SlideShare a Scribd company logo

6 security130123

A
ARCFIRE ICT

security in RINA

Internet
1 of 19
Download to read offline
© John Day, 2013 1 Rights Reserved The Pouzin Society Security in RINA IRATI Workshop Barcelona, Spain John Day Lou Chitkushev
© John Day, 2013 2 Rights Reserved The Pouzin Society First a Word on Method •  When trying to work out the IPC Model absolutely no thought was given to security. All of the focus was just understanding the structure. •  People kept asking, What about Security? Is there a security layer? •  Didn’t Know. Hadn’t thought about it. •  There was the obvious: –  The recursion of the layer provided Isolation. –  That only the Application Name and local port-id were exposed to the correspondents. •  Interesting, but hardly an answer •  But it wasn’t the time for those questions . . . •  At least not yet . . .
© John Day, 2013 3 Rights Reserved The Pouzin Society The Recursion Provided Isolation •  Security by isolation, (not obscurity) •  Hosts can not address any element of the ISP. •  No user hacker can compromise ISP assets. •  Unless ISP is physically compromised. ISP Hosts and ISPs do not share DIFS. (ISP may have more layers
© John Day, 2013 4 Rights Reserved The Pouzin Society How Does It Work? Security •  A Hacker in the Public Internet cannot connect to an Application in another DIF without either joining the DIF, or creating a new DIF spanning both. Either requires authentication and access control. –  Non-IPC applications that can access two DIFs are a potential security problem. •  Certainly promising Public Internet ISP 1 ISP 2 ISP 3 Internet Rodeo Drive Utility SCADA My Net Facebook Boutique Internet Mall of America
© John Day, 2013 5 Rights Reserved The Pouzin Society But When It Was Time •  The question was not, how to put in security? •  The question was, •  What does the IPC Model tell us about security? –  Remember, our first task is always understanding. •  Let the Problem Answer the Question! –  Let the Problem Tell Us What to Do.
© John Day, 2013 6 Rights Reserved The Pouzin Society The Problem Had a Lot to Say •  We Already Mentioned How Little is Exposed the Layer Above. •  The Original OS Model indicated where Access Control went. •  Creating the Application Connection for Enrollment indicated where Authentication belonged, and that –  Authentication of Applications must be done by the Applications themselves. –  All members of the layer are authenticated within policy. •  SDU Protection clearly provided Confidentiality and Integrity. •  That implied that only Minimal trust was necessary: –  Only that the lower layer will deliver something to someone. Port:=Allocate(Dest-Appl, params) Access Control Exercised
© John Day, 2013 7 Rights Reserved The Pouzin Society A Very Unexpected Result •  A DIF with no explicit security mechanisms is inherently more secure than the current Internet under the same conditions! •  It would appear that –  A DIF is a Securable Container.
© John Day, 2013 8 Rights Reserved The Pouzin Society Other Things Fall Into Place •  Data Transfer in RINA is based on Delta-t (Watson, 1980) •  Lot has happened in 30 years, many attacks on TCP have been found: –  Port scanning – Reset Attacks –  SYN attacks – Reassembly Attacks •  Long after delta-t was designed, what about delta-t? •  Short answer: –  None of them work (Boddapati, et al., 2012) •  Amazing, totally unexpected –  Why not? •  Multiple fundamental reasons, but all inherent in the structure: –  First, have to join the DIF (all members are authenticated) –  Second, No Well-Known Ports •  Would have to scan all possible application names! –  Third and more importantly, . . .
© John Day, 2013 9 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization •  No Way to Know What CEP-ids are Being Used, Since There is No Relation Between Port-id and CEP-id. –  Syn Attack: must guess which of 2^16 CEP-id. –  Data Transfer: must guess CEP-id and seq num within window! –  Reassembly attack: Reassembly only done once. Synchronization Connection Endpoint Port Allocation Port-id Connection
© John Day, 2013 10 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization: No IPSec •  IPsec is necessary with TCP/IP because no authentication and Sequence numbers turn over too quickly: don’t repeat sequence number with same CEP-id. •  With RINA and delta-t, IPC Processes all authenticated, SDU Protection does the encryption, and packet sequence numbers slows rollover, but if it does, then simply allocate a new connection •  And bind it to the same port-ids, old one disappears after 2MPL. Connection Endpoint Port Allocation Port-id Connection SDU Protection SDU Protection
© John Day, 2013 11 Rights Reserved The Pouzin Society RINA is Inherently More Secure and Less Work •  A DIF is a Securable Container. (Small, 2011) –  What info required to mount an attack, How to get the info –  Small does a threat analysis at the architecture level •  Implies that Firewalls are Unnecessary, –  The DIF is the Firewall! •  RINA Security is considerably Less Complex than the Current Internet Security (Small, 2012) –  Only do a rough estimate counting protocols and mechanisms. •  See paper for details.
© John Day, 2013 12 Rights Reserved The Pouzin Society 802.3 802.3 802.3 802.3 IP IP IP IP TCP TCP Browser Server MACsec MACsec MACsec MACsec EAPOL EAPOL EAPOL EAPOL IPsec IPsec IKE IKE UDP UDP TLS TLS Protocols: 15 Non-Security: 89 Security: 28 Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 13 Rights Reserved The Pouzin Society What Does This Mean? •  Protocols – We Know What That Refers To •  Security Mechanisms – Authentication, Access Control, Integrity, Confidentiality, Non-Repudiation. •  Non-Security Mechanisms – All the others listed in the book: delimiting, relaying, ordering, multiplexing, fragmentation/reassembly, Lost and Duplicate Detection, Flow Control, Retransmission Control, Compession, Addressing, Initial State Synchronization.
© John Day, 2013 14 Rights Reserved The Pouzin Society 1-DIF 1-DIF 1-DIF 1-DIF 2-DIF 2-DIF 2-DIF 2-DIF Browser Server Backbone-DIF Backbone-DIF AppSec-DIF AppSec-DIF Protocols: 3 Non-Security: 15 Security: 5 Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 15 Rights Reserved The Pouzin Society Internet RINA Protocols 15 3 Non-Security Mechanisms 89 15 Security Mechanisms 28 7 Totals Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 16 Rights Reserved The Pouzin Society Internet RINA Protocols 8 0 Non-Security Mechanisms 59 0 Security Mechanisms 28 7 To Add Security Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 17 Rights Reserved The Pouzin Society Why Is Internet Security So Bad? •  The Standard Rationale One Sees is that They Didn’t Think About It at the Beginning. –  Neither did We. –  Nor did Watson. –  But RINA and delta-t are more secure. •  That Seems to Imply that –  Good Design May be More Important to Security than Security Is.
© John Day, 2013 18 Rights Reserved The Pouzin Society Conclusion •  This is a MAJOR Improvement in Internet Security. –  Not only more secure, but for less cost, with less overhead. •  So is Internet Security solved? –  Hardly. –  Still need: to develop the plug-in policy modules –  to consider DDoS (we have some ideas) –  As well as protecting against Rogue IPC Processes –  and much more to explore. •  Most attacks are in the Applications, this does nothing about that. –  But Much of this applies equally well to DAFs •  Model implies that OS security reduces to Bounds Checking on Memory and IPC Security. –  May also make it harder, might be able to deflect more DDoS attacks
© John Day, 2013 19 Rights Reserved The Pouzin Society Questions?

