Securing military decision making in a network-centric environment

The development of the society and warfare goes hand in hand. With the proliferation of modern information technology, in particular communication technology, concepts such as information warfare and network-centric warfare have emerged. Information has become one of the core elements in military decision making, where the purpose is to gain information superiority with respect to the enemy while denying the enemy from doing the same. Network-centricity comes from the fact that communication networks are used to enable information warfare in the theatre of operations. Thus, the role of the communication network is to support decision making. In this thesis, military decision making in a network-centric environment is analyzed from the perspective of information warfare. Based on the analysis, a set of security requirements are identified. The thesis also proposes a set of solutions and concepts to the vulnerabilities found and analyzes the solutions with respect to the requirements and a set of use scenarios. The main solutions are Packet Level Authentication, which secures the military infrastructure, and Self-healing Networks, which enable the network to restructure itself after a large-scale or dedicated attack. The restructuring process relies on a Context Aware Management architecture, which has originally been developed to allow network nodes to rapidly react to a changing environment. Furthermore, the thesis presents a trust management model based on incomplete trust to cope with compromised nodes. Also privacy issues are discussed; several different privacy classes are identified and the problems with each of them are addressed.reviewe

IPv6 Source Addresses Considered Harmful

Abstract In this deliberately preposterous paper, we show that the inclusion of the source IP addresses in the IPv6 header is completely unnecessary and usually harmful. In particular, we show that whenever IPsec is used in conjunction with IPv6, we would do much better using the 128 bits that are currently wasted for the source address with something much more useful, such as passing randomly looking bits. Furthermore, we argue that the source addresses pose one of the worst privacy threats in the IPv6 architecture; simply leaving them out would be a clear improvement of privacy. Finally, we show how a simple destination option is better than the current practice for providing the source address in the rare cases where it is really needed