Security

As more of the global population use digital systems in their daily lives, so it is increasingly important to consider the security of the network communication that enables our digital services. However, this is not as simple as "just encrypting" everything we send and receive online. We need to consider the algorithms and protocols used for communication — the protocols and operation of the control and management planes of the communication architecture.

This work is more focussed on the nature and architecture of communication protocol and systems, rather than new cryptographic algorithms, though, of course, cryptographic techniques are used.

Security for IP — ILNP: Much of the work I have in security of protocols is based on the new security mechanisms possible through the use of the Identifier-Locator Network Protocol (ILNP).
Health: Secure communications for mobile health systems is vital to protect the integrity of sensitive, personal biological data during communication between those producing the data (e.g. patients) and those who need to view the data (e.g. professional health workers).
Management of systems: The management of communication systems also needs to be secure so that the management plane does not offer an additional attack vector, even if the user plane and control plane are both secure.

Security for IP — ILNP

G. T. Haywood, S. N. Bhatti. Defence against side-channel attacks for encrypted network communication using multiple paths. Cryptography, vol. 8, no. 2, pages 1-26. May 2024.
| URL | .bib | 10.3390/cryptography8020022 | abstract As more network communication is encrypted to provide data privacy for users, attackers are focusing their attention on traffic analysis methods for side-channel attacks on user privacy. These attacks exploit patterns in particular features of communication flows such as interpacket timings and packet sizes. Unsupervised machine learning approaches, such as Hidden Markov Models (HMMs), can be trained on unlabelled data to estimate these flow attributes from an exposed packet flow, even one that is encrypted, so it is highly feasible for an eavesdropper to perform this attack. Traditional defences try to protect specific side channels by modifying the packet transmission for the flow, e.g., by adding redundant information (padding of packets or use of junk packets) and perturbing packet timings (e.g., artificially delaying packet transmission at the sender). Such defences incur significant overhead and impact application-level performance metrics, such as latency, throughput, end-to-end delay, and jitter. Furthermore, these mechanisms can be complex, often ineffective, and are not general solutions—a new profile must be created for every application, which is an infeasible expectation to place on software developers. We show that an approach exploiting multipath communication can be effective against HMM-based traffic analysis. After presenting the core analytical background, we demonstrate the efficacy of this approach with a number of diverse, simulated traffic flows. Based on the results, we define some simple design rules for software developers to adopt in order to exploit the mechanism we describe, including a critical examination of existing communication protocol behavior. S. N. Bhatti, R. Atkinson, J. Klemets. Integrating Challenged Networks. MILCOM 2011 - 30th IEEE Military Communications Conf.. Baltimore, MD, USA. Nov 2011.
| PDF | .bib | 10.1109/MILCOM.2011.6127596 | abstract For a comprehensive information coverage across theatre, it is necessary to integrate many different sources of data which are likely to use protocols specific to a specialised purpose. For example, resource-constrained or challenged networks such as sensor systems and MANET systems, using their own protocols, may be used in conjunction with other Internet Protocol (IP) based communication and need to be integrated into the GIG. While such integration may be possible today, the engineering is complex and the resultant system may be difficult to configure and maintain, as well as being brittle when systems changes or reconfiguration is required. Furthermore, when security and identity issues are considered, the additional overhead for enabling integration within the context of sensor systems and MANETs raises challenging technology issues. Based on our ongoing work, we present a potential solution which organises such systems based on identity and location, but allows integration with Internet- wide communication. R. Atkinson, S. N. Bhatti, S. Hailes. Evolving the Internet Architecture Through Naming. IEEE JSAC - Journal of Selected Areas in Communication, vol. 28, no. 8, pages 1319-1325. Oct 2010.
