Security Design for an Inter-Domain Publish/Subscribe Architecture

Visala, Kari; Lagutin, Dmitrij; Tarkoma, Sasu

doi:10.1007/978-3-642-20898-0_12

Cited by 5 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…LANES [18] is another Bloom-filter forwarding protocol for a future publish-subscribe Internet architecture. Unlike FRM or LIPSIN, it uses in-packet Bloom filters only for unicast.…”

Section: B Bloom-filter-based Multicast Forwardingmentioning

confidence: 99%

Denial-of-Service Attacks in Bloom-Filter-Based Forwarding

Antikainen

Aura

Särelä

2014

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

Bloom-filter-based forwarding has been suggested to solve several fundamental problems in the current Internet, such as routing-table growth, multicast scalability issues, and denial-of-service (DoS) attacks by botnets. The proposed protocols are source-routed and include the delivery tree encoded as a Bloom filter in each packet. The network nodes forward packets based on this in-packet information without consulting routing tables and without storing per-flow state. We show that these protocols have critical vulnerabilities and make several false security assumptions. In particular, we present DoS attacks against broad classes of Bloom-filter-based protocols and conclude that the protocols are not ready for deployment on open networks. The results also help us understand the limitations and design options for Bloom-filter forwarding.

show abstract

“…LANES [18] is another Bloom-filter forwarding protocol for a future publish-subscribe Internet architecture. Unlike FRM or LIPSIN, it uses in-packet Bloom filters only for unicast.…”

Section: B Bloom-filter-based Multicast Forwardingmentioning

confidence: 99%

Denial-of-Service Attacks in Bloom-Filter-Based Forwarding

Antikainen

Aura

Särelä

2014

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

show abstract

“…Since the preliminary version of our work was published in [30], there have been a few related works. Some security designs for pub/sub network architecture was proposed in [12,26], but they did not have formal security proofs.…”

Section: New Improvements and Comparison To Our Previous Workmentioning

confidence: 99%

Towards a cryptographic treatment of publish/subscribe systems1

Yuen

Susilo

2014

JCS

View full text Add to dashboard Cite

Publish/subscribe mechanism is a typical many-to-many messaging paradigm when multiple applications want to receive the same message or when a group of applications would like to notify each other. Nonetheless, there exist only a few works that address the security issues for content-based publish/subscribe systems formally. Although the security requirements have been partially addressed by Wang et al., there is no formal definition for all of these security requirements in the literature. As a result, most of the existing schemes do not have any security proof and it is difficult to justify whether those schemes are really secure in practice. Furthermore, there is no comprehensive scheme that satisfies the most essential security requirements at the same time. In this paper, we introduce the first security model for important security requirements of content-based publish/subscribe systems. We also give a new security requirement for publisher authenticity, which means that the publisher is authenticated to publish certain types of notification only, and cannot publish other types of notification. We then exhibit a new scheme which fulfills most of the security requirements. Furthermore, we also provide a comprehensive proof for our concrete construction according to the new model.

show abstract

“…Another example is the realization of the PURSUIT functional model in [13]. It uses self-certifying DONA-like [2] rendezvous identifiers (Rids), which are (P, L) pairs.…”

Section: Naming and Content Securitymentioning

confidence: 99%

Towards a Minimal Core for Information-Centric Networking

Visala

Lagutin

Tarkoma

2013

The Future Internet

Self Cite

View full text Add to dashboard Cite

Abstract. The question of whether there exists a minimal model for information-centric networking (ICN), that allows the bulk of features of various recent ICN architectures to be expressed as independent extensions to the model, is largely unexplored. Finding such core would yield more orthogonality of the features, better adaptability to the changing multi-stakeholder environment of the Internet, and improved interoperability between ICN architectures.In this paper, we introduce the concept of information space as a potential solution, which is based on the sharing of information and late binding service composition of decoupled entities as the essence of information-centrism. The specified framework is an abstract model without dependencies to low-level implementation details and achieves minimality by leaving naming and content security outside the core. This approach makes the experimentation of new features above and their implementation below faster and provides a possible evolutionary kernel for ICN.

show abstract

Security Design for an Inter-Domain Publish/Subscribe Architecture

Cited by 5 publications

References 19 publications

Denial-of-Service Attacks in Bloom-Filter-Based Forwarding

Denial-of-Service Attacks in Bloom-Filter-Based Forwarding

Towards a cryptographic treatment of publish/subscribe systems1

Towards a Minimal Core for Information-Centric Networking

Contact Info

Product

Resources

About