Muutke küpsiste eelistusi

Flexible Network Architectures Security: Principles and Issues [Kõva köide]

  • Formaat: Hardback, 298 pages, kõrgus x laius: 234x156 mm, kaal: 635 g, 11 Tables, black and white; 90 Line drawings, black and white; 90 Illustrations, black and white
  • Ilmumisaeg: 23-Apr-2018
  • Kirjastus: CRC Press
  • ISBN-10: 1138505439
  • ISBN-13: 9781138505438
Teised raamatud teemal:
Flexible Network Architectures Security: Principles and IssuesSuurem pilt
  • Formaat: Hardback, 298 pages, kõrgus x laius: 234x156 mm, kaal: 635 g, 11 Tables, black and white; 90 Line drawings, black and white; 90 Illustrations, black and white
  • Ilmumisaeg: 23-Apr-2018
  • Kirjastus: CRC Press
  • ISBN-10: 1138505439
  • ISBN-13: 9781138505438
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781138505438.html
Märksõnad:

The future of Internet security doesn’t lie in doing more of the same. It requires not only a new architecture, but the means of securing that architecture. Two trends have come together to make the topic of this book of vital interest. First, the explosive growth of the Internet connections for the exchange of information via networks increased the dependence of both organizations and individuals on the systems stored and communicated. This, in turn, has increased the awareness for the need to protect the data and add security as chief ingredient in the newly emerged architectures. Second, the disciplines of cryptography and network security have matured and are leading to the development of new techniques and protocols to enforce the network security in Future Internet. This book examines the new security architectures from organizations such as FIArch, GENI, and IETF and how they’ll contribute to a more secure Internet.

Foreword xiii
Preface xv
List of Figures
xvii
List of Tables
xxi
Contributors xxiii
1 Putting the Internet Forward to the Next Level
1(22)
1.1 Introduction
1(1)
1.2 Ideas for Current Internet
2(2)
1.3 Internet Design Goals and Principles
4(3)
1.3.1 Design Goals of Internet
5(1)
1.3.2 Internet Design Principles
5(1)
1.3.3 Initiative toward OSI Reference Model
6(1)
1.4 Internet Architectural Principles
7(3)
1.5 The Internet of Today
10(1)
1.6 "Patch-Work" Approaches for Current Internet Conflicts: Critical Review
11(11)
1.6.1 Multicast Routing Limitations
14(1)
1.6.2 ATM Limitations
14(1)
1.6.3 Inter-Domain Routing Limitations
15(1)
1.6.4 Network Layer-Specific Time Interval Limitations
15(1)
1.6.5 Long-Term Problems
15(1)
1.6.6 Medium-Term Problems
16(1)
1.6.7 Short-Term Problems
17(1)
1.6.8 Avoiding New Generation Packet Network Limitations
17(1)
1.6.9 Security Hitches of Current Internet Architecture
17(1)
1.6.9.1 IPSec Limitations
18(1)
1.6.9.2 IPv4, IPv6 and ND Limitations
18(1)
1.6.9.3 Common Attacks in IPv4 and IPv6
19(1)
1.6.9.4 Security and Trust Limitations
20(2)
1.7 Summary
22(1)
2 Future Internet Global Standardization---State of Play
23(46)
2.1 Introduction
23(1)
2.2 Architectural Review Approaches for Current Internet
23(4)
2.3 Need of Network Architecture
27(1)
2.4 Future Internet Research Issues and Challenges
28(6)
2.4.1 Network Foundation Challenges
28(3)
2.4.2 Pillar Challenges
31(2)
2.4.3 Vision of Future Internet
33(1)
2.5 Future Internet Initiatives
34(1)
2.6 Network Architecture: Recent Advances
34(22)
2.6.1 RBA: Role Based Architecture
36(1)
2.6.2 ANA: Autonomic Network Architecture
37(1)
2.6.3 RNA: Recursive Network Architecture
37(1)
2.6.4 SILO: Service Integration and controL Optimization
38(1)
2.6.5 CCN: Content Centric Network
38(1)
2.6.6 AKARI Future Internet
38(1)
2.6.7 NDN: Named Data Networking
39(1)
2.6.8 Mobility First
40(1)
2.6.9 NEBULA
40(1)
2.6.10 XIA: eXpressive Internet Architecture
40(1)
2.6.11 PONA: Policy Oriented Naming Architecture
41(1)
2.6.12 RINA: Recursive Inter Network Architecture
41(1)
