Abstract
In the future telecommunications network, more and more services are based on open protocols and architectures. In such an environment, there is a clear need for controlling the access of users and other operators to the network services. If the network is based on internetworked facilities, traditional address based access control may not be sufficient due to the possibility of address spoofing attacks. Thus, the usage of strong cryptography is often the only possibility for providing authenticity and integrity. However, in such a setting both key management and trust management become challenging problems.
In this paper we present an architecture, called TeSSA, for managing service level access control and other security aspects in open telecom networks, and our experiences with an early prototype version of the architecture. The architecture is based on digitally signed certificates and explicitly presented permissions. The architecture itself is policy free, thereby allowing any reasonable security policy to be applied. Furthermore, the architecture fully supports both centralized and decentralized administrative models, thereby being especially suitable for internets where the networks of several operators are interconnected. In addition to security policies, the architecture can be extended to represent any types of policies. Using the TeSSA facilities, the operators do not need fully trust each other, but can explicitly vary the level and structure of trust.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35522-1_37
Chapter PDF
Similar content being viewed by others
References
John Strassner and Ed Ellesson, Terminology for describing policy and services,work in progress, IETF Internet draft, 1999, http://www.ietf.org/Internet-drafts/draft-ietf-policy-terms-00.txt/Internet-drafts/draft-ietf-policy-terms-00.txt
Raphael Yahalom, Birgit Klein, and Thomas Beth, “Trust Relationships in Secure Systems - A Distributed Authentication Perspective”, In Proceedings of the IEEE Conference on Research in Security and Privacy, 1993.
Audun Josang, A Model for Trust in Security Systems, in Proceedings of the Second Nordic Workshop on Secure Computer Systems, 1997.
Carl Ellison, SPKI Certificate Theory,RFC2693, September 1999.
Pekka Nikander, Modelling of Cryptographic Protocols - A Concurrency Perspective, Licentiates Thesis, Helsinki University of Technology, December 1997
Pekka Nikander, An Architecture for Authorization and Delegation in Distributed Object-Oriented Agent Systems, Helsinki University of Technology, Doctoral Dissertation, 1999.
M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson, “The Digital Distributed System Security Architecture,” In Proceedings of 1989 National Computer Security Conference.
J. Kohl and C. Neuman, The Kerberos Network Authentication Service (V5), RFC 1510, Internet Engineering Task Force, 1993.
Sanna Liimatainen et al., Telecommunications Software Security Architecture,Helsinki University of Technology, http://www tcm.hut. fi/Research/TeSSA.
M. Blaze, J. Feigenbaum, and J. Lacy, Decentralized Trust Management, In Proceedings of the 1996 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 1996.
Carl Ellison, SPKI Requirements,RFC2692, September 1999.
Ronald Rivest and Butler Lampson, “SDSI - A Simple Distributed Security Infrastructure”, Proceedings of the 1996 Usenix Security Symposium, 1996.
David C. Blight, Takeo Hamada, Policy-Based Networking Architecture for QoS Interworking in IP management. Proceedings of Integrated network management VI, Distributed Management for the Networked Millennium 1999, IM 98, IEEE 1999, pp 811–826.
B. Moore, E. Ellesson, and J. Strassner, Policy Framework Core Information Model,work in progress, IETF Internet draft, 1999, http://www. ietf. org/ internetdrafts/draft-ietf-policy-core-info-model-01.txt
Jonna Partanen, Using SPKI certificates for access control in Java 1.2, Master’s Thesis, Helsinki University of Technology, August 1998.
Sanna Suoranta, An Object-Oriented Implementation of an Authentication Protocol, Master’s Thesis, Helsinki University of Technology, December 1998.
Tero Hasu, Storage and retrieval of SPKI certificates using the DNS, Master’s Thesis, Helsinki University of Technology, April 1999.
Ilari Lehti, Pekka Nikander, Certifying Trust, Practice and Theory in Public Key Cryptography (PKC’98), Yokohama, Japan, January 1998.
Juha Pääjärvi, “XML Encoding of SPKI Certificates”, work in progress, Internet draft draft-paajarvi-xml-spki-cert-00. txt, March 2000.
Manfred Hauswirth, Clemens Kerer, and Roman Kurmanowytsch, A flexible and extensible security framework for Java code, Technical Report TUV–1841–99–14, Technical University of Vienna, March 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Nikander, P., Metso, L. (2000). Policy and Trust in Open Multi-Operator Networks. In: van As, H.R. (eds) Telecommunication Network Intelligence. SMARTNET 2000. IFIP — The International Federation for Information Processing, vol 50. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35522-1_24
Download citation
DOI: https://doi.org/10.1007/978-0-387-35522-1_24
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6693-6
Online ISBN: 978-0-387-35522-1
eBook Packages: Springer Book Archive