Recommended

3 addressingthe problem130123
3 addressingthe problem1301233 addressingthe problem130123
3 addressingthe problem130123Eleni Trouva
 
1 lost layer130123
1 lost layer1301231 lost layer130123
1 lost layer130123ARCFIRE ICT
 
4 addressing theory130115
4 addressing theory1301154 addressing theory130115
4 addressing theory130115Eleni Trouva
 
2 introto rina-e130123
2 introto rina-e1301232 introto rina-e130123
2 introto rina-e130123ARCFIRE ICT
 
Dublin addressingtheproblem131224
Dublin addressingtheproblem131224Dublin addressingtheproblem131224
Dublin addressingtheproblem131224ICT PRISTINE
 
6 security130123
6 security1301236 security130123
6 security130123ICT PRISTINE
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014ICT PRISTINE
 
TFI2014 Conference Program
TFI2014 Conference ProgramTFI2014 Conference Program
TFI2014 Conference ProgramColorado Internet Society (CO ISOC)
 

Recommended

3 addressingthe problem130123
3 addressingthe problem1301233 addressingthe problem130123
3 addressingthe problem130123Eleni Trouva
 
1 lost layer130123
1 lost layer1301231 lost layer130123
1 lost layer130123ARCFIRE ICT
 
4 addressing theory130115
4 addressing theory1301154 addressing theory130115
4 addressing theory130115Eleni Trouva
 
2 introto rina-e130123
2 introto rina-e1301232 introto rina-e130123
2 introto rina-e130123ARCFIRE ICT
 
Dublin addressingtheproblem131224
Dublin addressingtheproblem131224Dublin addressingtheproblem131224
Dublin addressingtheproblem131224ICT PRISTINE
 
6 security130123
6 security1301236 security130123
6 security130123ICT PRISTINE
 
Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014ICT PRISTINE
 
TFI2014 Conference Program
TFI2014 Conference ProgramTFI2014 Conference Program
TFI2014 Conference ProgramColorado Internet Society (CO ISOC)
 
Evolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other networkEvolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other networkInternet Technology Matters (Internet Society)
 
Next generation web protocols
Next generation web protocolsNext generation web protocols
Next generation web protocolsDaniel Austin
 
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Tim O'Reilly
 
P2P Capstone
P2P CapstoneP2P Capstone
P2P Capstoneguest8c20c3
 
The State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destructionThe State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destructionbcantrill
 
Competitive Landscape Of The Web
Competitive Landscape Of The WebCompetitive Landscape Of The Web
Competitive Landscape Of The WebWilliam J. Brown
 
Computer networking
Computer networkingComputer networking
Computer networkingjlunceford12
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
Challenges2013
Challenges2013Challenges2013
Challenges2013Lancope, Inc.
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Internal host-reputation-webinar
Internal host-reputation-webinarInternal host-reputation-webinar
Internal host-reputation-webinarLancope, Inc.
 
lec security
lec securitylec security
lec securityEngr. ZEESHAN QAISER
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityGerardo Pardo-Castellote
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfKerimBozkanli
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a securityGroup of company MUK
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
RINA Introduction, part II
RINA Introduction, part IIRINA Introduction, part II
RINA Introduction, part IIICT PRISTINE
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesPeter Wood
 

More Related Content

What's hot

Next generation web protocols
Next generation web protocolsNext generation web protocols
Next generation web protocolsDaniel Austin
 
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Tim O'Reilly
 
The State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destructionThe State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destructionbcantrill
 
Competitive Landscape Of The Web
Competitive Landscape Of The WebCompetitive Landscape Of The Web
Competitive Landscape Of The WebWilliam J. Brown
 
Computer networking
Computer networkingComputer networking
Computer networkingjlunceford12
 

What's hot (7)

Evolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other networkEvolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other network
 
Next generation web protocols
Next generation web protocolsNext generation web protocols
Next generation web protocols
 
Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)Ficod 2011 pdf (with notes)
Ficod 2011 pdf (with notes)
 
P2P Capstone
P2P CapstoneP2P Capstone
P2P Capstone
 
The State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destructionThe State of Cloud 2016: The whirlwind of creative destruction
The State of Cloud 2016: The whirlwind of creative destruction
 
Competitive Landscape Of The Web
Competitive Landscape Of The WebCompetitive Landscape Of The Web
Competitive Landscape Of The Web
 
Computer networking
Computer networkingComputer networking
Computer networking
 

Similar to 6 security130123

Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Internal host-reputation-webinar
Internal host-reputation-webinarInternal host-reputation-webinar
Internal host-reputation-webinarLancope, Inc.
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfKerimBozkanli
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
RINA Introduction, part II
RINA Introduction, part IIRINA Introduction, part II
RINA Introduction, part IIICT PRISTINE
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesPeter Wood
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Bindernitayart
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...APNIC
 

Similar to 6 security130123 (20)

Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Internal host-reputation-webinar
Internal host-reputation-webinarInternal host-reputation-webinar
Internal host-reputation-webinar
 
lec security
lec securitylec security
lec security
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a security
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
RINA Introduction, part II
RINA Introduction, part IIRINA Introduction, part II
RINA Introduction, part II
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Binder
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
 

More from ARCFIRE ICT

Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay NetworkingMulti-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay NetworkingARCFIRE ICT
 
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...ARCFIRE ICT
 
Large-scale Experimentation with Network Abstraction for Network Configuratio...
Large-scale Experimentation with Network Abstraction for Network Configuratio...Large-scale Experimentation with Network Abstraction for Network Configuratio...
Large-scale Experimentation with Network Abstraction for Network Configuratio...ARCFIRE ICT
 
