![Page 1: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/1.jpg)
Mobility in Publish/Subscribe
NetworksWalter Wong
HIIT & NomadicLab24.02.2010
![Page 2: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/2.jpg)
OutlineMotivation
BackgroundLink LayerNetwork LayerTransport LayerSession Layer
Information MobilityPeer-to-peer, Content Delivery NetworksPublish/Subscribe
![Page 3: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/3.jpg)
MotivationOriginal Internet design
Hosts are fixed IP address is both end-host identifier and locator
However, the current Internet usage is:
![Page 4: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/4.jpg)
Mobility – Some problemsHow does a host get a new locator (IP address)?
How does a host re-establish the connectivity in the new network?
How does a host tell the peer host its new address?
How can we find a host that moves frequently?
How can applications maintain the seamless connectivity between mobile hosts?
![Page 5: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/5.jpg)
Solutions in different layers
Link
Network
Transport
Session
Identification
Simple MAC address update
DHCP (static), Mobile IP (dynamic)
Host Identity Protocol
TCP Migrate
SIP Mobility
![Page 6: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/6.jpg)
Link Layer MobilityChange MAC address
Ex. Between access points in the same subnet
(+) Transparent to higher layers (no changes in the IP address)
(–) Limited to the same subnet
MACA
MACB
IPclient
Mapping: IPclient –> MACAMapping: IPclient –> MACB
![Page 7: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/7.jpg)
Dynamic Host Configuration Protocol (DHCP)
Provides dynamic IP addresses to end-hosts
(+) simple
(–) does not maintain ongoing connections
Network A Network B10.10.1/24 192.168.0/24
10.10.1.100192.168.0.11
![Page 8: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/8.jpg)
IP Mobility – IP Semantic Overload Problem
Link
Network
Transport
Session
Application
IPsrc = 10.10.0.100
Web-browser
socket(AF_INET, …, …)
connect()socket(IPsrc/dst, portsrc/dst)
IPsrc = 192.168.0.11
![Page 9: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/9.jpg)
Mobile IPGoals
Network layer solutionApplications are oblivious of the mobility eventLegacy application support Incrementally deployable
ApproachTwo IP addressesHome Address –> stable end-host identifierCare-of Address –> ephemeral end-host locator“Solves” IP semantic overload problem
![Page 10: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/10.jpg)
Mobile IP – ElementsHome Agent (HA)
Responsible for location managementTunnels traffic to the registered node when it is not
in the home network
Foreign Agent (FA)Provides Care-of address of the visited networkRepresents the mobile node when it visits the
network
![Page 11: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/11.jpg)
MN at Home Network
Internet
Home Network
Foreign Network
HomeAgent
ForeignAgent
MN IPA
CorrespondentNode
Direct communicationbetween MN and CN
IPA <–> IPC
IPC
![Page 12: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/12.jpg)
MN Registration
Internet
Home Network
Foreign Network
HomeAgent
ForeignAgent
MN IPA
CorrespondentNode
Registration in the FAReceive Care-of Address
Inform current CoA
IPC
MN IPB
![Page 13: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/13.jpg)
MN at Foreign Network
Internet
Home Network
Foreign Network
HomeAgent
ForeignAgent
MN IPB
CorrespondentNode
IPC
CN sends data to IPA
HA tunnels packets to IPB
(IP-IP tunneling)
![Page 14: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/14.jpg)
Route Optimization
Internet
Home Network
Foreign Network
HomeAgent
ForeignAgent
MN IPB
CorrespondentNode
IPC
Avoids the triangle between CN – HA – MN
![Page 15: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/15.jpg)
Mobile IP – SummaryProvides mobility support in the network level
Applications are oblivious about the mobility event
Supports simultaneous node mobility (uses HA and FA as anchor points)
Uses two IP addresses: Home address: end-host identification Care-of address: end-host location
Issues Scalability problems (triangle) Security
![Page 16: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/16.jpg)
Host Identity Protocol (HIP)
New namespace between network and transport layersHost Identity (HI)Host Identity Tags (HIT)Security embedded128-bit identifier = hash from the public key
Fill the gap between end-host identification and location
Decouples end-host identification and locationSolves IP semantic overload
