Oliver Hanka

HiiMap: Hierarchical internet mapping architecture

Many researchers working on concepts for the next generation internet agree that the split of identifier and locator seems to be a very promising approach. Although this solution addresses the most critical issues in todays internet, new challenges arise through the mapping between locator and identifier. Our proposal takes a look at novel DHT-based mapping concepts and points out the trust problem which is introduced by many of these concepts. A new architectural concept based on administrative regions to handle mapping requests is proposed while still considering trust, security and mobility.

A Novel DHT-Based Network Architecture for the Next Generation Internet

The Internet architecture of today is the result of a constant evolution during the past 25 years. However, this layering of add-ons, bug fixes and extensions has grown into a tremendously complex and, therefore, increasingly static platform. On the contrary, a multitude of new challenges related to issues never conceived in the original design, such as security and mobility has become more and more important. Hence, we propose a clean-slate approach based on a two-tier locator identifier split. Combined with Distributed Hash-Tables (DHT), we developed a scalable long-term alternative to the current Internet architecture.

Secure deployment of application-tailored protocols in future networks

Within the G-Lab project we consider a Future Internet which does not consist of a single general-purpose network architecture. Instead, multiple coexisting virtual networks are designed to cater for the needs of different use-cases and applications. Each of these application-tailored networks requires application-tailored protocols in order to realize the network specific functionalities and characteristics. In this scenario, nodes connecting to a network must acquire the necessary protocols at runtime in order to actually utilize the network. Furthermore, the deployment must be secure to avoid manipulation of the protocols. In this paper we, therefore, introduce a deployment process for application-tailored protocols in such future networks. The proposed deployment process allows for the on-demand distribution of protocols to network nodes. Additionally, the deployment process verifies the integrity as well as origin of protocols and, thus, provides security and reliability.

A Distributed Public Key Infrastructure Based on Threshold Cryptography for the HiiMap Next Generation Internet Architecture

In this article, a security extension for the HiiMap Next Generation Internet Architecture is presented. We regard a public key infrastructure which is integrated into the mapping infrastructure of the locator/identifier-split addressing scheme. The security approach is based on Threshold Cryptography which enables a sharing of keys among the mapping servers. Hence, a more trustworthy and fair approach for a Next Generation Internet Architecture as compared to the state of the art approach is fostered. Additionally, we give an evaluation based on IETF AAA recommendations for security-related systems.

Smart Card Based Security in Locator/Identifier-Split Architectures

Security is an essential business requirement towards communication networks and will play a major role in future internet concepts. Many researchers see security functionality as an integral part of a new architecture, which should be thought of as soon as the conceptional phase of any proposal. In this paper we discuss suggested security mechanisms for the so called Locator/Identifier-Split and outline problematic issues found in those concepts. Based on these observations, we propose a security architecture using smart cards, which allows for lifelong assigned identifiers and is able to handle key replacement and revocation. Furthermore, we discuss the aspect of initial bootstrap and how to integrate devices with very low computational power like sensors.

How to prevent identity fraud in locator/identifier — Split architectures

The locator/identifier separation paradigm is a very promising Next Generation Internet addressing scheme. By this scheme, however, a nodes identity - represented by the identifier - becomes more important and persistent. It is, therefore, more than ever necessary to protect a nodes identity against fraud. In this paper, possible attack scenarios against a nodes identity are outlined. Afterwards, a framework based on a distributed public key infrastructure and smart cards is introduced to counter the identity fraud thread on the network layer in locator/identifier-split architectures.

The cost of location privacy in locator/identifier-split architectures

The locator/identifier separation paradigm is widely considered to be a feasible solution to the problematic issues of todays Internet architecture. This approach, however, introduces a novel problem by revealing a nodes location information to all of its peers. Thus, each node becomes trackable. To overcome this problem, a solution is required which is able to hide location information while not limiting connectivity at the same time. So far, few proposals have been made to address this problem. In this paper, the concepts are analyzed and evaluated based on the costs introduced to the network due to overhead. The paper shows the overall costs for a privacy solution and the importance to implement mechanisms to limit additional required transit traffic.

Evaluation of Future Network Architectures and Services in the G-Lab Testbed

Our current Future Internet research in the G-Lab project [1] comprises clean slate network architectures and services. In this vast topic, we focus on two different aspects: (1) Composition as well as adaptation of application and network tailored protocols and (2) novel addressing and routing schemes based on locator/identifier-split. In the following, we describe these aspects including their benefit and usage of the G-Lab testbed. Then we detail our ongoing cooperation and the development of a joint prototype.