The Complete Guide to SCION » książka

zaloguj się | załóż konto

topmenu

Szukaj

Książki na zamówienie

Wyszukiwanie zaawansowane

Pusty koszyk

Bezpłatna dostawa dla zamówień powyżej 20 zł

Kategorie główne

• Nauka

[2949965]

• Literatura piękna

[1857847]

więcej...

Kategorie szczegółowe BISAC

The Complete Guide to SCION

Name: The Complete Guide to SCION
Brand: Springer International Publishing
Price: 363.12 PLN
Availability: InStock

ISBN-13: 9783031052903 / Angielski / Miękka / 2023

Laurent Chuat;Markus Legner;David Basin

The Complete Guide to SCION

ISBN-13: 9783031052903 / Angielski / Miękka / 2023

Laurent Chuat;Markus Legner;David Basin

cena 363,12
(netto: 345,83 VAT: 5%)

Najniższa cena z 30 dni: 346,96

Termin realizacji zamówienia:
ok. 22 dni roboczych
Bez gwarancji dostawy przed świętami

Darmowa dostawa!

inne wydania

When the SCION project started in 2009, the goal was to create an architecture offering high availability and security for basic point-to-point communication. In the five years since the publication of SCION: A Secure Internet Architecture, this next-generation Internet architecture has evolved in terms of both design and deployment.On the one hand, there has been development of exciting new concepts and systems, including a new global time-synchronization system, an inter-domain approach for bandwidth reservations called COLIBRI, and Green Networking, which allows combating global climate change on three fronts. On the other hand, SCION is now also in production use by the Swiss financial ecosystem, and enables participants such as the Swiss National Bank, the Swiss provider of clearing services (SIX), and all Swiss financial institutes to communicate securely and reliably with each other via the Secure Swiss Finance Network.This unique guidebook provides an updated description of SCION's main components, covering new research topics and the most recent deployments. In particular, it presents in-depth discussion of formal verification efforts. Importantly, it offers a comprehensive, thorough description of the current SCION system:

Describes the principles that guided SCION's design as a secure and robust Internet architecture
Provides a comprehensive description of the next evolution in the way data finds its way through the Internet
Explains how SCION can contribute to reducing carbon emissions, by introducing SCION Green Networking
Demonstrates how SCION not only functions in academic settings but also works in production deployments
Discusses additional use cases for driving SCION's adoption
Presents the approaches for formal verification of protocols and code
Illustrated with many colorful figures, pictures, and diagrams, allowing easy access to the concepts and use cases

Assembled by a team with extensive experience in the fields of computer networks and security, this text/reference is suitable for researchers, practitioners, and graduate students interested in network security. Also, readers with limited background in computer networking but with a desire to know more about SCION will benefit from an overview of relevant chapters in the beginning of the book.

Kategorie:

Informatyka, Bazy danych

Wydawca:

Springer International Publishing

Seria wydawnicza:

Information Security and Cryptography

Język:

Angielski

ISBN-13:

9783031052903

Rok wydania:

2023

Waga:

1.03 kg

Wymiary:

23.5 x 15.5

Oprawa:

Miękka

Dodatkowe informacje:

Glosariusz/słownik
Wydanie ilustrowane

Foreword by Joël Mesot xi

Foreword by Fritz Steinmann xiii

Preface xv

How to Read This Book xvii

Acknowledgments xix

1 Introduction 1

1.1 Today’s Internet . . . . . . . . . . . . . . . . . . . . . . . 2

1.2 Goals for a Secure Internet Architecture . . . . . . . . . . . 9

I SCION Core Components 15

2 Overview 17

2.1 Infrastructure Components . . . . . . . . . . . . . . . . . . 20

2.2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . 21

2.3 Control Plane . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.4 Data Plane . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.5 ISD and AS Numbering . . . . . . . . . . . . . . . . . . . 31

