Submit Search
Upload
6 security130123
•
0 likes
•
217 views
A
ARCFIRE ICT
Follow
security in RINA
Read less
Read more
Internet
Report
Share
Report
Share
1 of 19
Download now
Download to read offline
Recommended
3 addressingthe problem130123
3 addressingthe problem130123
Eleni Trouva
1 lost layer130123
1 lost layer130123
ARCFIRE ICT
4 addressing theory130115
4 addressing theory130115
Eleni Trouva
2 introto rina-e130123
2 introto rina-e130123
ARCFIRE ICT
Dublin addressingtheproblem131224
Dublin addressingtheproblem131224
ICT PRISTINE
6 security130123
6 security130123
ICT PRISTINE
Lost layer talk 2014
Lost layer talk 2014
ICT PRISTINE
TFI2014 Conference Program
TFI2014 Conference Program
Colorado Internet Society (CO ISOC)
Recommended
3 addressingthe problem130123
3 addressingthe problem130123
Eleni Trouva
1 lost layer130123
1 lost layer130123
ARCFIRE ICT
4 addressing theory130115
4 addressing theory130115
Eleni Trouva
2 introto rina-e130123
2 introto rina-e130123
ARCFIRE ICT
Dublin addressingtheproblem131224
Dublin addressingtheproblem131224
ICT PRISTINE
6 security130123
6 security130123
ICT PRISTINE
Lost layer talk 2014
Lost layer talk 2014
ICT PRISTINE
TFI2014 Conference Program
TFI2014 Conference Program
Colorado Internet Society (CO ISOC)
Evolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other network
Internet Technology Matters (Internet Society)
Next generation web protocols
Next generation web protocols
Daniel Austin
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)
Tim O'Reilly
P2P Capstone
P2P Capstone
guest8c20c3
The State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destruction
bcantrill
Competitive Landscape Of The Web
Competitive Landscape Of The Web
William J. Brown
Computer networking
Computer networking
jlunceford12
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
Challenges2013
Challenges2013
Lancope, Inc.
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
Internal host-reputation-webinar
Internal host-reputation-webinar
Lancope, Inc.
lec security
lec security
Engr. ZEESHAN QAISER
OMG Data-Distribution Service Security
OMG Data-Distribution Service Security
Gerardo Pardo-Castellote
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
APNIC
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Codero
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
Check Point designing a security
Check Point designing a security
Group of company MUK
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
RINA Introduction, part II
RINA Introduction, part II
ICT PRISTINE
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
More Related Content
What's hot
Evolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other network
Internet Technology Matters (Internet Society)
Next generation web protocols
Next generation web protocols
Daniel Austin
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)
Tim O'Reilly
P2P Capstone
P2P Capstone
guest8c20c3
The State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destruction
bcantrill
Competitive Landscape Of The Web
Competitive Landscape Of The Web
William J. Brown
Computer networking
Computer networking
jlunceford12
What's hot
(7)
Evolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other network
Next generation web protocols
Next generation web protocols
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)
P2P Capstone
P2P Capstone
The State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destruction
Competitive Landscape Of The Web
Competitive Landscape Of The Web
Computer networking
Computer networking
Similar to 6 security130123
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
Challenges2013
Challenges2013
Lancope, Inc.
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
Internal host-reputation-webinar
Internal host-reputation-webinar
Lancope, Inc.
lec security
lec security
Engr. ZEESHAN QAISER
OMG Data-Distribution Service Security
OMG Data-Distribution Service Security
Gerardo Pardo-Castellote
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
APNIC
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Codero
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
Check Point designing a security
Check Point designing a security
Group of company MUK
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
RINA Introduction, part II
RINA Introduction, part II
ICT PRISTINE
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
Security in the News
Security in the News
James Sutter
Man in the Binder
Man in the Binder
nitayart
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
APNIC
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
APNIC
Similar to 6 security130123
(20)
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Challenges2013
Challenges2013
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Internal host-reputation-webinar
Internal host-reputation-webinar
lec security
lec security
OMG Data-Distribution Service Security
OMG Data-Distribution Service Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Check Point designing a security
Check Point designing a security
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
RINA Introduction, part II
RINA Introduction, part II
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Security in the News
Security in the News
Man in the Binder
Man in the Binder
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
More from ARCFIRE ICT
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
ARCFIRE ICT
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
ARCFIRE ICT
Large-scale Experimentation with Network Abstraction for Network Configuratio...
Large-scale Experimentation with Network Abstraction for Network Configuratio...
ARCFIRE ICT
Design Considerations for RINA Congestion Control over WiFi Links
Design Considerations for RINA Congestion Control over WiFi Links
ARCFIRE ICT
One of the Ways How to Make RIB Distributed
One of the Ways How to Make RIB Distributed
ARCFIRE ICT
Unifying WiFi and VLANs with the RINA model
Unifying WiFi and VLANs with the RINA model
ARCFIRE ICT
First Contact: Can Switching to RINA save the Internet?
First Contact: Can Switching to RINA save the Internet?
