| Foreword |
|
xiii | |
| Preface |
|
xv | |
|
|
|
xvii | |
|
|
|
xxi | |
| Contributors |
|
xxiii | |
|
1 Putting the Internet Forward to the Next Level |
|
|
1 | (22) |
|
|
|
1 | (1) |
|
1.2 Ideas for Current Internet |
|
|
2 | (2) |
|
1.3 Internet Design Goals and Principles |
|
|
4 | (3) |
|
1.3.1 Design Goals of Internet |
|
|
5 | (1) |
|
1.3.2 Internet Design Principles |
|
|
5 | (1) |
|
1.3.3 Initiative toward OSI Reference Model |
|
|
6 | (1) |
|
1.4 Internet Architectural Principles |
|
|
7 | (3) |
|
1.5 The Internet of Today |
|
|
10 | (1) |
|
1.6 "Patch-Work" Approaches for Current Internet Conflicts: Critical Review |
|
|
11 | (11) |
|
1.6.1 Multicast Routing Limitations |
|
|
14 | (1) |
|
|
|
14 | (1) |
|
1.6.3 Inter-Domain Routing Limitations |
|
|
15 | (1) |
|
1.6.4 Network Layer-Specific Time Interval Limitations |
|
|
15 | (1) |
|
|
|
15 | (1) |
|
1.6.6 Medium-Term Problems |
|
|
16 | (1) |
|
1.6.7 Short-Term Problems |
|
|
17 | (1) |
|
1.6.8 Avoiding New Generation Packet Network Limitations |
|
|
17 | (1) |
|
1.6.9 Security Hitches of Current Internet Architecture |
|
|
17 | (1) |
|
1.6.9.1 IPSec Limitations |
|
|
18 | (1) |
|
1.6.9.2 IPv4, IPv6 and ND Limitations |
|
|
18 | (1) |
|
1.6.9.3 Common Attacks in IPv4 and IPv6 |
|
|
19 | (1) |
|
1.6.9.4 Security and Trust Limitations |
|
|
20 | (2) |
|
|
|
22 | (1) |
|
2 Future Internet Global Standardization---State of Play |
|
|
23 | (46) |
|
|
|
23 | (1) |
|
2.2 Architectural Review Approaches for Current Internet |
|
|
23 | (4) |
|
2.3 Need of Network Architecture |
|
|
27 | (1) |
|
2.4 Future Internet Research Issues and Challenges |
|
|
28 | (6) |
|
2.4.1 Network Foundation Challenges |
|
|
28 | (3) |
|
|
|
31 | (2) |
|
2.4.3 Vision of Future Internet |
|
|
33 | (1) |
|
2.5 Future Internet Initiatives |
|
|
34 | (1) |
|
2.6 Network Architecture: Recent Advances |
|
|
34 | (22) |
|
2.6.1 RBA: Role Based Architecture |
|
|
36 | (1) |
|
2.6.2 ANA: Autonomic Network Architecture |
|
|
37 | (1) |
|
2.6.3 RNA: Recursive Network Architecture |
|
|
37 | (1) |
|
2.6.4 SILO: Service Integration and controL Optimization |
|
|
38 | (1) |
|
2.6.5 CCN: Content Centric Network |
|
|
38 | (1) |
|
2.6.6 AKARI Future Internet |
|
|
38 | (1) |
|
2.6.7 NDN: Named Data Networking |
|
|
39 | (1) |
|
|
|
40 | (1) |
|
|
|
40 | (1) |
|
2.6.10 XIA: eXpressive Internet Architecture |
|
|
40 | (1) |
|
2.6.11 PONA: Policy Oriented Naming Architecture |
|
|
41 | (1) |
|
2.6.12 RINA: Recursive Inter Network Architecture |
|
|
41 | (1) |
|
2.6.13 GENI: Global Environment for Network Innovations/FIND: Future Internet Design |
|
|
41 | (1) |
|
|
|
42 | (1) |
|
2.6.15 SOA: Service Oriented Architecture |
|
|
42 | (3) |
|
2.6.16 FIA: Future Internet Assembly |
|
|
45 | (2) |
|
2.6.17 SONATE: Service Oriented Network Architecture |
|
|
47 | (9) |
|
|
|
56 | (13) |
|
|
|
57 | (12) |
|
3 Security in Future Internet Architecture |
|
|
69 | (46) |
|
|
|
69 | (1) |
|
|
|
69 | (1) |
|
|
|
70 | (2) |
|
3.4 Basic Concepts of Security |
|
|
72 | (1) |
|
|
|
73 | (1) |
|
|
|
73 | (1) |
|
|
|
74 | (1) |
|
|
|
74 | (1) |
|
|
|
74 | (5) |
|
|
|
76 | (1) |
|
|
|
77 | (2) |
|
3.7 Security Services and Mechanisms |
|
|
79 | (7) |
|
|
|
79 | (1) |
|
3.7.1.1 Authentication Service |
|
|
79 | (1) |
|
|
|
80 | (1) |
|
|
|
81 | (1) |
|
|
|
82 | (1) |
|
|
|
83 | (1) |
|
|
