Matthew Condell

Domain based Internet security policy management

As security devices and protocols become widely used on the Internet, the task of managing and processing communication security policies grows steeply in its complexity. This paper presents a scaleable, robust, secure distributed system that can manage communication security policies associated with multiple network domains and resolving the policies-esp. those that specify the use of IP-AH/ESP security protocols-into security requirements for inter-domain communication. Technology innovation includes a formal model for IPsec policy specification and resolution, a platform independent policy specification language and a distributed policy server system. The formal model consists of a hierarchical domain model for IPsec policy enforcement and a lattice model of IPsec policy semantics. The policy specification language enables users to specify IPsec policies using the formal model regardless of the make of the security devices. The policy servers maintain the security policies in a distributed database, and negotiate the security associations for protecting inter-domain communication. Both the policy database and the policy exchange protocol are protected from passive and active attacks. Several UNIX implementations are available for non-commercial uses.

A public-key based secure mobile IP

The need of scaleable key management support for Mobile IP, especially the route‐optimized Mobile IP, is well known. In this paper, we present the design and the implementation of a public key management system that can be used with IETF basic and route optimized Mobile IP. The system, known as the Mobile IP Security (MoIPS) system, was built upon a DNS based X.509 Public Key Infrastructure and the innovation in cross certification and zero‐message key generation. The system can supply cryptographic keys for authenticating Mobile IPv.4 location management messages and establishing IPSec tunnels for Mobile IP redirected packets. It can also be used to augment firewall traversal of Mobile IP datagrams. A FreeBSD UNIX implementation of the MoIPS prototype is available for non‐commercial uses.

Opportunistic spectrum access: challenges, architecture, protocols

We consider the concept of opportunistic spectrum access (OSA) -- whereby radios identify unused portions of licensed spectrum, and utilize that spectrum without adverse impact on the primary licensees. OSA allows both dramatically higher spectrum utilization and near-zero deployment time, with an obvious and significant impact on both civilian and military communications. We discuss two broad classes of challenges to OSA: spectrum agility, which involves wideband sensing, opportunity identification, coordination and use; and policy agility, which enables regulatory policies to be applied dynamically using machine understandable policies. Focusing on spectrum agility, we present an architecture based on an OSA adaptation layer. We describe protocols for OSA, including a hole information protocol, idle channel selection and use, and an access protocol for the coordination channel. We present a simulation study, discuss insights, and show that even a simple protocol for opportunistic spectrum allocation can provide an order-of-magnitude performance improvement in throughput over a legacy system.

Active network monitoring and control: the SENCOMM architecture and implementation

We present the architecture, design, and implementation of SENCOMM (smart environment for network control, monitoring and management). SENCOMM uses active network technology to comprise a management execution environment (SMEE), which coexists with other execution environments (EEs). Management applications, called smart probes, run in the SMEE. A probe and its data are mobile executable code that are delivered to the active node within an active network encapsulation protocol (ANEP) datagram. Our architecture is designed to actively control, monitor, and manage both conventional and active networks, and be incrementally deployed in existing networks. We present a set of goals, a design philosophy, and a set of basic requirements for controlling, monitoring, and managing networks using the active network technology. We discuss the operation and components of SENCOMM:. the management EE, a protocol, smart probes, and loadable libraries. We discuss the implementation issues uncovered in integrating SENCOMM into a selected EE and the decisions made to resolve them.

FIRE: flexible Intra-AS routing environment

Current routing protocols are monolithic, specifying the algorithm used to construct forwarding tables, the metric used by the algorithm (generally some form of hop-count), and the protocol used to distribute these metrics as an integrated package. The Flexible Intra-AS Routing Environment (FIRE) is a link-state, intra-domain routing protocol that decouples these components. FIRE supports run-time-pro- grammable algorithms and metrics over a secure link-state distribution protocol. By allowing the network operator to dynamically reprogram both the information being advertised and the routing algorithm used to construct forwarding tables in Java, FIRE enables the development and deployment of novel routing algorithms without the need for a new protocol to distribute state. FIRE supports multiple concurrent routing algorithms and metrics, each constructing separate forwarding tables. By using operator-specified packet filters, separate classes of traffic are routed using completely different routing algorithms, all supported by a single routing protocol.

Multidimensional security policy management for dynamic coalitions

Security policy management for a dynamic coalition with multiple members, each with its own policy requirements and mechanisms, and with limited mutual trust, is a complex task. In this paper, we present the architecture of MSME (Multidimensional Security Management and Enforcement), a system that addresses this problem by providing mechanisms to express security requirements for large groups abstractly, to exchange and reconcile these communication requirements among members of a group, and to automatically bind these abstract requirements to mechanisms that can enforce them at different levels of the TCP/IP stack.

FIRE: flexible intra-AS routing environment

Current routing protocols are monolithic, specifying the algorithm used to construct forwarding tables, the metric used by the algorithm (generally some form of hop count), and the protocol used to distribute these metrics as an integrated package. The flexible intra-AS routing environment (FIRE) is a link-state, intradomain routing protocol that decouples these components. FIRE supports run-time-programmable algorithms and metrics over a secure link-state distribution protocol. By allowing the network operator to dynamically reprogram both the properties being advertised and the routing algorithms used to construct forwarding tables, FIRE enables the development and deployment of novel routing algorithms without the need for a new protocol to distribute state. FIRE supports multiple concurrent routing algorithms and metrics, each constructing separate forwarding tables. By using operator-specified packet filters, separate classes of traffic may be routed using completely different routing algorithms, all supported by a single routing protocol. This paper presents an overview of FIRE, focusing particularly on FIREs novel aspects with respect to traditional routing protocols. We consider deploying several current unicast and multicast routing algorithms in FIRE, and describe our Java-based implementation.

Traceback of single IP packets using SPIE

The design of the Internet protocol makes it difficult to reliably identify the originator of an IP packet. IP traceback techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion. We present SPIE, the Source Path Isolation Engine, a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past.