| PDF | .bib | 10.1109/JSAC.2010.101009 | abstract Challenges face the Internet Architecture in order to scale to a greater number of users while providing a suite of increasingly essential functionality, such as multi-homing, traffic engineering, mobility, localised addressing and end-to-end packet-level security. Such functions have been designed and implemented mainly in isolation and retrofitted to the original Internet architecture. The resulting engineering complexity has caused some to think of 'clean slate' designs for the long-term future. Meanwhile, we take the position that an evolutionary approach is possible for a practical and scaleable interim solution, giving much of the functionality required, being backwards compatible with the currently deployed architecture, with incremental deployment capability, and which can reduce the current routing state overhead for the core network. By enhancing the way we use naming in the Internet Architecture, it is possible to provide a harmonised approach to multi-homing, traffic engineering, mobility, localised addressing and end-to-end packet-level security, including specific improvement to the scalability of inter-domain routing, and have these functions co-exist harmoniously with reduced engineering complexity. A set of proposed enhancements to the current Internet Architecture, based on naming, are described and analysed, both in terms of architectural changes and engineering practicalities. R. Atkinson, S. N. Bhatti, S. Hailes. ILNP: mobility, multi-homing, localised addressing and security through naming. Telecommunication Systems, vol. 42, no. 3-4, pages 273-291. Dec 2009.
| URL | .bib | 10.1007/s11235-009-9186-5 | abstract Internet users seek solutions for mobility, multi-homing, support for localised address management (i.e. via NATs), and end-to-end security. Existing mobility approaches are not well integrated into the rest of the Internet architecture, instead primarily being separate extensions that at present are not widely deployed. Because the current approaches to these issues were developed separately, such approaches often are not harmonious when used together. Meanwhile, the Internet has a number of namespaces, for example the IP address or the Domain Name. In recent years, some have postulated that the Internet’s namespaces are not sufficiently rich and that the current concept of an address is too limiting. One proposal, the concept of separating an address into an Identifier and a separate Locator, has been controversial in the Internet community for years. It has been considered within the IETF and IRTF several times, but always was rejected as unworkable. This paper takes the position that evolving the naming in the Internet by splitting the address into separate Identifier and Locator names can provide an elegant integrated solution to the key issues listed above, without changing the core routing architecture, while offering incremental deployability through backwards compatibility with IPv6. R. Atkinson, S. N. Bhatti, S. Hailes. Site-controlled Secure Multi-homing and Traffic Engineering for IP. MILCOM 2009 - 28th IEEE Military Communications Conf.. Boston, Massachusetts, USA. Oct 2009.
| PDF | .bib | 10.1109/MILCOM.2009.5380044 | abstract Site multi-homing is an important capability in modern military networks. Resilience of a site is greatly enhanced when it has multiple upstream connections to the global information grid, including the global Internet. Similarly, the ability to provide traffic engineering for a site can be important in reducing delays and packet loss over low-bandwidth and/or high-delay uplinks. Current approaches to site multi-homing and site traffic engineering (a) require assistance from a trusted network service provider; (b) inject significant additional routing information into the global Internet routing system. This approach reduces flexibility, does not scale and is a widespread concern today. The proposed identifier-locator network protocol (ILNP) offers backward compatible extensions for IPv6 to enable a site to (a) use multiple routing prefixes concurrently, without needing to advertise these more-specific site prefixes upstream to the site's service providers; (b) enables edge-site controlled traffic engineering and localised addressing, without breaking end-to-end connectivity. This feature combination provides both multi-homing and traffic engineering capabilities without any adverse impact on the routing system and does not require anything more than unicast routing capability in the provider network. ILNP enables concurrent multi-path transmission for a flow, without requiring multicast routing, to increase flow resilience to path interruptions. This technique has a secondary security benefit of reducing the risk of an adversary successfully blocking an ILNP flow via a denial-of-service attack on any single path or single link. R. Atkinson, S. N. Bhatti, S. Hailes. Harmonised Resilience, Security and Mobility Capability for IP. MILCOM 2008 - 27th IEEE Military Communications Conf.. San Diego, CA, USA. Nov 2008.