![Page 17: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/17.jpg)
HIP Namespace
Network
Transport
Application
Identification
Link
Web-browsersocket(…)
Get end-host identifiersocket(HITsrc/dst, portsrc/dst)
Network layer is free to change
![Page 18: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/18.jpg)
HIP ResolutionTwo steps name resolution
Name to HIT resolution –> DNSHIT to IP resolution –> Rendezvous Server (RVS)
HIP base exchange4-way handshakeResistant against Denial-of-Service attacks
Uses cost functionsCheck whether correspondent nodes are committed
to the communication
![Page 19: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/19.jpg)
HIP MobilityRendezvous Server (RVS)
Holds all HIT-to-IP mapping
Distributed in the networkEx: One per administrative domain
After a mobility event, mobile node engages in the locator update procedureUPDATE message along with the verification
protocol
![Page 20: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/20.jpg)
HIP SummaryNew namespace composed of cryptographic
identifiersHost Identifiers (HI) and Host Identity Tags (HIT)
Detaches host identification from location
Resistant against Denial-of-service attacksBase exchange
Supports simultaneous node mobilityRVS is the anchor point
![Page 21: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/21.jpg)
TCP MigrateEnd-host mobility in the transport layer
Goal: to maintain end-host seamless connectivity during TCP sessions
ApproachUses DNS names to provide stable end-host
identifierSaves TCP state during migration, restoring after
mobility eventNo new location management device
No Home Agent and Foreign Agent
![Page 22: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/22.jpg)
TCP MigrateMobility procedure
Inform current IP address to the peer nodeAfter mobility event, mobile node sends a TCP SYN
message to the peer node informing the new IP address
Update current IP address in order to be globally reachableMobile host updates its current mapping in the DNSEx. www.acme.org –> 69.64.156.78
![Page 23: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/23.jpg)
TCP MigrateTCP session migration
New TCP optionTCP SYN MIGRATEInforms to migrate to a new TCP sessionUse tokens to inform to which TCP session it was
associatedThe mobile host opens a new socket with the new
IP address and sends the TCP SYN message with MIGRATE option and a token with the current state
The peer host opens the a new TCP session to the new IP address and restores the session
![Page 24: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/24.jpg)
TCP Migrate – SummaryBenefits
SimpleNo network infrastructure changes
DrawbacksChanges in the default TCPSecurity issuesDoes not support simultaneous node mobility
There is no anchor point
![Page 25: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/25.jpg)
Session Initiated ProtocolSignaling protocol used for controlling
multimedia sessionsUsed for establishing, modifying and terminating
sessionsUses URI to identify users
Relies on two other protocolsReal-time protocol (RTP)
Carries streaming dataSession description protocol (SDP)
Session parameters, e.g, ports, protocols, etc
![Page 26: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/26.jpg)
SIP Message Flow
DNSOutboundProxy
InboundProxy
Client Client
INVITE
Resolve URI to Inbound Proxy Server IP
INVITEOK OKACK ACK
RTP Traffic
![Page 27: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/27.jpg)
Home Network
Foreign Network
SIP Mobility
OutboundProxy
Client
SIP Redirect ProxyCorrespondent
Node INVITE
Moved Temporarily
INVITE
OK
ACK
![Page 28: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/28.jpg)
SIP – SummarySignaling protocol for controlling multimedia
sessions
Uses URIs to identify user agents
Mobility is handled by SIP proxies
![Page 29: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/29.jpg)
Mobility Support – Summary
Link
Network
Transport
Session
Identification
Simple MAC address update – switches can beconfigured to handle it
Mobile IP – creates a new IP address, the HomeAddress to be the end-host identifier, while theCare-of Address is the real locator
Host Identity Protocol – introduces a new namespaceto fill the gap between identification and location
TCP Migrate – adds a new option in the TCP stack,MIGRATE, to provide TCP session migration. Relieson DNS to provide correct mapping
SIP Mobility – uses SIP proxies to locate user agents.End users are identified by URI and mapped to SIPProxies, which are the anchor points.
