Skip to main content
SpringerLink
Log in

Security Analysis of the Proposed Practical Security Mechanisms for High Speed Data Transfer Protocol

  • Conference paper
Advances in Computer Science and Information Technology (AST 2010, ACN 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6059))

Abstract

The development of next generation protocols, such as UDT (UDP-based data transfer), promptly addresses various infrastructure requirements for transmitting data in high speed networks. However, this development creates new vulnerabilities when these protocols are designed to solely rely on existing security solutions of existing protocols such as TCP and UDP. It is clear that not all security protocols (such as TLS) can be used to protect UDT, just as security solutions devised for wired networks cannot be used to protect the unwired ones. The development of UDT, similarly in the development of TCP/UDP many years ago, lacked a well-thought security architecture to address the problems that networks are presently experiencing. This paper proposes and analyses practical security mechanisms for UDT.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Al-Shraideh, F.: Host Identity Protocol. In: ICN/ICONS/MCL, p. 203. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  2. Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D., Shenker, S.: Accountable Internet Protocol (AIP). In: Bahl, V., Wetherall, D., Savage, S., Stoica, I. (eds.) SIGCOMM, pp. 339–350. ACM, New York (2008)

    Chapter  Google Scholar 

  3. Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, IETF (March 2005)

    Google Scholar 

  5. Aura, T., Nagarajan, A., Gurtov, A.: Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 481–493. Springer, Heidelberg (2005)

    Google Scholar 

  6. Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (1996)

    Google Scholar 

  7. Bellovin, S.: Guidelines for Mandating the Use of IPsec. Work in Progress, IETF (October 2003)

    Google Scholar 

  8. Bernardo, D.V., Hoang, D.: A Conceptual Approach against Next Generation Security Threats: Securing a High Speed Network Protocol – UDT. In: Proc. IEEE the 2nd ICFN 2010, Shanya China (2010)

    Google Scholar 

  9. Bernardo, D.V., Hoang, D.: Security Requirements for UDT. IETF Internet-Draft – working paper (September 2009)

    Google Scholar 

  10. Bernardo, D.V., Hoang, D.: Network Security Considerations for a New Generation Protocol UDT. In: Proc. IEEE the 2nd ICCIST Conference 2009, Beijing China (2009)

    Google Scholar 

  11. Bernardo, D.V., Hoang, D.: A Security Framework and its Implementation in Fast Data Transfer Next Generation Protocol UDT. Journal of Information Assurance and Security 4(354-360) (2009), ISN 1554-1010

    Google Scholar 

  12. Blumenthal, M., Clark, D.: Rethinking the Design of the Internet: End-to-End Argument vs. the Brave New World. Proc. ACM Trans Internet Technology 1 (August 2001)

    Google Scholar 

  13. Clark, D., Sollins, L., Wroclwski, J., Katabi, D., Kulik, J., Yang, X.: New Arch: Future Generation Internet Architecture. Technical Report, DoD – ITO (2003)

    Google Scholar 

  14. Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246 (January 1999)

    Google Scholar 

  15. Falby, N., Fulp, J., Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., Shifflett, D.: Information assurance capacity building: A case study. In: Proc. 2004 IEEE Workshop on Information Assurance, U.S. Military Academy, June 2004, pp. 31–36 (2004)

    Google Scholar 

  16. Gorodetsky, V., Skormin, V., Popyack, L. (eds.): Information Assurance in Computer Networks: Methods, Models, and Architecture for Network Security, St. Petersburg. Springer, Heidelberg (2001)

    Google Scholar 

  17. Gu, Y., Grossman, R.: UDT: UDP-based Data Transfer for High-Speed Wide Area Networks. Computer Networks 51(7) (2007)

    Google Scholar 

  18. Hamill, J., Deckro, R., Kloeber, J.: Evaluating information assurance strategies. Decision Support Systems 39(3), 463–484 (2005)

    Article  Google Scholar 

  19. H. I. for Information Technology, H. U. of Technology, et al. Infrastructure for HIP (2008)

    Google Scholar 

  20. Harrison, D.: RPI NS2 Graphing and Statistics Package, http://networks.ecse.rpi.edu/~harrisod/graph.html

  21. Jokela, P., Moskowitz, R., Nikander, P.: Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF (April 2008)

    Google Scholar 

  22. Joubert, P., King, R., Neves, R., Russinovich, M., Tracey, J.: Highperformance memory-based web servers: Kernel and user-space performance. In: USENIX 2001, Boston, Massachusetts (June 2001)

    Google Scholar 

  23. Jray, W.: Generic Security Service API Version 2: C-bindings. RFC 2744 (January 2000)

    Google Scholar 

  24. Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)

    Google Scholar 

  25. Laganier, J., Eggert, L.: Host Identity Protocol (HIP) Rendezvous Extension. RFC 5204, IETF (April 2008)

    Google Scholar 

  26. Laganier, J., Koponen, T., Eggert, L.: Host Identity Protocol (HIP) Registration Extension. RFC 5203, IETF (April 2008)

    Google Scholar 

  27. Leon-Garcia, A., Widjaja, I.: Communication Networks. McGraw Hill, New York (2000)

    Google Scholar 

  28. Linn, J.: Generic Security Service Application Program Interface Version 2, Update 1. RFC 2743 (January 2000)

    Google Scholar 

  29. Linn, J.: The Kerberos Version 5 GSS-API Mechanism. IETF, RFC 1964 (June 1996)

    Google Scholar 

  30. Mathis, M., Mahdavi, J., Floyd, S., Romanow, A.: TCP selective acknowledgment options. IETF RFC 2018 (April 1996)

    Google Scholar 

  31. Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL) IETF. RFC 4422 (June 2006)

    Google Scholar 

  32. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  33. Moskowitz, R., Nikander, P.: RFC 4423: Host identity protocol (HIP) architecture (May 2006)

    Google Scholar 

  34. Moskowitz, R., Nikander, R., Jokela, P., Henderson, T.: Host Identity Protocol. RFC 5201, IETF (April 2008)

    Google Scholar 

  35. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: Kerberos Network Authentication Service (V5), IETF, RFC 1964 (June 1996)

    Google Scholar 

  36. NIST SP 800-37. Guide for the Security Certification and Accreditation of Federal Information Systems (May 2004)

    Google Scholar 

  37. NS2, http://isi.edu/nsna/ns

  38. PSU Evaluation Methods for Internet Security Technology (EMIST) (2004), http://emist.ist.psu.edu (visited December 2009)

  39. Rabin, M.: Digitized signatures and public-key functions as intractable as Factorization. MIT/LCS Technical Report, TR-212 (1979)

    Google Scholar 

  40. Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, IETF (April 2006)

    Google Scholar 

  41. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-keycryptosystems. Communication of ACM 21, 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  42. Schwartz, M.: Broadband Integrated Networks. Prentice Hall, Englewood Cliffs (1996)

    Google Scholar 

  43. Stewart, R. (ed.): Stream Control Transmission Protocol. RFC 4960 (2007)

    Google Scholar 

  44. Stiemerling, M., Quittek, J., Eggert, L.: NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication. RFC 5207, IETF (April 2008)

    Google Scholar 

  45. Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet Indirection Infrastructure. In: Proc. ACM SIGCOMM 2002 (August 2002)

    Google Scholar 

  46. Szalay, A., Gray, J., Thakar, A., Kuntz, P., Malik, T., Raddick, J., Stoughton, C., Vandenberg, J.: The SDSS SkyServer - Public access to the Sloan digital sky server data. ACM SIGMOD (2002)

    Google Scholar 

  47. Wang, G., Xia, Y.: An NS2 TCP Evaluation Tool, http://labs.nec.com.cn/tcpeval.html

  48. Williams, N.: Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings. RFC 5554 (May 2009)

    Google Scholar 

  49. Globus XIO, http://unix.globus.org/toolkit/docs/3.2/xio/index.html (retrieved on November 1, 2009)

  50. Zhang, M., Karp, B., Floyd, S., Peterson, L.: RR-TCP: A reordering-robust TCP with DSACK. In: Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta, GA (November 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. iNext - Centre for Innovation for IT Services and Applications, Faculty of Engineering and Information Technology, University of Technology, Sydney

    Danilo Valeros Bernardo & Doan Hoang

Authors
  1. Danilo Valeros Bernardo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Doan Hoang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, 133 Ojeong-dong, daeduk-gu, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  2. The Ohio State University, 43210, Columbus, OH, USA

    Hojjat Adeli

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernardo, D.V., Hoang, D. (2010). Security Analysis of the Proposed Practical Security Mechanisms for High Speed Data Transfer Protocol. In: Kim, Th., Adeli, H. (eds) Advances in Computer Science and Information Technology. AST ACN 2010 2010. Lecture Notes in Computer Science, vol 6059. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13577-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13577-4_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13576-7

  • Online ISBN: 978-3-642-13577-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation