Abstract
UDT (UDP-based data transfer protocol) is one of the most promising network protocols developed for high data speed data transfer. It does not, however, have any inherent security mechanisms, and thus relies on other transport protocols to provide them. Towards its implementation in high speed networks, security and privacy are critical factors and important challenges that need to be addressed. There were substantial research efforts we carried out so far to address these challenges. We introduced security mechanisms through the application layer using UDT’s API and presented DTLS, GSS-API, and CGA, in transport and IP layers. In this paper, we make the following contributions: we out line security requirements for UDT implementation and propose practical encryption methods for securing UDT within the network layer.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (1996)
Bellovin, S.: Guidelines for Mandating the Use of IPsec, Work in Progress, IETF (October 2003)
Bernardo, D.V., Hoang, D.B.: A Conceptual Approach against Next Generation Security Threats: Securing a High Speed Network Protocol – UDT. In: Proc. IEEE the 2nd ICFN 2010, Shanya, China (2010)
Bernardo, D.V., Hoang, D.B.: Security Requirements for UDT, IETF Internet-Draft – working paper (September 2009)
Bernardo, D.V., Hoang, D.B.: “Network Security Considerations for a New Generation Protocol UDT. In: Proc. IEEE the 2nd ICCIST Conference 2009, Beijing, China (2009)
Bernardo, D.V., Hoang, D.B.: A Security Framework and its Implementation in Fast Data Transfer Next Generation Protocol UDT. Journal of Information Assurance and Security 4(354-360) (2009) ISN 1554-1010
Chown, T., Juby, B.: Overview of Methods for Encryption of H.323 Data Streams. Technical Paper, University of Southampton (March 2001)
Blumenthal, M., Clark, D.: Rethinking the Design of the Internet: End-to-End Argument vs. the Brave New World. In: Proc. ACM Trans Internet Technology, vol. 1 (August 2001)
Clark, D., Sollins, L., Wroclwski, J., Katabi, D., Kulik, J., Yang, X.: New Arch: Future Generation Internet Architecture, Technical Report, DoD – ITO (2003)
Falby, N., Fulp, J., Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., Shifflett, D.: Information assurance capacity building: A case study. In: Proc. 2004 IEEE Workshop on Information Assurance, pp. 31–36. U.S. Military Academy (June 2004)
Gorodetsky, V., Skormin, V., Popyack, L. (eds.): Information Assurance in Computer Networks: Methods, Models, and Architecture for Network Security. St. Petersburg, Springer, Heidelberg (2001)
Gu, Y., Grossman, R.: UDT: UDP-based Data Transfer for High-Speed Wide Area Networks. Computer Networks 51(7) (2007)
Hamill, J., Deckro, R., Kloeber, J.: Evaluating information assurance strategies. Decision Support Systems 39(3), 463–484 (2005)
H.I. for Information Technology, H. U. of Technology, et al.: Infrastructure for HIP (2008)
Harrison, D.: RPI NS2 Graphing and Statistics Package, http://networks.ecse.rpi.edu/~harrisod/graph.html
Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF (April 2008)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)
Leon-Garcia, A., Widjaja, I.: Communication Networks. McGraw Hill, New York (2000)
Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP selective acknowledgment options. IETF RFC 2018 (April 1996)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems (May 2004)
PSU Evaluation Methods for Internet Security Technology, EMIST (2004), http://emist.ist.psu.edu (visited December 2009)
Rabin, M.: Digitized signatures and public-key functions as intractable as Factorization. MIT/LCS Technical Report, TR-212 (1979)
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, IETF (April 2006)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-keycryptosystems. Communication of ACM 21, 120–126 (1978)
Schwartz, M.: Broadband Integrated Networks. Prentice Hall, Englewood Cliffs (1996)
Stewart, R. (ed.): Stream Control Transmission Protocol, RFC 4960 (2007)
Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet Indirection Infrastructure. In: Proc. ACM SIGCOMM 2002 (2002)
Szalay, A., Gray, J., Thakar, A., Kuntz, P., Malik, T., Raddick, J., Stoughton, C., Vandenberg, J.: The SDSS SkyServer - Public access to the Sloan digital sky server data. In: ACM SIGMOD 2002 (2002)
Wang, G., Xia, Y.: An NS2 TCP Evaluation Tool, http://labs.nec.com.cn/tcpeval.html
Globus XIO: unix.globus.org/toolkit/docs/3.2/xio/index.html (retrieved on November 1, 2009)
Zhang, M., Karp, B., Floyd, S., Peterson, L.: RR-TCP: A reordering-robust TCP with DSACK. In: Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta, GA (November 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernardo, D.V., Hoang, D.B. (2010). End-to-End Security Methods for UDT Data Transmissions. In: Kim, Th., Lee, Yh., Kang, BH., Ślęzak, D. (eds) Future Generation Information Technology. FGIT 2010. Lecture Notes in Computer Science, vol 6485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17569-5_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-17569-5_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17568-8
Online ISBN: 978-3-642-17569-5
eBook Packages: Computer ScienceComputer Science (R0)