![Page 30: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/30.jpg)
Information-centric NetworksWhat happens when we migrate to information-
centric networks?Location decoupledTime decoupled
There is no IP end-point to locate hosts
![Page 31: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/31.jpg)
Data ‘Mobility’ in Host-centric Networks
Peer-to-peer Networks Users search for content Request is translated to a query in a DHT Users receive a list of closest peers
Content Delivery Networks (CDNs) URL links contain CDN DNS entries Dynamic mapping of DNS name resolutions to the closest
surrogate server
Dynamic mapping of content into an IP address
Content is ‘detached’ from locator (new naming system, e.g, flat identifier, etc)
![Page 32: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/32.jpg)
Data Mobility in Information-centric Networks
Native Publish/SubscribeEach content has a unique identifierContent is totally detached from specific location
Can be anywhere, intermediate caches, end-nodes, replicated, etc
Usually content is stored close to the consumersPopular content is cached near to consumersSupport flash crowd events
![Page 33: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/33.jpg)
End-node Mobility in Information-centric Networks
Network Attachment procedureDuring bootstrap process, subscribe re-subscribes
to the publicationRVS receives notificationRVS notifies the publisher and topology manager
Publisher re-publishes the content in the new RVSTopology manager computes new path between
publisher and subscribers Updates delivery tree
![Page 34: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/34.jpg)
End-node Mobility in Information-centric Networks
Some optimizationsDefault communication model: MulticastMulticast Assisted Mobility
Possibility to reduce handoff lossDistribution of data around the area where the mobile
user residesMakes data available when mobile user arrives
Packet lossBuffering and return channel (algorithmic IDs)
Delivery orderSubscription to separate IDs, e.g. algorithmic IDs
![Page 35: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/35.jpg)
Questions?Comments?
Thanks!
![Page 36: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/36.jpg)
Content Authentication in Information-centric Networks
Walter WongHIIT & NomadicLab
24.02.2010
![Page 37: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/37.jpg)
OutlineBackground
Host-centric security solutionsMerkle Hash Trees
Information-centric authenticationSkewed Hash Trees
Implementation & Evaluation
Conclusion
![Page 38: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/38.jpg)
MotivationCurrent security solutions
Authentication of the container/storage device/mirror
And what about the content itself?We trust in the container! (shouldn’t we trust in
the content?)
Paradigm problem In the Internet, we want ‘what’And we get ‘where’
![Page 39: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/39.jpg)
Example – Content Delivery Networks
ContentProvider
SSL
Are they the same movie?Wrong trust model!