Design Considerations for RINA Congestion Control over WiFi Links
Design Considerations for RINA Congestion Control over WiFi LinksDesign Considerations for RINA Congestion Control over WiFi Links
Design Considerations for RINA Congestion Control over WiFi LinksARCFIRE ICT
 
One of the Ways How to Make RIB Distributed
One of the Ways How to Make RIB DistributedOne of the Ways How to Make RIB Distributed
One of the Ways How to Make RIB DistributedARCFIRE ICT
 
Unifying WiFi and VLANs with the RINA model
Unifying WiFi and VLANs with the RINA modelUnifying WiFi and VLANs with the RINA model
Unifying WiFi and VLANs with the RINA modelARCFIRE ICT
 
First Contact: Can Switching to RINA save the Internet?
First Contact: Can Switching to RINA save the Internet?First Contact: Can Switching to RINA save the Internet?
First Contact: Can Switching to RINA save the Internet?ARCFIRE ICT
 
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...ARCFIRE ICT
 
Pristine rina-tnc-2016
Pristine rina-tnc-2016Pristine rina-tnc-2016
Pristine rina-tnc-2016ARCFIRE ICT
 
Distributed mobility management and application discovery
Distributed mobility management and application discoveryDistributed mobility management and application discovery
Distributed mobility management and application discoveryARCFIRE ICT
 
Mobility mangement rina iwcnc
Mobility mangement rina iwcncMobility mangement rina iwcnc
Mobility mangement rina iwcncARCFIRE ICT
 
5 mngmt idd130115
5 mngmt idd1301155 mngmt idd130115
5 mngmt idd130115ARCFIRE ICT
 
5 mngmt idd130115jd
5 mngmt idd130115jd5 mngmt idd130115jd
5 mngmt idd130115jdARCFIRE ICT
 
4 addressing theory130115
4 addressing theory1301154 addressing theory130115
4 addressing theory130115ARCFIRE ICT
 
3 addressingthe problem130123
3 addressingthe problem1301233 addressingthe problem130123
3 addressingthe problem130123ARCFIRE ICT
 
Rumba CNERT presentation
Rumba CNERT presentationRumba CNERT presentation
Rumba CNERT presentationARCFIRE ICT
 
5. Rumba presentation
5. Rumba presentation5. Rumba presentation
5. Rumba presentationARCFIRE ICT
 
4. Clearwater on rina
4. Clearwater on rina4. Clearwater on rina
4. Clearwater on rinaARCFIRE ICT
 
3. RINA use cases, results, benefits
3. RINA use cases, results, benefits3. RINA use cases, results, benefits
3. RINA use cases, results, benefitsARCFIRE ICT
 

More from ARCFIRE ICT (20)

Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay NetworkingMulti-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
 
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
Error and Flow Control Protocol (EFCP) Design and Implementation: A Data Tran...
 
Large-scale Experimentation with Network Abstraction for Network Configuratio...
Large-scale Experimentation with Network Abstraction for Network Configuratio...Large-scale Experimentation with Network Abstraction for Network Configuratio...
Large-scale Experimentation with Network Abstraction for Network Configuratio...
 
Design Considerations for RINA Congestion Control over WiFi Links
Design Considerations for RINA Congestion Control over WiFi LinksDesign Considerations for RINA Congestion Control over WiFi Links
Design Considerations for RINA Congestion Control over WiFi Links
 
One of the Ways How to Make RIB Distributed
One of the Ways How to Make RIB DistributedOne of the Ways How to Make RIB Distributed
One of the Ways How to Make RIB Distributed
 
Unifying WiFi and VLANs with the RINA model
Unifying WiFi and VLANs with the RINA modelUnifying WiFi and VLANs with the RINA model
Unifying WiFi and VLANs with the RINA model
 
First Contact: Can Switching to RINA save the Internet?
First Contact: Can Switching to RINA save the Internet?First Contact: Can Switching to RINA save the Internet?
First Contact: Can Switching to RINA save the Internet?
 
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
Experimenting with Real Application-specific QoS Guarantees in a Large-scale ...
 
