Outline : Computer Networking. Narrow Waist of the Internet Key to its Success. NSF Future Internet Architecture
|
|
- Jason Brooks
- 8 years ago
- Views:
Transcription
1 Outline : Computer Networking L-15 Future Internet Architecture 2 Motivation and discussion Some proposals: CCN Nebula Mobility First XIA XIA overview AIP Scion 2 NSF Future Internet Architecture Narrow Waist of the Internet Key to its Success Program focuses on new architectural Internet features - address challenges in fundamental way Want to keep the good features of today s network Four teams were selected in the second phase: Named Data Networking: content centric networking - data is a (the) first class entity Mobility First: mobility as the norm rather than the exception generalizes delay tolerant networking Nebula: Internet centered around cloud computing data centers that are well connected expressive Internet Architecture: focus on trustworthiness, evolvability 3 Has allowed Internet to evolve dramatically But now an obstacle to addressing challenges: No built-in security New usage models a challenge Limited interactions edge-core Applications Internet Protocol Link Technologies XIA exploring three concepts to address issues: Diverse types of end-points Intrinsic security Flexible addressing 1
2 Today s Internet expressive Internet Architecture Src: Client IP Dest: Server IP Src: Client ID Dest: ID TCP Client IP Server IP Client retrieves document from a specific web server But client mostly cares about correctness of content, timeliness Specific server, file name, etc. are not of interest Transfer is between wrong principals What if the server fails? Optimizing transfer using local caches is hard Need to use application-specific overlay or transparent proxy bad! 5 PDA Client expresses communication intent for content explicitly Network uses content identifier to retrieve content from appropriate location How does client know the content is correct? Intrinsic security! Verify content using self-certifying id: hash(content) = content id How does source know it is talking to the right client? Intrinsic security! Self-certifying host identifiers 6 Three Key Principles An set of principals allows direct identification of the intended communicating entities Not having to force communication at a lower level (hosts in today s Internet) reduces complexity and overhead Set up principals can evolve over time Adapt to changes in usage models Support custom requirements of specific deployments Intrinsic security guarantees security properties as a direct result of the design of the system Do not rely on external configurations, actions, data bases 7 Other XIA Principles Narrow waist for all principals Defines the API between the principals and the network protocol mechanisms Narrow waist for trust management Ensure that the inputs to the intrinsically secure system match the trust assumptions and intensions of the user Narrow waist allows leveraging diverse mechanisms for trust management: CAs, reputation, personal, All other network functions are explicit services Keeps the architecture simple, easy to reason about XIA provides a principal type for services (visible) 8 2
3 XIA: expressive Internet Architecture Each communication operation expresses the intent of the operation Also: explicit trust management, APIs among actors XIA is a single inter-network in which all principals are connected Not a collection of architectures implemented through, e.g., virtualization or overlays Not based on a preferred principal (host or content), that has to support all communication 9 Multiple Principal Types Associated with different forwarding semantics Support heterogeneity in usage and deployment models Set of principal types can evolve over time Host XIDs support host-based communication who? Service XIDs allow the network to route to possibly replicated services what does it do? LAN services access, WAN replication, XIDs allow network to retrieve content from anywhere what is it? Opportunistic caches, CDNs, Autonomous domains allow scoping, hierarchy 10 Multiple Principal Types -centric Optimizations Choice involves tradeoffs: Control Trust Efficiency Privacy Service Host HID Service Host HID HTML Cached Service 11 Service HID 12 3
4 What Do We Mean by Evolvability? Narrow waist of the Internet has allowed the network to evolve significantly But need to evolve the waist as well! Can make the waist smarter IP: Evolvability of: Applications Link technologies XIA adds evolvability at the waist: Applications Evolving set of principals Link technologies Supporting Evolvability Introduction of a new principal type will be incremental no flag day! Not all routers and ISPs will have support from day one Creates chicken and egg problem - what comes first: network support or use in applications Solution is to provide an intent and fallback address Intent address allows innetwork optimizations based on user intent Fallback address is guaranteed to be reachable. AD:HID AD:HID. Payload Dest Src 14 Addressing Requirements Our Solution: DAG-Based Addressing Fallback: intent that may not be globally understood must include a backwards compatible address Incremental introduction of new XID types Scoping: support reachability for non-globally routable XID types or XIDs Needed for scalability Generalize scoping based on network identifiers But we do not want to give up leveraging intent Iterative refinement: give each XID in the hierarchy option of using intent 15 Uses direct acyclic graph (DAG) Nodes: typed IDs (XID; expressive identifier) Outgoing edges: possible routing choices Simple example: Sending a packet to HID S Dummy source: special node indicating packet sender HID S Intent: final destination of packet with no outgoing edges 16 4
