论文信息 - Assessing the security of a clean-slate Internet architecture

Assessing the security of a clean-slate Internet architecture

The TCP/IP architecture was originally designed without taking security measures into consideration. Over the years, it has been subjected to many attacks, which has led to many patches to counter them. Our investigations into the fundamental principles of networking have shown that carefully following an abstract model of Inter-Process Communication (IPC) addresses many problems [1]. Guided by this IPC principle, we designed a clean-slate Recursive InterNetwork Architecture (RINA) [2]. In this paper, we show how, without the aid of cryptographic techniques, the bare-bones architecture of RINA can resist most of the security attacks faced by TCP/IP, and of course, is only more secure if cryptographic techniques are employed. Specifically, the RINA model decouples different concerns that makes it more resistant to transport-level attacks: (1) RINA decouples authentication from connection management, thus transport-level attacks are limited to “insider” attacks, and (2) RINA decouples transport port allocation and access control from data synchronization and transfer, thus making transport-level attacks much harder to mount. Using typical field lengths in packet headers, we analyze how hard it is for an intruder to compromise RINA.

[1] Richard W. Watson. Timer-Based Mechanisms in Reliable Transport Protocol Connection Management , 1981, Comput. Networks.

[2] S. M. Bellovin,et al. Security problems in the TCP/IP protocol suite , 1989, CCRV.

[3] Technical Whitepaper,et al. SLIPPING IN THE WINDOW: TCP RESET ATTACKS , 2003 .

[4] John Day,et al. Patterns in Network Architecture - A Return to Fundamentals , 2007 .

[5] Ibrahim Matta,et al. Networking is IPC: a guiding principle to a better internet , 2008, CoNEXT '08.

[6] Gonca Gürsun,et al. On the Performance and Robustness of Managing Reliable Transport Connections , 2009 .

[7] Ibrahim Matta,et al. Declarative Transport A Customizable Transport Service for the Future Internet , 2009 .

[8] Fernando Gont,et al. Security Assessment of the Transmission Control Protocol (TCP) , 2009 .

[9] Ibrahim Matta. Revisiting A Soft-State Approach to Managing Reliable Transport Connections , 2010 .