STIP: A new model of trusted network

Sara Bitan, Adi Molkho
{"title":"STIP: A new model of trusted network","authors":"Sara Bitan, Adi Molkho","doi":"10.1109/ICNP52444.2021.9651913","DOIUrl":null,"url":null,"abstract":"We present STIP, a new model for Scalable Trusted IP networks, that are secure and resilient to cyber-attacks without impairing reliability. STIP addresses managed network use-cases including enterprise network authentication and authorization, and ISP use-cases, including trust based routing, and application aware networking. It can provide an enabling infrastructure that improves resilience to the painful BGP hijacking and distributed denial of service attacks.At the data plane, STIP consists of a trusted forwarding engine, that uses authenticated trust extensions to process traffic reliably. At the control and management plane STIP divides the network into trust domains that evaluate trustworthiness of devices in the domain, and distribute it securely using transitive trust. Our vision is Internet-wide STIP deployment . We present a migration process based on trust domains that can be used to gradually upgrade current IP networks to STIP.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNP52444.2021.9651913","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

We present STIP, a new model for Scalable Trusted IP networks, that are secure and resilient to cyber-attacks without impairing reliability. STIP addresses managed network use-cases including enterprise network authentication and authorization, and ISP use-cases, including trust based routing, and application aware networking. It can provide an enabling infrastructure that improves resilience to the painful BGP hijacking and distributed denial of service attacks.At the data plane, STIP consists of a trusted forwarding engine, that uses authenticated trust extensions to process traffic reliably. At the control and management plane STIP divides the network into trust domains that evaluate trustworthiness of devices in the domain, and distribute it securely using transitive trust. Our vision is Internet-wide STIP deployment . We present a migration process based on trust domains that can be used to gradually upgrade current IP networks to STIP.
一种新的可信网络模型
我们提出了一种可扩展可信IP网络的新模型STIP,它既安全又能抵御网络攻击,又不损害可靠性。STIP用于管理网络用例,包括企业网络认证和授权,以及ISP用例,包括基于信任的路由和应用感知组网。它可以提供一个支持基础设施,提高对痛苦的BGP劫持和分布式拒绝服务攻击的弹性。在数据平面,STIP由一个可信转发引擎组成,该引擎使用经过认证的信任扩展来可靠地处理流量。在控制和管理平面,STIP将网络划分为信任域,评估域中设备的可信度,并使用可传递信任进行安全分发。我们的愿景是在互联网范围内部署STIP。我们提出了一个基于信任域的迁移过程,可用于逐步将当前IP网络升级到STIP。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信