Advertisement

Security Analysis of the Proposed Practical Security Mechanisms for High Speed Data Transfer Protocol

  • Danilo Valeros Bernardo
  • Doan Hoang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6059)

Abstract

The development of next generation protocols, such as UDT (UDP-based data transfer), promptly addresses various infrastructure requirements for transmitting data in high speed networks. However, this development creates new vulnerabilities when these protocols are designed to solely rely on existing security solutions of existing protocols such as TCP and UDP. It is clear that not all security protocols (such as TLS) can be used to protect UDT, just as security solutions devised for wired networks cannot be used to protect the unwired ones. The development of UDT, similarly in the development of TCP/UDP many years ago, lacked a well-thought security architecture to address the problems that networks are presently experiencing. This paper proposes and analyses practical security mechanisms for UDT.

Keywords

Next Generation GSS-API High Speed Bandwidth UDT HIP CGA SASL DTLS 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Al-Shraideh, F.: Host Identity Protocol. In: ICN/ICONS/MCL, p. 203. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  2. 2.
    Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable Internet Protocol (AIP). In: Bahl, V., Wetherall, D., Savage, S., Stoica, I. (eds.) SIGCOMM, pp. 339–350. ACM, New York (2008)CrossRefGoogle Scholar
  3. 3.
    Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, IETF (March 2005)Google Scholar
  5. 5.
    Aura, T., Nagarajan, A., Gurtov, A.: Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 481–493. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (1996)Google Scholar
  7. 7.
    Bellovin, S.: Guidelines for Mandating the Use of IPsec. Work in Progress, IETF (October 2003)Google Scholar
  8. 8.
    Bernardo, D.V., Hoang, D.: A Conceptual Approach against Next Generation Security Threats: Securing a High Speed Network Protocol – UDT. In: Proc. IEEE the 2nd ICFN 2010, Shanya China (2010)Google Scholar
  9. 9.
    Bernardo, D.V., Hoang, D.: Security Requirements for UDT. IETF Internet-Draft – working paper (September 2009)Google Scholar
  10. 10.
    Bernardo, D.V., Hoang, D.: Network Security Considerations for a New Generation Protocol UDT. In: Proc. IEEE the 2nd ICCIST Conference 2009, Beijing China (2009)Google Scholar
  11. 11.
    Bernardo, D.V., Hoang, D.: A Security Framework and its Implementation in Fast Data Transfer Next Generation Protocol UDT. Journal of Information Assurance and Security 4(354-360) (2009), ISN 1554-1010Google Scholar
  12. 12.
    Blumenthal, M., Clark, D.: Rethinking the Design of the Internet: End-to-End Argument vs. the Brave New World. Proc. ACM Trans Internet Technology 1 (August 2001)Google Scholar
  13. 13.
    Clark, D., Sollins, L., Wroclwski, J., Katabi, D., Kulik, J., Yang, X.: New Arch: Future Generation Internet Architecture. Technical Report, DoD – ITO (2003)Google Scholar
  14. 14.
    Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246 (January 1999)Google Scholar
  15. 15.
    Falby, N., Fulp, J., Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., Shifflett, D.: Information assurance capacity building: A case study. In: Proc. 2004 IEEE Workshop on Information Assurance, U.S. Military Academy, June 2004, pp. 31–36 (2004)Google Scholar
  16. 16.
    Gorodetsky, V., Skormin, V., Popyack, L. (eds.): Information Assurance in Computer Networks: Methods, Models, and Architecture for Network Security, St. Petersburg. Springer, Heidelberg (2001)Google Scholar
  17. 17.
    Gu, Y., Grossman, R.: UDT: UDP-based Data Transfer for High-Speed Wide Area Networks. Computer Networks 51(7) (2007)Google Scholar
  18. 18.
    Hamill, J., Deckro, R., Kloeber, J.: Evaluating information assurance strategies. Decision Support Systems 39(3), 463–484 (2005)CrossRefGoogle Scholar
  19. 19.
    H. I. for Information Technology, H. U. of Technology, et al. Infrastructure for HIP (2008) Google Scholar
  20. 20.
    Harrison, D.: RPI NS2 Graphing and Statistics Package, http://networks.ecse.rpi.edu/~harrisod/graph.html
