Identity based Architecture for Secure Communication in Future Internet Antonio F. Gomez-Skarmeta1 , Pedro Martinez-Julia1 , Joao Girao2 , Amardeo Sarma2 1
Dep. Communication and Information Engineering, University of Murcia, 30100, Murcia, Spain, EU 2 NEC Laboratories Europe, Kurfürstenanlage 36, 69115, Heidelberg, Germany, EU
[email protected],
[email protected],
[email protected],
[email protected] ABSTRACT We propose to enhance the Next Generation Internet by creating a secure and scalable communication infrastructure that mirrors the structure of the real world: people talk to people, objects, objects between themselves and, in general, entities denoted by digital identities communicating with each other. We start from the digital identity and create a view in the communication sphere which is singular, unique, and optimized for that particular digital identity [6,19], building an identity plane that allows entities to address each other in an “identity to identity” approach. We use stackable overlay networks to deliver messages among communication parties and we look at the performance issues related with such kind of networks, being able to come halfway to the optimum.
Categories and Subject Descriptors C.2 [Computer Communication Networks]: Network Architecture and Design; C.2 [Computer Communication Networks]: Internetworking; K.6 [Management of Computing and Information Systems]: Security and Protection
General Terms Design, Security, Experimentation, Performance
Keywords Digital Identity, Identity-to-Identity, Overlay Network, Next Generation Internet
1. INTRODUCTION The Internet has advanced from a network for a small community to a support infrastructure for the general public, handling all sorts of information about people, public records, enterprise data, medical, things. It became the storage place for information, the infrastructure to where
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. DIM’10, October 8, 2010, Chicago, Illinois, USA. Copyright 2010 ACM 978-1-4503-0090-2/10/10 ...$10.00.
one plugs to and, inevitably, the bottleneck of our communications infrastructure. Connecting people via many digital artifacts has led to a revision of the Internet architecture. So-called “clean slate” proposals aim to rework the architecture, which, instead of patching the problems, prevents them from manifesting themselves in the first place. The separation of identity and locator is one such innovative trend, although the architectural problem of supporting the real people behind the physical device while at the same protecting information about the user and its context has no solution as yet. We address this problem by using an identity layer enabling a user to control different roles and usages in the digital world. In our proposal to enhance the Next Generation Internet, we take into account that, when entities communicate, we need to consider whom I am talking to, the trust I have, or even the location where this is taking place. These attributes of the communication that affect security and privacy are related to the identity of the participants. They may simultaneously have several different communication paths for different interactions. Two persons in the same company who are also friends could have different communications modes when talking about work or personal interests, each with different security requirements and different privacy needs. As shown in Figure 1, we first utilize an identity plane allowing entities to address each other by means of an intuitive, “identity to identity” approach. IP addresses are no longer used identify entities, since they may change dynamically during a session. Second, we need an evolved routing scheme supporting routing for identity-based communication. Third, we need an intelligent control plane to manage domain-to-domain issues. This intelligence would be distributed across the network to ensure end-to-end communication is made possible by negotiating any agreements needed between pairs of different administrative domains.
2.
RELATED WORK
Many challenges [7] need to be addressed towards the Future Internet. The identifier (ID) / locator (LOC) split principle [8] is central to many modern research trends [1, 15– 18]. Some approaches provide this separation in top of current Internet, such as LISP [12]. Other architectures propose complete revamps to achieve LOC/ID separation, such as MILSA [15], Enhanced MILSA [14], and Identity-based Routing [2]. Almost all overlay network protocols used in Distributed Hash Tables (DHTs) are based on identities instead of addresses to organize their networks. The simplest can be found in Chord [20], which has many performance
Figure 1: Overview of the general objective. improvements, such as Kademlia [11], and many security improvements, such as the architecture proposed in [9]. Currently, there are proposals to use DHTs out of pure peerto-peer (P2P) networks [3] with many architectures [4]. For instance, DHTs are also used in LOC/ID separation proposals, such as in LISP-DHT [10] that proposes a DHT-based architecture to implement the ID-LOC mapping for LISP.
