End-to-End Security Methods for UDT Data Transmissions

  • Danilo Valeros Bernardo
  • Doan B. Hoang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6485)


UDT (UDP-based data transfer protocol) is one of the most promising network protocols developed for high data speed data transfer. It does not, however, have any inherent security mechanisms, and thus relies on other transport protocols to provide them. Towards its implementation in high speed networks, security and privacy are critical factors and important challenges that need to be addressed. There were substantial research efforts we carried out so far to address these challenges. We introduced security mechanisms through the application layer using UDT’s API and presented DTLS, GSS-API, and CGA, in transport and IP layers. In this paper, we make the following contributions: we out line security requirements for UDT implementation and propose practical encryption methods for securing UDT within the network layer.


UDT TCP GSS-API DTLS Next Generation Protocol 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (1996)Google Scholar
  2. 2.
    Bellovin, S.: Guidelines for Mandating the Use of IPsec, Work in Progress, IETF (October 2003)Google Scholar
  3. 3.
    Bernardo, D.V., Hoang, D.B.: A Conceptual Approach against Next Generation Security Threats: Securing a High Speed Network Protocol – UDT. In: Proc. IEEE the 2nd ICFN 2010, Shanya, China (2010)Google Scholar
  4. 4.
    Bernardo, D.V., Hoang, D.B.: Security Requirements for UDT, IETF Internet-Draft – working paper (September 2009)Google Scholar
  5. 5.
    Bernardo, D.V., Hoang, D.B.: “Network Security Considerations for a New Generation Protocol UDT. In: Proc. IEEE the 2nd ICCIST Conference 2009, Beijing, China (2009)Google Scholar
  6. 6.
    Bernardo, D.V., Hoang, D.B.: A Security Framework and its Implementation in Fast Data Transfer Next Generation Protocol UDT. Journal of Information Assurance and Security 4(354-360) (2009) ISN 1554-1010Google Scholar
  7. 7.
    Chown, T., Juby, B.: Overview of Methods for Encryption of H.323 Data Streams. Technical Paper, University of Southampton (March 2001)Google Scholar
  8. 8.
    Blumenthal, M., Clark, D.: Rethinking the Design of the Internet: End-to-End Argument vs. the Brave New World. In: Proc. ACM Trans Internet Technology, vol. 1 (August 2001)Google Scholar
  9. 9.
    Clark, D., Sollins, L., Wroclwski, J., Katabi, D., Kulik, J., Yang, X.: New Arch: Future Generation Internet Architecture, Technical Report, DoD – ITO (2003)Google Scholar
  10. 10.
    Falby, N., Fulp, J., Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., Shifflett, D.: Information assurance capacity building: A case study. In: Proc. 2004 IEEE Workshop on Information Assurance, pp. 31–36. U.S. Military Academy (June 2004)Google Scholar
  11. 11.
    Gorodetsky, V., Skormin, V., Popyack, L. (eds.): Information Assurance in Computer Networks: Methods, Models, and Architecture for Network Security. St. Petersburg, Springer, Heidelberg (2001)Google Scholar
  12. 12.
    Gu, Y., Grossman, R.: UDT: UDP-based Data Transfer for High-Speed Wide Area Networks. Computer Networks 51(7) (2007)Google Scholar
  13. 13.
    Hamill, J., Deckro, R., Kloeber, J.: Evaluating information assurance strategies. Decision Support Systems 39(3), 463–484 (2005)CrossRefGoogle Scholar
  14. 14.
    H.I. for Information Technology, H. U. of Technology, et al.: Infrastructure for HIP (2008)Google Scholar
  15. 15.
    Harrison, D.: RPI NS2 Graphing and Statistics Package,
  16. 16.
    Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF (April 2008)Google Scholar
  17. 17.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)Google Scholar
  18. 18.
    Leon-Garcia, A., Widjaja, I.: Communication Networks. McGraw Hill, New York (2000)Google Scholar
  19. 19.
    Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP selective acknowledgment options. IETF RFC 2018 (April 1996)Google Scholar
  20. 20.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  21. 21.
    NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems (May 2004)Google Scholar
  22. 22.
  23. 23.
    PSU Evaluation Methods for Internet Security Technology, EMIST (2004), (visited December 2009)
  24. 24.
    Rabin, M.: Digitized signatures and public-key functions as intractable as Factorization. MIT/LCS Technical Report, TR-212 (1979)Google Scholar
  25. 25.
    Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, IETF (April 2006)Google Scholar
  26. 26.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-keycryptosystems. Communication of ACM 21, 120–126 (1978)CrossRefzbMATHGoogle Scholar
  27. 27.
    Schwartz, M.: Broadband Integrated Networks. Prentice Hall, Englewood Cliffs (1996)Google Scholar
  28. 28.
    Stewart, R. (ed.): Stream Control Transmission Protocol, RFC 4960 (2007)Google Scholar
  29. 29.
    Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet Indirection Infrastructure. In: Proc. ACM SIGCOMM 2002 (2002)Google Scholar
  30. 30.
    Szalay, A., Gray, J., Thakar, A., Kuntz, P., Malik, T., Raddick, J., Stoughton, C., Vandenberg, J.: The SDSS SkyServer - Public access to the Sloan digital sky server data. In: ACM SIGMOD 2002 (2002)Google Scholar
  31. 31.
    Wang, G., Xia, Y.: An NS2 TCP Evaluation Tool,
  32. 32.
    Globus XIO: (retrieved on November 1, 2009)
  33. 33.
    Zhang, M., Karp, B., Floyd, S., Peterson, L.: RR-TCP: A reordering-robust TCP with DSACK. In: Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta, GA (November 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Danilo Valeros Bernardo
    • 1
  • Doan B. Hoang
    • 1
  1. 1.iNext, Computing and Communications, Faculty of Engineering and Information TechnologyThe University of Technology SydneySydneyAustralia

Personalised recommendations