| PDF | .bib | 10.1109/MILCOM.2008.4753321 | abstract Military communications currently require secure end-to-end, resilient connectivity via multi-homed connections, and need to support both mobile hosts and mobile networks. Today, such functions are possible to some degree, but the functions are not harmonised. Standards that support these functions were designed independently and implemented in isolation. So, achieving converged capabilities for optimal communications in forward operating areas is a technical challenge, and results in a complex network landscape which is likely to be difficult to operate and manage, and brittle under failure conditions. From our ongoing work, we present a new naming approach and use this to formulate a proposal to provide the following capability harmoniously: (a) multi-homed connectivity for traffic engineering and resilience; (b) true end-to-end network-layer security with high compatibility with the HAIPE architecture; (c) support for mobile hosts and mobile networks. Our approach is backwards compatible with IPv6 network equipment (existing IPv6 backbones can be used), and is also incrementally deployable. R. Atkinson, S. N. Bhatti, S. Hailes. A Proposal for Unifying Mobility with Multi-Homing, NAT, & Security. MobiWAC 2007 - 5th ACM Intl. Workshop on Mobility Management and Wireless Access. Chania, Crete Island, Greece. Oct 2007.
| PDF | .bib | 10.1145/1298091.1298105 | abstract Internet users seek solutions for mobility, multi-homing, support for localised address management (i.e. via NATs), and end-to- end security. Existing mobility approaches are not well integrated into the rest of the Internet architecture, instead primarily being separate extensions that at present are not widely deployed. Because the current approaches to these issues were developed separately, such approaches often are not harmonious when used together. Meanwhile, the Internet has a number of namespaces, for example the IP address or the Domain Name. In recent years, some have postulated that the Internet's namespaces are not sufficiently rich and that the current concept of an address is too limiting. One proposal, the concept of separating an address into an Identifier and a separate Locator, has been controversial in the Internet community for years. It has been considered within the IETF and IRTF several times, but always was rejected as unworkable. This paper takes the position that evolving the naming in the Internet by splitting the address into separate Identifier and Locator names can provide an elegant integrated solution to the key issues listed above, without changing the core routing architecture, while offering incremental deployability through backwards compatibility with IPv6. R. Atkinson, M. Lad, S. N. Bhatti, S. Hailes. A Proposal for Coalition Networking in Dynamic Operational Environments. MILCOM 2006 - 25th IEEE Military Communications Conf.. Washington DC, USA. Oct 2006.
| PDF | .bib | 10.1109/MILCOM.2006.302077 | abstract At present, military communications within battlefields are very restricted, both by policy and due to technology limitations. In Southwest Asia today, there are needlessly long and complex communications paths, often involving multiple relays and use of constrained-bandwidth MILSATCOM back-haul outside the theatre, when nearby forces could communicate directly via existing interoperable radios. This is a current problem for NATO and Coalition forces. The current Internet protocol suite lacks core support for mobility, scalable support for multi-homed nodes, and does not provide the capabilities needed for optimal communications in forward operating areas. We propose a coalition-based, multi-homed approach leveraging both local-area and wide-area connectivity, improving both the flexibility and robustness of communication, without conflicting with the security policy of sensitive communication. The Coalition Peering Domain (CPD) is a distributed, self-configuring architecture that supports the secure, collaborative networking relationships needed to provide this flexibility and robustness. The CPD facilitates the inter-connection of cooperating, but administratively separate, network segments. The CPD exploits multi-homed and multi-path communication to better-utilise all available connectivity. The identifier-locator network protocol (ILNP) provides native support for improved scalability in multi-homing and mobility, while easing use of network layer security and allowing inter-operation across different administrative domains. Our approach is compatible with current work in mobile ad-hoc networking (MANET). ILNP has excellent compatibility with IPv6: existing IPv6 backbone networks do not require any modification to carry ILNP traffic natively. There are practical, realistic and deployable engineering solutions to realise the CPD and ILNP within the framework of IPv6. R. Atkinson, S. N. Bhatti. An Introduction to the Identifier Locator Network Protocol (ILNP). LCS 2006 - London Communications Symp.. London, UK. Sep 2006.
| PDF | .bib | abstract Mobility, multi-homing, local addressing and end-to-end security at the network layer remain challenging even with the advent of IPv6. We propose a new network protocol, which can be built upon IPv6 incrementally, that breaks the address into two separate entities, a Locator and an Identifier, with crisp semantics for each, that seeks to solve these issues through an improved naming and addressing architecture.

