Abstract
Some security problems can be often solved through authorization rather than authentication. Furthermore, certificate-based authorization approach can alleviate usual drawbacks of centralized systems such as bottlenecks or single point of failure. In this paper, we propose a solution that could bring an appropriate security architecture to the Internet Backplane Protocol (IBP), a distributed shared storage protocol. The three basic building blocks are IPsec, Simple Public Key Infrastructure (SPKI) certificates and Crypto-Based Identifiers (CBID). CBID allows entities to prove ownership of their identifiers, SPKI allows entities to prove that they have been authorized to performs specific actions while IPsec provides data origin authentication and confidentiality. We propose to use them to bring some level of ‘opportunistic’ security in the absence of any trusted central authority. This is particularly tailored to ad-hoc environments where collaborations might be very short-termed.
Chapter PDF
Similar content being viewed by others
References
Deeringr, S., Hinden, B.: Internet Protocol version 6 (IPv6) Specification. RFC 2460 (December 1995)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (November 1998)
Kent, S., Atkinson, R.: IP Authentication Header. RFC 2402 (November 1998)
Kent, S., Atkinson, R.: Encapsulating Security Payload. RFC 2403 (November 1998)
Dierks, T., Allen, C.: The Tranport Layer Security (TLS) Protocol. RFC 2246 (January 1999)
Ellison, C., et al.: SPKI Certificate Theory. RFC 2693 (September 1999)
Montenegro, G., Castellucia, C.: Stastically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses. In: 9th Network and Distributed System Security Symposium (NDSS) (February 2002)
Montenegro, G., Castellucia, C.: Securing Group Management. ACM Transactions on Security. (T-SEC) 2002 (February 2001)
Plank, J., Bassi, A., Beck, M., et al.: Managing Data Storage in the Network. IEEE Internet Computing (September-October 2001)
Montenegro, G., Bailly, D.: The Crypto-ID JXTA project web site, http://cryptoid.jxta.org
The Globus project web site, http://www.globus.org
Goh, E., Shacham, H., Modadugu, N., Boneh, D.: SiRIUS: Securing Remote Untrusted Storage. In: Proc. Network and Distributed System Security Symposium (NDSS) (February 2003)
Ioannidis, J., Keromytis, A., et al.: Trust Management for IPsec. In: Proc. Network and Distributed System Security Symposium (NDSS) (February 2001)
Ioannidis, J., Keromytis, A., et al.: Implementing a Distributed Firewall. In: Proc. ACM Conference on Computer and Communications Security (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bassi, A., Laganier, J. (2003). Towards an IPv6-Based Security Framework for Distributed Storage Resources. In: Lioy, A., Mazzocchi, D. (eds) Communications and Multimedia Security. Advanced Techniques for Network and Data Protection. CMS 2003. Lecture Notes in Computer Science, vol 2828. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45184-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-45184-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20185-4
Online ISBN: 978-3-540-45184-6
eBook Packages: Springer Book Archive