Towards an IPv6-Based Security Framework for Distributed Storage Resources

  • Alessandro Bassi
  • Julien Laganier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)


Some security problems can be often solved through authorization rather than authentication. Furthermore, certificate-based authorization approach can alleviate usual drawbacks of centralized systems such as bottlenecks or single point of failure. In this paper, we propose a solution that could bring an appropriate security architecture to the Internet Backplane Protocol (IBP), a distributed shared storage protocol. The three basic building blocks are IPsec, Simple Public Key Infrastructure (SPKI) certificates and Crypto-Based Identifiers (CBID). CBID allows entities to prove ownership of their identifiers, SPKI allows entities to prove that they have been authorized to performs specific actions while IPsec provides data origin authentication and confidentiality. We propose to use them to bring some level of ‘opportunistic’ security in the absence of any trusted central authority. This is particularly tailored to ad-hoc environments where collaborations might be very short-termed.


IBP IPv6 IPsec authorization certificates SPKI CBID CGA 


  1. 1.
    Deeringr, S., Hinden, B.: Internet Protocol version 6 (IPv6) Specification. RFC 2460 (December 1995)Google Scholar
  2. 2.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (November 1998)Google Scholar
  3. 3.
    Kent, S., Atkinson, R.: IP Authentication Header. RFC 2402 (November 1998)Google Scholar
  4. 4.
    Kent, S., Atkinson, R.: Encapsulating Security Payload. RFC 2403 (November 1998)Google Scholar
  5. 5.
    Dierks, T., Allen, C.: The Tranport Layer Security (TLS) Protocol. RFC 2246 (January 1999)Google Scholar
  6. 6.
    Ellison, C., et al.: SPKI Certificate Theory. RFC 2693 (September 1999)Google Scholar
  7. 7.
    Montenegro, G., Castellucia, C.: Stastically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses. In: 9th Network and Distributed System Security Symposium (NDSS) (February 2002)Google Scholar
  8. 8.
    Montenegro, G., Castellucia, C.: Securing Group Management. ACM Transactions on Security. (T-SEC) 2002 (February 2001)Google Scholar
  9. 9.
    Plank, J., Bassi, A., Beck, M., et al.: Managing Data Storage in the Network. IEEE Internet Computing (September-October 2001)Google Scholar
  10. 10.
    Montenegro, G., Bailly, D.: The Crypto-ID JXTA project web site,
  11. 11.
    The Globus project web site,
  12. 12.
    Goh, E., Shacham, H., Modadugu, N., Boneh, D.: SiRIUS: Securing Remote Untrusted Storage. In: Proc. Network and Distributed System Security Symposium (NDSS) (February 2003)Google Scholar
  13. 13.
    Ioannidis, J., Keromytis, A., et al.: Trust Management for IPsec. In: Proc. Network and Distributed System Security Symposium (NDSS) (February 2001)Google Scholar
  14. 14.
    Ioannidis, J., Keromytis, A., et al.: Implementing a Distributed Firewall. In: Proc. ACM Conference on Computer and Communications Security (2000)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Alessandro Bassi
    • 1
  • Julien Laganier
    • 2
    • 3
  1. 1.LoCI LaboratoryUniversity of TennesseeKnoxvilleUSA
  2. 2.SUN Microsystems Laboratories EuropeSaint-Ismier CedexFrance
  3. 3.INRIA Action RESO / Laboratoire de l’Informatique du ParallélismeÉcole Normale Supérieure de LyonLYON Cedex 07France

Personalised recommendations