ARCFIRE ICT
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
ARCFIRE ICT
Exp3mq
Exp3mq
ARCFIRE ICT
Pristine rina-tnc-2016
Pristine rina-tnc-2016
ARCFIRE ICT
Distributed mobility management and application discovery
Distributed mobility management and application discovery
ARCFIRE ICT
Mobility mangement rina iwcnc
Mobility mangement rina iwcnc
ARCFIRE ICT
5 mngmt idd130115
5 mngmt idd130115
ARCFIRE ICT
5 mngmt idd130115jd
5 mngmt idd130115jd
ARCFIRE ICT
4 addressing theory130115
4 addressing theory130115
ARCFIRE ICT
3 addressingthe problem130123
3 addressingthe problem130123
ARCFIRE ICT
Rumba CNERT presentation
Rumba CNERT presentation
ARCFIRE ICT
5. Rumba presentation
5. Rumba presentation
ARCFIRE ICT
4. Clearwater on rina
4. Clearwater on rina
ARCFIRE ICT
3. RINA use cases, results, benefits
3. RINA use cases, results, benefits
ARCFIRE ICT
More from ARCFIRE ICT
(20)
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
Large-scale Experimentation with Network Abstraction for Network Configuratio...
Large-scale Experimentation with Network Abstraction for Network Configuratio...
Design Considerations for RINA Congestion Control over WiFi Links
Design Considerations for RINA Congestion Control over WiFi Links
One of the Ways How to Make RIB Distributed
One of the Ways How to Make RIB Distributed
Unifying WiFi and VLANs with the RINA model
Unifying WiFi and VLANs with the RINA model
First Contact: Can Switching to RINA save the Internet?
First Contact: Can Switching to RINA save the Internet?
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
Exp3mq
Exp3mq
Pristine rina-tnc-2016
Pristine rina-tnc-2016
Distributed mobility management and application discovery
Distributed mobility management and application discovery
Mobility mangement rina iwcnc
Mobility mangement rina iwcnc
5 mngmt idd130115
5 mngmt idd130115
5 mngmt idd130115jd
5 mngmt idd130115jd
4 addressing theory130115
4 addressing theory130115
3 addressingthe problem130123
3 addressingthe problem130123
Rumba CNERT presentation
Rumba CNERT presentation
5. Rumba presentation
5. Rumba presentation
4. Clearwater on rina
4. Clearwater on rina
3. RINA use cases, results, benefits
3. RINA use cases, results, benefits
Recently uploaded
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
soniya singh
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
aditipandeya
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
ellan12
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
kumarajju5765
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
rahman018755
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
James Anderson
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
Thierry TROUIN ☁
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
kojalkojal131
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
aditipandeya
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
Call Girls Mumbai
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
stephieert
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
stephieert
Recently uploaded
(20)
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
6 security130123
1.
© John Day,
2013 1 Rights Reserved The Pouzin Society Security in RINA IRATI Workshop Barcelona, Spain John Day Lou Chitkushev
2.
© John Day,
2013 2 Rights Reserved The Pouzin Society First a Word on Method • When trying to work out the IPC Model absolutely no thought was given to security. All of the focus was just understanding the structure. • People kept asking, What about Security? Is there a security layer? • Didn’t Know. Hadn’t thought about it. • There was the obvious: – The recursion of the layer provided Isolation. – That only the Application Name and local port-id were exposed to the correspondents. • Interesting, but hardly an answer • But it wasn’t the time for those questions . . . • At least not yet . . .
3.
© John Day,
2013 3 Rights Reserved The Pouzin Society The Recursion Provided Isolation • Security by isolation, (not obscurity) • Hosts can not address any element of the ISP. • No user hacker can compromise ISP assets. • Unless ISP is physically compromised. ISP Hosts and ISPs do not share DIFS. (ISP may have more layers
4.
© John Day,
2013 4 Rights Reserved The Pouzin Society How Does It Work? Security • A Hacker in the Public Internet cannot connect to an Application in another DIF without either joining the DIF, or creating a new DIF spanning both. Either requires authentication and access control. – Non-IPC applications that can access two DIFs are a potential security problem. • Certainly promising Public Internet ISP 1 ISP 2 ISP 3 Internet Rodeo Drive Utility SCADA My Net Facebook Boutique Internet Mall of America
5.
© John Day,
2013 5 Rights Reserved The Pouzin Society But When It Was Time • The question was not, how to put in security? • The question was, • What does the IPC Model tell us about security? – Remember, our first task is always understanding. • Let the Problem Answer the Question! – Let the Problem Tell Us What to Do.
6.
© John Day,
2013 6 Rights Reserved The Pouzin Society The Problem Had a Lot to Say • We Already Mentioned How Little is Exposed the Layer Above. • The Original OS Model indicated where Access Control went. • Creating the Application Connection for Enrollment indicated where Authentication belonged, and that – Authentication of Applications must be done by the Applications themselves. – All members of the layer are authenticated within policy. • SDU Protection clearly provided Confidentiality and Integrity. • That implied that only Minimal trust was necessary: – Only that the lower layer will deliver something to someone. Port:=Allocate(Dest-Appl, params) Access Control Exercised
7.