Exp3mq
Exp3mqExp3mq
Exp3mq
 
Pristine rina-tnc-2016
Pristine rina-tnc-2016Pristine rina-tnc-2016
Pristine rina-tnc-2016
 
Distributed mobility management and application discovery
Distributed mobility management and application discoveryDistributed mobility management and application discovery
Distributed mobility management and application discovery
 
Mobility mangement rina iwcnc
Mobility mangement rina iwcncMobility mangement rina iwcnc
Mobility mangement rina iwcnc
 
5 mngmt idd130115
5 mngmt idd1301155 mngmt idd130115
5 mngmt idd130115
 
5 mngmt idd130115jd
5 mngmt idd130115jd5 mngmt idd130115jd
5 mngmt idd130115jd
 
4 addressing theory130115
4 addressing theory1301154 addressing theory130115
4 addressing theory130115
 
3 addressingthe problem130123
3 addressingthe problem1301233 addressingthe problem130123
3 addressingthe problem130123
 
Rumba CNERT presentation
Rumba CNERT presentationRumba CNERT presentation
Rumba CNERT presentation
 
5. Rumba presentation
5. Rumba presentation5. Rumba presentation
5. Rumba presentation
 
4. Clearwater on rina
4. Clearwater on rina4. Clearwater on rina
4. Clearwater on rina
 
3. RINA use cases, results, benefits
3. RINA use cases, results, benefits3. RINA use cases, results, benefits
3. RINA use cases, results, benefits
 

