A proactive scheme for securing ID/locator split architecture

The ID/locator split-based approach has been widely recognized as a promising approach for the design of future networks. However, the existing ID/locator split architectures are still vulnerable to various attacks, such as impersonation attacks and man-in-the-middle attacks. They cannot be simply protected by the existing security mechanisms, which have the limitations especially on scalability. To solve these problems, we propose a proactive scheme for securing ID/locator split architecture, which embeds built-in security features to enable proactive protections of the architecture. Through this scheme, hosts register their information to the network securely, obtain trustworthy information of destination hosts, authenticate each other, and securely update their locators without requiring an involvement of a trusted third party (TTP). Compared to other existing security mechanisms, the proposed scheme does not require additional authentication mechanism and it can provide the thorough protections of the whole architecture.

[1]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[2]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[3]  Dino Farinacci,et al.  The Locator/ID Separation Protocol (LISP) , 2009, RFC.

[4]  J. Schwarz da Silva Future internet research: The EU framework , 2007, Comput. Commun. Rev..

[5]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[6]  Pekka Nikander,et al.  Host Identity Protocol , 2005 .

[7]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  David Shaw,et al.  OpenPGP Message Format , 1998, RFC.

[10]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[11]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[12]  Tomonori Aoyama,et al.  A new generation network: Beyond the Internet and NGN , 2009, IEEE Communications Magazine.

[13]  Jari Arkko,et al.  Diameter Base Protocol , 2003, RFC.

[14]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[15]  Darleen Fisher US National Science Foundation and the Future Internet Design , 2007, CCRV.

[16]  Sandra Murphy BGP Security Analysis , 2001 .

[17]  Ved P. Kafle,et al.  HIMALIS: Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation in New Generation Network , 2010, IEICE Trans. Commun..

[18]  Scott Rose,et al.  Protocol Modifications for the DNS Security Extensions , 2005, RFC.