2.6.13 GENI: Global Environment for Network Innovations/FIND: Future Internet Design
41(1)
2.6.14 ChoiceNet
42(1)
2.6.15 SOA: Service Oriented Architecture
42(3)
2.6.16 FIA: Future Internet Assembly
45(2)
2.6.17 SONATE: Service Oriented Network Architecture
47(9)
2.7 Summary
56(13)
Appendix---2A
57(12)
3 Security in Future Internet Architecture
69(46)
3.1 Introduction
69(1)
3.2 Security
69(1)
3.3 Pillars of Security
70(2)
3.4 Basic Concepts of Security
72(1)
3.5 Attacks
73(1)
3.5.1 Threat
73(1)
3.5.2 Vulnerabilities
74(1)
3.5.3 Risk
74(1)
3.6 IP Security Threats
74(5)
3.6.1 Passive Attacks
76(1)
3.6.2 Active Attacks
77(2)
3.7 Security Services and Mechanisms
79(7)
3.7.1 Security Services
79(1)
3.7.1.1 Authentication Service
79(1)
3.7.1.2 Access Control
80(1)
3.7.1.3 Confidentiality
81(1)
3.7.1.4 Integrity
82(1)
3.7.1.5 Nonrepudiation
83(1)
3.7.1.6 Availability
83(1)
3.7.2 Security Mechanisms
83(3)
3.8 IP Security---Layerwise
86(1)
3.8.1 Application Layer
86(1)
3.8.2 Transport Layer
87(1)
3.8.3 Network Layer
87(1)
3.8.4 Data Link Layer
87(1)
3.9 Security Approaches for Future Internet
87(5)
3.9.1 Security Establishment Proposal
89(1)
3.9.2 Risk Level Determination
89(1)
3.9.3 Future Internet-Objectives of Security
90(1)
3.9.4 Security Requirements
91(1)
3.10 Security Requirements---SONATE
92(1)
3.11 Summary
93(22)
Appendix---3A
95(20)
4 Significance of Authentication---Future Internet Architecture
115(64)
4.1 Introduction
115(1)
4.2 What is Authentication?
115(1)
4.3 Challenges in Secure Authentication
116(1)
4.4 Authentication Protocols
116(7)
4.4.1 Authentication Threats
116(1)
4.4.1.1 Protocol Threats
116(1)
4.4.1.2 Encryption Technique Problems
117(1)
4.4.1.3 Resistance to Threats
117(1)
4.4.2 Authentication Mechanisms
118(1)
4.4.2.1 Shared Secrets (Passwords)
118(1)
4.4.2.2 One Time Passwords (OTP)
119(1)
4.4.2.3 Soft Tokens or Certificates
119(1)
4.4.2.4 Hardware Tokens
120(1)
4.4.2.5 Lightweight Directory Access Protocol (LDAP) Authentication
120(1)
4.4.2.6 Biometric Authentication
121(1)
4.4.2.7 Public Key Infrastructure (PKI)
121(1)
4.4.2.8 CASCADED Authentication
122(1)
4.5 Future Internet ---Authentication Objectives
123(18)
4.5.1 Authentication Mechanism in SONATE---Case Study
123(2)
4.5.2 SONATE ---Public Key Infrastructure (PKI)
125(1)
4.5.2.1 PKI Cryptographic Resources
126(1)
4.5.2.2 Components of PKI
127(1)
4.5.3 Architecture for the Identity Management of the Entities
127(1)
4.5.3.1 Service Consumer Identity
128(1)
4.5.3.2 Service Broker's Identity
129(1)
4.5.3.3 Service Provider's Identity
129(1)
4.5.4 SONATE: Generation of the Keys
129(1)
4.5.4.1 PKI Consumer Functionalities
130(1)
4.5.4.2 Key Establishment Process
130(1)
4.5.5 Certificate Management Service ---SONATE
130(1)
4.5.5.1 SONATE --Certificate Request Process
130(1)
4.5.5.2 SONATE--Certificate Revocation Process
131(1)
4.5.5.3 SONATE --Certificate Verification Process
132(2)
4.5.6 Secure Communication Model for SONATE
134(1)
4.5.7 Functional Overview
134(2)
4.5.7.1 SONATE Packet Format
136(5)
4.6 Evaluation
141(3)
4.6.1 Performance Analysis
141(3)
4.7 Summary
144(35)
Appendix---4A
147(32)
5 Authorization ---Future Internet Architecture
179(32)
5.1 Introduction
179(1)
5.2 Need of Authorization
179(2)
5.3 Access Control Mechanisms
181(8)
5.3.1 Access Control Matrix (ACM)
182(1)
5.3.2 Access Control Lists (ACL)
182(2)
5.3.3 Identity-Based Access Control (IBAC)
184(1)
5.3.4 Authorization-Based Access Control (ABAC)
184(1)
5.3.5 Rule-Based Access Control (R-BAC)
184(1)
5.3.6 Policy-Based Access Control (PBAC)
185(1)
5.3.7 Discretionary Access Controls (DAC)
185(1)
5.3.8 Mandatory Access Controls (MAC)
186(1)
5.3.9 Role-Based Access Control (RBAC)
187(2)
5.4 SONATE ---Access Control Mechanism Model for Distributed Networks Case Study
189(7)
5.4.1 Role-Based Access Control (RBAC) to suite SONATE
190(2)
5.4.2 Mandatory Access Control (MAC) to suite SONATE
192(4)