3. PROPOSED ARCHITECTURE We propose to go beyond current proposals by making the identity concept the central element of a secure end-to- end communication architecture that takes into account interdomain scenarios and their implications on security. Our architecture addresses many Future Internet challenges. It follows the common idea of locator/identifier separation, but adds valuable capabilities to the network, such as user/peer identification, validation (authentication) and encryption. Our architecture deals with identifier validation and other identity management issues, such as providing identity information, regulated by owner defined policies. We start from overlay network concepts, supporting additional overlay networks in its top, which allows the existence of different overlay networks for different services with their own customized protocol and routing algorithm. Figure 2 shows the necessary interactions and involved elements in the first message exchange between two parties, Alice and Bob. Alice sends a request message to Bob, who offers a certain service, either as a service provider (clientserver) or as a peer (P2P). It also shows infrastructure elements: Service-type Registry (SR) is used to get the Overlay Peer Network Entry Point (OEP), which is used to join the concrete service overlay network, while Domain Trusted Entities (DTEs) are used to validate identities and provide necessary attributes of an identity, and finally Intermediate Peers depict the overlay network itself used in the communication. The process is as follows: 1) Alice wants to request something to Bob who offers a service of ”service-type”, so she asks the OEP that offers the service type to the SR; 2) Alice sends a join message to that OEP that is then joined to the overlay and, therefore, knows its neighbors in the overlay network; 3) Alice sends a message to Bob through the first peer of the overlay network. As Bob has already joined the overlay network, the message goes from one peer to another
it is delivered to Bob; 4) Bob requests necessary data from Alice’s DTE to validate its ID and message content. He may also get other information if needed to do its work; 5) Bob validates Alice’s id and message content so now he is sure that the message is sent by Alice and the content has not been modified; 6) Bob returns a response message to Alice through the overlay network using Bob’s next node; 7) Alice now validates the response as Bob did before; 8) Alice validates Bob’s id and message content.
3.1
Identity and Identifier
As described in [13], “An Identity refers to the abstract entity that is identified. An Identifier, on the other hand, refers to the concrete bit pattern that is used in the identification process”. In our approach, an identity represents a person, machine or service that has many attributes, such as its name, address, etc. Each identity is managed by a trusted entity of its corresponding home domain that keeps it under the preferences set by its holder. The attributes of the identity may be distributed in different places. Therefore, when a client asks for an attribute, this entity either obtains the attribute and gives it to the client or let the client know how to get it. Thus, the domain trusted entity is a very important element in our architecture design.
3.2
Authentication and Integrity
To authenticate the peers and to ensure message integrity, we propose to use identifiers themselves and certain signature mechanism to sign the whole message. Therefore, the identity of a peer is validated against the corresponding domain trusted entity (authentication) and the content of the message, including the identifiers, is validated against the signature (integrity). Although it is not recommended, to speed up certain communications, such as the access to public services, peers can avoid validations and even calculation of message signatures.
3.3
Overlay Network and Convergence
Instead of mapping identifiers to locations, we propose to deliver messages directly with an overlay network with the necessary optimizations to prevent performance degradation. The actual address and location of a peer is only known by their neighbors. Nevertheless, under certain circumstances and under agreement by all parties, location ad-
Figure 2: First message exchange. dresses may be used to directly send messages. Also, the location-based underlying network may retain its rigid infrastructure and the routing may be simplified. We propose to hierarchically organize the address (locator) space of the underlying network, preventing excessive growing of routing tables and providing better support to traffic engineering. To implement this architecture, we considered IPv6 the transition network protocol. In a very early stage, every device use the identifier (ID) stack upon IP stack. When ID stack is spread to all devices, messages should be inserted into IP packets when crossing IP-only networks, as in MILSA AZR [15], LISP ITR/ETR [12], or Inter-domain Rendezvous in the PSIRP project [5].
Figure 3: Average underlying hops.
4. INITIAL RESULTS In order to get an approach of the behavior of the architecture working on top of a simple overlay network architecture, such as Chord [20], we made an evaluation implementation to which we applied four simple optimizations that introduce performance improvements by letting overlay layer interact with underlying network layer. With this application, we performed simple tests on three different topologies that resemble real scenarios and compared the resulting average hops between them and with the optimal calculated with Dijkstra’s algorithm. Figure 3 shows that fourth optimization make average hops number to be very near the optimum, while the original algorithm needs more than twice as many. Although the different optimizations are very close, the difference between the results obtained with the first and fourth optimized versions is highly significant and leaves us half- way to the optimum. Figure 4 shows that the maximum path lengths have a different behavior than the average. Although they have been improved with the different optimizations, they are still very far from the optimum. We should thus investigate how to shorten the longest paths.
Figure 4: Maximum underlying hops.
Figure 5: Accuracy of the algorithms.
Finally, Figure 5 shows the accuracy of each algorithm. In each pie, darker gray indicates the portion of paths with the same length than the optimum, lighter gray indicates the interval in which the paths can or cannot have the same length than the optimum, and white indicates the portion of paths that cannot have the optimum length. The portions of the pie are shown in multiples of 10%. Therefore, the accuracy of the original algorithm is between 10% and 20%. The first optimization raises the accuracy to be between 40% and 50%, while the second optimization does not increase the accuracy. The third optimization raises the accuracy to be between 50% and 60%, and the fourth optimization raises the accuracy to be between 60% and 70%.