|
83 | (1) |
|
3.7.2 Security Mechanisms |
|
|
83 | (3) |
|
3.8 IP Security---Layerwise |
|
|
86 | (1) |
|
|
|
86 | (1) |
|
|
|
87 | (1) |
|
|
|
87 | (1) |
|
|
|
87 | (1) |
|
3.9 Security Approaches for Future Internet |
|
|
87 | (5) |
|
3.9.1 Security Establishment Proposal |
|
|
89 | (1) |
|
3.9.2 Risk Level Determination |
|
|
89 | (1) |
|
3.9.3 Future Internet-Objectives of Security |
|
|
90 | (1) |
|
3.9.4 Security Requirements |
|
|
91 | (1) |
|
3.10 Security Requirements---SONATE |
|
|
92 | (1) |
|
|
|
93 | (22) |
|
|
|
95 | (20) |
|
4 Significance of Authentication---Future Internet Architecture |
|
|
115 | (64) |
|
|
|
115 | (1) |
|
4.2 What is Authentication? |
|
|
115 | (1) |
|
4.3 Challenges in Secure Authentication |
|
|
116 | (1) |
|
4.4 Authentication Protocols |
|
|
116 | (7) |
|
4.4.1 Authentication Threats |
|
|
116 | (1) |
|
|
|
116 | (1) |
|
4.4.1.2 Encryption Technique Problems |
|
|
117 | (1) |
|
4.4.1.3 Resistance to Threats |
|
|
117 | (1) |
|
4.4.2 Authentication Mechanisms |
|
|
118 | (1) |
|
4.4.2.1 Shared Secrets (Passwords) |
|
|
118 | (1) |
|
4.4.2.2 One Time Passwords (OTP) |
|
|
119 | (1) |
|
4.4.2.3 Soft Tokens or Certificates |
|
|
119 | (1) |
|
|
|
120 | (1) |
|
4.4.2.5 Lightweight Directory Access Protocol (LDAP) Authentication |
|
|
120 | (1) |
|
4.4.2.6 Biometric Authentication |
|
|
121 | (1) |
|
4.4.2.7 Public Key Infrastructure (PKI) |
|
|
121 | (1) |
|
4.4.2.8 CASCADED Authentication |
|
|
122 | (1) |
|
4.5 Future Internet ---Authentication Objectives |
|
|
123 | (18) |
|
4.5.1 Authentication Mechanism in SONATE---Case Study |
|
|
123 | (2) |
|
4.5.2 SONATE ---Public Key Infrastructure (PKI) |
|
|
125 | (1) |
|
4.5.2.1 PKI Cryptographic Resources |
|
|
126 | (1) |
|
4.5.2.2 Components of PKI |
|
|
127 | (1) |
|
4.5.3 Architecture for the Identity Management of the Entities |
|
|
127 | (1) |
|
4.5.3.1 Service Consumer Identity |
|
|
128 | (1) |
|
4.5.3.2 Service Broker's Identity |
|
|
129 | (1) |
|
4.5.3.3 Service Provider's Identity |
|
|
129 | (1) |
|
4.5.4 SONATE: Generation of the Keys |
|
|
129 | (1) |
|
4.5.4.1 PKI Consumer Functionalities |
|
|
130 | (1) |
|
4.5.4.2 Key Establishment Process |
|
|
130 | (1) |
|
4.5.5 Certificate Management Service ---SONATE |
|
|
130 | (1) |
|
4.5.5.1 SONATE --Certificate Request Process |
|
|
130 | (1) |
|
4.5.5.2 SONATE--Certificate Revocation Process |
|
|
131 | (1) |
|
4.5.5.3 SONATE --Certificate Verification Process |
|
|
132 | (2) |
|
4.5.6 Secure Communication Model for SONATE |
|
|
134 | (1) |
|
4.5.7 Functional Overview |
|
|
134 | (2) |
|
4.5.7.1 SONATE Packet Format |
|
|
136 | (5) |
|
|
|
141 | (3) |
|
4.6.1 Performance Analysis |
|
|
141 | (3) |
|
|
|
144 | (35) |
|
|
|
147 | (32) |
|
5 Authorization ---Future Internet Architecture |
|
|
179 | (32) |
|
|
|
179 | (1) |
|
5.2 Need of Authorization |
|
|
179 | (2) |
|
5.3 Access Control Mechanisms |
|
|
181 | (8) |
|
5.3.1 Access Control Matrix (ACM) |
|
|
182 | (1) |
|
5.3.2 Access Control Lists (ACL) |
|
|
182 | (2) |
|
5.3.3 Identity-Based Access Control (IBAC) |
|
|
184 | (1) |
|
5.3.4 Authorization-Based Access Control (ABAC) |
|
|
184 | (1) |
|
5.3.5 Rule-Based Access Control (R-BAC) |
|
|
184 | (1) |
|
5.3.6 Policy-Based Access Control (PBAC) |
|
|
185 | (1) |
|
5.3.7 Discretionary Access Controls (DAC) |
|
|
185 | (1) |
|