5.5 Access Control Operations for SONATE
196(8)
5.5.1 Access Control Conditions
199(1)
5.5.2 Access Control Functions
199(1)
5.5.2.1 Function (PF1): Read
200(1)
5.5.2.2 Function (PF2): Write
200(1)
5.5.2.3 Function (PF3): Get Execute
201(1)
5.5.2.4 Function (PF4): Cancel the Access Permissions (am)
201(1)
5.5.2.5 Function (PF5): Development of an Application
202(1)
5.5.2.6 Function (PF6): Deletion of an Application
203(1)
5.5.2.7 Function (PF7): Change Security Level of an Application
203(1)
5.5.2.8 Function (PF8): Change Current Security Level of Principal
203(1)
5.6 Convergence of Services
204(1)
5.6.1 Pointwise Convergence of Service Request
204(1)
5.6.2 Almost Sure Convergence of Service Request
205(1)
5.7 Secure Service Compositon - Read permission
205(2)
5.8 Summary
207(4)
6 Intrusion Detection and Prevention Systems---Future Internet Architecture
211(46)
6.1 Introduction
211(1)
6.2 Intrusion Detection and Prevention System (IDPS)
212(1)
6.3 Why to Use Intrusion Detection and Prevention System (IDPS)
213(1)
6.4 IDPS Methods
214(5)
6.4.1 Host-Based Instrusion Detection and Prevention System (HIDPS)
214(1)
6.4.2 Network-Based Instrusion Detection and Prevention System (NIDPS)
215(1)
6.4.3 Signature-Based Detection
216(1)
6.4.4 Anamoly Detection
216(1)
6.4.4.1 Protocol Anamoly-Based Intrusion Detection
217(1)
6.4.4.2 Traffic Anamoly-Based Intrusion Detection
217(1)
6.4.4.3 Stateful Protocol Anamoly Based Intrusion Detection
217(1)
6.4.4.4 Stateful Matching Intrusion Detection System
218(1)
6.4.4.5 Statistical Anamoly Based Detection
218(1)
6.5 Log File Monitor (LFM)
219(1)
6.6 Intrusion Detection and Prevention System (IDPS) Response
219(1)
6.7 DoS and Types of DoS Attacks
220(7)
6.7.1 Semantic Attacks and Flooding Attacks
221(1)
6.7.2 DoS/DDoS Attacks
221(1)
6.7.3 DNS Reflector Attack
222(1)
6.7.4 Permanent Denial of Service Attack (PDoS)
223(1)
6.7.5 DoS Targets
223(1)
6.7.6 Recent Attacks
223(2)
6.7.7 Classification of Defense Techniques of DoS
225(1)
6.7.7.1 Detection Techniques
225(1)
6.7.7.2 DoS Prevention Techniques
226(1)
6.8 DoS Attack in SONATE
227(1)
6.9 DoS Detection and Prevention Mechanism for SONATE
228(7)
6.9.1 Detection State
229(3)
6.9.2 Prevention State
232(3)
6.10 Discussion and Results
235(5)
6.10.1 DoS Detection Building Block (DDBB) Class
237(1)
6.10.1.1 Alert Class
237(1)
6.10.2 DoS Filter Building Block (DFBB)
238(1)
6.10.2.1 Filter Class
239(1)
6.11 Summary
240(17)
Appendix-6A
243(14)
Glossary 257(6)
References 263(24)
List of Abbreviations 287(8)
Index 295
Dr. Bhawana Rudra is an Assistant Professor at the National Institute of Technology, Karnataka since May 2018. Her interests includes future Internet architectures, Network Protocols , security in routing, quality of service, Security in Wireless Networks, Loosely coupled protocols and its security, service and composition security, attribute-based authentication, Vector based Identification, Authorization, Confidentiality, Integrity, Availability of the resources. Recent work has focused on the design and analysis of security protocols for Future Internet With respect to Service Oriented Network Architecture with collaborative environment and middle ware. She has published extensively on this topic. Dr. Rudra earned Ph.D. degree in Information Technology, March 2015, at Indian institute of Information Technology-Allahabad. She also has a Master degree in Computer Science from SRM University, May 2010. In addition, she earned other degrees from India. She is the member for board of studies at department level in various colleges and life member for various professional societies. She is the reviewer for various Conferences and Journals like Elsevier, IEEE computer Society, etc. She is frequently invited to present lectures and tutorials and to participate in panels related to networking and security topics in various parts of India.