Abstract
The development and deployment of User Datagram Protocol (UDP)- based Data Transfer (UDT) is undoubtedly strongly reliant upon existing security mechanisms. However, existing mechanisms are developed for mature protocols such as TCP/UDP. We, therefore, developed proprietary mechanisms to form a security architecture for UDT. The primary objectives of the architecture include the management of messages through Authentication Option (AO) and cryptographic keys, the security of data communications, and the integration of data protection enhancing technologies across all the layers. Our approach is the result of our work which started in 2008. We verified each mechanism through formalisation to achieve information-theoretic soundness of the architecture. The results achieve the enhancement of existing schemes to introduce a novel approach to integrate mechanisms to secure UDT in its deployment. The architecture does include available and well-discussed schemes, which are used in other protocols, with proven computational intelligence which can be upgraded so as to provide improved security and primary protection in future extensive UDT deployments. In this work, we present UDT Security Architecture with suitable mechanisms to ensure preservation of data integrity in data transmission.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Al-Shraideh, F.: Host Identity Protocol. In: ICN/ICONS/MCL, p. 203. IEEE Computer Society (2006)
Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable Internet Protocol (AIP). In: Bahl, V., Wetherall, D., Savage, S., Stoica, I. (eds.) SIGCOMM, pp. 339–350. ACM (2008)
Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)
Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, IETF (March 2005)
Aura, T., Nagarajan, A., Gurtov, A.: Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 481–493. Springer, Heidelberg (2005)
Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (1996)
Bellovin, S.: Guidelines for Mandating the Use of IPsec. Work in Progress. IETF (October 2003)
Bernardo, D.V., Hoang, D.: Empirical Survey: Experimentation and Implementations of High Speed Protocol Data Transfer for Grid. In: 25th IEEE AINA Workshop 2011, pp. 335–340 (2011)
Bernardo, D.V., Hoang, D.: A Conceptual Approach against Next Generation Security Threats: Securing a High Speed Network Protocol – UDT. In: Proc. IEEE the 2nd ICFN 2010, Shanya China (2010)
Bernardo, D.V., Hoang, D.: Security Requirements for UDT. IETF Internet-Draft – working paper (September 2009)
Bernardo, D.V., Hoang, D.: Network Security Considerations for a New Generation Protocol UDT. In: Proc. IEEE the 2nd ICCIST Conference 2009, Beijing China (2009)
Bernardo, D.V., Hoang, D.: A Security Framework and its Implementation in Fast Data Transfer Next Generation Protocol UDT. Journal of Information Assurance and Security 4, 354–360 (2009) ISN 1554-1010
Bernardo, D.V., Hoang, D.: Security Analysis of the Proposed Practical Security Mechanisms for High Speed Data Transfer Protocol. In: Kim, T.-H., Adeli, H. (eds.) AST/UCMA/ISA/ACN 2010. LNCS, vol. 6059, pp. 100–114. Springer, Heidelberg (2010)
Bernardo, D.V., Hoang, D.B.: End-to-End Security Methods for UDT Data Transmissions. In: Kim, T.-H., Lee, Y.-H., Kang, B.-H., Ślęzak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 383–393. Springer, Heidelberg (2010)
Bernardo, D.V., Hoang, D.: Securing data transfer in the cloud through introducing identification packet and UDT-authentication option field: a characterization. International Journal of Network Security & Its Applications (IJNSA) 2(4) (October 2010) CoRR abs/1010.4845:
Bernardo, D.V., Hoang, D.: Multi-layer Security Analysis and Experimentation of High Speed Protocol Data Transfer for GRID. International Journal o Grid and Utility Computing (in the press) (October 2011)
Bernardo, D.V., Hoang, D.: A Pragmatic Approach: Achieving Acceptable Security Mechanisms for High Speed Data Transfer Protocol- UDT SERSC. International Journal of Security and Its Applications 4(4) (October 2010)
Blumenthal, M., Clark, D.: Rethinking the Design of the Internet: End-to-End Argument vs. the Brave New World. In: Proc. ACM Trans Internet Technology, p.1 (August 2001)
Clark, D., Sollins, L., Wroclwski, J., Katabi, D., Kulik, J., Yang, X.: New Arch: Future Generation Internet Architecture, Technical Report, DoD – ITO (2003)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246 (January 1999)
