End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

A wireless multicast delivery architecture for mobile terminals

Content delivery over the Internet to a large number of mobile users offers interesting business opportunities for content providers, intermediaries, and access network operators. A user could receive, for example, music or a digital newspaper directly to a mobile device over wireless networks. Currently, content delivery over the Internet is held back by a number of reasons. Existing network technologies, such as GPRS, have a very limited capacity to transfer large files, such as those required for good-quality pictures in a newspaper. Another problem is security. Content received over the Internet is very vulnerable to being forged. A user who cannot be certain about the source and consistency of the received stock quotes is unlikely to pay for the information. Furthermore, content providers are unwilling to distribute their valuable information over the Internet due to their fear of copyright infringements. Traditionally, content has been considered consumed as soon as it has been downloaded. Content providers have been keen on preventing their content from being transferred over peer-to-peer networks because they consider the delivery itself to be a copyright infringement. In this dissertation, content delivery is separated from content consumption by encrypting the content before delivery. When the users wishes to consume the content, a license which includes the decryption key is provided. The architecture allows content to be delivered to users' devices even before the user commits to consume the content. The user can choose to receive content whenever downloading it is the most convenient and affordable. Thus, the content providers are able to maintain control over the use of their information even after the data has been transferred to the users' terminals. In addition, content received by users can be strongly source authenticated. The architecture allows secure, efficient and reliable delivery of content to a large group of receivers. The architecture does not commit itself to any specific delivery technique, and the content can be delivered using any delivery technique including multicast, broadcast, unicast, and peer-to-peer. This dissertation focuses mostly on multicast as the delivery technique. The efficiency of the multicast delivery over unreliable heterogenous wireless access networks is thoroughly analyzed. Mobile terminals can seamlessly switch between access points and access technologies while continuing to receive data reliably from the network. The multicast delivery uses adaptive error correction and retransmissions to deliver the content as efficiently as possible to a very large number of receivers. The simulations show, that the vast majority of receivers are able to receive the content reliably with a small delay even when the radio network suffers from high packet loss probability. Although the architecture is designed to deliver content to mobile terminals, it is also suitable for delivering content to terminals with fixed Internet connectivity.Digitaalisen sisällön siirtäminen liikkuville käyttäjille Internetin yli tarjoaa uusia liiketoimintamahdollisuuksia niin sisällöntuottajille, välittäjille kuin verkko-operaattoreille. Teknikkaa voidaan käyttää esimerkiksi musiikin tai sähköisten lehtien välittämiseen käyttäjille langattoman verkon kautta. Sisällön välittämistä Internetin kautta hankaloittaa yhä usea seikka. Nykyisin laajassa käytössä olevat verkkotekniikat, kuten GPRS, ovat liian hitaita siirtämään hyvin suuria tiedostoja suurelle määrällä vastaanottajia. Lisäksi väärennetyn tiedon välittäminen Internetin kautta on erittäin helppoa. Sisältö, jonka aitoudesta ja alkuperästä ei ole varmuutta, on usein arvotonta käyttäjälle. Sisällöntuottajat puolestaan ovat haluttomia käyttämään sisältönsä levittämiseen Internetiä mikäli digitaalisesti levitettävän sisällön kopioiminen ja oikeudeton kuluttaminen on liian helppoa. Perinteisesti sisältö ajatellaankin kulutetuksi jo sillä hetkellä, kun se on siirretty käyttäjän laitteeseen. Sen vuoksi sisällön tuottajat ovatkin käyttäneet paljon resursejaan estääkseen sisältönsä välittämisen vertaisverkoissa, koska jo pelkkää sisällön siirtämistä pidetään tekijänoikeusrikkomuksena. Tässä työssä erotetaan sisällön siirtäminen sisällön kuluttamisesta suojaamalla sisältö salauksella ennen sen siirtämistä käyttäjille ja sallimalla vapaa salatun sisällön jakelu. Arkkitehtuuri mahdollistaa sisällön siirtämisen käyttäjien laitteille silloin kun sisällön siirtäminen on edullisinta ja tehokkainta. Vasta käyttäjän halutessa kuluttaa aiemmin lataamaansa sisältöä, tarkistetaan oikeis sisällön käyttöön. Arkkitehtuuri mahdollistaa myös ladatun sisällön alkuperän ja eheyden vahvan tarkistamisen. Arkkitehtuuri mahdollistaa turvallisen, tehokkaan ja luotettavan sisällön siirtämisen suurelle määrälle vastaanottajia. Arkkitehtuuri ei pakota sisällön jakelua käyttämään mitään tiettyä siirtomenetelmää vaan sisältö voidaan siirtää käyttäen esimerkiksi ryhmälähetystä (multicast), joukkolähetystä (broadcast), täsmälähetystä (unicast) tai vertaisverkkoja (peer-to-peer). Tässä työssä on keskitytty analysoimaan ryhmälähetyksen soveltuvuutta tiedon siirtomenetelmänä. Ryhmälähetysmenetelmän tehokkuutta on analysoitu siirrettäessä sisältöä heterogeenisen langattoman liityntäverkon yli. Liikkuvat päätelaitteet voivat siirtyä saumattomasti liityntäverkosta toiseen samalla kun ne vastaanottavat sisältöä. Ryhmälähetys hyödyntää adaptiivista virheenkorjausta ja uudelleenlähetyksiä siirtääkseen sisällönmahdollisimman tehokkaasti suurelle joukolle vastaanottajia. Simulaatiot osoittavat, että erittäin suuri osa vastaanottajista saa sisällön luotettavasti ja pienellä viiveellä vaikka liityntäverkossa pakettien virhetodennäköisyys olisi suuri. Arkkitehtuuri on suunniteltu siirtämään sisältöä liikkuville laitteille, mutta sitä voidaan käyttää yhtä hyvin myös kiinteään verkkoon liitettyjen laitteiden kanssa.reviewe

