Skip to main content
SpringerLink
Log in

Formalization and Information-Theoretic Soundness in the Development of Security Architecture for Next Generation Network Protocol - UDT

  • Conference paper
Security Technology (SecTech 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 259))

Included in the following conference series:

Abstract

The development and deployment of User Datagram Protocol (UDP)- based Data Transfer (UDT) is undoubtedly strongly reliant upon existing security mechanisms. However, existing mechanisms are developed for mature protocols such as TCP/UDP. We, therefore, developed proprietary mechanisms to form a security architecture for UDT. The primary objectives of the architecture include the management of messages through Authentication Option (AO) and cryptographic keys, the security of data communications, and the integration of data protection enhancing technologies across all the layers. Our approach is the result of our work which started in 2008. We verified each mechanism through formalisation to achieve information-theoretic soundness of the architecture. The results achieve the enhancement of existing schemes to introduce a novel approach to integrate mechanisms to secure UDT in its deployment. The architecture does include available and well-discussed schemes, which are used in other protocols, with proven computational intelligence which can be upgraded so as to provide improved security and primary protection in future extensive UDT deployments. In this work, we present UDT Security Architecture with suitable mechanisms to ensure preservation of data integrity in data transmission.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Al-Shraideh, F.: Host Identity Protocol. In: ICN/ICONS/MCL, p. 203. IEEE Computer Society (2006)

    Google Scholar 

  2. Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable Internet Protocol (AIP). In: Bahl, V., Wetherall, D., Savage, S., Stoica, I. (eds.) SIGCOMM, pp. 339–350. ACM (2008)

    Google Scholar 

  3. Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, IETF (March 2005)

    Google Scholar 

  5. Aura, T., Nagarajan, A., Gurtov, A.: Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 481–493. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (1996)

    Google Scholar 

  7. Bellovin, S.: Guidelines for Mandating the Use of IPsec. Work in Progress. IETF (October 2003)

    Google Scholar 

  8. Bernardo, D.V., Hoang, D.: Empirical Survey: Experimentation and Implementations of High Speed Protocol Data Transfer for Grid. In: 25th IEEE AINA Workshop 2011, pp. 335–340 (2011)

    Google Scholar 

  9. Bernardo, D.V., Hoang, D.: A Conceptual Approach against Next Generation Security Threats: Securing a High Speed Network Protocol – UDT. In: Proc. IEEE the 2nd ICFN 2010, Shanya China (2010)

    Google Scholar 

  10. Bernardo, D.V., Hoang, D.: Security Requirements for UDT. IETF Internet-Draft – working paper (September 2009)

    Google Scholar 

  11. Bernardo, D.V., Hoang, D.: Network Security Considerations for a New Generation Protocol UDT. In: Proc. IEEE the 2nd ICCIST Conference 2009, Beijing China (2009)

    Google Scholar 

  12. Bernardo, D.V., Hoang, D.: A Security Framework and its Implementation in Fast Data Transfer Next Generation Protocol UDT. Journal of Information Assurance and Security 4, 354–360 (2009) ISN 1554-1010

    Google Scholar 

  13. Bernardo, D.V., Hoang, D.: Security Analysis of the Proposed Practical Security Mechanisms for High Speed Data Transfer Protocol. In: Kim, T.-H., Adeli, H. (eds.) AST/UCMA/ISA/ACN 2010. LNCS, vol. 6059, pp. 100–114. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Bernardo, D.V., Hoang, D.B.: End-to-End Security Methods for UDT Data Transmissions. In: Kim, T.-H., Lee, Y.-H., Kang, B.-H., Ślęzak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 383–393. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  15. Bernardo, D.V., Hoang, D.: Securing data transfer in the cloud through introducing identification packet and UDT-authentication option field: a characterization. International Journal of Network Security & Its Applications (IJNSA) 2(4) (October 2010) CoRR abs/1010.4845:

    Google Scholar 

  16. Bernardo, D.V., Hoang, D.: Multi-layer Security Analysis and Experimentation of High Speed Protocol Data Transfer for GRID. International Journal o Grid and Utility Computing (in the press) (October 2011)

    Google Scholar 

  17. Bernardo, D.V., Hoang, D.: A Pragmatic Approach: Achieving Acceptable Security Mechanisms for High Speed Data Transfer Protocol- UDT SERSC. International Journal of Security and Its Applications 4(4) (October 2010)

    Google Scholar 

  18. Blumenthal, M., Clark, D.: Rethinking the Design of the Internet: End-to-End Argument vs. the Brave New World. In: Proc. ACM Trans Internet Technology, p.1 (August 2001)

    Google Scholar 

  19. Clark, D., Sollins, L., Wroclwski, J., Katabi, D., Kulik, J., Yang, X.: New Arch: Future Generation Internet Architecture, Technical Report, DoD – ITO (2003)

    Google Scholar 

  20. Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246 (January 1999)

    Google Scholar 

  21. Falby, N., Fulp, J., Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., Shifflett, D.: Information assurance capacity building: A case study. In: Proc. 2004 IEEE Workshop on Information Assurance, U.S. Military Academy, pp. 31–36 (June 2004)

    Google Scholar 

  22. Gorodetsky, V., Skormin, V., Popyack, L. (eds.): Information Assurance in Computer Networks: Methods, Models, and Architecture for Network Security. Springer, St. Petersburg (2001)