5.3.8 Mandatory Access Controls (MAC) |
|
|
186 | (1) |
|
5.3.9 Role-Based Access Control (RBAC) |
|
|
187 | (2) |
|
5.4 SONATE ---Access Control Mechanism Model for Distributed Networks Case Study |
|
|
189 | (7) |
|
5.4.1 Role-Based Access Control (RBAC) to suite SONATE |
|
|
190 | (2) |
|
5.4.2 Mandatory Access Control (MAC) to suite SONATE |
|
|
192 | (4) |
|
5.5 Access Control Operations for SONATE |
|
|
196 | (8) |
|
5.5.1 Access Control Conditions |
|
|
199 | (1) |
|
5.5.2 Access Control Functions |
|
|
199 | (1) |
|
5.5.2.1 Function (PF1): Read |
|
|
200 | (1) |
|
5.5.2.2 Function (PF2): Write |
|
|
200 | (1) |
|
5.5.2.3 Function (PF3): Get Execute |
|
|
201 | (1) |
|
5.5.2.4 Function (PF4): Cancel the Access Permissions (am) |
|
|
201 | (1) |
|
5.5.2.5 Function (PF5): Development of an Application |
|
|
202 | (1) |
|
5.5.2.6 Function (PF6): Deletion of an Application |
|
|
203 | (1) |
|
5.5.2.7 Function (PF7): Change Security Level of an Application |
|
|
203 | (1) |
|
5.5.2.8 Function (PF8): Change Current Security Level of Principal |
|
|
203 | (1) |
|
5.6 Convergence of Services |
|
|
204 | (1) |
|
5.6.1 Pointwise Convergence of Service Request |
|
|
204 | (1) |
|
5.6.2 Almost Sure Convergence of Service Request |
|
|
205 | (1) |
|
5.7 Secure Service Compositon - Read permission |
|
|
205 | (2) |
|
|
|
207 | (4) |
|
6 Intrusion Detection and Prevention Systems---Future Internet Architecture |
|
|
211 | (46) |
|
|
|
211 | (1) |
|
6.2 Intrusion Detection and Prevention System (IDPS) |
|
|
212 | (1) |
|
6.3 Why to Use Intrusion Detection and Prevention System (IDPS) |
|
|
213 | (1) |
|
|
|
214 | (5) |
|
6.4.1 Host-Based Instrusion Detection and Prevention System (HIDPS) |
|
|
214 | (1) |
|
6.4.2 Network-Based Instrusion Detection and Prevention System (NIDPS) |
|
|
215 | (1) |
|
6.4.3 Signature-Based Detection |
|
|
216 | (1) |
|
|
|
216 | (1) |
|
6.4.4.1 Protocol Anamoly-Based Intrusion Detection |
|
|
217 | (1) |
|
6.4.4.2 Traffic Anamoly-Based Intrusion Detection |
|
|
217 | (1) |
|
6.4.4.3 Stateful Protocol Anamoly Based Intrusion Detection |
|
|
217 | (1) |
|
6.4.4.4 Stateful Matching Intrusion Detection System |
|
|
218 | (1) |
|
6.4.4.5 Statistical Anamoly Based Detection |
|
|
218 | (1) |
|
6.5 Log File Monitor (LFM) |
|
|
219 | (1) |
|
6.6 Intrusion Detection and Prevention System (IDPS) Response |
|
|
219 | (1) |
|
6.7 DoS and Types of DoS Attacks |
|
|
220 | (7) |
|
6.7.1 Semantic Attacks and Flooding Attacks |
|
|
221 | (1) |
|
|
|
221 | (1) |
|
6.7.3 DNS Reflector Attack |
|
|
222 | (1) |
|
6.7.4 Permanent Denial of Service Attack (PDoS) |
|
|
223 | (1) |
|
|
|
223 | (1) |
|
|
|
223 | (2) |
|
6.7.7 Classification of Defense Techniques of DoS |
|
|
225 | (1) |
|
6.7.7.1 Detection Techniques |
|
|
225 | (1) |
|
6.7.7.2 DoS Prevention Techniques |
|
|
226 | (1) |
|
|
|
227 | (1) |
|
6.9 DoS Detection and Prevention Mechanism for SONATE |
|
|
228 | (7) |
|
|
|
229 | (3) |
|
|
|
232 | (3) |
|
6.10 Discussion and Results |
|
|
235 | (5) |
|
6.10.1 DoS Detection Building Block (DDBB) Class |
|
|
237 | (1) |
|
|
|
237 | (1) |
|
6.10.2 DoS Filter Building Block (DFBB) |
|
|
238 | (1) |
|
|
|
239 | (1) |
|
|
|
240 | (17) |
|
|
|
243 | (14) |
| Glossary |
|
257 | (6) |
| References |
|
263 | (24) |
| List of Abbreviations |
|
287 | (8) |
| Index |
|
295 | |
Lisainfo e-raamatute kohta