Abstract
Personal devices (such as smartphones and laptops) often experience incoherent levels of security due to the different protection applications available on the various devices. This paper presents a novel approach that consists in offloading security applications from personal devices and relocating them inside the network; this will be achieved by enriching network devices with the appropriate computational capabilities to execute generic security applications. This approach is fostered by the Secured project, which will define the architecture, data and protocols needed to turn this vision into reality.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
While the 802.1x protocol was originally intended to perform device authentication (e.g. based on the MAC address of the user terminal), recent extensions allow to perform this step based on user-defined credentials, such as username and password.
- 3.
This step could be avoided in case the access network already uses encryption, such as a WPA-protected WiFi hotspot.
References
Armknecht, F., Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Ramunno, G., Vernizzi, D.: An efficient implementation of trusted channels based on OpenSSL. In: ACM Workshop on Scalable Trusted Computing, pp. 41–50 (2008)
Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: ACM Workshop on Scalable Trusted Computing, pp. 21–24 (2006)
Gringoli, F., Salgarelli, L., Dusi, M., Cascarano, N., Risso, F., Claffy, K.: GT: picking up the truth from the ground for Internet traffic. ACM SIGCOMM Comput. Commun. Rev. 39(5), 12–18 (2009)
Trusted Computing Group: TPM Main Specification, Version 1.2, Revision 103 (2007). https://www.trustedcomputinggroup.org
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Network Functions Virtualisation Industry Specification Group (NFV ISG): Network Functions Virtualisation - update white paper, October 2013. http://portal.etsi.org/NFV/NFV_White_Paper2.pdf
Risso, F., Cerrato, I.: Customizing data-plane processing in edge routers. In: European Workshop on Software Defined Networks, pp. 114–120 (2012)
Sadeghi, A.-R., Schulz, S.: Extending IPsec for efficient remote attestation. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010 Workshops. LNCS, vol. 6054, pp. 150–165. Springer, Heidelberg (2010)
Acknowledgement
The research described in this paper is part of the Secured project, co-funded by the European Commission (FP7 grant agreement no. 611458).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Dalton, C., Lioy, A., Lopez, D., Risso, F., Sassu, R. (2014). Exploiting the Network for Securing Personal Devices. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2014. Communications in Computer and Information Science, vol 470. Springer, Cham. https://doi.org/10.1007/978-3-319-12574-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-12574-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12573-2
Online ISBN: 978-3-319-12574-9
eBook Packages: Computer ScienceComputer Science (R0)