infrastructure2.0 model proposal 1 19 10

Modeling InternetInfrastructure 2.0

Infrastructure 2.0_Model_Proposal_12-29-09ppt | 1Richard Paine ([email protected])

Existing Models - OSI


Existing Models – TCP/IP


Layer 3.5 of the OSI Model

TCP/UDP TCP/UDP

HIP HIPIPSEC IPSEC

IPIP

Authentication Layer Authentication Layer

ESP Payload: not encrypted, not authenticated

Authenticated Control Messages

Authentication Interaction

Gurtov; Host Identity Protocol (HIP); Wiley, 2008; pg 131.

Richard Paine ([email protected]) Infrastructure 2.0_Model_Proposal_12-29-09ppt | 4

Unauthenticated Control Messages

Need New Network Model

• Discovery

• Connection

• Description

• Negotiation

• Configuration

Current Examples New Examples

DHCPDNS802.11 Beacons

QueryAuthorizationOASISHIP End-to-End Security

Current Examples

PHYMACNETWORKIPSEC

New Examples

802.11 Handoff802.21 HandoffHIP End-to-End Security

Current Examples

SSLDatabasesDirectories

New Examples

MetaData Secure DatastoresMetaData Access Points (MAP)IF-MAP

Current Examples

OASIS

New Examples

HIP End-to-End SecurityMetaDataUndefined Negotiation Protocol

Current Examples

DatabasesDirectoriesActive Directory

New Examples

MetaData Secure DatastoresMetaData Access Points

Infrastructure 2.0_Model_Proposal_12-29-09ppt |5 Richard Paine ([email protected])

Additional Three Layers of Model Abstraction




• Initiation of Ops

• Maintence of Ops

• Cessation of Ops


New Functional 8 Layer Network Model


End-to-End Security Model

Modem

OS-Internetworking

Modem

OS-Internetworking

IP Infrastructure

Media Media

OS-Session

Application

OS-Session

ApplicationSSL, TLS, etc.

App.-Secured Payload

IPSec, HIP, SMA, etc.

TrustedPolicyEngine

Trusted component used to verify compliance and prevent policy violation

IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)

TrustedPolicyEngine



Modem Level Discovery

Modem ModemIP

Infrastructure

Media Media

TrustedPolicyEngine

IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)Trusted

PolicyEngine


Note: Similar to 802.11k’s Neighbor Report(names around the immediate network)


OS-Interworking and OS-Session Connection

Modem

OS-Internetworking

Modem

OS-InternetworkingIP

Infrastructure

Media Media

OS-Session OS-SessionSSL, TLS, etc.


TrustedPolicyEngine

IETF/TCG/TOG/IEEE SecureDataStore and Schema (MAP)Trusted

PolicyEngine



Description Available to All Layers

Modem

OS-Internetworking

Modem


Infrastructure

Media Media



TrustedPolicyEngine


TrustedPolicyEngine


Application ApplicationApp.-Secured Payload


Negotiation

Modem

OS-Internetworking

Modem


Infrastructure

Media Media



TrustedPolicyEngine


TrustedPolicyEngine




Configuration

Modem

OS-Internetworking

Modem


Infrastructure

Media Media



TrustedPolicyEngine

TrustedPolicyEngine





Initiation, Maintenance, and Discontinuation of Operation

Modem

OS-Internetworking

Modem


Infrastructure

Media Media



TrustedPolicyEngine

TrustedPolicyEngine





Conclusion

• New Model Proposed for Internet 2.0 that includes InterCloud

• Identity for Internet 2.0

• Security for Internet 2.0


infrastructure2.0 model proposal 1 19 10

Technology

ppt richard paine

media media ssl

conclusion new model

application application

secured payload ipsec

description available

intercloud identity

ks neighbor report names