Security design for an inter-domain publish/subscribe architecture

Authors:
Kari Visala;Dmitrij Lagutin;Sasu Tarkoma
Affiliations:
Helsinki Institute for Information Technology HIIT/Aalto University School of Science and Technology, Espoo, Finland;Helsinki Institute for Information Technology HIIT/Aalto University School of Science and Technology, Espoo, Finland;Department of Computer Science, University of Helsinki, Helsinki, Finland
Venue:
The future internet
Year:
2011

Citing 18
Cited 1

Identity-based cryptosystems and signature schemes

Proceedings of CRYPTO 84 on Advances in cryptology
Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
End-to-end arguments in system design

ACM Transactions on Computer Systems (TOCS)
On inferring autonomous system relationships in the internet

IEEE/ACM Transactions on Networking (TON)
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems

HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9 - Volume 9
Secrecy, authentication, and public key systems.

Secrecy, authentication, and public key systems.
Canon in G Major: Designing DHTs with Hierarchical Structure

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Tussle in cyberspace: defining tomorrow's internet

IEEE/ACM Transactions on Networking (TON)
Secure event types in content-based, multi-domain publish/subscribe systems

SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
A data-oriented (and beyond) network architecture

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
NIRA: a new inter-domain routing architecture

IEEE/ACM Transactions on Networking (TON)
Accountable internet protocol (aip)

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
ALPHA: an adaptive and lightweight protocol for hop-by-hop authentication

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
LIPSIN: line speed publish/subscribe inter-networking

Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Networking named content

Proceedings of the 5th international conference on Emerging networking experiments and technologies
LANES: an inter-domain data-oriented routing architecture

Proceedings of the 2009 workshop on Re-architecting the internet
Self-Routing Denial-of-Service Resistant Capabilities Using In-packet Bloom Filters

EC2ND '09 Proceedings of the 2009 European Conference on Computer Network Defense
Roles and security in a publish/subscribe network architecture

ISCC '10 Proceedings of the The IEEE symposium on Computers and Communications

Towards a cryptographic treatment of publish/subscribe systems

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Several new architectures have been recently proposed to replace the Internet Protocol Suite with a data-centric or publish/subscribe (pub/sub) network layer waist for the Internet. The clean-slate design makes it possible to take into account issues in the current Internet, such as unwanted traffic, from the start. If these new proposals are ever deployed as part of the public Internet as an essential building block of the infrastructure, they must be able to operate in a hostile environment, where a large number of users are assumed to collude against the network and other users. In this paper we present a security design through the network stack for a data-centric pub/sub architecture that achieves availability, information integrity, and allows application-specific security policies while remaining scalable. We analyse the solution and examine the minimal trust assumptions between the stakeholders in the system to guarantee the security properties advertised.