![Page 40: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/40.jpg)
Host-centric Security Solutions
SSL/TLS and IPSec Provides host authentication (IP address) IPSec = network layer solution => IP SSL/TLS = transport layer solution => IP !! Security channel between end-hosts
Mainly: data transfer between authenticated end-hosts (IP addresses)
Security data results from the connection parameters Transient data => can’t be reused in other context Time coupled
![Page 41: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/41.jpg)
Towards Information-centric Networking
Migration from host-centric to information-centric networking
Data is decoupled from the location (data is not part of the storage location)
Communication is decoupled in time and synchronization
Scenarios
Peer-to-peer, Content delivery networks
Publish/Subscribe
![Page 42: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/42.jpg)
Towards Information-centric Networking
Client/server modelScenario: low resourcesServices centralized in a ‘powerful’ serverRoles: well-defined clients and serversStorage is centralized in the serverDrawbacks
Bottleneck – scalability issuesServer could be distant geographically
![Page 43: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/43.jpg)
Towards Information-centric Networking
Peer-to-peer modelScenario: file-sharingDistributed resources among peersRoles: peer is both producer and consumerStorage: distributed in the network, but in the peer
storage diskDrawbacks
Some are location oblivious – peer with highest bandwidth might not be the closest one
Paradox: consumer peers need to queue for the same resource, while the provider peer needs to send it multiple times
![Page 44: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/44.jpg)
Towards Information-centric Networking
Publish/SubscribeScenario: news feed deliveryDistributed resources in the networkRole: mixed between publishers and subscribersStorage: distributed in the network along cachesBenefits
Multicast – no p2p paradoxSimpler – no scheduling algorithm for resourcesContent retrieval from the closest cache
Resources are within the network
![Page 45: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/45.jpg)
Motivation – SecurityHow do we secure content with:
Location decoupledData can not be authenticated with some IP
Time decoupledData can not be authenticated based on direct
connection
![Page 46: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/46.jpg)
Information-centric Security
Original ideaPer packet signatureSign each packet with a digital signature
DrawbacksCostly
CPU expensive to sign and verify each signature
RequirementOptimize signature mechanism
![Page 47: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/47.jpg)
Merkle Hash TreeSignature amortization technique
binary tree built over a set of data blocks
Uses hash functions to authenticate data blocksMD5, SHA-1, SHA-256
Requires just one digital signature for an entire piece of contentRegardless of the number of data blocks!
DrawbacksWorks only on binary trees!
![Page 48: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/48.jpg)
Merkle Hash Tree
File
D0 D1 D2 D3Data blocks
H0 H1 H2 H3Leaf nodes
H01 H23Internal nodes
H03Root Hash
![Page 49: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/49.jpg)
Merkle Hash Tree
File
D0 D1 D2 D3Data blocks
H0 H1 H2 H3Leaf nodes
H01 H23Internal nodes
H03Root Hash
D0
H1
H1
H23
H23
H0 H1
H23H01 +
H03
![Page 50: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/50.jpg)
Skewed Hash TreeMotivation
Many possibilities to build a skewed tree
GoalNew algorithm to support random size files
ApproachSeparate balanced and unbalanced treesAppend remaining blocks under the balanced treeDeal with each one separatelyMaintain, at most, one level of difference
![Page 51: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/51.jpg)
Skewed Hash Tree – Overview
File
D0 D1 D2 D3
H0 H1 H2 H3
H01 H23
H03h = 0
D4 D5
H4 H5
H45
H05
h = – 1
1 level diff
![Page 52: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/52.jpg)
BenefitsAmortized signature scheme
Based on hash functions (efficiency)
Data carries its own proof of authenticity
Data and authentication information can come separately
Any sequence authentication
Time decoupling (no interaction between producers/consumers - asynchronous)
Random size file authentication
On-path network verification
![Page 53: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/53.jpg)
Application Scenario On-path Authentication
![Page 54: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/54.jpg)
Application ScenarioContent Delivery Networks
![Page 55: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/55.jpg)
Evaluation (1/3)
![Page 56: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/56.jpg)
Evaluation (2/3)
![Page 57: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/57.jpg)
Evaluation (3/3)
![Page 58: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/58.jpg)
ConclusionCurrent security solutions (TLS/IPSec) do not fit in information-centric networks
Skewed Hash Tree provides:
amortized signature
independent packet authentication
random file size authentication
time decoupled
On average, 8 and 3 times faster than RSA, while preserving the same level of security
![Page 59: Mobility in Publish/Subscribe Networks Walter Wong HIIT & NomadicLab 24.02.2010](https://reader031.vdocuments.net/reader031/viewer/2022012922/56649cc55503460f9498e396/html5/thumbnails/59.jpg)
Questions?Comments?
Thanks!