Abstract
The development of next generation protocols, such as UDT (UDP-based data transfer), promptly addresses various infrastructure requirements for transmitting data in high speed networks. However, this development creates new vulnerabilities when these protocols are designed to solely rely on existing security solutions of existing protocols such as TCP and UDP. It is clear that not all security protocols (such as TLS) can be used to protect UDT, just as security solutions devised for wired networks cannot be used to protect the unwired ones. The development of UDT, similarly in the development of TCP/UDP many years ago, lacked a well-thought security architecture to address the problems that networks are presently experiencing. This paper proposes and analyses practical security mechanisms for UDT.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Al-Shraideh, F.: Host Identity Protocol. In: ICN/ICONS/MCL, p. 203. IEEE Computer Society, Los Alamitos (2006)
Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable Internet Protocol (AIP). In: Bahl, V., Wetherall, D., Savage, S., Stoica, I. (eds.) SIGCOMM, pp. 339–350. ACM, New York (2008)
Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)
Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, IETF (March 2005)
Aura, T., Nagarajan, A., Gurtov, A.: Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 481–493. Springer, Heidelberg (2005)
Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (1996)
Bellovin, S.: Guidelines for Mandating the Use of IPsec. Work in Progress, IETF (October 2003)
Bernardo, D.V., Hoang, D.: A Conceptual Approach against Next Generation Security Threats: Securing a High Speed Network Protocol – UDT. In: Proc. IEEE the 2nd ICFN 2010, Shanya China (2010)
Bernardo, D.V., Hoang, D.: Security Requirements for UDT. IETF Internet-Draft – working paper (September 2009)
Bernardo, D.V., Hoang, D.: Network Security Considerations for a New Generation Protocol UDT. In: Proc. IEEE the 2nd ICCIST Conference 2009, Beijing China (2009)
Bernardo, D.V., Hoang, D.: A Security Framework and its Implementation in Fast Data Transfer Next Generation Protocol UDT. Journal of Information Assurance and Security 4(354-360) (2009), ISN 1554-1010
Blumenthal, M., Clark, D.: Rethinking the Design of the Internet: End-to-End Argument vs. the Brave New World. Proc. ACM Trans Internet Technology 1 (August 2001)
Clark, D., Sollins, L., Wroclwski, J., Katabi, D., Kulik, J., Yang, X.: New Arch: Future Generation Internet Architecture. Technical Report, DoD – ITO (2003)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246 (January 1999)
Falby, N., Fulp, J., Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., Shifflett, D.: Information assurance capacity building: A case study. In: Proc. 2004 IEEE Workshop on Information Assurance, U.S. Military Academy, June 2004, pp. 31–36 (2004)
Gorodetsky, V., Skormin, V., Popyack, L. (eds.): Information Assurance in Computer Networks: Methods, Models, and Architecture for Network Security, St. Petersburg. Springer, Heidelberg (2001)
Gu, Y., Grossman, R.: UDT: UDP-based Data Transfer for High-Speed Wide Area Networks. Computer Networks 51(7) (2007)
Hamill, J., Deckro, R., Kloeber, J.: Evaluating information assurance strategies. Decision Support Systems 39(3), 463–484 (2005)
H. I. for Information Technology, H. U. of Technology, et al. Infrastructure for HIP (2008)
Harrison, D.: RPI NS2 Graphing and Statistics Package, http://networks.ecse.rpi.edu/~harrisod/graph.html
Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF (April 2008)
Joubert, P., King, R., Neves, R., Russinovich, M., Tracey, J.: Highperformance memory-based web servers: Kernel and user-space performance. In: USENIX 2001, Boston, Massachusetts (June 2001)
Jray, W.: Generic Security Service API Version 2: C-bindings. RFC 2744 (January 2000)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)
Laganier, J., Eggert, L.: Host Identity Protocol (HIP) Rendezvous Extension. RFC 5204, IETF (April 2008)
Laganier, J., Koponen, T., Eggert, L.: Host Identity Protocol (HIP) Registration Extension. RFC 5203, IETF (April 2008)
Leon-Garcia, A., Widjaja, I.: Communication Networks. McGraw Hill, New York (2000)
Linn, J.: Generic Security Service Application Program Interface Version 2, Update 1. RFC 2743 (January 2000)
Linn, J.: The Kerberos Version 5 GSS-API Mechanism. IETF, RFC 1964 (June 1996)
Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP selective acknowledgment options. IETF RFC 2018 (April 1996)
Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL) IETF. RFC 4422 (June 2006)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Moskowitz, R., Nikander, P.: RFC 4423: Host identity protocol (HIP) architecture (May 2006)
Moskowitz, R., Nikander, R., Jokela, P., Henderson, T.: Host Identity Protocol. RFC 5201, IETF (April 2008)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: Kerberos Network Authentication Service (V5), IETF, RFC 1964 (June 1996)
NIST SP 800-37. Guide for the Security Certification and Accreditation of Federal Information Systems (May 2004)
PSU Evaluation Methods for Internet Security Technology (EMIST) (2004), http://emist.ist.psu.edu (visited December 2009)
Rabin, M.: Digitized signatures and public-key functions as intractable as Factorization. MIT/LCS Technical Report, TR-212 (1979)
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, IETF (April 2006)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-keycryptosystems. Communication of ACM 21, 120–126 (1978)
Schwartz, M.: Broadband Integrated Networks. Prentice Hall, Englewood Cliffs (1996)
Stewart, R. (ed.): Stream Control Transmission Protocol. RFC 4960 (2007)
Stiemerling, M., Quittek, J., Eggert, L.: NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication. RFC 5207, IETF (April 2008)
Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet Indirection Infrastructure. In: Proc. ACM SIGCOMM 2002 (August 2002)
Szalay, A., Gray, J., Thakar, A., Kuntz, P., Malik, T., Raddick, J., Stoughton, C., Vandenberg, J.: The SDSS SkyServer - Public access to the Sloan digital sky server data. ACM SIGMOD (2002)
Wang, G., Xia, Y.: An NS2 TCP Evaluation Tool, http://labs.nec.com.cn/tcpeval.html
Williams, N.: Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings. RFC 5554 (May 2009)
Globus XIO, http://unix.globus.org/toolkit/docs/3.2/xio/index.html (retrieved on November 1, 2009)
Zhang, M., Karp, B., Floyd, S., Peterson, L.: RR-TCP: A reordering-robust TCP with DSACK. In: Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta, GA (November 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernardo, D.V., Hoang, D. (2010). Security Analysis of the Proposed Practical Security Mechanisms for High Speed Data Transfer Protocol. In: Kim, Th., Adeli, H. (eds) Advances in Computer Science and Information Technology. AST ACN 2010 2010. Lecture Notes in Computer Science, vol 6059. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13577-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-13577-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13576-7
Online ISBN: 978-3-642-13577-4
eBook Packages: Computer ScienceComputer Science (R0)