5. CONCLUSIONS AND FUTURE WORK The identity-based approach for secure end-to-end communication helps us mirror the real world and the way people and objects communicate and use services. This paper has specifically addressed how an overlay approach may be used towards this goal. Initial results of tests show performance could be improved towards the optimum, so much of the overhead introduced could be compensated. Future research could help further improve performance of identity-based communications, which we see as a promising approach for the Future Internet. A detailed threat analysis of the approach would also be needed to improve security and privacy.
Acknowledgments This work is partially funded by the European Commission’s Seventh Framework Programme (FP7/2007-2013) project SWIFT under grant 215832 and by the Program for Re˜ search Groups of Excellence of the SAl’neca Foundation under grant 04552/GERM/06.
6. REFERENCES [1] C. Basile et al. Policy-based Security Tools and Framework (POSITIF), 2007. http://www.positif.org. [2] M. C. Caesar. Identity-based Routing. PhD thesis, EECS Department, University of California, Berkeley, 2007. [3] L. Cheng, A. Galis, B. Mathieu, K. Jean, R. Ocampo, L. Mamatas, J. Rubio-Loyola, J. Serrat, A. Berl, H. Meer, S. Davy, Z. Movahedi, and L. Lefevre. Self-organising management overlays for future internet services. In Proceedings of the 3rd IEEE International Workshop on Modelling Autonomic Communications Environments, pages 74–89, Berlin, Heidelberg, Germany, 2008. Springer-Verlag. [4] J. Famaey, J. Donders, T. Wauters, F. Iterbeke, N. Sluijs, B. De Vleeschauwer, F. De Turck, P. Demeester, and R. Stoop. Comparative study of peer-to-peer architectures for scalable resource discovery. In Proceedings of the First International Conference on Advances in P2P Systems, pages 27–33, Los Alamitos, CA, USA, 2009. IEEE Computer Society. [5] N. Fotiou, G. Polyzos, and D. Trossen. Illustrating a publish-subscribe internet architecture. In 2nd Euro-NF Workshop on Future Internet Architectures and New Trends in Network and Services Architectures, 2009.
[6] J. Guirao and A. Sarma. IDentity Engieered Architecture (IDEA). In Towards the Future Internet, pages 85–93. IOS Press, Amsterdam, 2010. [7] R. Jain. Internet 3.0: Ten problems with current internet architecture and solutions for the next generation. In Proceedings of Military Communications Conference, pages 1–9, Los Alamitos, CA, USA, 2006. IEEE Computer Society. [8] T. Li. Design goals for scalable internet routing. Internet-draft, Internet Research Task Force, 2007. [9] G. Martinez Perez, F. J. Garcia Clemente, and A. F. Gomez Skarmeta. Building and managing policy-based secure overlay networks. In Proceedings of the 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing, pages 597–603, Washington, DC, USA, 2008. IEEE Computer Society. [10] L. Mathy and L. Iannone. Lisp-dht: Towards a dht to map identifiers onto locators. In Proceedings of the ACM CoNEXT Conference, pages 1–6, New York, NY, USA, 2008. ACM. [11] P. Maymounkov and D. Mazi`eres. Kademlia: A peer-to-peer information system based on the xor metric. In Proceedings of the First International Workshop on Peer-to-Peer Systems, pages 53–65, London, UK, 2002. Springer-Verlag. [12] D. Meyer. The locator identifier separation protocol (lisp). The Internet Protocol Journal, 11(1):23–36, 2008. [13] R. Moskowitz and P. Nikander. Host Identity Protocol (HIP) Architecture, 2006. http://www.ietf.org/rfc/rfc4423.txt. [14] J. Pan, R. Jain, S. Paul, M. Bowman, X. Xu, and S. Chen. Enhanced milsa architecture for naming, addressing, routing and security issues in the next generation internet. In Proceedings of the International Conference on Communications, pages 14–18, Washington, DC, USA, 2009. IEEE. [15] J. Pan, S. Paul, R. Jain, and M. Bowman. Milsa: A mobility and multihoming supporting identifier locator split architecture for naming in the next generation internet. In Proceedings of the Global Communications Conference, pages 2264–2269, Washington, DC, USA, 2008. IEEE. [16] S. Paul, R. Jain, J. Pan, and M. Bowman. A vision of the next generation internet: A policy oriented view. In British Computer Society Conference on Visions of Computer Science, 2008. [17] J. Rosemberg et al. SIP: Session Initiation Protocol, 2002. http://www.ietf.org/rfc/rfc3261.txt. [18] J. Saltzer et al. On the Naming and Binding of Network Destinations, 1993. http://www.ietf.org/rfc/rfc1498.txt. [19] A. C. Sarma and J. Girao. Identities in the future internet of things. Wireless Personal Communications, 49(3):353–363, 2009. [20] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. In Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pages 149–160, New York, NY, USA, 2001. ACM.