3 Authentication 35

3.1 The Control-Plane PKI (CP-PKI) . . . . . . . . . . . . . . 36

3.2 DRKey: Dynamically Recreatable Keys . . . . . . . . . . . 52

3.3 SCION Packet Authenticator Option . . . . . . . . . . . . . 61

4 Control Plane 65

4.1 Path-Segment Construction Beacons (PCBs) . . . . . . . . 66

4.2 Path Exploration (Beaconing) . . . . . . . . . . . . . . . . 69

4.3 Path-Segment Registration . . . . . . . . . . . . . . . . . . 71

4.4 PCB and Path-Segment Selection . . . . . . . . . . . . . . 73

4.5 Path Lookup . . . . . . . . . . . . . . . . . . . . . . . . . 80

4.6 Service Discovery . . . . . . . . . . . . . . . . . . . . . . 87

4.7 SCION Control Message Protocol (SCMP) . . . . . . . . . 89

5 Data Plane 93

5.1 Inter- and Intra-domain Forwarding . . . . . . . . . . . . . 94

5.2 Packet Format . . . . . . . . . . . . . . . . . . . . . . . . 95

5.3 Path Authorization . . . . . . . . . . . . . . . . . . . . . . 96

5.4 The SCION Path Type . . . . . . . . . . . . . . . . . . . . 101

5.5 Path Construction (Segment Combinations) . . . . . . . . . 104

5.6 Packet Initialization and Forwarding . . . . . . . . . . . . . 115

5.7 Path Revocation . . . . . . . . . . . . . . . . . . . . . . . 120

5.8 Data-Plane Extensions . . . . . . . . . . . . . . . . . . . . 124

II Analysis of the Core Components 127

6 Functional Properties and Scalability 129

6.1 Dependency Analysis . . . . . . . . . . . . . . . . . . . . . 130

6.2 SCION Path Policy . . . . . . . . . . . . . . . . . . . . . . 135

6.3 Scalability Analysis . . . . . . . . . . . . . . . . . . . . . 148

6.4 Beaconing Overhead and Path Quality . . . . . . . . . . . . 150

7 Security Analysis 157

7.1 Security Goals and Properties . . . . . . . . . . . . . . . . 158

7.2 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . 161

7.3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

7.4 Control-Plane Security . . . . . . . . . . . . . . . . . . . . 165

7.5 Path Authorization . . . . . . . . . . . . . . . . . . . . . . 170

7.6 Data-Plane Security . . . . . . . . . . . . . . . . . . . . . 172

7.7 Source Authentication . . . . . . . . . . . . . . . . . . . . 174

7.8 Absence of Kill Switches . . . . . . . . . . . . . . . . . . . 176

7.9 Other Security Properties . . . . . . . . . . . . . . . . . . . 179

7.10 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

III Achieving Global Availability Guarantees 183

8 Extensions for the Control Plane 185

8.1 Hidden Paths . . . . . . . . . . . . . . . . . . . . . . . . . 185

8.2 Time Synchronization . . . . . . . . . . . . . . . . . . . . 190

8.3 Path Metadata in PCBs . . . . . . . . . . . . . . . . . . . . 197

9 Monitoring and Filtering 203

9.1 Replay Suppression . . . . . . . . . . . . . . . . . . . . . . 204

9.2 High-Speed Traffic Filtering with LightningFilter . . . . . . 207

9.3 Probabilistic Traffic Monitoring with LOFT . . . . . . . . . 217

10 Extensions for the Data Plane 227

10.1 Source Authentication and Path Validation with EPIC . . . . 228

10.2 Bandwidth Reservations with COLIBRI . . . . . . . . . . . 237

11 Availability Guarantees 267

11.1 Availability Goals and Threat Landscape . . . . . . . . . . 268

11.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

11.3 Defense Systems . . . . . . . . . . . . . . . . . . . . . . . 271

11.4 Traffic Prioritization . . . . . . . . . . . . . . . . . . . . . 278

11.5 Protected DRKey Bootstrapping . . . . . . . . . . . . . . . 283

11.6 Protection of Control-Plane Services . . . . . . . . . . . . . 288

11.7 AS Certification . . . . . . . . . . . . . . . . . . . . . . . 294

11.8 Security Discussion . . . . . . . . . . . . . . . . . . . . . . 297

IV SCION in the Real World 301

12 Host Structure 303

12.1 Host Components . . . . . . . . . . . . . . . . . . . . . . . 303

12.2 Future Approaches . . . . . . . . . . . . . . . . . . . . . . 307

13 Deployment and Operation 317

13.1 Global Deployment . . . . . . . . . . . . . . . . . . . . . . 319

13.2 End-Host Deployment and Bootstrapping . . . . . . . . . . 327

13.3 The SCION–IP Gateway (SIG) . . . . . . . . . . . . . . . . 332

13.4 SIG Coordination Systems . . . . . . . . . . . . . . . . . . 336

13.5 SCION as a Secure Backbone AS (SBAS) . . . . . . . . . . 345

13.6 Example: Life of a SCION Data Packet . . . . . . . . . . . 354

14 SCIONLAB Research Testbed 361

14.1 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 362