Health

C. Khorakhun, S. N. Bhatti. mHealth through quantified-self: a user study. HealthCom 2015 - 17th IEEE Intl. Conf. e-Health Networking, Applications and Services. Boston, MA, USA. Oct 2015.
| PDF | .bib | 10.1109/HealthCom.2015.7454520 | abstract We describe a user study of a mHealth prototype system based on a wellbeing scenario, exploiting the quantified-self approach to measurement and monitoring. We have used off-the-shelf equipment, with opensource, web-based, software, and exploiting the increasing popularity of smartphones and self- measurement devices in a user study. We emulate a mHealth scenario as a pre-clinical experiment, as a realistic alternative to a clinical scenario, with reduced risk to sensitive patient medical data. We discuss the efficacy of this approach for future mHealth systems for remote monitoring. Our system used the popular Fitbit device for monitoring personal wellbeing data, the Diaspora online social media platform (OSMP), and a simple Android/iOS remote notification application. We implemented remote monitoring, asynchronous user interaction, multiple actors, and user-controlled security and privacy mechanisms. We propose that the use of a quantified-self approach to mHealth is particularly valuable to undertake research and systems development. C. Khorakhun, S. N. Bhatti. Remote Health Monitoring Using Online Social Media. EAI Endorsed Transactions on Ubiquitous Environments, vol. 14, no. 3. Nov 2014.
| PDF | .bib | 10.4108/ue.1.3.e2 | abstract Remote monitoring is an essential part of future mHealth systems for the delivery of personal and pervasive healthcare, especially to allow the collection of personal bio-data outside clinical environments. Yet, by its very nature, it presents considerable challenges: it will be a highly distributed task, requiring collection of bio-data for a myriad of cources, to be marshalled at the clinical site via secure communication channels. To address these challenges, we propose the use of an online social media platform (OSMP) as a key component of a near-future remote health monitoring system. By exploiting existing infrastructure, initial costs can be reduced, at the same time as allowing fast and flexible application development. An OSMP would have user benefits also: patients and healthcare professionals can be presented with familiar interfaces, while application developers can work with a set of technologies that are widely used and well-known. Internet-based access also helps to provide wide-ranging connectivity for mobile applications. Additionally, the use of a social media context allows existing social interactions within the healthcare regime to be modelled within a *carer network*, working in harmony with, and providing support for, existing relationships and interactions between patients and healthcare professionals. We focus on the use of an OSMP to enable two primitive functions which we consider essential for mHealth, and on which larger personal healthcare services could be built: *remote health monitoring* of personal bio-data, and an *alert system* for asynchronous notifications. We analyse the general requirements in a carer network for these two primitive functions, in terms of four different viewpoints within the carer network: the *patient*, the *doctor* in charge, a professional *carer*, and a *family* member (or friend) of the patient. We discuss the suitability of OSMPs in terms of functionality, performance, security \& privacy, as well as the potential for cost reduction. C. Khorakhun, S. N. Bhatti. Wellbeing as a proxy for a mHealth study. QSPH 2014 - IEEE Wkshp. The Role of Quantified Self for Personal Healthcare. Belfast, UK. Nov 2014.
| PDF | .bib | 10.1109/BIBM.2014.6999286 | abstract The quantified-self is a key enabler for mHealth. We propose that a wellbeing remote monitoring scenario can act as a suitable proxy for mHealth monitoring by the use of an online social network (OSN). We justify our position by discussing the parallelism in the scenario between purpose-driven wellbeing and mHealth scenarios. The similarity between these two scenarios in terms of privacy and data sharing is discussed. By using such a proxy, some of the legal and ethical complexity can be removed from experimentation on new technologies and systems for mHealth. This enables technology researchers to carry out investigation and focus on testing new technologies, system interactions as well as security and privacy in healthcare in pre- clinical experiments, without loss of context. The analogy between two purpose-driven scenarios, i.e. fitness monitoring in wellbeing scenario and remote monitoring in mHealth, is discussed in terms of a practical example: we present a prototype using a wellbeing device -- Fitbit -- and an open source online social media platform (OSMP) -- Diaspora. C. Khorakhun, S. N. Bhatti. Using Online Social Media Platforms for Ubiquitous, Personal Health Monitoring. HealthCom 2014 - 16th IEEE Intl. Conf. e-Health Networking, Applications and Services. Natal, BR. Oct 2014.
