Computer Networks 57 (2013) 2215–2217

Contents lists available at SciVerse ScienceDirect

Computer Networks

journal homepage: www.elsevier .com/ locate/comnet

Editorial

Special Issue on ‘‘Security and identity architecture for the future internet’’

The current Internet model was designed to let distantnetworks be interconnected without monopolizing theunderlying communications infrastructure while deliver-ing improved reliability and fault tolerance. Today, it hasbecome the common infrastructure used in our day-to-day communications, the place where we live our digitallives.

Over time many problems have been exposed, whichhave been adopted as challenges for the Future Internet(FI). The most important and widely discussed challengesare the decoupling of location (IP addresses) and identifi-cation (identifiers, identities), scalable mobility support,and, of course, integrated security.

As the Internet hits its limits, its successor is being dis-cussed in different fora such as the Next Generation Inter-net (NGI) and the Future Internet Assembly (FIA).Government funding programs have been established, forinstance in Europe, Japan, Korea, and the US, to foster re-search addressing the challenges of future networksincluding scalability, mobility, service provisioning, and,in particular, identity management. One crucial require-ment for any solution is that security and privacy be anintegral part of the design.

This special issue was conceived to explore differentidentity aspects to address the limitation of the Internetand/or offer potential solutions and models for the designof future networks where security and privacy are built-in,taking into account the needs for Information-Centric Net-working (ICN), support for resiliency and trustworthiness,and the future Internet of Things (IoT) network.

In response to the call for papers for this special issue,we received 19 submissions for consideration for publica-tion. After a rigorous two-step review process, we acceptedfive high quality papers reporting different directions forthe Security and Identity Architecture for the FutureInternet.

Identifier/locator-split-based new protocols are beingproposed to alleviate the Internet from several challengesincluding security, mobility, multihoming, routing andtraffic engineering. However, it is not easy to widely de-ploy such new protocols if the protocol designers haveinsufficient understanding of the potential economicincentives for the early adopters. In [1], the authors ana-lyze the Host Identity Protocol (HIP) from this viewpoint.

1389-1286/$ - see front matter � 2013 Elsevier B.V. All rights reserved.http://dx.doi.org/10.1016/j.comnet.2013.06.001

Based on expert interviews, they identify six main reasonswhy HIP has not yet been widely deployed. After providingvaluable suggestions to HIP developers, they highlightsome new adoption barriers and deployment strategiesthat could be taken into account when designing newprotocols.

The authors of [2] address how to make the authorizedaccess of protected resources more flexible and compre-hensive. To do so, they integrate OAuth mechanisms andWS-Trust while using new powerful protocols such asREST. For example, they show how a user can handleauthorization while using an OAuth implementation thatcannot deal on its own with the authorization code pro-vided and where the WS-Trust Security Token Service han-dles heterogeneity. The interoperation is handled bytranslating between REST and SOAP. A second scenariousing a WS-Trust client that accesses an OAuth protectedresource is also described. The combined architecture isvalidated by a prototype that shows that the added over-head (56% and 16%) for the two scenarios compared tothe standalone scenario is acceptable, in particular consid-ering that the overhead is restricted to the authenticationphase and may even be reduced through further optimiza-tion of the code.

The de facto inter-domain routing protocol for theInternet, the Border Gateway Protocol (BGP), has a numberof security issues giving rise to devastating attacks such ashijacking of Internet traffic. Thus a future Internet requiresa better routing protocol. In the second paper of this issue,Yang Xiang, Xingang Shi, Jianping Wu, Zhiliang Wang, andXia Yin [3] propose such a protocol called FS-BGP. Themain idea here is to digitally sign critical paths betweenautonomous sub-systems of the Internet. Their protocolalso supports complex routing policies allowing routersto supervise segments of neighboring autonomous sub-systems. The authors finally provide evidence that theirprotocol is efficient and will hardly delay the propagationof routing information.

The necessity of the distributed approach for the Inter-net of Things (IoT) to overcome the limitations of a central-ized approach has been recognized. However, there havebeen no explicit analyses of its features and its challenges.In [4], the authors provide an explicit analysis of the fea-tures and security challenges of the distributed approach

2216 Editorial / Computer Networks 57 (2013) 2215–2217

of the Internet of Things, in order to understand what is itsplace in the Future Internet. As typical benefits of distrib-uted approach, they conclude that scalability is improvedbecause intelligence is not concentrated on a limited setof centralized application platforms; it is possible not onlyto push/pull data when needed but also to implement spe-cific privacy policies because data is managed by the dis-tributed entities. Further, additional trust and faulttolerance mechanisms can be specifically created for thisapproach.

