Skip to main content

Advertisement

SpringerLink
Book cover

The Future Internet Assembly

FIA 2011: The Future Internet pp 167–176Cite as

  1. Home
  2. The Future Internet
  3. Conference paper
Security Design for an Inter-Domain Publish/Subscribe Architecture

Security Design for an Inter-Domain Publish/Subscribe Architecture

  • Kari Visala18,
  • Dmitrij Lagutin18 &
  • Sasu Tarkoma19 
  • Conference paper
  • Open Access

  • 31k Accesses

  • 2 Citations

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 6656)

Abstract

Several new architectures have been recently proposed to replace the Internet Protocol Suite with a data-centric or publish/subscribe (pub/sub) network layer waist for the Internet. The clean-slate design makes it possible to take into account issues in the current Internet, such as unwanted traffic, from the start. If these new proposals are ever deployed as part of the public Internet as an essential building block of the infrastructure, they must be able to operate in a hostile environment, where a large number of users are assumed to collude against the network and other users. In this paper we present a security design through the network stack for a data-centric pub/sub architecture that achieves availability, information integrity, and allows application-specific security policies while remaining scalable. We analyse the solution and examine the minimal trust assumptions between the stakeholders in the system to guarantee the security properties advertised.

Keywords

  • Future Internet
  • publish/subscribe networking
  • network security

Download conference paper PDF

References

  1. Wang, C., Carzaniga, A., Evans, D., Wolf, A.L.: Security issues and requirements for Internet-scale publish-subscribe systems. In: HICSS ’02, Hawaii, USA (2002)

    Google Scholar 

  2. Visala, K., Lagutin, D., Tarkoma, S.: LANES: An Inter-Domain Data-Oriented Routing Architecture. In: ReArch’09, Rome, Italy (2009)

    Google Scholar 

  3. Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M., Briggs, N., Braynard, R.L.: Networking named content. In: ACM CoNEXT 2009, Rome, Italy (2009)

    Google Scholar 

  4. Koponen, T., Chawla, M., Chun, B.-G., Ermolinskiy, A., Kim, K.H., Shenker, S., Stoica, I.: A Data-Oriented (and Beyond) Network Architecture. In: ACM SIGCOMM 2007, Kyoto, Japan (2007)

    CrossRef  Google Scholar 

  5. Lagutin, D., Visala, K., Zahemszky, A., Burbridge, T., Marias, G.: Roles and Security in a Publish/Subscribe Network Architecture. In: ISCC’10, Riccione, Italy (2010)

    Google Scholar 

  6. Clark, D., Wroclawski, J., Sollins, K., Braden, R.: Tussle in Cyberspace: Defining Tomorrow’s Internet. IEEE/ACM Transactions on Networking 13(3), 462–475 (2005)

    CrossRef  Google Scholar 

  7. Pesonen, L.I., Bacon, J.: Secure event types in contentbased, multi-domain publish/subscribe systems. In: 5th international workshop on Software engineering and middleware, pp. 98–105 (2005)

    Google Scholar 

  8. Merkle, R.: Secrecy, authentication, and public key systems. Ph.D. dissertation, Department of Electrical Engineering, Stanford University (1979)

    Google Scholar 

  9. Perrig, A., Canetti, R., Tygar, J.D., Song, D.: The Tesla broadcast authentication protocol. Cryptobytes 5(2), 2–13 (2002)

    Google Scholar 

  10. Heer, T., Götz, S., Morchon, O.G., Wehrle, K.: Alpha: An adaptive and lightweight protocol for hopbyhop authentication. In: Proceedings of ACM CoNEXT (2008)

    Google Scholar 

  11. Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable internet protocol (AIP). In: Proceedings of the ACM SIGCOMM 2008, pp. 339–350 (2007)

    CrossRef  Google Scholar 

  12. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Brauer, W. (ed.) CRYPTO 1980. LNCS, vol. 84, pp. 47–53. Springer, Heidelberg (1980)

    Google Scholar 

  13. Saltzer, J., Reed, D., Clark, D.: End-to-end arguments in system design. ACM Transactions on Computer Systems 2(4), 277–288 (1984)

    CrossRef  Google Scholar 

  14. Lagutin, D., Visala, K., Tarkoma, S.: Publish/Subscribe for Internet: PSIRP Perspective. Valencia FIA book (2010)

    Google Scholar 

  15. Tarkoma, S., Antikainen, M.: Canopy: Publish/Subscribe with Upgraph Combination. In: 13th IEEE Global Internet Symposium 2010 (2010)

