{"title":"STIP: A new model of trusted network","authors":"Sara Bitan, Adi Molkho","doi":"10.1109/ICNP52444.2021.9651913","DOIUrl":null,"url":null,"abstract":"We present STIP, a new model for Scalable Trusted IP networks, that are secure and resilient to cyber-attacks without impairing reliability. STIP addresses managed network use-cases including enterprise network authentication and authorization, and ISP use-cases, including trust based routing, and application aware networking. It can provide an enabling infrastructure that improves resilience to the painful BGP hijacking and distributed denial of service attacks.At the data plane, STIP consists of a trusted forwarding engine, that uses authenticated trust extensions to process traffic reliably. At the control and management plane STIP divides the network into trust domains that evaluate trustworthiness of devices in the domain, and distribute it securely using transitive trust. Our vision is Internet-wide STIP deployment . We present a migration process based on trust domains that can be used to gradually upgrade current IP networks to STIP.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNP52444.2021.9651913","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
We present STIP, a new model for Scalable Trusted IP networks, that are secure and resilient to cyber-attacks without impairing reliability. STIP addresses managed network use-cases including enterprise network authentication and authorization, and ISP use-cases, including trust based routing, and application aware networking. It can provide an enabling infrastructure that improves resilience to the painful BGP hijacking and distributed denial of service attacks.At the data plane, STIP consists of a trusted forwarding engine, that uses authenticated trust extensions to process traffic reliably. At the control and management plane STIP divides the network into trust domains that evaluate trustworthiness of devices in the domain, and distribute it securely using transitive trust. Our vision is Internet-wide STIP deployment . We present a migration process based on trust domains that can be used to gradually upgrade current IP networks to STIP.