Abstract
Rethinking the fundamental network architecture seems to be able to solve some known architectural security problems of the existing internet, but proposals are also investigated more thoroughly from the security angle overall. The information-centric approach of 4WARD is built on the concept of securing information rather than locations and paths used for information transit. Doing so, the security principles based on ownership and controlling access at the originating source become challenged. At the same time, moving intelligence into the network itself challenges the underlying assumption of having an Internet consisting of neutral, dumb, and fundamentally cooperating and trusting autonomous domains. 4WARD states the security principles necessary for dynamical management of virtualized, largely self-configuring entities having specific properties. The specific security implementation choices necessary for network design, transport, routing, lookup, privacy, accountability, caching and monitoring are part of the design process, for which 4WARD contributes functional descriptions and the concept of a design repository. 4WARD acknowledges and considers the business and governmental control interests that will heavily influence the security direction into which the future network evolves.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
D. Atkins, R. Austein, Threat Analysis of the Domain Name System (DNS), RFC 3833 (Informational) (August 2004)
B.-G. Chun, A. Ermolinskiy, K.H. Kim, S. Shenker, T. Koponen, M. Chawla, I. Stoica, A data-oriented (and beyond) network architecture, in Proc. ACM SIGCOMM, Kyoto, Japan, August 2007
I. Damgård, M. Fitzi, E. Kiltz, J.B. Nielsen, T. Toft, Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits, and exponentiation, in TCC ed. by S. Halevi, T. Rabin. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 285–304
J. Day, Patterns in Network Architecture: A Return to Fundamentals (Pearson Education, Upper Saddle River, 2008)
Digital Object Architecture (DOA): Handle, http://www.handle.net/
DNS security extensions, http://www.dnssec.net/
EU Directive 2006/24/EC, http://www.ericsson.com/solutions/news/2009/q1/090202-adrs.shtml
J. Girão, R.L. Aguiar, A. Sarma, A. Matos, Virtual identity framework for telecom infrastructures. Wirel. Pers. Commun. 45, 521–543 (2008)
Global Environment for Network Innovations, http://www.geni.net/
ICANN, Internet Corporation for Assigned Names and Numbers, http://en.wikipedia.org/wiki/ICANN, http://www.icann.org/
IESG IAB, IETF Policy on Wiretapping, RFC 2804 (Informational) (May 2000)
I. Ioannidis, M. Blaze, J. Feigenbaum, A. Keromytis, The Keynote Trust-Management System Version 2, RFC 2704 (Informational) (September 1999)
G. Kreitz, M. Dam, D. Wikström, Practical private information aggregation in large networks, in Proc. NordSec 2010. Springer Lectures Notes in Computer Science (in press)
M. Larson, D. Massey, R. Arends, R. Austein, S. Rose, Protocol Modifications for the DNS Security Extensions, RFC 4035 (Standards Track) (March 2005)
M. Larson, D. Massey, R. Arends, R. Austein, S. Rose, DNS Security Introduction and Requirements, RFC 4033 (Standards Track) (March 2005)
M. Larson, D. Massey, R. Arends, R. Austein, S. Rose, Resource Records for the DNS Security Extensions, RFC 4034 (Standards Track) (March 2005)
A.A. Levy, H.M. Levy, R. Geambasu, T. Kohno, Vanish: Increasing data privacy with self-destructing data, in Usenix Security Symposium 2009, Montreal, Canada, 2009
Metasploit—Penetration Testing Resources, http://www.metasploit.com/
F. Monrose, G. MacManus, J. Mason, S. Small, English Shellcode, in ACM CCS09, Nov 9–13, 2009, Chicago, IL, USA
New ETSI standard for EU-compliant electronic signatures, http://www.etsi.org/website/newsandevents/200909_electronicsignature.aspx
OAuth, An open protocol to allow secure API authorization, http://oauth.net/
Onion routing and Tor, http://en.wikipedia.org/wiki/Onion_routing
OpenID, The OpenID Foundation is an international non-profit organization, http://openid.net/
Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P/
PSIRP, Publish–Subscribe Internet Routing Paradigm, http://psirp.org/publications
Rochester Institute of Technology: Floating Cloud Tiered Internet Architecture, see http://www.networkworld.com/news/2010/010410-outlook-vision.html
R. Schell, M. Thompson, Platform security: What is lacking (January 2000)
J.L. Simmons, Buying You—The Government’s Use of Fourth-Parties to Launder Data About “the People”, http://www.joshualsimmons.com
SPKI Certificate Theory, http://www.ietf.org/rfc/rfc2693.txt, https://wiki.tools.ietf.org/html/rfc2692
Stanford Clean Slate, OpenFlow, http://cleanslate.stanford.edu/, http://www.openflowswitch.org/
The US Safe Harbor—Fact or Fiction? (2008), http://www.galexia.com/public/research/assets/
U.S. European Union Safe Harbor Framework, http://www.export.gov/safeharbor
Web ontology language, http://www.w3.org/2001/sw/
WHOIS domain search, http://www.ietf.org/rfc/rfc3912.txt
P. Zimmermann, Zfone is a new secure VoIP phone software product: Zfone uses a new protocol called ZRTP, http://zfoneproject.com
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Schultz, G. (2011). Security Aspects and Principles. In: Correia, L., Abramowicz, H., Johnsson, M., Wünstel, K. (eds) Architecture and Design for the Future Internet. Signals and Communication Technology. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-9346-2_6
Download citation
DOI: https://doi.org/10.1007/978-90-481-9346-2_6
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-9345-5
Online ISBN: 978-90-481-9346-2
eBook Packages: EngineeringEngineering (R0)