infrastructure2.0 model proposal 1 19 10
DESCRIPTION
The presentation takes the Mark Cummings functional model and maps it to a communications stack model with its attendant metadata and associated policies.TRANSCRIPT
Modeling InternetInfrastructure 2.0
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 1Richard Paine ([email protected])
Existing Models - OSI
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 2Richard Paine ([email protected])
Existing Models – TCP/IP
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 3Richard Paine ([email protected])
Layer 3.5 of the OSI Model
TCP/UDP TCP/UDP
HIP HIPIPSEC IPSEC
IPIP
Authentication Layer Authentication Layer
ESP Payload: not encrypted, not authenticated
Authenticated Control Messages
Authentication Interaction
Gurtov; Host Identity Protocol (HIP); Wiley, 2008; pg 131.
Richard Paine ([email protected]) Infrastructure 2.0_Model_Proposal_12-29-09ppt | 4
Unauthenticated Control Messages
Need New Network Model
• Discovery
• Connection
• Description
• Negotiation
• Configuration
Current Examples New Examples
DHCPDNS802.11 Beacons
QueryAuthorizationOASISHIP End-to-End Security
Current Examples
PHYMACNETWORKIPSEC
New Examples
802.11 Handoff802.21 HandoffHIP End-to-End Security
Current Examples
SSLDatabasesDirectories
New Examples
MetaData Secure DatastoresMetaData Access Points (MAP)IF-MAP
Current Examples
OASIS
New Examples
HIP End-to-End SecurityMetaDataUndefined Negotiation Protocol
Current Examples
DatabasesDirectoriesActive Directory
New Examples
MetaData Secure DatastoresMetaData Access Points
Infrastructure 2.0_Model_Proposal_12-29-09ppt |5 Richard Paine ([email protected])
Additional Three Layers of Model Abstraction
Current Examples New Examples
Current Examples New Examples
Current Examples New Examples
• Initiation of Ops
• Maintence of Ops
• Cessation of Ops
Infrastructure 2.0_Model_Proposal_12-29-09ppt |6 Richard Paine ([email protected])
New Functional 8 Layer Network Model
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 7Richard Paine ([email protected])
End-to-End Security Model
Modem
OS-Internetworking
Modem
OS-Internetworking
IP Infrastructure
Media Media
OS-Session
Application
OS-Session
ApplicationSSL, TLS, etc.
App.-Secured Payload
IPSec, HIP, SMA, etc.
TrustedPolicyEngine
Trusted component used to verify compliance and prevent policy violation
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
TrustedPolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 8Richard Paine ([email protected])
Modem Level Discovery
Modem ModemIP
Infrastructure
Media Media
TrustedPolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)Trusted
PolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
Note: Similar to 802.11k’s Neighbor Report(names around the immediate network)
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 9Richard Paine ([email protected])
OS-Interworking and OS-Session Connection
Modem
OS-Internetworking
Modem
OS-InternetworkingIP
Infrastructure
Media Media
OS-Session OS-SessionSSL, TLS, etc.
IPSec, HIP, SMA, etc.
TrustedPolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)Trusted
PolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 10Richard Paine ([email protected])
Description Available to All Layers
Modem
OS-Internetworking
Modem
OS-InternetworkingIP
Infrastructure
Media Media
OS-Session OS-SessionSSL, TLS, etc.
IPSec, HIP, SMA, etc.
TrustedPolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
TrustedPolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
Application ApplicationApp.-Secured Payload
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 11Richard Paine ([email protected])
Negotiation
Modem
OS-Internetworking
Modem
OS-InternetworkingIP
Infrastructure
Media Media
OS-Session OS-SessionSSL, TLS, etc.
IPSec, HIP, SMA, etc.
TrustedPolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
TrustedPolicyEngine
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
Application ApplicationApp.-Secured Payload
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 12Richard Paine ([email protected])
Configuration
Modem
OS-Internetworking
Modem
OS-InternetworkingIP
Infrastructure
Media Media
OS-Session OS-SessionSSL, TLS, etc.
IPSec, HIP, SMA, etc.
TrustedPolicyEngine
TrustedPolicyEngine
Application ApplicationApp.-Secured Payload
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
Infrastructure 2.0_Model_Proposal_12-29-09ppt |13 Richard Paine ([email protected])
Initiation, Maintenance, and Discontinuation of Operation
Modem
OS-Internetworking
Modem
OS-InternetworkingIP
Infrastructure
Media Media
OS-Session OS-SessionSSL, TLS, etc.
IPSec, HIP, SMA, etc.
TrustedPolicyEngine
TrustedPolicyEngine
Application ApplicationApp.-Secured Payload
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)
Infrastructure 2.0_Model_Proposal_12-29-09ppt | 14Richard Paine ([email protected])
Conclusion
• New Model Proposed for Internet 2.0 that includes InterCloud
• Identity for Internet 2.0
• Security for Internet 2.0
Infrastructure 2.0_Model_Proposal_12-29-09ppt |15 Richard Paine ([email protected])