| PDF | .bib | 10.1109/HealthCom.2014.7001856 | abstract We propose the use of an open and publicly accessible online social media platform (OSMP) as a key component for ubiquitous and personal remote health monitoring. Remote monitoring is an essential part of future mHealth systems for the delivery of personal healthcare allowing the collection of personal bio-data outside clinical environments. Previous mHealth projects focused on building private and custom platforms using closed architectures, which have a high cost for implementation, take a long time to develop, and may provide limited access and usability. By exploiting existing and publicly accessible infrastructure using an OSMP, initial costs can be reduced, at the same time as allowing fast and flexible application development at scale, whilst presenting users with interfaces and interactions that they are familiar with. We survey and discuss suitability of OSMPs in terms of functionality, performance and the key challenge in ensuring appropriate levels of security and privacy. C. Khorakhun, S. N. Bhatti. Remote Health Monitoring Using Online Social Media Systems. WMNC 2013 - IFIP/IEEE Joint Wireless and Mobile Networking Conference. Dubai, UAE. Apr 2013.
| PDF | .bib | 10.1109/WMNC.2013.6548953 | abstract Remote monitoring is considered an essential part of future eHealth systems to enable the delivery of healthcare outside clinical sites at reduced cost, while improving quality of patient care. We examine the use of online social networks for remote health monitoring. By exploiting the existing infrastructure, initial costs can be reduced and fast application development is possible. Facebook is used as an example platform: as a platform allowing user-defined applications, development is flexible and can be arranged quickly to suit different requirements of patients and health professionals. We analyse the general requirements of a remote monitoring scenario and the process of building and using a Facebook application to meet these requirements. Four different access viewpoints are implemented to suit the requirements of each user in our example scenario to form a carer network: the patient, the doctor in charge, professional carers, and family members of the patient. The suitability of the application is analysed including security and privacy issues. We conclude that online social media systems could offer a suitable platform for developing certain types of remote monitoring capability.

Management of systems

M. Rogers, S. N. Bhatti. Cooperation under Scarcity: The Sharer's Dilemma. AIMS 2008 - 2nd Intl. Conf. Autonomous Infrastructure, Management and Security. Bremen, Germany. Jul 2008.
| PDF | .bib | 10.1007/978-3-540-70587-1_3 | abstract Many researchers have used game theory to study the problem of encouraging cooperation in peer-to-peer and mobile ad hoc networks, where resources are provided collectively by the users. Previous work has modelled the problem as either a multi-player social dilemma or a network of two-player prisoner’s dilemmas, but neither of these approaches captures a crucial aspect of the problem, namely scarcity: when resources are limited, players must not only consider how to establish and sustain cooperation with each opponent, but how to allocate resources among their opponents in order to maximise the total cooperation received. This paper presents a new game theoretic model of cooperation under scarcity, the sharer’s dilemma, and a simple expected utility strategy that is shown to perform well against a wide range of opponents. The expected utility strategy can easily be applied to file sharing networks to create an incentive for users to contribute resources. M. Rogers, S. N. Bhatti. An Adaptive Routing Protocol for Censorship-Resistant Communication. i-Society 2007 - 3rd Intl. Conf. Information Society. Indiana, USA. Oct 2007.
| PDF | .bib | abstract In open-membership networks such as peer-to-peer overlays and mobile ad hoc networks, messages must be routed across an unknown and changing topology where it may not be possible to establish the identities or trustworthiness of all the nodes involved in routing. This paper describes a decentralised, adaptive routing protocol in which nodes use feedback in the form of unforgeable acknowledgements (U-ACKs) to discover dependable routes without knowing the identities of the endpoints or the structure of the network beyond their immediate neighbours. Our protocol is designed to survive faulty or misbehaving nodes and reveal minimal information about the communicating parties, making it suitable for use in censorship- resistant communication. M. Rogers, S. N. Bhatti. A Lightweight Mechanism for Dependable Communication in Untrusted Networks. DSN 2007 - 37th IFIP/IEEE Annual Conf. Dependable Systems and Networks. Edinburgh, UK. Jun 2007.
