A high-performance capabilities-based network protocol

Author

Wolf, Tilman ; Vasudevan, Kamlesh T.

Author_Institution

Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA, USA

fYear

2009

fDate

13-13 Oct. 2009

Firstpage

1

Lastpage

6

Abstract

Capabilities-based networks present a fundamental shift in the security design of network architectures. Instead of permitting the transmission of packets from any source to any destination, routers deny forwarding by default. For a successful transmission, packets need to positively identify themselves and their permissions to the router. A major challenge for a high-performance implementation of such a network is an efficient design of the credentials that are carried in the packet and the verification procedure on the router. Based on our prior work on the design of packet credentials, we present a network protocol that implements these concepts. Our prototype implementation shows that there is some connection setup cost associated with this type of secure communication. However, once a connection is established, the throughput performance of a capabilities-based connection is similar to that of conventional TCP.

Keywords

cryptographic protocols; routing protocols; telecommunication network planning; telecommunication security; capabilities-based network router protocol; network architecture security design; packet credential design; packet transmission; secure communication; Access control; Authentication; Communication system traffic control; Computer architecture; Computer crime; Internet; Protocols; Prototypes; Telecommunication traffic; Throughput;

fLanguage

English

Publisher

ieee

Conference_Titel

Secure Network Protocols, 2009. NPSec 2009. 5th IEEE Workshop on

Conference_Location

Princeton, NJ

Print_ISBN

978-1-4244-4866-1

Electronic_ISBN

978-1-4244-4865-4

Type

conf

DOI

10.1109/NPSEC.2009.5342257

Filename

5342257