5 Support for Fallbacks with DAG DAGs Support Scoping and Iterative Refinement A node can have multiple outgoing edges Fallback edge HID S Primary edges A Client side Server-side domain hierarchy S Outgoing edges have priority among them Forwarding to HID S is attempted if forwarding to A is not possible Realization of fallbacks AD 0 HID S Intrinsic Security in XIA Example: Secure Mobile Service Access XIA uses self-certifying identifiers that guarantee security properties for communication operation Host ID is a hash of its public key accountability (AIP) ID is a hash of the content correctness Does not rely on external configurations Intrinsic security is specific to the principal type Example: retrieve content using XID: content is correct Service XID: the right service provided content Host XID: content was delivered from right host 19 X AD BoF BOF S2 Server S: HID S BoF AD BoF : BoF Client C: HID C C AD C Server S2: HID S2 BoF Register bof.com -> AD BOF : BOF XIA Internet AD C2 Client C: HID C C AD BoF :HID S : BoF AD C :HID C : C AD BoF :HID S2 : BoF AD C :HID C : C AD BoF :HID S2 : BoF AD C2 :HID C : C Resolv bof.com AD BOF : BOF Name Resolution Service 20 5
6 XIA Dataplane Concepts Also in the Paper Directly support diverse network usage models Evolution of principal types Customization Multiple Communicating Principal Types Principal-specific security properties How to build an XIA forwarding engine XIA forwarding performance and comparison with IP Flexible Addressing Deal with routing failures DAG security Intrinsic Security Built in security forms basis for system level security Discussion on scalability of content caching 22 Outline Motivation and discussion Some proposals: CCN Nebula Mobility First XIA XIA overview AIP Scion AIP Motivation Many security challenges are a result of not being able to unambiguously determine who is responsible for a specific action Source spoofing, denial-of-service attacks, untraceable spam,.. Add accountability to the Internet architecture Key idea is to use self-certifying addresses for both hosts and domains Avoid dependence on external configurations E.g. global trust authority
7 Addressing and Routing Self-Certifying Identifiers ADe ADe:EID9 ADx ADy Addresses are hierarchical, similar to today s Internet But each level has a flat address, i.e. no R ADa ADb Until packet reaches destination AD, intermediate routers use only destination AD to forward packet Effectively uses a pointer in a stack of domain identifiers Upon reaching destination AD, forward based on EID ADa:ADb:EID1 Identifier of object is public key of object Convenient to use hash of key (e.g. fixed size) Need way of securely mapping user readable name into the identifier AD is hash of public key of domain EID is hash of public key of host Provides a means of verifying the correctness of the source identifiers in a packet Effectively by sending a challenge to the source that it must sign with its private key Example: AD verification Verification Packet Receive packet source AD:X Forward packet Drop packet Send V to source In accept cache? Trust neighboring AD? Pass urpf? Router sends a packet V to Source containing: Source and destination identifier Hash of the packet P Interface of the router A secret signed by R Source signs V with its private key and send it back to R But only if it recognizes the hash R verifies that it was signed correctly using the public key from the source field If they match, R add S to its cache
8 AIP Discussion AIP adds complexity to routers Crypto support, caches, larger forwarding tables,.. but accountability helps address number of security challenges Reduces complexity and cost in rest of networks Research question Fast look up in large tables of flat identifiers Managing keys (revocation, minting, ) Evolving of the crypto Outline Motivation and discussion Some proposals: CCN Nebula Mobility First XIA XIA overview AIP Scion SCION Architectural Goals Wish List (1): Isolation Scalability, Control, and Isolation on Next-generation networks (SCION) High availability, even for networks with malicious parties Explicit trust for network operations Minimal TCB: limit number of entities that need to be trusted for any operation Strong isolation from untrusted parties Operate with mutually distrusting entities No single root of trust Enable route control for ISPs, receivers, senders Simplicity, efficiency, flexibility, and scalability Localization of attacks Scalable and reliable routing updates Operate with mutually distrusting entities without a global single root of trust A B D C Attacks (e.g., bad routes) M L3 PSC CMU I
