Abstract not found

Despite the existence of many security schemes for BGP with varying properties, to date there has been little progress on actual BGP security adoption. Although feasibility for widespread adoption remains the greatest hurdle for BGP security, there has been little quantitative research into what exactly improves the adoptability of a security scheme. To the best of our knowledge, we provide the first model for characterizing the adoptability of a protocol. Furthermore, we present an approach for performing this evaluation by simulating incentives compatible adoption decisions of ISPs on the Internet under a variety of assumptions. Our extensive evaluation results include: (a) the existence of a sharp threshold, where, if the cost of adoption is below the threshold, complete adoption takes place, while almost no adoption takes place above the threshold; (b) under a strong attacker model, adding a single hop of path authentication to origin authentication yields similar adoptability characteristics as a full path security scheme; (c) under a weaker attacker model, adding full path authentication (e.g., via S-BGP [10]) significantly improves the adoptability of BGP security over weaker path security schemes such as soBGP [18]. These results provide insight into the development of more adoptable secure BGP protocols and demonstrate the importance of studying adoptability of protocols. 1

Traditional Public Key Infrastructures (PKI) have not lived up to their promise because there are too many ways to define PKIs, too many cryptographic primitives to build them with, and too many administrative domains with incompatible roots of trust. Alpaca is an authentication and authorization framework that embraces PKI diversity by enabling one PKI to “plug in ” another PKI’s credentials and cryptographic algorithms, allowing users of the latter to authenticate themselves to services using the former using their existing, unmodified certificates. Alpaca builds on Proof-Carrying Authorization (PCA) [8], expressing a credential as an explicit proof of a logical claim. Alpaca generalizes PCA to express not only delegation policies but also the cryptographic primitives, credential formats, and namespace structure needed to use foreign credentials directly. To achieve this goal, Alpaca introduces a method of creating and naming new principals which behave according to arbitrary rules, a modular approach to logical axioms, and a domain-specific language specialized for reasoning about authentication. We have implemented Alpaca as a Python module that assists applications in generating proofs (e.g., in a client requesting access to a resource), and in verifying those proofs via a compact 800-line TCB (e.g., in a server providing that resource). We present examples demonstrating Alpaca’s extensibility in scenarios involving inter-organization PKI interoperability and secure remote PKI upgrade.

This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at

Abstract not found

We present the design and initial evaluation of TerraDir: an approach for implementing customizable, distributed, peer-to-peer directories over which a broad range of wide-area resource discovery applications can be implemented. TerraDir's structure is two-tiered, consisting of a base protocol for providing arbitrary application-layer connectivity, and dynamic view materializations that efficiently realize different user-specified views of application-layer resources.

A correctly working Domain Name System (DNS) is essential for the Internet. Due to its significance and because of deficiencies in its current design, the DNS is vulnerable to a wide range of attacks. This paper presents the design and implementation of a secure distributed name service. Our service is able provide fault tolerance and security even in the presence of a fraction of corrupted servers, avoiding any single point of failure. It further solves the problem of storing zone secrets online in a way that does not leak them to a corrupted server, while still supporting secure dynamic updates. Our service uses state-machine replication and threshold cryptography. We present results from experiments performed using a prototype implementation on the Internet in realistic setups. The results show that our design achieves the required assurances while servicing most frequent requests in reasonable time.

draft-ietf-dnsext-dnssec-protocol-00

The IETF Mobile IP protocol is a significant step towards enabling nomadic Internet users. It allows a mobile node to maintain and use the same IP address even as it changes its point of attachment to the Internet. Mobility implies higher security risks than static operation. Portable devices may be stolen or their traffic may, at times, pass through links with questionable security characteristics. Most commercial organizations use some combination of source-filtering routers, sophisticated firewalls, and private address spaces to protect their network from unauthorized users. The basic Mobile IP protocol fails in the presence of these mechanisms even for authorized users. This paper describes enhancements that enable Mobile IP operation in such environments, i.e., they allow a mobile user, out on a public portion of the Internet, to maintain a secure virtual presence within his firewall-protected office network. This constitutes what we call a Mobile Virtual Private Network (MVPN). 1.

FreeBSD recently adopted the OpenBSD Cryptographic Framework [Keromytis et al, 2003]. In doing so it was necessary to convert the core framework to function correctly in a fully-preemptive/multiprocessor operating system environment. In addition several issues with the basic design were found to cause significant performance loss. After addressing these issues we found that FreeBSD outperformed OpenBSD on identical hardware by as much as 100 % in tests that exercise only the cryptographic framework. These optimizations result in similar performance improvements for facilities like IPsec that make heavy use of the cryptographic framework. We observed that FreeBSD’s Fast IPsec [Leffler, 2003] typically outperforms OpenBSD’s IPsec implementation [Miltchev et al, 2002] by more than 50 % on identical hardware. We conclude that the OCF cryptographic API can be optimized and re-tuned to deliver substantially better performance than the original OCF implementation with large gains in both throughput and latency. Moreover these changes can be made with no impact on clients of the cryptographic framework: both user and kernel sofware designed for the original OCF is easily ported to the FreeBSD implementation of OCF. 1.