Falby, N., Fulp, J., Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., Shifflett, D.: Information assurance capacity building: A case study. In: Proc. 2004 IEEE Workshop on Information Assurance, U.S. Military Academy, pp. 31–36 (June 2004)
Gorodetsky, V., Skormin, V., Popyack, L. (eds.): Information Assurance in Computer Networks: Methods, Models, and Architecture for Network Security. Springer, St. Petersburg (2001)
Gu, Y., Grossman, R.: UDT: UDP-based Data Transfer for High-Speed Wide Area Networks. Computer Networks 51(7) (2007)
Hamill, J., Deckro, R., Kloeber, J.: Evaluating information assurance strategies. Decision Support Systems 39(3), 463–484 (2005)
H. I. for Information Technology, H. U. of Technology, et al. Infrastructure for HIP (2008)
Harrison, D.: RPI NS2 Graphing and Statistics Package, http://networks.ecse.rpi.edu/~harrisod/graph.html
Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF (April 2008)
Joubert, P., King, R., Neves, R., Russinovich, M., Tracey, J.: Highperformance memory-based web servers: Kernel and user-space performance. In: USENIX 2001, Boston, Massachusetts (June 2001)
Jray, W.: Generic Security Service API Version 2:C-bindings, RFC 2744 (January 2000)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)
Laganier, J., Eggert, L.: Host Identity Protocol (HIP) Rendezvous Extension. RFC 5204, IETF (April 2008)
Laganier, J., Koponen, T., Eggert, L.: Host Identity Protocol (HIP) Registration Extension. RFC 5203, IETF (April 2008)
Leon-Garcia, A., Widjaja, I.: Communication Networks. McGraw Hill (2000)
Linn, J.: Generic Security Service Application Program Interface Version 2, Update 1, RFC 2743 (January 2000)
Linn, J.: The Kerberos Version 5 GSS-API Mechanism, IETF, RFC 1964 (June 1996)
Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP selective acknowledgment options. IETF RFC 2018 (April 1996)
Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL) IETF, RFC 4422 (June 2006)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1997)
Moskowitz, R., Nikander, P.: RFC 4423: Host identity protocol (HIP) architecture (May 2006)
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol. RFC 5201, IETF (April 2008)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: Kerberos Network Authentication Service (V5), IETF, RFC 1964 (June 1996)
NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems (May 2004)
PSU Evaluation Methods for Internet Security Technology (EMIST) (2004), http://emist.ist.psu.edu (visited December 2009)
Rabin, M.: Digitized signatures and public-key functions as intractable as Factorization. MIT/LCS Technical Report, TR-212 (1979)
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, IETF (April 2006)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-keycryptosystems. Communication of ACM 21, 120–126 (1978)
Schwartz, M.: Broadband Integrated Networks. Prentice Hall (1996)
Stewart, R. (ed.): Stream Control Transmission Protocol, RFC 4960 (2007)
Stiemerling, M., Quittek, J., Eggert, L.: NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication. RFC 5207, IETF (April 2008)
Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet Indirection Infrastructure. In: Proc. ACM SIGCOMM (August 2002)
Szalay, A., Gray, J., Thakar, A., Kuntz, P., Malik, T., Raddick, J., Stoughton, C., Vandenberg, J.: The SDSS SkyServer - Public access to the Sloan digital sky server data. ACM SIGMOD (2002)
Wang, G., Xia,Y.: An NS2 TCP Evaluation Tool, http://labs.nec.com.cn/tcpeval.html
Williams, N.: Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings. RFC 5554 (May 2009)
Globus XIO, unix.globus.org/toolkit/docs/3.2/xio/index.html (retrieved on November 1, 2009)
Zhang, M., Karp, B., Floyd, S., Peterson, L.: RR-TCP: A reordering-robust TCP with DSACK. In: Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta, GA (November 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernardo, D.V., Hoang, D.B. (2011). Formalization and Information-Theoretic Soundness in the Development of Security Architecture for Next Generation Network Protocol - UDT. In: Kim, Th., Adeli, H., Fang, Wc., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds) Security Technology. SecTech 2011. Communications in Computer and Information Science, vol 259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27189-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-27189-2_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27188-5
Online ISBN: 978-3-642-27189-2
eBook Packages: Computer ScienceComputer Science (R0)