9 Wish List (2): Balanced Control Wish List (3): Explicit Trust Source: select paths to send packets Destination: select paths to receive packets Transit ISPs: select paths to support Support rich policies and DDoS defenses A B D C Please reach me via A or B Hide the peering link from CMU Use Level 3 by default L3 I2 PSC CMU 33 Know who needs to be trusted Select whom to trust Confidence in selected paths Enforceable accountability Level 3 Who Go through will forward X and Z, Packets but not Y on the path? X Y Z Internet I2 PSC CMU 34 SCION Architectural Goals SCION Architecture Overview High availability, even for networks with malicious parties Explicit trust for network operations Minimal TCB: limit number of entities that need to be trusted for any operation Strong isolation from untrusted parties Operate with mutually distrusting entities No single root of trust Enable route control for ISPs, receivers, senders Simplicity, efficiency, flexibility, and scalability Trust domain (TD)s Isolation and scalability Path construction Path construction beacons (PCBs) Path resolution Control Explicit trust Route joining (shortcuts) Efficiency, flexibility PCB PCB PCB Source TD TD Core path srv S: blue paths D: red paths Destination
10 Hierarchical Decomposition Path Construction Split the network into a set of trust domains (TD) : interface : Opaque field : expiration time : signature TD: isolation of route computation core TD cores: interconnected large ISPs core = MAC( ) = SIG( ) = MAC( ) TD Core PCB PCB A Down paths Up paths = SIG( ) AD: atomic failure unit Destination Source 37 = MAC( ) = SIG( ) Embed into pkts PCB PCB B C 38 SCION Security Benefits Isolation Scalability, freshness Path replay attack Collusion attack Single root of trust Trusted Computing Base Path Control S-BGP etc Whole Internet SCION TD Core and on-path ADs Source End-to-end control Only up-path Destination No control Inbound paths DDoS Open attacks Enable defenses Choice Points in XIA Customers have choices: Choice of XID type, i.e. how is communication operation performed; different tradeoffs DAGs add flexibility: fallback, services, Scion offers some control over path selection Flexible trust management Distributed XID assignment (no single point of control) Service providers have choices as well Use of XID types to optimize new services Scion allows new path optimization options Use DAGs for binding, scoping, mobility,
Packet Level Authentication Overview
Packet Level Authentication Overview Dmitrij Lagutin, Dmitrij.Lagutin@hiit.fi Helsinki Institute for Information Technology HIIT Aalto University School of Science and Technology Contents Introduction
More informationThe Advantages of Using a Trust Domain For Network Strategies
1 SCION: Scalability, Control, and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig and David G. Andersen CyLab / Carnegie Mellon University
More informationDistributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents
More informationdraft-forwarding-label-ccn- 01.txt
draft-forwarding-label-ccn- 01.txt Ravi Ravindran and Asit Chakraborti Huawei (IETF/ICNRG, Yokohama, 94) [ravi.ravindran@huawei.com] [asit.chakraborti@huawei.com] Agenda Draft Objectives Terminology Why
More informationDistributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014
Distributed Systems 25. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2014 November 16, 2014 2014 Paul Krzyzanowski 1 Motivation Serving web content from one location presents
More informationSecurity in Structured P2P Systems
P2P Systems, Security and Overlays Presented by Vishal thanks to Dan Rubenstein Columbia University 1 Security in Structured P2P Systems Structured Systems assume all nodes behave Position themselves in
More informationActive ISP Involvement in Content-Centric Future Internet. 2013.01.23 Eugene Kim
Active ISP Involvement in Content-Centric Future Internet 2013.01.23 Eugene Kim 1 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 Paris, France, February 7-10, 2011.
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationLAN TCP/IP and DHCP Setup
CHAPTER 2 LAN TCP/IP and DHCP Setup 2.1 Introduction In this chapter, we will explain in more detail the LAN TCP/IP and DHCP Setup. 2.2 LAN IP Network Configuration In the Vigor 2900 router, there are
More informationInternet Ideal: Simple Network Model
Middleboxes Reading: Ch. 8.4 Internet Ideal: Simple Network Model Globally unique identifiers Each node has a unique, fixed IP address reachable from everyone and everywhere Simple packet forwarding Network
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationThis Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.