Recently uploaded

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 

6 security130123

  • 1. © John Day, 2013 1 Rights Reserved The Pouzin Society Security in RINA IRATI Workshop Barcelona, Spain John Day Lou Chitkushev
  • 2. © John Day, 2013 2 Rights Reserved The Pouzin Society First a Word on Method •  When trying to work out the IPC Model absolutely no thought was given to security. All of the focus was just understanding the structure. •  People kept asking, What about Security? Is there a security layer? •  Didn’t Know. Hadn’t thought about it. •  There was the obvious: –  The recursion of the layer provided Isolation. –  That only the Application Name and local port-id were exposed to the correspondents. •  Interesting, but hardly an answer •  But it wasn’t the time for those questions . . . •  At least not yet . . .
  • 3. © John Day, 2013 3 Rights Reserved The Pouzin Society The Recursion Provided Isolation •  Security by isolation, (not obscurity) •  Hosts can not address any element of the ISP. •  No user hacker can compromise ISP assets. •  Unless ISP is physically compromised. ISP Hosts and ISPs do not share DIFS. (ISP may have more layers
  • 4. © John Day, 2013 4 Rights Reserved The Pouzin Society How Does It Work? Security •  A Hacker in the Public Internet cannot connect to an Application in another DIF without either joining the DIF, or creating a new DIF spanning both. Either requires authentication and access control. –  Non-IPC applications that can access two DIFs are a potential security problem. •  Certainly promising Public Internet ISP 1 ISP 2 ISP 3 Internet Rodeo Drive Utility SCADA My Net Facebook Boutique Internet Mall of America
  • 5. © John Day, 2013 5 Rights Reserved The Pouzin Society But When It Was Time •  The question was not, how to put in security? •  The question was, •  What does the IPC Model tell us about security? –  Remember, our first task is always understanding. •  Let the Problem Answer the Question! –  Let the Problem Tell Us What to Do.
  • 6. © John Day, 2013 6 Rights Reserved The Pouzin Society The Problem Had a Lot to Say •  We Already Mentioned How Little is Exposed the Layer Above. •  The Original OS Model indicated where Access Control went. •  Creating the Application Connection for Enrollment indicated where Authentication belonged, and that –  Authentication of Applications must be done by the Applications themselves. –  All members of the layer are authenticated within policy. •  SDU Protection clearly provided Confidentiality and Integrity. •  That implied that only Minimal trust was necessary: –  Only that the lower layer will deliver something to someone. Port:=Allocate(Dest-Appl, params) Access Control Exercised
  • 7. © John Day, 2013 7 Rights Reserved The Pouzin Society A Very Unexpected Result •  A DIF with no explicit security mechanisms is inherently more secure than the current Internet under the same conditions! •  It would appear that –  A DIF is a Securable Container.
  • 8. © John Day, 2013 8 Rights Reserved The Pouzin Society Other Things Fall Into Place •  Data Transfer in RINA is based on Delta-t (Watson, 1980) •  Lot has happened in 30 years, many attacks on TCP have been found: –  Port scanning – Reset Attacks –  SYN attacks – Reassembly Attacks •  Long after delta-t was designed, what about delta-t? •  Short answer: –  None of them work (Boddapati, et al., 2012) •  Amazing, totally unexpected –  Why not? •  Multiple fundamental reasons, but all inherent in the structure: –  First, have to join the DIF (all members are authenticated) –  Second, No Well-Known Ports •  Would have to scan all possible application names! –  Third and more importantly, . . .
  • 9. © John Day, 2013 9 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization •  No Way to Know What CEP-ids are Being Used, Since There is No Relation Between Port-id and CEP-id. –  Syn Attack: must guess which of 2^16 CEP-id. –  Data Transfer: must guess CEP-id and seq num within window! –  Reassembly attack: Reassembly only done once. Synchronization Connection Endpoint Port Allocation Port-id Connection
