Jari Arkko

A Node Identity Internetworking Architecture

The Internet consists of independent networks that belong to different administrative domains and vary in scope from personal area networks, private home networks, corporate networks to ISP and global operator networks. These networks may employ different technologies, communications mediums, addressing realms and may have widely different capabilities. The coming years will add a significant level of dynamic behavior, such as mobile nodes and moving networks, which the Internet must support. At the same time, there is a need to address the increasing levels of harmful traffic and denial-of-service attacks. The existing Internet architecture does not support dynamic behavior or secure communication to a sufficient degree. This paper outlines a node-identity-based internetworking architecture that allows heterogeneous networks to work together without loss of functionality. Some of techniques employed in this architecture include reliance on cryptographic node identifiers, identity routers and localized addressing realms.

Securing IPv6 neighbor and router discovery

When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.

Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties

This paper discusses “weak authentication” techniques to provide cryptographically strong authentication between previously unknown parties without relying on trusted third parties.

End-to-end security for sleepy smart object networks

We develop a new secure and energy-efficient communication model for the Constrained Application Protocol (CoAP), a light-weight communication protocol designed for smart object networks. This architecture and the communication model ensures data integrity and authenticity over a multi-hop network topology. It provides a mirroring mechanism that uses a proxy to serve data on behalf of sleeping smart objects, thereby allowing them to act as always-online web servers. A working prototype implementation of the architecture is also developed. The security features in the architecture presented in this paper are based on using strong public-key cryptography. Contrary to popular belief, our performance evaluation shows that asymmetric public-key cryptography can be implemented on small 8-bit microcontrollers without modifying the underlying cryptographic algorithms using public libraries.

Delegation of Signalling Rights

Consider a network of interconnected nodes where each node is identified with a public key. Each node uses the corresponding private key to sign signalling messages. This allows those nodes that know a given node (by its public key) to verify the authenticity of the signalling messages. Under these circumstances, a node may delegate the right to send signalling messages to another node. The delegation may be expressed, for example, in the form of authorization certificates. In this paper we describe how such delegation could be used to optimise signalling paths in mobile and ad hoc network settings. Additionally, we consider the constraints and limitations of the proposed approach.

Enhancing privacy with shared Pseudo random sequences

Protecting users’ privacy is essential for turning networks and services into trustworthy friends. Many privacy enhancing techniques, such as anonymous e-cash and mix-nets, have been proposed to make users more comfortable in their network usage. These techniques, in turn, usually rely on very basic security mechanisms, e.g., confidentiality protection, for their realization. But these mechanisms are also used for other security

Mobile IPv6 Security

Mobile IPv6 provides global mobility and location management support for the IPv6 network layer protocol. The design of Mobile IPv6 incorporates security features that differ significantly from its predecessor, Mobile IPv4. Some of the new security features are intended to counter new threats raised by route optimization, while others align Mobile IPv6 security more closely with basic IPv6 security mechanisms. In this paper, we outline the security threats to Mobile IPv6 and describe how the security features of the Mobile IPv6 protocol mitigate them.

Limitations of IPsec policy mechanisms

IPsec, while widely implemented, is rarely used for end-to-end protection of application protocols. Instead, it is mainly used today as an “all or nothing” protection for VPNs. In this paper we discuss the structure and shortcomings of the IPsec security policy mechanisms as partial reasons for this situation. We describe our experiences in using IPsec in a number of situations, including IPv6 control protocols, mobility protocols, network management, and multimedia protocols. We conclude that more often than not, the existing policy mechanisms are inadequate. While IPsec is quite effective in authenticating the peer and establishing assurance about its identity, the lack of attention to authorization questions is a root cause of the existing inadequacies. We also claim that the problems are more fundamental than the lack of suitable APIs and management tools. Finally, we present some potential architectural modifications which could improve the situation, and discuss the practical challenges in achieving these modifications.

Dagstuhl perspectives workshop on end-to-end protocols for the future internet

This article summarises the presentations and discussions during a workshop on end-to-end protocols for the future Internet in June 2008. The aim of the workshop was to establish a dialogue at the interface between two otherwise fairly distinct communities working on future Internet protocols: those developing internetworking functions and those developing end-to-end transport protocols. The discussion established near-consensus on some of the open issues, such as the preferred placement of traffic engineering functionality, whereas other questions remained controversial. New research agenda items were also identified.

Authentication components: engineering experiences and guidelines

Security protocols typically employ an authentication phase followed by a protected data exchange. In some cases, such TLS, these two phases are tightly integrated, while in other cases, such as EAP (Extensible Authentication Protocol) and Kerberos, they are separate and often implemented in different endpoints. However, careless application of this separation has lead to several vulnerabilities. In this paper we discuss reasons why this separation is often useful, what mistakes have been made, and what these mistakes have in common. We then describe some approaches how these problems could be avoided, especially focusing on EAP in wireless LANs. We also present some engineering observations that should be taken into account when designing reusable authentication components in the future.