The future Internet promotes the introduction of newarchitectures that provide the decoupling of identificationand location, although a challenge is how to integratesecurity by design. Authors in [5] propose an architecture,the Identity-based Network Protocol (INP), that goes be-yond the decoupling of identifiers and locators to buildan identity-based overlay network that decouples the ac-tual identity behind a network node from the locators usedin the underlying network, integrating security by meansof native management of identity as end points of commu-nications. The INP architecture is compared against severalknown proposals for decoupling identifiers and locators,showing that the approach offers the same features plusadditional integrated discovery, flexible naming, and inte-grated security.

The guest editors would like to thank all authors forsubmission of their manuscript to this special issue, as wellas all paper reviewers for their thorough work. Finally, welike also to specially thank the Editor in Chief, Harry Rudinand all the staff at Elsevier for their support and guidanceduring the editorial process.

References

[1] Tapio Levä, Miika Komu, Ari Keränenc, Sakari Luukkainen, Adoptionbarriers of network-layer protocols: the case of host identity protocol,Computer Networks (2013).

[2] Elena Torroglosa, Antonio D. Pérez Morales, Pedro Martínez-Julia,Diego R. Lopez, The GEMBus architecture as an integration frameworkfor security infrastructures, Computer Networks (2013).

[3] Yang Xiang, Xingang Shi, Jianping Wu, Zhiliang Wang, Xia YinSign,What you really care about – secure BGP AS-paths efficiently,Computer Networks (2013).

[4] Rodrigo Roman, Jianying Zhou, Javier Lopez, On the features andsecurity challenges of distributed internet of things, ComputerNetworks (2013).

[5] Pedro Martinez-Julia, Antonio F. Skarmeta, Beyond the separation ofidentifier and locator: building an identity-based overlay networkarchitecture for the future internet, Computer Networks (2013.

Jan Camenisch received a Diplomain Electrical Engineering in 1993 anda Ph.D. in Computer Science in 1998both from ETH Zurich. Since 1999 heis Research Staff Member and projectleader at IBM Research – Zurich. Hisresearch interests include public keycryptography; cryptographic proto-cols, in particular those supportingprivacy and anonymity; practicalsecure distributed computation; andprivacy-enhancing technologies.

Heeyoung Jung is the project coor-dinator of MOFI (Mobile OrientedFuture Internet, www.mofi.re.kr)project. He joined ETRI in 1991after receiving the bachelor degreefrom Pusan National University(PNU) and is currently a principalresearch member and team leaderof Future Internet ArchitectureResearch Team. He received his Ph.D. degree in Information and

Communications Engineering from the ChungnamNational University (CNU) in 2004. His major research

areas include Internet and mobile network technologiesand are closely related to standardization activities inITU-T, IETF, etc. His current research topic is futureInternet architecture.

Ved P. Kafle received the B.E. degreein electronics and electrical com-munications from Punjab Engineer-ing College (now PEC University ofTechnology), the M.S. degree incomputer science and engineeringfrom Seoul National University, andthe Ph.D. in informatics from theGraduate University for AdvancedStudies, Japan. He is a seniorresearcher at NICT, where he is

involved in the design, implementation, evaluation, andoptimization of algorithms and protocols for new genera-

tion networks or the future Internet. In particular, hisinterests include naming and addressing, ID/locator split,information-centric networking, distributed mobilitymanagement, Internet of Things, and privacy, security andtrust in communication networks. He was awarded the ITUAssociation of Japan Award in 2009 and received the bestpaper award (second prize) at the ITU-T KaleidoscopeConference, 2009.

Amardeo C. Sarma received hisBachelor of Technology degree fromthe Indian Institute of Technology,Delhi, in 1977 and his Master’sdegree (Diplom-Ingenieur) from theTechnical University of Darmstadt in1980, both in Electrical Engineering.At NEC Laboratories Europe in Hei-delberg, Germany, he is currentlyGeneral Manager of the Softwareand Services Research Division,

where his responsibility includes Cloud Computing, M2MServices, Security and Trust, Identity Management and

Smart Grid. He had previously worked for Deutsche Tele-kom and Eurescom. Amardeo held Chairman positions atthe ITU-T from 1996 to 2008, and is currently Chairman ofthe Executive Board of the Trust in Digital Life Consortium(TDL).

Editorial / Computer Networks 57 (2013) 2215–2217 2217

Antonio F. Skarmeta received theM.S. degree in Computer Sciencefrom the University of Granada andB.S. (Hons.) and the Ph.D. degrees inComputer Science from the Univer-sity of Murcia Spain. Since 2009 he isFull Professor at the department ofCommunication and InformationEngineering at the University ofMurcia. He has worked on differentresearch projects in the national and

international area especially at the UE level. His maininterested is in the integration of security services at

different layers like networking, management and FutureInternet. He is associate editor of the IEEE SMC-Part B andreviewer for several international journals, he has pub-lished over 90 international papers and is member ofseveral program committees.