Adaptive trust and reputation system as a security service in group communications

Group communications has been facilitating many emerging applications which require packet delivery from one or more sender(s) to multiple receivers. Owing to the multicasting and broadcasting nature, group communications are susceptible to various kinds of attacks. Though a number of proposals have been reported to secure group communications, provisioning security in group communications remains a critical and challenging issue. This work first presents a survey on recent advances in security requirements and services in group communications in wireless and wired networks, and discusses challenges in designing secure group communications in these networks. Effective security services to secure group communications are then proposed. This dissertation also introduces the taxonomy of security services, which can be applied to secure group communications, and evaluates existing secure group communications schemes. This dissertation work analyzes a number of vulnerabilities against trust and reputation systems, and proposes a threat model to predict attack behaviors. This work also considers scenarios in which multiple attacking agents actively and collaboratively attack the whole network as well as a specific individual node. The behaviors may be related to both performance issues and security issues. Finally, this work extensively examines and substantiates the security of the proposed trust and reputation system. This work next discusses the proposed trust and reputation system for an anonymous network, referred to as the Adaptive Trust-based Anonymous Network (ATAN). The distributed and decentralized network management in ATAN does not require a central authority so that ATAN alleviates the problem of a single point of failure. In ATAN, the trust and reputation system aims to enhance anonymity by establishing a trust and reputation relationship between the source and the forwarding members. The trust and reputation relationship of any two nodes is adaptive to new information learned by these two nodes or recommended from other trust nodes. Therefore, packets are anonymously routed from the \u27trusted\u27 source to the destination through \u27trusted\u27 intermediate nodes, thereby improving anonymity of communications. In the performance analysis, the ratio of the ATAN header and data payload is around 0.1, which is relatively small. This dissertation offers analysis on security services on group communications. It illustrates that these security services are needed to incorporate with each other such that group communications can be secure. Furthermore, the adaptive trust and reputation system is proposed to integrate the concept of trust and reputation into communications. Although deploying the trust and reputation system incurs some overheads in terms of storage spaces, bandwidth and computation cycles, it shows a very promising performance that enhance users\u27 confidence in using group communications, and concludes that the trust and reputation system should be deployed as another layer of security services to protect group communications against malicious adversaries and attacks

Service introduction in an active network

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 1999.Includes bibliographical references (p. 151-157).by David J. Wetherall.Ph.D

A feasibility study of wireless network technologies for rural broadband connectivity

The adoption of wireless broadband technologies to provide network and Internet connectivity in rural communities has conveyed the possibility to overcome the challenges caused by marginalization and many other characteristics possessed by these rural communities. With their different capabilities, these technologies enable communication for rural communities internally within the community and externally on a global scale. Deployment of these technologies in rural areas requires consideration of different factors - these are in contrast, to those considered when deploying these technologies in non-rural, urban areas. Numerous research show consideration of facts for deployment of broadband technologies in urban/ non-rural environments and a little has been done in considering facts for deployment in rural environments. Hence this research aims to define guidelines for selection of broadband technologies and make recommendations on which technologies are suitable for deployment in rural communities, thereby considering facts that are true only within these rural communities. To achieve this, the research determines the metrics that are relevant and important to consider when deploying wireless broadband technology in rural communities of South Africa. It further undertakes a survey of wireless broadband technologies that are suitable for deployment in such areas. The study first profiles a list of wireless communication technologies, determines and documents characteristics of rural communities in Africa, determines metrics used to declare technologies feasible in rural areas. The metrics and rural characteristics are then used to identify technologies that are better suited than others. Informed by this initial profiling, one technology: mobile WiMAX is then selected for deployment and further evaluation. A technical review of mobile WiMAX is then carried out by deploying it at our research site in the rural, marginalized community of Dwesa (Eastern Cape, South Africa). The final section of this research provides recommendations that mobile WiMAX, LTE and Wi-Fi are the best suitable technologies for deployment in rural marginalized environments. This has been supported by extensive research and real life deployment of both Wi-Fi and mobile WiMAX. This research also recommends consideration of the following facts when seeking deployment of these technologies in rural communities: the geographical setting of the target terrain, the distances between sources and target customers and distances between target communities, weather conditions of the area, applications to be deployed over the network, social well-being of the community and their financial freedom as well

