SCION: A Secure Internet ArchitectureThis book des

文件名称: SCION: A Secure Internet Architecture

所属分类: 网络安全

开发工具:

文件大小: 8mb

下载次数: 0

上传时间: 2019-04-05

提供者: al***

下载 (8mb)

不能下载？报告错误

详细说明：This book describes the essential components of the SCION secure Internet architecture, the first architecture designed foremost for strong security and high availability. Among its core features, SCION also provides route control, explicit trust information, multipath communication, scalable quality-of-service guarantees, and efficient forwarding. The book includes functional specifications of the network elements, communication protocols among these elements, data structures, and configuration files. In particular, the book offers a specification of a working prototype. The authors provide a comprehensive description of the main design features for achieving a secure Internet architecture. They facilitate the reader throughout, structuring the book so that the technical detail gradually increases, and supporting the text with a glossary, an index, a list of abbreviations, answers to frequently asked questions, and special highlighting for examples and for sections that explain important research, engineering, and deployment features. The book is suitable for researchers, practitioners, and graduate students who are interested in network security.Moreinformationaboutthisseriesathttp://www.springer.com/series/4752 Adrian Perrig. Pawel Szalachowski Raphael m. reischuk. Laurent chuat SCion:A Secure internet Architecture ringer Adrian perrig Raphael m. reischuk Network Security Group Network Security Group ETH Zurich ETH Zurich Zurich Zi Switzerland Switzerland Pawel szalachowski Laurent chua Network Security Group Network Security Group ETH Zurich ETH Zurich Zurich Zurich Switzerland Switzerland ISSN1619-7100 issn 2197-845X (electronic) Information Security and Cryptography ISBN978-3-319670799 SBN978-3-319-67080-5( e Book) https:/doi.org,/10.1007/978-3-319-67080-5 Library of Congress Control Number: 2017955641 o Springer International Publishing AG 2017 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG The registered company address is: Gewerbestrasse ll, 6330 Cham, Switzerland Thank you for your unwavering support Love, forever. Adrian To Henio For all these sleepless nights Pawet To my family and those who supported me along my way. Raphael O Me For your patience and encouragement Laurent Contents oreo X ref face XV verve 1 Introduction 1.I Todays Internet Goals of a secure Internet architecture 3 Future Internet Architectures 13 2 The SCION Architecture 2.1 Control plane 2.2 Data plane ecurity Aspects 27 2.4 Use Cases 31 Incentives for Stakeholders 34 6 Deployment 2.7 Extensions 39 2. 8 Main Contributions 39 3 Isolation Domains(ISDs) 43 3. 1 Why Isolation 43 3.2 The ISD Corel 3.3 Coordination Among ISD 48 3.4 Name Resolution 48 3.5 ISD Governance Models 51 3.6 Nested Isolation Domains l SCION in Detaill 59 4 Authentication Infrastructure 61 耳. Overview 4.2 Control-Plane Authentication 68 4.3 Name Authentication 83 4.4 End-Entity authentication 86 V11 Contents 5 SD Coordination 93 5.1 Motivation and Objectives 94 5.2 Announcing and Discovering New ISDs 3 Local resolution of conficts 6 Name Resolution 101 6. 1 Background 102 6.2 Name Resolution Architecture 104 6. 3 Naming Information Model 106 6.4 The RAINS Protocol 114 6.5 The Naming Consistency Observer(ncO 7 Control Plane 119 7.1 Path Exploration and Registration 119 7.2 Path Lookup 13 7.3 Secure Path Revocation ..,,,,,..138 1.4 Failure Resilience and Service Discovery 146 7.5 AS-Level Anycast Service 153 1.6 SCION Control Message Protocol (SCMP) 155 7.7 Time Synchronization 159 8 Data Plane 161 8.1 Path Format 162 8.2 Creation of Forwarding paths 164 8.3 Efficient Path Construction 174 9 Host Structure 179 9. 1 SCION Dispatcher 179 9.2 SCION Daemon 183 19.3 Transmission Control Protocol (TCP/SCION) 185 9.4 SCION Stream Protocol (SSP).. 188 10 Deployment and Operation 191 0.1 ISP Deployment 191 10.2 End-Domain Deployment 199 0.3 The SCION-IP Gateway(SIG) 20l 10.4 How to Try out SCIOn 211 10.5 SCION AS Management Framework 215 10.6 Deploying a New as 218 10.7 The scionlab experimentation environment 220 10.8 Example: Life of a SCion Data Packet 223 10.9 SCION Path Policy 230 Contents I Extensions 241 11 SIBRA 243 11. Motivation and Introduction 244 11. 2 Goals and Adversary model 245 11.3 Design Overview 247 11.4 SIBRA Core Path 250 11.5 SIBRA Steady Paths 259 1.6 SIBRA Ephemeral paths 1.7 Priority Traffic Monitoring and polcing/ 261 268 11.9 Discussion 273 11.10 Further reading 276 12 OPT and DRKey 279 12. 1 Introduction 280 12.2 OPT Problem Definition 281 12.3 OPT Design Overview 283 12.4 OPT Protocol Description 286 12.5 Dynamically Recreatable Keys(drEy) 291 V Analysis and Evaluation 299 13 Security analysis 301 13. 1 Security goals 302 13.2 Threat Modell 304 3.3 Software Securit 305 13.4 Control-Plane Path Manipulation 307 3.5 Data-Plane Path manipulation 312 6. 6 Censorship and surveillance 318 3.7 Attacks Against Availability 320 13.8 Absence of Kill Switches. 325 13.9 Resilience to Path hijacking 327 13.10 Summary 330 14 Power Consumption 331 14.1 Modeling Power Consumption of an FIA router 332 14.2 Simulation 334 Specification 339 15 Packet and Message formats 341 15.1 SCION Packet 341 Contents 1 5.2 Control plane 355 15.3 PCB and Path Segment 356 4 Path Management messages 361 15.5 PKI Interactions 15.6 SCMP Packet 363 16 Configuration File Formats 369 16. 1 Trust Root Configuration 369 16.2 AS Certificates 370 16.3 Discovery Service Configuration 374 16. 4 Router, Server, and End-Host Configuration 376 7 Cryptographic algorithms 381 17.1 Algorithm Agility 381 17.2 Symmetric Primitive 384 17.3 Asymmetric Primitives 385 17. 4 Post-Quantum Cryptography 386 Bibliography 387 Frequently Asked Questions 409 Glossary 417 Abbreviations 421 ndex 423

(系统自动生成,下载前可以参看下载内容)