© John Day,
2013 7 Rights Reserved The Pouzin Society A Very Unexpected Result • A DIF with no explicit security mechanisms is inherently more secure than the current Internet under the same conditions! • It would appear that – A DIF is a Securable Container.
8.
© John Day,
2013 8 Rights Reserved The Pouzin Society Other Things Fall Into Place • Data Transfer in RINA is based on Delta-t (Watson, 1980) • Lot has happened in 30 years, many attacks on TCP have been found: – Port scanning – Reset Attacks – SYN attacks – Reassembly Attacks • Long after delta-t was designed, what about delta-t? • Short answer: – None of them work (Boddapati, et al., 2012) • Amazing, totally unexpected – Why not? • Multiple fundamental reasons, but all inherent in the structure: – First, have to join the DIF (all members are authenticated) – Second, No Well-Known Ports • Would have to scan all possible application names! – Third and more importantly, . . .
9.
© John Day,
2013 9 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization • No Way to Know What CEP-ids are Being Used, Since There is No Relation Between Port-id and CEP-id. – Syn Attack: must guess which of 2^16 CEP-id. – Data Transfer: must guess CEP-id and seq num within window! – Reassembly attack: Reassembly only done once. Synchronization Connection Endpoint Port Allocation Port-id Connection
10.
© John Day,
2013 10 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization: No IPSec • IPsec is necessary with TCP/IP because no authentication and Sequence numbers turn over too quickly: don’t repeat sequence number with same CEP-id. • With RINA and delta-t, IPC Processes all authenticated, SDU Protection does the encryption, and packet sequence numbers slows rollover, but if it does, then simply allocate a new connection • And bind it to the same port-ids, old one disappears after 2MPL. Connection Endpoint Port Allocation Port-id Connection SDU Protection SDU Protection
11.
© John Day,
2013 11 Rights Reserved The Pouzin Society RINA is Inherently More Secure and Less Work • A DIF is a Securable Container. (Small, 2011) – What info required to mount an attack, How to get the info – Small does a threat analysis at the architecture level • Implies that Firewalls are Unnecessary, – The DIF is the Firewall! • RINA Security is considerably Less Complex than the Current Internet Security (Small, 2012) – Only do a rough estimate counting protocols and mechanisms. • See paper for details.
12.
© John Day,
2013 12 Rights Reserved The Pouzin Society 802.3 802.3 802.3 802.3 IP IP IP IP TCP TCP Browser Server MACsec MACsec MACsec MACsec EAPOL EAPOL EAPOL EAPOL IPsec IPsec IKE IKE UDP UDP TLS TLS Protocols: 15 Non-Security: 89 Security: 28 Copyright © 2012, Jeremiah Small. All Rights Reserved.
13.
© John Day,
2013 13 Rights Reserved The Pouzin Society What Does This Mean? • Protocols – We Know What That Refers To • Security Mechanisms – Authentication, Access Control, Integrity, Confidentiality, Non-Repudiation. • Non-Security Mechanisms – All the others listed in the book: delimiting, relaying, ordering, multiplexing, fragmentation/reassembly, Lost and Duplicate Detection, Flow Control, Retransmission Control, Compession, Addressing, Initial State Synchronization.
14.
© John Day,
2013 14 Rights Reserved The Pouzin Society 1-DIF 1-DIF 1-DIF 1-DIF 2-DIF 2-DIF 2-DIF 2-DIF Browser Server Backbone-DIF Backbone-DIF AppSec-DIF AppSec-DIF Protocols: 3 Non-Security: 15 Security: 5 Copyright © 2012, Jeremiah Small. All Rights Reserved.
15.
© John Day,
2013 15 Rights Reserved The Pouzin Society Internet RINA Protocols 15 3 Non-Security Mechanisms 89 15 Security Mechanisms 28 7 Totals Copyright © 2012, Jeremiah Small. All Rights Reserved.
16.
© John Day,
2013 16 Rights Reserved The Pouzin Society Internet RINA Protocols 8 0 Non-Security Mechanisms 59 0 Security Mechanisms 28 7 To Add Security Copyright © 2012, Jeremiah Small. All Rights Reserved.
17.
© John Day,
2013 17 Rights Reserved The Pouzin Society Why Is Internet Security So Bad? • The Standard Rationale One Sees is that They Didn’t Think About It at the Beginning. – Neither did We. – Nor did Watson. – But RINA and delta-t are more secure. • That Seems to Imply that – Good Design May be More Important to Security than Security Is.
18.
© John Day,
2013 18 Rights Reserved The Pouzin Society Conclusion • This is a MAJOR Improvement in Internet Security. – Not only more secure, but for less cost, with less overhead. • So is Internet Security solved? – Hardly. – Still need: to develop the plug-in policy modules – to consider DDoS (we have some ideas) – As well as protecting against Rogue IPC Processes – and much more to explore. • Most attacks are in the Applications, this does nothing about that. – But Much of this applies equally well to DAFs • Model implies that OS security reduces to Bounds Checking on Memory and IPC Security. – May also make it harder, might be able to deflect more DDoS attacks
19.
© John Day,
2013 19 Rights Reserved The Pouzin Society Questions?
Download now