A security framework for protecting traffic between collaborative domains

Yingfei Dong; Changho Choi; Zhi Li Zhang

doi:10.1016/j.micpro.2004.08.011

A security framework for protecting traffic between collaborative domains

Yingfei Dong, Changho Choi, Zhi Li Zhang

Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

In this paper, we propose a novel Secure Name Service (SNS) framework for enhancing the service availability between collaborative domains (e.g. extranets). The key idea is to enforce packet authentication through resource virtualization and utilize dynamic name binding to protect servers from unauthorized accesses, denial of service (DOS) and other attacks. Different from traditional static network security schemes such as VPN, the dynamic name binding of SNS allows us to actively protect critical resources through distributed filtering mechanisms built in collaborative domains. In this paper, we present the architecture of the SNS framework, the design of SNS naming scheme, and the design of authenticated packet forwarding. We have implemented the prototype of authenticated packet forwarding mechanism on Linux platforms. Our experimental results demonstrate that regular Linux platforms are sufficient to support the SNS authenticated packet forwarding for 100 Mbps and 1 Gbps Ethernet LANs. To further improve the performance and scalability, we have also designed and implemented unique two-layer fast name lookup schemes.

Original language	English (US)
Pages (from-to)	547-559
Number of pages	13
Journal	Microprocessors and Microsystems
Volume	28
Issue number	10
DOIs	https://doi.org/10.1016/j.micpro.2004.08.011
State	Published - Dec 1 2004

Bibliographical note

Funding Information:
This work was supported in part by the National Science Foundation under the grants ANI-0073819, ITR-0085824, and CAREER Award NCR-9734428. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the National Science Foundation.

Keywords

Internet application/service
Network security
Service availability

Access

10.1016/j.micpro.2004.08.011

OpenUrl availability

Full text

Cite this

@article{19e4c25251ad425894ab446d371d05c0,

title = "A security framework for protecting traffic between collaborative domains",

abstract = "In this paper, we propose a novel Secure Name Service (SNS) framework for enhancing the service availability between collaborative domains (e.g. extranets). The key idea is to enforce packet authentication through resource virtualization and utilize dynamic name binding to protect servers from unauthorized accesses, denial of service (DOS) and other attacks. Different from traditional static network security schemes such as VPN, the dynamic name binding of SNS allows us to actively protect critical resources through distributed filtering mechanisms built in collaborative domains. In this paper, we present the architecture of the SNS framework, the design of SNS naming scheme, and the design of authenticated packet forwarding. We have implemented the prototype of authenticated packet forwarding mechanism on Linux platforms. Our experimental results demonstrate that regular Linux platforms are sufficient to support the SNS authenticated packet forwarding for 100 Mbps and 1 Gbps Ethernet LANs. To further improve the performance and scalability, we have also designed and implemented unique two-layer fast name lookup schemes.",

keywords = "Internet application/service, Network security, Service availability",

author = "Yingfei Dong and Changho Choi and Zhang, {Zhi Li}",

note = "Funding Information: This work was supported in part by the National Science Foundation under the grants ANI-0073819, ITR-0085824, and CAREER Award NCR-9734428. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the National Science Foundation. ",

year = "2004",

month = dec,

day = "1",

doi = "10.1016/j.micpro.2004.08.011",

language = "English (US)",

volume = "28",

pages = "547--559",

journal = "Microprocessors and Microsystems",

issn = "0141-9331",

publisher = "Elsevier",

number = "10",

}

TY - JOUR

T1 - A security framework for protecting traffic between collaborative domains

AU - Dong, Yingfei

AU - Choi, Changho

AU - Zhang, Zhi Li

N1 - Funding Information: This work was supported in part by the National Science Foundation under the grants ANI-0073819, ITR-0085824, and CAREER Award NCR-9734428. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the National Science Foundation.

PY - 2004/12/1

Y1 - 2004/12/1

N2 - In this paper, we propose a novel Secure Name Service (SNS) framework for enhancing the service availability between collaborative domains (e.g. extranets). The key idea is to enforce packet authentication through resource virtualization and utilize dynamic name binding to protect servers from unauthorized accesses, denial of service (DOS) and other attacks. Different from traditional static network security schemes such as VPN, the dynamic name binding of SNS allows us to actively protect critical resources through distributed filtering mechanisms built in collaborative domains. In this paper, we present the architecture of the SNS framework, the design of SNS naming scheme, and the design of authenticated packet forwarding. We have implemented the prototype of authenticated packet forwarding mechanism on Linux platforms. Our experimental results demonstrate that regular Linux platforms are sufficient to support the SNS authenticated packet forwarding for 100 Mbps and 1 Gbps Ethernet LANs. To further improve the performance and scalability, we have also designed and implemented unique two-layer fast name lookup schemes.

AB - In this paper, we propose a novel Secure Name Service (SNS) framework for enhancing the service availability between collaborative domains (e.g. extranets). The key idea is to enforce packet authentication through resource virtualization and utilize dynamic name binding to protect servers from unauthorized accesses, denial of service (DOS) and other attacks. Different from traditional static network security schemes such as VPN, the dynamic name binding of SNS allows us to actively protect critical resources through distributed filtering mechanisms built in collaborative domains. In this paper, we present the architecture of the SNS framework, the design of SNS naming scheme, and the design of authenticated packet forwarding. We have implemented the prototype of authenticated packet forwarding mechanism on Linux platforms. Our experimental results demonstrate that regular Linux platforms are sufficient to support the SNS authenticated packet forwarding for 100 Mbps and 1 Gbps Ethernet LANs. To further improve the performance and scalability, we have also designed and implemented unique two-layer fast name lookup schemes.

KW - Internet application/service

KW - Network security

KW - Service availability

UR - http://www.scopus.com/inward/record.url?scp=7544232464&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=7544232464&partnerID=8YFLogxK

U2 - 10.1016/j.micpro.2004.08.011

DO - 10.1016/j.micpro.2004.08.011

M3 - Article

AN - SCOPUS:7544232464

SN - 0141-9331

VL - 28

SP - 547

EP - 559

JO - Microprocessors and Microsystems

JF - Microprocessors and Microsystems

IS - 10

ER -

A security framework for protecting traffic between collaborative domains

Abstract

Bibliographical note

Keywords

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this