| PDF | .bib | 10.1109/DSN.2007.9 | abstract We describe a method for enabling dependable forwarding of messages in untrusted networks. Nodes perform only relatively lightweight operations per message, and only the originator and destination need to trust each other. Whereas existing protocols for dependable communication rely on establishing a verifiable identity for every node, our protocol can operate in networks with unknown or varying membership and with no limits on the creation of new identities. Our protocol supports the maintenance of unlinkability: relays cannot tell whether a given originator and destination are communicating. The destination of each message generates an unforgeable acknowledgement (U-ACK) that allows relays and the originator to verify that the message was delivered unmodified to the destination, but relays do not need to share keys with the originator or destination, or to know their identities. Similarly, the endpoints do not need to know the identities of the relays. U-ACKs can be seen as a building block for dependable communication systems; they enable nodes to measure the level of service provided by their neighbours and optionally to adjust the level of service they provide in return, creating an incentive for nodes to forward messages. Our work is ongoing. L. Sacks, H. Sellappan, S. Zachariadis, S. N. Bhatti, P. Kirstein, W. Fritsche, G. Gessler, K. Mayer. On the manipulation of JPEG2000, in-flight, using active components on next generation satellites. IWAN 2005 - 7th IFIP Annual Intl. Working Conf. Active and Programmable Networks. CICA, Sophia Antipolis, La Cote d'Azur, France. Nov 2005.
| PDF | .bib | 10.1007/978-3-642-00972-3_24 | abstract This paper describes two approaches to manipulating JPEG2000 frames with programmable and active networks. The first approach is the use of transcoding and the second is intelligent dropping. These two approaches where considered, in particular, for possible deployment with space based platforms; specifically, communication satellites which are not only IP enabled but may host active components. Each approach offers different possibilities and may be suitable for solving overlapping but different problems. M. Pias, S. Wilbur, S. N. Bhatti, Jon Crowcroft. Securing the Internet metering and billing. GLOBECOM 2002 - IEEE Global Telecommunications Conf.. Taipei, Japan. Nov 2002.
| PDF | .bib | 10.1109/GLOCOM.2002.1188468 | abstract In the near future, billing for network services will not only be concerned with time or volume based accounting but also in ways of measuring the quality of the service provided. Dynamic price schemes, such as congestion-based charging, have been proposed. In some of these models, the charging infrastructure relies on the distribution of electronic tariffs to end-users machines. The tariff structure includes the price information and an algorithm to calculate the charge. Thus, the monitoring of network usage according to this tariff is essential within these frameworks. However, little attention has been given to the security issues associated with Internet metering in these schemes. This has had a great impact on the new models proposed today, since security has become a major concern in open networks. Systems that naturally have incentive to fraud, such as metering systems used for billing purposes, must deal with security threats in large scale environments. The article compiles the security issues of a dynamic networked system where electronic tariffs and service level agreement (SLA) structures are distributed among service providers and customers. To address these issues, a set of security protocols is outlined. S. N. Bhatti, G. Knight. On management of CATV full service networks: a European perspective. IEEE Network, vol. 12, no. 5, pages 28-39. Sep/Oct 1998.
| PDF | .bib | 10.1109/65.730749 | abstract The CATV network operators hope to offer digital services and evolve their networks to full service networks. There are many hurdles for them at the moment in the transition to a digital network and digital service offering from the current analog-based technology. Key to the success of the transition will be a well-integrated and capable management system to allow CATV operators and service providers to control the network as well as the services they will offer. The CATV operators need to agree on a common data communication infrastructure and plan how their new digital services will be offered to subscribers without disrupting the current customer base of analog service users. The choice of network technology and data communication protocols will have a strong influence on the network management technology chosen. A vital element for the provision of a common open communication architecture as well as for the purposes of network management is that the IP is used. The adoption of existing standards is vital in order to establish a fast route to open network management for CATV networks. It is possible that CATV operators and service providers will have to integrate existing SNMP management systems and TMN/OSI management, with newer integrated service management systems based on TINA and implemented on a CORBA platform. There is a strong need to address security issues before any of these technologies can be deployed for service. There is currently investment (deployed systems and research) which uses each of the technologies mentioned, so these technologies will need to coexist. This article highlights the differences between the North American and European network architectures, and outlines the European network and network management scenario. This is based on the authors involvement in a Pan-European CATV project, Integrated Broadband Communication over Broadcast Networks-IBCoBN. S. N. Bhatti, K. M. T. McCarthy, G. Knight, G. Pavlou. Secure management information exchange. Journal of Network and Systems Management, vol. 4, no. 3, pages 251-277. Sep 1996.