This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the
More informationExtending the Internet of Things to IPv6 with Software Defined Networking
Extending the Internet of Things to IPv6 with Software Defined Networking Abstract [WHITE PAPER] Pedro Martinez-Julia, Antonio F. Skarmeta {pedromj,skarmeta}@um.es The flexibility and general programmability
More informationHow To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address
Inter-provider Coordination for Real-Time Tracebacks Kathleen M. Moriarty 2 June 2003 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations, conclusions, and
More informationRID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.
: Real-time Inter-network Defense Against Denial of Service Attacks Kathleen M. Moriarty 22 October 2002 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations,
More informationAgenda. Distributed System Structures. Why Distributed Systems? Motivation
Agenda Distributed System Structures CSCI 444/544 Operating Systems Fall 2008 Motivation Network structure Fundamental network services Sockets and ports Client/server model Remote Procedure Call (RPC)
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationMultihoming and Multi-path Routing. CS 7260 Nick Feamster January 29. 2007
Multihoming and Multi-path Routing CS 7260 Nick Feamster January 29. 2007 Today s Topic IP-Based Multihoming What is it? What problem is it solving? (Why multihome?) How is it implemented today (in IP)?
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationSecurity Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress
Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org
More informationInternetworking. Problem: There is more than one network (heterogeneity & scale)
Internetworking Problem: There is more than one network (heterogeneity & scale) Hongwei Zhang http://www.cs.wayne.edu/~hzhang Internetworking: Internet Protocol (IP) Routing and scalability Group Communication
More informationFlorian Liers, Thomas Volkert, Andreas Mitschele-Thiel
Florian Liers, Thomas Volkert, Andreas Mitschele-Thiel The Forwarding on Gates architecture: Flexible placement of QoS functions and states in internetworks Original published in: International Journal
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationSANE: A Protection Architecture For Enterprise Networks
Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS
More informationIP Phone Presence Setup
Static Route Configuration on IM and Presence Service, page 1 Presence Gateway Configuration on IM and Presence Service, page 6 Configure SIP Publish Trunk on IM and Presence Service, page 7 Configure
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationInformation-Centric Networking: Introduction and Key Issues
UCL DEPARTMENT OF ELECTRONIC AND ELECTRICAL ENGINEERING COMMUNICATIONS AND INFORMATION SYSTEMS GROUP ICN Session FIA Budapest Information-Centric Networking: Introduction and Key Issues Prof. George Pavlou
More informationMonitoring WAAS Using Cisco Network Analysis Module. Information About NAM CHAPTER
CHAPTER 5 Monitoring WAAS Using Cisco Network Analysis Module This chapter describes Cisco Network Analysis Module (NAM), which you can use to monitor your WAAS devices. This chapter contains the following
More informationA REPORT ON ANALYSIS OF OSPF ROUTING PROTOCOL NORTH CAROLINA STATE UNIVERSITY
A REPORT ON ANALYSIS OF OSPF ROUTING PROTOCOL Using OPNET 14.5 Modeler NORTH CAROLINA STATE UNIVERSITY SUBMITTED BY: SHOBHANK SHARMA ssharma5@ncsu.edu Page 1 ANALYSIS OF OSPF ROUTING PROTOCOL A. Introduction
More informationScalable Internet Services and Load Balancing
Scalable Services and Load Balancing Kai Shen Services brings ubiquitous connection based applications/services accessible to online users through Applications can be designed and launched quickly and
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationHow To Protect Your Network From A Ddos Attack On A Network With Pip (Ipo) And Pipi (Ipnet) From A Network Attack On An Ip Address Or Ip Address (Ipa) On A Router Or Ipa
Defenses against Distributed Denial of Service Attacks Adrian Perrig, Dawn Song, Avi Yaar CMU Internet Threat: DDoS Attacks Denial of Service (DoS) attack: consumption (exhaustion) of resources to deny
More informationDistributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski pxk@cs.rutgers.edu
Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski pxk@cs.rutgers.edu 1 Motivation Serving web content from one location presents problems Scalability Reliability Performance Flash
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationIP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31
IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationHosting more than one FortiOS instance on. VLANs. 1. Network topology
Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationCeres Messaging and Routing Model
A Building Block for Best Effort Communications Raimo Kantola Raimo.Kantola@aalto.fi Aalto University/Comnet 20.3.2012 1 What kind of Communication IDs Globally unique deterministic IDs high OPEX in case
More informationA Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks
A Coordinated Virtual Infrastructure for SDN in Enterprise Networks Software Defined Networking (SDN), OpenFlow and Application Fluent Programmable Networks Strategic White Paper Increasing agility and
More informationHow To Understand The History Of The Network And Network (Networking) In A Network (Network) (Netnet) (Network And Network) (Dns) (Wired) (Lannet) And (Network Network)
COMPUTER NETWORKS LECTURES DR.PETER G. GYARMATI Research professor Lectures of P. G. Gyarmati 1. page 1999.-2006. 1999.-2006. This page is intentionally left blank Lectures of P. G. Gyarmati 2. page 1999.-2006.