  • 10. © John Day, 2013 10 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization: No IPSec •  IPsec is necessary with TCP/IP because no authentication and Sequence numbers turn over too quickly: don’t repeat sequence number with same CEP-id. •  With RINA and delta-t, IPC Processes all authenticated, SDU Protection does the encryption, and packet sequence numbers slows rollover, but if it does, then simply allocate a new connection •  And bind it to the same port-ids, old one disappears after 2MPL. Connection Endpoint Port Allocation Port-id Connection SDU Protection SDU Protection
  • 11. © John Day, 2013 11 Rights Reserved The Pouzin Society RINA is Inherently More Secure and Less Work •  A DIF is a Securable Container. (Small, 2011) –  What info required to mount an attack, How to get the info –  Small does a threat analysis at the architecture level •  Implies that Firewalls are Unnecessary, –  The DIF is the Firewall! •  RINA Security is considerably Less Complex than the Current Internet Security (Small, 2012) –  Only do a rough estimate counting protocols and mechanisms. •  See paper for details.
  • 12. © John Day, 2013 12 Rights Reserved The Pouzin Society 802.3 802.3 802.3 802.3 IP IP IP IP TCP TCP Browser Server MACsec MACsec MACsec MACsec EAPOL EAPOL EAPOL EAPOL IPsec IPsec IKE IKE UDP UDP TLS TLS Protocols: 15 Non-Security: 89 Security: 28 Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 13. © John Day, 2013 13 Rights Reserved The Pouzin Society What Does This Mean? •  Protocols – We Know What That Refers To •  Security Mechanisms – Authentication, Access Control, Integrity, Confidentiality, Non-Repudiation. •  Non-Security Mechanisms – All the others listed in the book: delimiting, relaying, ordering, multiplexing, fragmentation/reassembly, Lost and Duplicate Detection, Flow Control, Retransmission Control, Compession, Addressing, Initial State Synchronization.
  • 14. © John Day, 2013 14 Rights Reserved The Pouzin Society 1-DIF 1-DIF 1-DIF 1-DIF 2-DIF 2-DIF 2-DIF 2-DIF Browser Server Backbone-DIF Backbone-DIF AppSec-DIF AppSec-DIF Protocols: 3 Non-Security: 15 Security: 5 Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 15. © John Day, 2013 15 Rights Reserved The Pouzin Society Internet RINA Protocols 15 3 Non-Security Mechanisms 89 15 Security Mechanisms 28 7 Totals Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 16. © John Day, 2013 16 Rights Reserved The Pouzin Society Internet RINA Protocols 8 0 Non-Security Mechanisms 59 0 Security Mechanisms 28 7 To Add Security Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 17. © John Day, 2013 17 Rights Reserved The Pouzin Society Why Is Internet Security So Bad? •  The Standard Rationale One Sees is that They Didn’t Think About It at the Beginning. –  Neither did We. –  Nor did Watson. –  But RINA and delta-t are more secure. •  That Seems to Imply that –  Good Design May be More Important to Security than Security Is.
  • 18. © John Day, 2013 18 Rights Reserved The Pouzin Society Conclusion •  This is a MAJOR Improvement in Internet Security. –  Not only more secure, but for less cost, with less overhead. •  So is Internet Security solved? –  Hardly. –  Still need: to develop the plug-in policy modules –  to consider DDoS (we have some ideas) –  As well as protecting against Rogue IPC Processes –  and much more to explore. •  Most attacks are in the Applications, this does nothing about that. –  But Much of this applies equally well to DAFs •  Model implies that OS security reduces to Bounds Checking on Memory and IPC Security. –  May also make it harder, might be able to deflect more DDoS attacks
  • 19. © John Day, 2013 19 Rights Reserved The Pouzin Society Questions?