14.2 Research Projects . . . . . . . . . . . . . . . . . . . . . . . 366

14.3 Comparison to Related Systems . . . . . . . . . . . . . . . 368

15 Use Cases and Applications 371

15.1 Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

15.2 Applications . . . . . . . . . . . . . . . . . . . . . . . . . 382

15.3 Case Study: Secure Swiss Finance Network (SSFN) . . . . 385

15.4 Case Study: SCI-ED, a SCION-Based Research Network . . 389

16 Green Networking with SCION 393

16.1 Direct Power Savings with SCION . . . . . . . . . . . . . . 394

16.2 SCION Enables Green Inter-domain Routing . . . . . . . . 399

16.3 Incentives for ISPs to Use Renewable Energy Resources . . 404

17 Cryptography 407

17.1 How Cryptography Is Used in SCION . . . . . . . . . . . . 408

17.2 Cryptographic Primitives . . . . . . . . . . . . . . . . . . . 409

17.3 Local Cryptographic Primitives . . . . . . . . . . . . . . . 410

17.4 Global Cryptographic Primitives . . . . . . . . . . . . . . . 412

17.5 Post-Quantum Cryptography . . . . . . . . . . . . . . . . . 415

V Additional Security Systems 417

18 F-PKI: A Flexible End-Entity Public-Key Infrastructure 419

18.1 Trust Model . . . . . . . . . . . . . . . . . . . . . . . . . . 421

18.2 Overview of F-PKI . . . . . . . . . . . . . . . . . . . . . . 423

18.3 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424

18.4 Verifiable Data Structures . . . . . . . . . . . . . . . . . . 426

18.5 Selection of Map Servers . . . . . . . . . . . . . . . . . . . 428

18.6 Proof Delivery . . . . . . . . . . . . . . . . . . . . . . . . 428

18.7 Certificate Validation . . . . . . . . . . . . . . . . . . . . . 430

19 RHINE: Secure and Reliable Internet Naming Service 431

19.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . 433

19.2 Why a Fresh Start? . . . . . . . . . . . . . . . . . . . . . . 437

19.3 Overview of RHINE . . . . . . . . . . . . . . . . . . . . . 440

19.4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . 444

19.5 Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . 452

19.6 Secure Name Resolution . . . . . . . . . . . . . . . . . . . 455

19.7 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . 457

20 PILA: Pervasive Internet-Wide Low-Latency Authentication 461

20.1 Trust-Amplification Model . . . . . . . . . . . . . . . . . . 463

20.2 Overview of PILA . . . . . . . . . . . . . . . . . . . . . . 464

20.3 ASes as Opportunistically Trusted Entities . . . . . . . . . 464

20.4 Authentication Based on End-Host Addresses . . . . . . . . 465

20.5 Certificate Service . . . . . . . . . . . . . . . . . . . . . . 466

20.6 NAT Devices . . . . . . . . . . . . . . . . . . . . . . . . . 467

20.7 Session Resumption . . . . . . . . . . . . . . . . . . . . . 467

20.8 Downgrade Prevention . . . . . . . . . . . . . . . . . . . . 468

VI Formal Verification 471

21 Motivation for Formal Verification 473

21.1 Local and Global Properties . . . . . . . . . . . . . . . . . 474

21.2 Quantitative Properties . . . . . . . . . . . . . . . . . . . . 475

21.3 Adversarial Environments . . . . . . . . . . . . . . . . . . 475

21.4 Design-Level and Code-Level Verification . . . . . . . . . . 476

22 Design-Level Verification 477

22.1 Overview of Design-Level Verification . . . . . . . . . . . 478

22.2 Background on Event Systems and Refinement . . . . . . . 482

22.3 Example: Authentication Protocol . . . . . . . . . . . . . . 488

22.4 Verification of the SCION Data Plane . . . . . . . . . . . . 494

22.5 Quantitative Verification of the N-Tube Algorithm . . . . . 510

23 Code-Level Verification 519

23.1 Why Code-Level Verification? . . . . . . . . . . . . . . . . 520

23.2 Introduction to Program Verification . . . . . . . . . . . . . 522

23.3 Verification of Go Programs . . . . . . . . . . . . . . . . . 533

23.4 Verification of Protocol Implementations . . . . . . . . . . 547

23.5 Secure Information Flow . . . . . . . . . . . . . . . . . . . 555

24 Current Status and Plans 563

24.1 Completed Work . . . . . . . . . . . . . . . . . . . . . . . 563

24.2 Ongoing Work . . . . . . . . . . . . . . . . . . . . . . . . 566

24.3 Future Plans and Open Challenges . . . . . . . . . . . . . . 567

VII Back Matter 573

25 Related Work 575

25.1 Future Internet Architectures . . . . . . . . . . . . . . . . . 575

25.2 Deployment of New Internet Architectures . . . . . . . . . 580

25.3 Inter-domain Multipath Routing Protocols . . . . . . . . . . 582

Bibliography 585

