP) mechanism in IPv4, but it brings new functions too, as IPv6 address autoconfiguration. So, the security of this mechanism is critical for an Internet based on IPv6. The security mechanism standardized by the Internet Engineering Task Force (IETF) is Secure Neighbor Discovery (SEND). It is based on the use of cryptographical identifiers, IPv6 addresses named Cryptographically Generated Addresses (CGA) and generated from a public/private keys pair, and X.509 certificates. The goal of this PhD thesis is the study of such cryptographical identifiers, CGA addresses, as well as SEND using them, and their potential re-use to secure IPv6. In a first part of this thesis, we recall the main features of the IPv6 protocol. In a second part of this thesis, we are interested in the reliability of the main known mechanism using the CGA addresses, SEND. In a third and last part of this thesis, we present different uses of cryptographical identifiers to secure IPv6EVRY-INT (912282302) / SudocSudocFranceF

Segurança e privacidade em terminologia de rede

Security and Privacy are now at the forefront of modern concerns, and drive a significant part of the debate on digital society. One particular aspect that holds significant bearing in these two topics is the naming of resources in the network, because it directly impacts how networks work, but also affects how security mechanisms are implemented and what are the privacy implications of metadata disclosure. This issue is further exacerbated by interoperability mechanisms that imply this information is increasingly available regardless of the intended scope. This work focuses on the implications of naming with regards to security and privacy in namespaces used in network protocols. In particular on the imple- mentation of solutions that provide additional security through naming policies or increase privacy. To achieve this, different techniques are used to either embed security information in existing namespaces or to minimise privacy ex- posure. The former allows bootstraping secure transport protocols on top of insecure discovery protocols, while the later introduces privacy policies as part of name assignment and resolution. The main vehicle for implementation of these solutions are general purpose protocols and services, however there is a strong parallel with ongoing re- search topics that leverage name resolution systems for interoperability such as the Internet of Things (IoT) and Information Centric Networks (ICN), where these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus- são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis- cussão é a forma como atribuímos nomes a recursos na rede, uma escolha com consequências práticas no funcionamento dos diferentes protocols de rede, na forma como se implementam diferentes mecanismos de segurança e na privacidade das várias partes envolvidas. Este problema torna-se ainda mais significativo quando se considera que, para promover a interoperabili- dade entre diferentes redes, mecanismos autónomos tornam esta informação acessível em contextos que vão para lá do que era pretendido. Esta tese foca-se nas consequências de diferentes políticas de atribuição de nomes no contexto de diferentes protocols de rede, para efeitos de segurança e privacidade. Com base no estudo deste problema, são propostas soluções que, através de diferentes políticas de atribuição de nomes, permitem introdu- zir mecanismos de segurança adicionais ou mitigar problemas de privacidade em diferentes protocolos. Isto resulta na implementação de mecanismos de segurança sobre protocolos de descoberta inseguros, assim como na intro- dução de mecanismos de atribuiçao e resolução de nomes que se focam na protecçao da privacidade. O principal veículo para a implementação destas soluções é através de ser- viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas soluções extende-se também a outros tópicos de investigação que recorrem a mecanismos de resolução de nomes para implementar soluções de intero- perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na informação (ICN).Programa Doutoral em Informátic

Wireless IP network mobility management: advancing from mobile IP to HIP-based network

Wireless networking introduces a whole range of challenges to the traditional TCP/IP network. In particular, IP address the issue of overloading because IP addresses are used as a network locator and an end point identity in the different layers in an OSI model. Even though Mobile IP is widely deployed, it has significant problems relating to performance and security. The Host Identity Protocol (HIP) provides secure mobility management by solving the IP address overloading from another angle. It restructures the TCP/IP model and introduces a new layer and a new namespace. The performance of HIP has proven to be better than Mobile IP and also opens a range of new research opportunities. This dissertation proposes and analyses a new step-stone solution from the Mobile IP-based network into a HIP-based network. The main advantage of this new solution is that much less change is required to the operating system kernel of the end point compared to a full HIP implementation. The new step-stone solution allows Mobile IP to use some HIP features to provide better security and handover performance. This dissertation also proposes several new and novel HIP-based wireless communication network architectures. An HIP-based heterogeneous wireless network architecture and handover scheme has been proposed and analysed. These schemes limit the HIP signalling in the wireless network if no communication to external networks is needed. Beside the network architecture modification, the hybrid Session Initial Protocol (SIP) and HIP-based Voice over IP (VoIP) scheme is proposed and analysed. This novel scheme improves the handover latency and security. This dissertation also proposes and analyses a new and novel extension to HIP, a HIP-based micro-mobility management, micro-HIP (mHIP). mHIP provides a new secure framework for micro-mobility management. It is a more complete HIP-based micro-mobility solution than any other proposed in existing studies. mHIP improves the intra-domain handover performance, the security, and the distribution of load in the intra-domain handover signalling. The new work presented opens up a number of very interesting research opportunities