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationarchitecture: what the pieces are and how they fit together names and addresses: what's your name and number?
Communications and networking history and background telephone system local area networks Internet architecture: what the pieces are and how they fit together names and addresses: what's your name and
More informationInternet Infrastructure Measurement: Challenges and Tools
Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationChapter 7. Address Translation
Chapter 7. Address Translation This chapter describes NetDefendOS address translation capabilities. Dynamic Network Address Translation, page 204 NAT Pools, page 207 Static Address Translation, page 210
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More informationUsing IPM to Measure Network Performance
CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring
More informationThe Impact of DNSSEC. Matthäus Wander. on the Internet Landscape. <matthaeus.wander@uni-due.de> Duisburg, June 19, 2015
The Impact of DNSSEC on the Internet Landscape Matthäus Wander Duisburg, June 19, 2015 Outline Domain Name System Security problems Attacks in practice DNS Security Extensions
More informationNetwork Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.
Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.20 Long term and short term solutions to Internet scalability
More informationDefinition. A Historical Example
Overlay Networks This lecture contains slides created by Ion Stoica (UC Berkeley). Slides used with permission from author. All rights remain with author. Definition Network defines addressing, routing,
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More informationWireless Sensor Networks Chapter 3: Network architecture
Wireless Sensor Networks Chapter 3: Network architecture António Grilo Courtesy: Holger Karl, UPB Goals of this chapter Having looked at the individual nodes in the previous chapter, we look at general
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationIntroduction to Network Operating Systems
As mentioned earlier, different layers of the protocol stack use different kinds of addresses. We can now see that the Transport Layer (TCP) uses port addresses to route data to the correct process, the
More informationKick starting science...
Computer ing (TDDD63): Part 1 Kick starting science... Niklas Carlsson, Associate Professor http://www.ida.liu.se/~nikca/ What do you have in the future? What do you have in the future? How does it keep
More informationExploring the Design Space of Distributed and Peer-to-Peer Systems: Comparing the Web, TRIAD, and Chord/CFS
Exploring the Design Space of Distributed and Peer-to-Peer Systems: Comparing the Web, TRIAD, and Chord/CFS Stefan Saroiu, P. Krishna Gummadi, Steven D. Gribble University of Washington Abstract: Despite
More informationHow Network Transparency Affects Application Acceleration Deployment
How Network Transparency Affects Application Acceleration Deployment By John Bartlett and Peter Sevcik July 2007 Acceleration deployments should be simple. Vendors have worked hard to make the acceleration
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationCisco Network Foundation Protection Overview
Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationCisco EXAM - 300-207. Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product. http://www.examskey.com/300-207.html
Cisco EXAM - 300-207 Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product http://www.examskey.com/300-207.html Examskey Cisco 300-207 exam demo product is here for you to test the quality
More informationCS 457 Lecture 19 Global Internet - BGP. Fall 2011
CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationArchitectural Principles for Secure Multi-Tenancy
Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationIntegrating Security, Mobility, and Multi-Homing in a HIP way
Integrating Security, Mobility, and Multi-Homing in a way Pekka Nikander Ericsson Research Nomadiclab & Helsinki Institute for Information Technology Outline The problem: TCP/IP is getting old Locators
More informationIP addressing. Interface: Connection between host, router and physical link. IP address: 32-bit identifier for host, router interface
IP addressing IP address: 32-bit identifier for host, router interface Interface: Connection between host, router and physical link routers typically have multiple interfaces host may have multiple interfaces
More informationNames & Addresses. Names & Addresses. Names vs. Addresses. Identity. Names vs. Addresses. CS 194: Distributed Systems: Naming
Names & Addresses CS 9: Distributed Systems: Naming Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley, CA 970-77 What is a?
