Title :
Security Mechanisms for a Cooperative Firewall
Author :
Kabir, Hammad ; Kantola, Raimo ; Santos, Jesus Llorente
Author_Institution :
Dept. of Commun. & Networking, Aalto Univ., Helsinki, Finland
Abstract :
Customer Edge Switching (CES) is a proposed replacement of Network Address Translators (NAT) that overcomes the drawbacks of traditional NAT traversal schemes. CES enabled networks assure policy based reach ability of hosts in private realms, without requiring keep-alive signaling. CES aims at improving security in the Internet by balancing the interests of the receiver with the interests of the sender, unlike the traditional best effort Internet that solely attends to the interests of the sender. The architecture substantially helps with the scalability limitations of IPv4 due to the generalization of private addressing of the hosts. This paper relates to the specifics of security in Customer Edge Switches and presents security models that protect hosts in private realms against attacks. The presented work is a part of a larger project that addresses many issues of the current Internet and proposes the use of CES as collaborative firewalls to reduce volume of unwanted traffic and mitigate Denial of Service (DoS) attacks in the Internet.
Keywords :
Internet; firewalls; CES; DoS attacks; IPv4 scalability limitations; Internet; NAT traversal schemes; collaborative firewalls; cooperative firewall; customer edge switching; denial of service attacks; host private addressing; network address translators; security mechanisms; Delays; Firewalls (computing); IP networks; Ice; Internet; Receivers; Cooperative firewall; DDoS; DoS; NAT traversal; Policy; Security; Trust;
Conference_Titel :
High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS), 2014 IEEE Intl Conf on
Print_ISBN :
978-1-4799-6122-1
DOI :
10.1109/HPCC.2014.135