    Google Scholar 

  16. Gao, L.: On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactions on Networking 9(6), 733–745 (2001)

    CrossRef  Google Scholar 

  17. Yang, X., Clark, D., Berger, A.W.: NIRA: A New Inter-Domain Routing Architecture. IEEE/ACM Trans. Netw. 15(4), 775–788 (2007)

    CrossRef  Google Scholar 

  18. Rajahalme, J., Särelä, M., Visala, K., Riihijärvi, J.: Inter-Domain Rendezvous Service Architecture. PSIRP Technical Report TR09-003 (2009)

    Google Scholar 

  19. Ganesan, P., Gummadi, K., Garcia-Molina, H.: Canon in G Major: Designing DHTs with Hierarchical Structure. In: ICDCS’04, pp. 263–272. IEEE Computer Society Press, Los Alamitos (2004)

    Google Scholar 

  20. Carpenter, B.: rfc1958: Architectural Principles of the Internet. IETF (June 1996)

    Google Scholar 

  21. Jokela, P., Zahemszky, A., Esteve, C., Arianfar, S., Nikander, P.: LIPSIN: Line speed Publish/Subscribe Inter-Networking. In: SIGCOMM’09 (2009)

    Google Scholar 

  22. Esteve, C., Nikander, P., Särelä, M., Ylitalo, J.: Self-routing Denial-of-Service Resistant Capabilities using In-packet Bloom Filters. In: European Conference on Computer Network Defence, EC2ND (2009)

    Google Scholar 

  23. Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

    Google Scholar 

  24. Forsten, J., Järvinen, K., and Skyttä, J.: Packet level authentication: Hardware subtask final report. Helsinki University of Technology, Tech. Rep (2008), http://www.tcs.hut.fi/Software/PLA/new/doc/PLA_HW_final_report.pdf

  25. Lagutin, D.: Securing the Internet with Digital Signatures. Doctoral dissertation, Department of Computer Science and Engineering, Aalto University, School of Science and Technology (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Helsinki Institute for Information Technology HIIT / Aalto University School of Science and Technology, Espoo, Finland

    Kari Visala & Dmitrij Lagutin

  2. Department of Computer Science, University of Helsinki, Helsinki, Finland

    Sasu Tarkoma

Authors
  1. Kari Visala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dmitrij Lagutin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sasu Tarkoma
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Knowledge Media Institute (KMi), The Open University, Milton Keynes, UK

    John Domingue

  2. Dept. of Electronic and Electrical Engineering, University College London, London, UK

    Alex Galis

  3. Eurescom GmbH, Heidelberg, Germany

    Anastasius Gavras

  4. Synelixis/TEI of Chalkida, Greece

    Theodore Zahariadis

  5. Knowledge Media Institute, The Open University, Milton Keynes, UK

    Dave Lambert

  6. Waterford Institute of Technology –TSSG, Waterford, Ireland

    Frances Cleary

  7. CERTH-ITI, Thessaloniki, Greece

    Petros Daras

  8. Ericsson Serbia, Belgrade, Serbia

    Srdjan Krco

  9. Business Information Systems, University of Applied Sciences Western Switzerland, Sierre, Switzerland

    Henning Müller

  10. IC Focus, London, UK

    Man-Sze Li

  11. ESoCE Net, Dialogic, Aalto University School of Economics (CKIR), Aalto, Finland

    Hans Schaffers

  12. SAP Research, Sophia Antipolis, France

    Volkmar Lotz

  13. Universidad Politécnica de Madrid, Spain

    Federico Alvarez

  14. University of Zurich, Switzerland

    Burkhard Stiller

  15. SAP Research, Karlsruhe, Germany

    Stamatis Karnouskos

  16. Université Pierre et Marie Curie (UPMC), Paris, France

    Susanna Avessta

  17. Lulea University of Technology, Lulea, Sweden

    Michael Nilsson

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (http://creativecommons.org/licenses/by-nc/2.5/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2011 The Author(s)

About this paper

Cite this paper

Visala, K., Lagutin, D., Tarkoma, S. (2011). Security Design for an Inter-Domain Publish/Subscribe Architecture. In: , et al. The Future Internet. FIA 2011. Lecture Notes in Computer Science, vol 6656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20898-0_12

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-642-20898-0_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-20897-3

  • Online ISBN: 978-3-642-20898-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Over 10 million scientific documents at your fingertips

Switch Edition
  • Academic Edition
  • Corporate Edition
  • Home
  • Impressum
  • Legal information
  • Privacy statement
  • California Privacy Statement
  • How we use cookies
  • Manage cookies/Do not sell my data
  • Accessibility
  • FAQ
  • Contact us
  • Affiliate program

Not affiliated

Springer Nature

© 2023 Springer Nature Switzerland AG. Part of Springer Nature.