A feasibility study of wireless network technologies for rural broadband connectivity

The adoption of wireless broadband technologies to provide network and Internet connectivity in rural communities has conveyed the possibility to overcome the challenges caused by marginalization and many other characteristics possessed by these rural communities. With their different capabilities, these technologies enable communication for rural communities internally within the community and externally on a global scale. Deployment of these technologies in rural areas requires consideration of different factors - these are in contrast, to those considered when deploying these technologies in non-rural, urban areas. Numerous research show consideration of facts for deployment of broadband technologies in urban/ non-rural environments and a little has been done in considering facts for deployment in rural environments. Hence this research aims to define guidelines for selection of broadband technologies and make recommendations on which technologies are suitable for deployment in rural communities, thereby considering facts that are true only within these rural communities. To achieve this, the research determines the metrics that are relevant and important to consider when deploying wireless broadband technology in rural communities of South Africa. It further undertakes a survey of wireless broadband technologies that are suitable for deployment in such areas. The study first profiles a list of wireless communication technologies, determines and documents characteristics of rural communities in Africa, determines metrics used to declare technologies feasible in rural areas. The metrics and rural characteristics are then used to identify technologies that are better suited than others. Informed by this initial profiling, one technology: mobile WiMAX is then selected for deployment and further evaluation. A technical review of mobile WiMAX is then carried out by deploying it at our research site in the rural, marginalized community of Dwesa (Eastern Cape, South Africa). The final section of this research provides recommendations that mobile WiMAX, LTE and Wi-Fi are the best suitable technologies for deployment in rural marginalized environments. This has been supported by extensive research and real life deployment of both Wi-Fi and mobile WiMAX. This research also recommends consideration of the following facts when seeking deployment of these technologies in rural communities: the geographical setting of the target terrain, the distances between sources and target customers and distances between target communities, weather conditions of the area, applications to be deployed over the network, social well-being of the community and their financial freedom as well

Participant access control in IP multicasting

IP multicast is best-known for its bandwidth conservation and lower resource utilization. The classical multicast model makes it impossible to restrict access to authorized End Users (EU) or paying receivers and to forward data originated by an authorized sender(s) only. Without an effective participant (i.e., receivers and sender(s)) access control, an adversary may exploit the existing IP multicast model, where a host can join or send any multicast group without prior authentication and authorization. The Authentication, Authorization and Accounting (AAA) protocols are being used successfully, in unicast communication, to control access to network resources. AAA protocols can be used for multicast applications in a similar way. In this thesis, a novel architecture is presented for the use of AAA protocols to manage IP multicast group access control, which enforces authentication, authorization and accounting of group participants. The AAA framework has been deployed by implementing the Network Access Server (NAS) functionalities inside the Access Router (AR). The proposed architecture relates access control with e-commerce communications and policy enforcement. The Internet Group Management Protocol with Access Control (IGMP-AC), an extended version of the IGMPv3, has been developed for receiver access control. The IGMP-AC, which encapsulates Extensible Authentication Protocol (EAP) packets, has been modeled in PROMELA, and has also been verified using SPIN. Finally, the security properties of an EAP method, EAP Internet Key Exchange, have been validated using AVISPA. Protocol for Carrying Authentication for Network Access, a link-layer agnostic protocol that encapsulates EAP packets, has been deployed to authenticate a sender that establishes an IPsec Security Association between the sender and the AR to cryptographically authenticate each packet. Next, a policy framework has been designed for specifying and enforcing the access control policy for multicast group participants. The access control architecture has been extended to support inter-domain multicast groups by deploying Diameter agents that discover network entities located in remote domains and securely transport inter-domain AAA information. Furthermore, the inter-domain data distribution tree has been protected from several attacks generated by a compromised network entity (e.g., router, host) by deploying a Multicast Security Association. Finally, the scope of receiver access control architecture and IGMP-AC has been broadened by demonstrating the usability of IGMP-AC in wireless networks for mobile receiver (or EU) access control. In addition, using the EAP Re-authentication Protocol (ERP), a secured and fast handoff procedure of mobile EUs in wireless networks has been develope