| PDF | .bib | 10.1007/BF02139146 | abstract This paper describes the design and implementation of a secure management protocol for the management of distributed applications. The protocol is a modified use of the ISO CMIP protocol, with additional mechanisms and behaviour to provide the following security services:Mutual authentication of communicating parties. Both parties can prove to each other that they are who they claim to be by the exchange of signed credentials.Stream integrity for management information packets (protocol data units—PDUs). The management information exchanged between the parties is protected from replay, misordering, modification, insertion, and deletion of the PDUs.Confidentiality of the management PDUs. Only the communicating parties can read the information passed between them. The mechanism used also provides a level of back traffic protection and perfect forward secrecy. In previous work we have implemented a public-key based system. Here, we present an experiment based on the use of a secret-key mechanism, for a faster, lightweight approach. The authentication mechanism makes use of the MD5 algorithm and the DES encryption standard. The PDU integrity mechanisms make use of a pseudo random number sequence for PDU numbering and the MD5 algorithm for generating unforgeable signatures for the PDUs. G. Knight, S. N. Bhatti. Some experiences with secure management. JENC6 - 6th Joint European Networking Conf.. Tel Aviv, Israel. May 1995.
| PDF | .bib | abstract This paper describes work carried out in the ESPRIT MIDAS project to provide secure management facilities. The work is based on extensions to the OSI CMIP management protocol which provide for mutual authentication at association set-up and integrity checks in all PDUs. The first version of this mechanism has been implemented and tested; in practice it has been found to be rather slow in operation. This paper proposes a series of measures designed to streamline operation and so improve performance. A major goal of the work has been to provide secure access to management information. This implies the existence of a flexible, yet implementable, access control model. The limitations of the existing standards in this area are discussed. S. N. Bhatti, G. Knight, D. Gurle, P. Rodier. Secure Remote Management. ISINM4 - 4th International Symposium on Integrated Network Management. Santa Barbara, CA, USA. May 1995.
| PDF | .bib | 10.1007/978-0-387-34890-2_14 | abstract Much of the network management technology today still centres around a remote monitoring approach. One would like to have a more intrusive management capability but in a large distributed system one must have confidence that management activities can not be subverted. whether by accident or by malicious intent. To achieve this goal, one requires the management applications to have security mechanisms that will prevent unprivileged users from altering the system accidentally but also, more importantly, to prevent possible attacks from a thrid party who may disrupt or misuse services. This paper describes some services and mechanisms with which the authors have experimented to allow secure remote management of a distributed system in a real service environment. Although there are many standards documents describing various security mechanisms, some aspects of these documents are not stable and in other cases we can not apply the mechanisms they describe due to restrictions in our development environment. In such cases we have had to make some adaptations. G. Knight, S. N. Bhatti, L. Deri. Secure Remote Management in the ESPRIT MIDAS Project. ULPAA - IFIP TC6/WG6.5 International Working Conference on Upper Layer Protocols, Architectures and Applications. Barcelona, Spain. Jun 1994.
| PDF | .bib | abstract This paper describes work carried out in the ESPRIT "MIDAS" project to provide for secure management in the context of the ISO standards for network and system management. The intention of the MIDAS work is to make use of security mechanisms which have already been standardised (for example X.509 authentication) and to make these available through a conventional implementation of the CMIP protocol. The principle application for MIDAS is the management of large X.400 systems. The paper presents an analysis of the security requirements for this application and describes the details of the mechanisms which are being implemented.