More informationCSE331: Introduction to Networks and Security. Lecture 12 Fall 2006
CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on
More informationIntroduction to MPLS-based VPNs
Introduction to MPLS-based VPNs Ferit Yegenoglu, Ph.D. ISOCORE ferit@isocore.com Outline Introduction BGP/MPLS VPNs Network Architecture Overview Main Features of BGP/MPLS VPNs Required Protocol Extensions
More informationIETF Security Architecture Update
IETF Security Architecture Update IETF 84 Eric Rescorla ekr@rtfm.com IETF 84 RTCWEB Security Architecture 1 Overview Draft update Identity origin indication Consent freshness and ICE IETF 84 RTCWEB Security
More informationHow To Understand The Power Of A Content Delivery Network (Cdn)
Overview 5-44 5-44 Computer Networking 5-64 Lecture 8: Delivering Content Content Delivery Networks Peter Steenkiste Fall 04 www.cs.cmu.edu/~prs/5-44-f4 Web Consistent hashing Peer-to-peer CDN Motivation
More informationMPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005
MPLS over IP-Tunnels Mark Townsley Distinguished Engineer 21 February 2005 1 MPLS over IP The Basic Idea MPLS Tunnel Label Exp S TTL MPLS VPN Label Exp S TTL MPLS Payload (L3VPN, PWE3, etc) MPLS Tunnel
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationIPv6 First Hop Security Protecting Your IPv6 Access Network
IPv6 First Hop Security Protecting Your IPv6 Access Network What You Will Learn This paper provides a brief introduction to common security threats on IPv6 campus access networks and will explain the value
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationInternetworking and Internet-1. Global Addresses
Internetworking and Internet Global Addresses IP servcie model has two parts Datagram (connectionless) packet delivery model Global addressing scheme awaytoidentifyall H in the internetwork Properties
More informationFuture Internet Architecture Testbed Management System. Master s thesis
École Polytechnique Fédérale de Lausanne School of Computer and Communication Sciences Computer Communications and Applications Laboratory Future Internet Architecture Testbed Management System Master
More informationFirewalls. Ahmad Almulhem March 10, 2012
Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationDeploying IPv6, Now. Christian Huitema. Architect Windows Networking & Communications Microsoft Corporation
Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation Agenda The Opportunity Key Problems The Promise of IPv6 What is Microsoft doing Call to Action
More informationInternetworking Microsoft TCP/IP on Microsoft Windows NT 4.0
Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0 Course length: 5 Days Course No. 688 - Five days - Instructor-led Introduction This course provides students with the knowledge and skills required
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationSIP and VoIP 1 / 44. SIP and VoIP
What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies
More informationDisaster Recovery White Paper
Introduction Remote access plays a critical role in successfully executing a business recovery plan both in terms of providing access for existing remote users and accommodating the potential increase
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationMulticast vs. P2P for content distribution
Multicast vs. P2P for content distribution Abstract Many different service architectures, ranging from centralized client-server to fully distributed are available in today s world for Content Distribution
More informationDatagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.
CEN 007C Computer Networks Fundamentals Instructor: Prof. A. Helmy Homework : Network Layer Assigned: Nov. 28 th, 2011. Due Date: Dec 8 th, 2011 (to the TA) 1. ( points) What are the 2 most important network-layer
More informationThe Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends
3. The Environment Surrounding DNS DNS is used in many applications, serving as an important Internet service. Here we discuss name collision issues that have arisen with recent TLD additions, and examine
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls. 1 Information systems in corporations,government agencies,and other organizations
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationWireless Sensor Network Security. Seth A. Hellbusch CMPE 257
Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy
More informationHow To Understand The Power Of The Internet
DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach, Kurose, Ross Slides: - Course book Slides - Slides from Princeton University COS461
More information