  21. 21.
    Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF (April 2008)Google Scholar
  22. 22.
    Joubert, P., King, R., Neves, R., Russinovich, M., Tracey, J.: Highperformance memory-based web servers: Kernel and user-space performance. In: USENIX 2001, Boston, Massachusetts (June 2001)Google Scholar
  23. 23.
    Jray, W.: Generic Security Service API Version 2: C-bindings. RFC 2744 (January 2000)Google Scholar
  24. 24.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)Google Scholar
  25. 25.
    Laganier, J., Eggert, L.: Host Identity Protocol (HIP) Rendezvous Extension. RFC 5204, IETF (April 2008)Google Scholar
  26. 26.
    Laganier, J., Koponen, T., Eggert, L.: Host Identity Protocol (HIP) Registration Extension. RFC 5203, IETF (April 2008)Google Scholar
  27. 27.
    Leon-Garcia, A., Widjaja, I.: Communication Networks. McGraw Hill, New York (2000)Google Scholar
  28. 28.
    Linn, J.: Generic Security Service Application Program Interface Version 2, Update 1. RFC 2743 (January 2000)Google Scholar
  29. 29.
    Linn, J.: The Kerberos Version 5 GSS-API Mechanism. IETF, RFC 1964 (June 1996)Google Scholar
  30. 30.
    Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP selective acknowledgment options. IETF RFC 2018 (April 1996)Google Scholar
  31. 31.
    Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL) IETF. RFC 4422 (June 2006)Google Scholar
  32. 32.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  33. 33.
    Moskowitz, R., Nikander, P.: RFC 4423: Host identity protocol (HIP) architecture (May 2006)Google Scholar
  34. 34.
    Moskowitz, R., Nikander, R., Jokela, P., Henderson, T.: Host Identity Protocol. RFC 5201, IETF (April 2008)Google Scholar
  35. 35.
    Neuman, C., Yu, T., Hartman, S., Raeburn, K.: Kerberos Network Authentication Service (V5), IETF, RFC 1964 (June 1996)Google Scholar
  36. 36.
    NIST SP 800-37. Guide for the Security Certification and Accreditation of Federal Information Systems (May 2004)Google Scholar
  37. 37.
  38. 38.
    PSU Evaluation Methods for Internet Security Technology (EMIST) (2004), http://emist.ist.psu.edu (visited December 2009)
  39. 39.
    Rabin, M.: Digitized signatures and public-key functions as intractable as Factorization. MIT/LCS Technical Report, TR-212 (1979)Google Scholar
  40. 40.
    Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, IETF (April 2006)Google Scholar
  41. 41.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-keycryptosystems. Communication of ACM 21, 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  42. 42.
    Schwartz, M.: Broadband Integrated Networks. Prentice Hall, Englewood Cliffs (1996)Google Scholar
  43. 43.
    Stewart, R. (ed.): Stream Control Transmission Protocol. RFC 4960 (2007)Google Scholar
  44. 44.
    Stiemerling, M., Quittek, J., Eggert, L.: NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication. RFC 5207, IETF (April 2008)Google Scholar
  45. 45.
    Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet Indirection Infrastructure. In: Proc. ACM SIGCOMM 2002 (August 2002)Google Scholar
  46. 46.
    Szalay, A., Gray, J., Thakar, A., Kuntz, P., Malik, T., Raddick, J., Stoughton, C., Vandenberg, J.: The SDSS SkyServer - Public access to the Sloan digital sky server data. ACM SIGMOD (2002)Google Scholar
  47. 47.
    Wang, G., Xia, Y.: An NS2 TCP Evaluation Tool, http://labs.nec.com.cn/tcpeval.html
  48. 48.
    Williams, N.: Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings. RFC 5554 (May 2009)Google Scholar
  49. 49.
    Globus XIO, http://unix.globus.org/toolkit/docs/3.2/xio/index.html (retrieved on November 1, 2009)
  50. 50.
    Zhang, M., Karp, B., Floyd, S., Peterson, L.: RR-TCP: A reordering-robust TCP with DSACK. In: Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta, GA (November 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Danilo Valeros Bernardo
    • 1
  • Doan Hoang
    • 1
  1. 1.iNext - Centre for Innovation for IT Services and Applications, Faculty of Engineering and Information TechnologyUniversity of TechnologySydney

Personalised recommendations