Glossary 641

Abbreviations 645

Index 651

Laurent Chuat is a postdoctoral researcher in the Network Security Group at ETH Zurich, where most of his research focuses on authentication and public-key infrastructures. He obtained his PhD in computer science from ETH Zurich in 2020 and co-authored the book "SCION: A Secure Internet Architecture."

Markus Legner is a senior researcher and lecturer in the Network Security Group, where he is conducting research on the design and verification of security protocols. He holds a Bachelor's degree in computer science from ETH Zurich as well as a doctorate in theoretical physics.

David Basin is a professor of computer science at ETH Zurich and was head of the department from 2019 to 2020. David received his PhD in computer science from Cornell University in 1989 and his Habilitation in computer science from the University of Saarbrücken in 1996. From 1997 to 2002, he held the Chair of Software Engineering at the University of Freiburg in Germany. He is the founding director of the Zurich Information Security Center (ZISC).

David Hausheer is a professor at the Faculty of Computer Science at Otto von Guericke University Magdeburg, where he leads the Networks and Distributed Systems Lab. He received his degree in electrical engineering from ETH Zurich in 2001. Since 2001, he participated in numerous European Union projects. He obtained his PhD in 2005 and was then employed as a senior researcher and lecturer in the Department of Informatics (IFI) at the University of Zurich.

Samuel Hitz holds a Master's degree in computer science from ETH Zurich and is the current CTO and previous CEO of Anapaya, which he co-founded with Adrian Perrig, David Basin, and Peter Müller. He has worked on the implementation of SCION and, together with Anapaya's customers, on the real-world deployment and operation of an enterprise-oriented SCION network.

Peter Müller has been a professor of computer science at ETH Zurich since 2008. Before joining ETH Zurich, he worked as an IT project manager at Deutsche Bank in Frankfurt and held a position as researcher at Microsoft Research. Peter Müller is working on programming languages, methods, and tools with the goal of enabling programmers to develop correct software.

Adrian Perrig is a professor at the Department of Computer Science at ETH Zurich, where he leads the Network Security Group. He is also an adjunct professor of electrical and computer engineering at Carnegie Mellon University. From 2007 to 2012, he served as the technical director for Carnegie Mellon's CyLab. During that time, he led a research project aimed at building a next-generation Internet architecture, which was later renamed SCION.

On the one hand, there has been development of exciting new concepts and systems, including a new global time-synchronization system, an inter-domain approach for bandwidth reservations called COLIBRI, and Green Networking, which allows combating global climate change on three fronts. On the other hand, SCION is now also in production use by the Swiss financial ecosystem, and enables participants such as the Swiss National Bank, the Swiss provider of clearing services (SIX), and all Swiss financial institutes to communicate securely and reliably with each other via the Secure Swiss Finance Network.

This unique guidebook provides an updated description of SCION's main components, covering new research topics and the most recent deployments. In particular, it presents in-depth discussion of formal verification efforts. Importantly, it offers a comprehensive, thorough description of the current SCION system:

Describes the principles that guided SCION's design as a secure and robust Internet architecture
Provides a comprehensive description of the next evolution in the way data finds its way through the Internet
Explains how SCION can contribute to reducing carbon emissions, by introducing SCION Green Networking
Demonstrates how SCION not only functions in academic settings but also works in production deployments
Discusses additional use cases for driving SCION's adoption
Presents the approaches for formal verification of protocols and code
Illustrated with many colorful figures, pictures, and diagrams, allowing easy access to the concepts and use cases

Krainaksiazek.pl w programie rzetelna firma

Krainaksiaze.pl - płatności przez paypal

Czytaj nas na:

Zobacz:

1997-2025 DolnySlask.com Agencja Internetowa