    Google Scholar 

  23. Gu, Y., Grossman, R.: UDT: UDP-based Data Transfer for High-Speed Wide Area Networks. Computer Networks 51(7) (2007)

    Google Scholar 

  24. Hamill, J., Deckro, R., Kloeber, J.: Evaluating information assurance strategies. Decision Support Systems 39(3), 463–484 (2005)

    Article  Google Scholar 

  25. H. I. for Information Technology, H. U. of Technology, et al. Infrastructure for HIP (2008)

    Google Scholar 

  26. Harrison, D.: RPI NS2 Graphing and Statistics Package, http://networks.ecse.rpi.edu/~harrisod/graph.html

  27. Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF (April 2008)

    Google Scholar 

  28. Joubert, P., King, R., Neves, R., Russinovich, M., Tracey, J.: Highperformance memory-based web servers: Kernel and user-space performance. In: USENIX 2001, Boston, Massachusetts (June 2001)

    Google Scholar 

  29. Jray, W.: Generic Security Service API Version 2:C-bindings, RFC 2744 (January 2000)

    Google Scholar 

  30. Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)

    Google Scholar 

  31. Laganier, J., Eggert, L.: Host Identity Protocol (HIP) Rendezvous Extension. RFC 5204, IETF (April 2008)

    Google Scholar 

  32. Laganier, J., Koponen, T., Eggert, L.: Host Identity Protocol (HIP) Registration Extension. RFC 5203, IETF (April 2008)

    Google Scholar 

  33. Leon-Garcia, A., Widjaja, I.: Communication Networks. McGraw Hill (2000)

    Google Scholar 

  34. Linn, J.: Generic Security Service Application Program Interface Version 2, Update 1, RFC 2743 (January 2000)

    Google Scholar 

  35. Linn, J.: The Kerberos Version 5 GSS-API Mechanism, IETF, RFC 1964 (June 1996)

    Google Scholar 

  36. Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP selective acknowledgment options. IETF RFC 2018 (April 1996)

    Google Scholar 

  37. Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL) IETF, RFC 4422 (June 2006)

    Google Scholar 

  38. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1997)

    Google Scholar 

  39. Moskowitz, R., Nikander, P.: RFC 4423: Host identity protocol (HIP) architecture (May 2006)

    Google Scholar 

  40. Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol. RFC 5201, IETF (April 2008)

    Google Scholar 

  41. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: Kerberos Network Authentication Service (V5), IETF, RFC 1964 (June 1996)

    Google Scholar 

  42. NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems (May 2004)

    Google Scholar 

  43. NS2, http://isi.edu/nsna/ns

  44. PSU Evaluation Methods for Internet Security Technology (EMIST) (2004), http://emist.ist.psu.edu (visited December 2009)

  45. Rabin, M.: Digitized signatures and public-key functions as intractable as Factorization. MIT/LCS Technical Report, TR-212 (1979)

    Google Scholar 

  46. Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, IETF (April 2006)

    Google Scholar 

  47. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-keycryptosystems. Communication of ACM 21, 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  48. Schwartz, M.: Broadband Integrated Networks. Prentice Hall (1996)

    Google Scholar 

  49. Stewart, R. (ed.): Stream Control Transmission Protocol, RFC 4960 (2007)

    Google Scholar 

  50. Stiemerling, M., Quittek, J., Eggert, L.: NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication. RFC 5207, IETF (April 2008)

    Google Scholar 

  51. Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet Indirection Infrastructure. In: Proc. ACM SIGCOMM (August 2002)

    Google Scholar 

  52. Szalay, A., Gray, J., Thakar, A., Kuntz, P., Malik, T., Raddick, J., Stoughton, C., Vandenberg, J.: The SDSS SkyServer - Public access to the Sloan digital sky server data. ACM SIGMOD (2002)

    Google Scholar 

  53. Wang, G., Xia,Y.: An NS2 TCP Evaluation Tool, http://labs.nec.com.cn/tcpeval.html

  54. Williams, N.: Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings. RFC 5554 (May 2009)

    Google Scholar 

  55. Globus XIO, unix.globus.org/toolkit/docs/3.2/xio/index.html (retrieved on November 1, 2009)

  56. Zhang, M., Karp, B., Floyd, S., Peterson, L.: RR-TCP: A reordering-robust TCP with DSACK. In: Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta, GA (November 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. i-Next, Faculty of Information Technology and Engineering, The University of Technology, Sydney, Australia

    Danilo V. Bernardo & Doan B. Hoang

Authors
  1. Danilo V. Bernardo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Doan B. Hoang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Multimedia Engineering Department, Hannam University, 133 Ojeong-dong, Daeduk-gu, Daejeon, Korea

    Tai-hoon Kim

  2. The Ohio State University, 470 Hitchcock Hall, 2070 Neil Avenue, 43210-1275, Columbus, OH, USA

    Hojjat Adeli

  3. National Chiao Tung University, Hsinchu, Taiwan, R.O.C.

    Wai-chi Fang

  4. Universidad Complutense de Madrid, 28040, Madrid, Spain

    Javier García Villalba

  5. Mississippi State University, Mississippi State, MS, USA

    Kirk P. Arnett

  6. Center of Excellence in Information Assurance, King Saud University, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernardo, D.V., Hoang, D.B. (2011). Formalization and Information-Theoretic Soundness in the Development of Security Architecture for Next Generation Network Protocol - UDT. In: Kim, Th., Adeli, H., Fang, Wc., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds) Security Technology. SecTech 2011. Communications in Computer and Information Science, vol 259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27189-2_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27189-2_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27188-5

  • Online ISBN: 978-3-642-27189-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation