Security Design for an Inter-Domain Publish/Subscribe Architecture

Several new architectures have been recently proposed to replace the Internet Protocol Suite with a data-centric or publish/subscribe (pub/sub) network layer waist for the Internet. The clean-slate design makes it possible to take into account issues in the current Internet, such as unwanted traffic, from the start. If these new proposals are ever deployed as part of the public Internet as an essential building block of the infrastructure, they must be able to operate in a hostile environment, where a large number of users are assumed to collude against the network and other users. In this paper we present a security design through the network stack for a data-centric pub/sub architecture that achieves availability, information integrity, and allows application-specific security policies while remaining scalable. We analyse the solution and examine the minimal trust assumptions between the stakeholders in the system to guarantee the security properties advertised.

[1]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[2]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[3]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[4]  Klaus Wehrle,et al.  ALPHA: an adaptive and lightweight protocol for hop-by-hop authentication , 2008, CoNEXT '08.

[5]  Alexander L. Wolf,et al.  Security issues and requirements for Internet-scale publish-subscribe systems , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[6]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[7]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[8]  X.. Yang,et al.  NIRA: A New Inter-Domain Routing Architecture , 2007, IEEE/ACM Transactions on Networking.

[9]  Pekka Nikander,et al.  Self-Routing Denial-of-Service Resistant Capabilities Using In-packet Bloom Filters , 2009, 2009 European Conference on Computer Network Defense.

[10]  Sasu Tarkoma,et al.  Publish/Subscribe for Internet: PSIRP Perspective , 2010, Future Internet Assembly.

[11]  David D. Clark,et al.  Tussle in cyberspace: defining tomorrow's internet , 2005, TNET.

[12]  Dmitrij Lagutin,et al.  Securing the Internet with digital signatures , 2010 .

[13]  Giannis F. Marias,et al.  Roles and security in a publish/subscribe network architecture , 2010, The IEEE symposium on Computers and Communications.

[14]  Sasu Tarkoma,et al.  LANES: an inter-domain data-oriented routing architecture , 2009, ReArch '09.

[15]  Jean Bacon,et al.  Secure event types in content-based, multi-domain publish/subscribe systems , 2005, SEM '05.

[16]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[17]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[18]  Wilfried Brauer,et al.  Net Theory and Applications , 1980, Lecture Notes in Computer Science.

[19]  Sasu Tarkoma,et al.  Canopy: Publish/Subscribe with Upgraph Combination , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[20]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[21]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[22]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[23]  Pekka Nikander,et al.  LIPSIN: line speed publish/subscribe inter-networking , 2009, SIGCOMM '09.

[24]  Krishna P. Gummadi,et al.  Canon in G major: designing DHTs with hierarchical structure , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..