This paper presents a smooth way to include Network Coding in the Constrained Application Protocol (CoAP) for large resource transmissions. Devices in the Internet of Things usually communicate using short messages with little data. In some cases, for example, requesting firmware updates, bigger resources need to be transferred. CoAP's recently finalized blockwise transfer scheme can handle large resources, but is not efficient in lossy environments. Network Coding has proven to be more error resistant. This paper demonstrates the limitations of CoAP's existing blockwise transfer scheme and presents a new approach, based on Network Coding. The evaluation compares CoAP's regular blockwise transfer to the new Network Coding extension. Measurements on an implemented client-server application with simulated losses and delay, confirm the benefits of the extension, resulting in reduced transfer durations.
{"title":"Adding a Network Coding Extension to CoAP for Large Resource Transfer","authors":"Bertram Schütz, N. Aschenbruck","doi":"10.1109/LCN.2016.122","DOIUrl":"https://doi.org/10.1109/LCN.2016.122","url":null,"abstract":"This paper presents a smooth way to include Network Coding in the Constrained Application Protocol (CoAP) for large resource transmissions. Devices in the Internet of Things usually communicate using short messages with little data. In some cases, for example, requesting firmware updates, bigger resources need to be transferred. CoAP's recently finalized blockwise transfer scheme can handle large resources, but is not efficient in lossy environments. Network Coding has proven to be more error resistant. This paper demonstrates the limitations of CoAP's existing blockwise transfer scheme and presents a new approach, based on Network Coding. The evaluation compares CoAP's regular blockwise transfer to the new Network Coding extension. Measurements on an implemented client-server application with simulated losses and delay, confirm the benefits of the extension, resulting in reduced transfer durations.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"6 1","pages":"715-722"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91277896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Steffen Büchner, L. Lopacinski, J. Nolte, R. Kraemer
With the recent roll-out of 100 Gbit Ethernet technology for high-performance computing applications and the technology for 100 Gbit wireless communication emerging on the horizon, it is just a matter of time until non-high performance computing applications will have to utilize these data rates. Since 10 Gbit/s protocol processing is already challenging for current server machines and simply upscaling the computing resources is no solution, new approaches are needed. In this paper, we present a stream processing based design approach for scalable communication protocols. The stream processing paradigm enables us to adapt the communication protocol processing for a certain hardware configuration without touching the protocol's implementation. We use this design technique to develop a prototype communication protocol for ultra-high throughput applications and we demonstrate how to adapt the protocol processing for a Stable Throughput as well as for a Low Latency scenario. Last but not least, we present the evaluation results of the experiments, which show that the measured throughput respectively latency of the adapted protocol, scales nearly linear with the number of provided interfaces.
{"title":"100 Gbit/s End-to-End Communication: Designing Scalable Protocols with Soft Real-Time Stream Processing","authors":"Steffen Büchner, L. Lopacinski, J. Nolte, R. Kraemer","doi":"10.1109/LCN.2016.25","DOIUrl":"https://doi.org/10.1109/LCN.2016.25","url":null,"abstract":"With the recent roll-out of 100 Gbit Ethernet technology for high-performance computing applications and the technology for 100 Gbit wireless communication emerging on the horizon, it is just a matter of time until non-high performance computing applications will have to utilize these data rates. Since 10 Gbit/s protocol processing is already challenging for current server machines and simply upscaling the computing resources is no solution, new approaches are needed. In this paper, we present a stream processing based design approach for scalable communication protocols. The stream processing paradigm enables us to adapt the communication protocol processing for a certain hardware configuration without touching the protocol's implementation. We use this design technique to develop a prototype communication protocol for ultra-high throughput applications and we demonstrate how to adapt the protocol processing for a Stable Throughput as well as for a Low Latency scenario. Last but not least, we present the evaluation results of the experiments, which show that the measured throughput respectively latency of the adapted protocol, scales nearly linear with the number of provided interfaces.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"78 1","pages":"129-137"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90217339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper introduces PSCAN, a port scanning-based network covert channel that violates non-discretionary system security policy that does not allow data transfer from a given process (the sender) to another given process (the receiver). Using PSCAN, the sender opens and closes network ports in a way that encodes covert data. The receiver performs a synchronized port scanning procedure on the sender's host to determine which ports are open and which ones are closed then decodes the data. The paper defines the covert channel and analyzes its data rate, stealthiness, and robustness. In addition, the paper investigates countermeasures against the channel.
{"title":"PSCAN: A Port Scanning Network Covert Channel","authors":"E. E. Mohamed, A. B. Mnaouer, E. Barka","doi":"10.1109/LCN.2016.109","DOIUrl":"https://doi.org/10.1109/LCN.2016.109","url":null,"abstract":"This paper introduces PSCAN, a port scanning-based network covert channel that violates non-discretionary system security policy that does not allow data transfer from a given process (the sender) to another given process (the receiver). Using PSCAN, the sender opens and closes network ports in a way that encodes covert data. The receiver performs a synchronized port scanning procedure on the sender's host to determine which ports are open and which ones are closed then decodes the data. The paper defines the covert channel and analyzes its data rate, stealthiness, and robustness. In addition, the paper investigates countermeasures against the channel.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"72 1","pages":"631-634"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86288196","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
N. Kumatani, M. Isomura, T. Murase, M. Oguchi, S. Sagari, A. Baid, I. Seskar, D. Raychaudhuri
In this paper, QoS characteristics such as TCP throughput is investigated for densely deployed mobile wireless LANs (WLANs). Factors affecting throughput characteristics are discussed and evaluated by using real machines such as smartphones and portable APs. In IEEE 802.11 WLANs, a rate adaptation mechanism controls the transmission rate and one of the dominant factors for QoS. In order to understand the behavior of the rate adaptation control, 1 to 18 sets mobile WLANs are examined under different parameters. Since a behavior of the rate adaptation control is a vender specific one and it strongly depends on interference, signal strength and etc., the real terminals such as smartphones were used in the experiments. Performance anomaly drastically reduces the throughput not only in the WLAN which has a terminal with low transmission rate but also in the neighboring WLANs that share the same channel. In order to avoid unnecessary transmission rate degradation by the rate adaptation control, Context Aware multi Rate Control (CARC) is proposed and evaluated. In CARC, Turning the rate adaptation control on/off is controlled according to a context, for example, signal strength. The evaluation results show that the CARC can be cost-effectively implemented and improves the throughput performance of whole WLANs by 3.5 times than that without the application of CARC.
{"title":"Context Aware Multi-Rate Control in Densely Deployed IEEE802.11 WLAN for Avoiding Performance Anomaly","authors":"N. Kumatani, M. Isomura, T. Murase, M. Oguchi, S. Sagari, A. Baid, I. Seskar, D. Raychaudhuri","doi":"10.1109/LCN.2016.64","DOIUrl":"https://doi.org/10.1109/LCN.2016.64","url":null,"abstract":"In this paper, QoS characteristics such as TCP throughput is investigated for densely deployed mobile wireless LANs (WLANs). Factors affecting throughput characteristics are discussed and evaluated by using real machines such as smartphones and portable APs. In IEEE 802.11 WLANs, a rate adaptation mechanism controls the transmission rate and one of the dominant factors for QoS. In order to understand the behavior of the rate adaptation control, 1 to 18 sets mobile WLANs are examined under different parameters. Since a behavior of the rate adaptation control is a vender specific one and it strongly depends on interference, signal strength and etc., the real terminals such as smartphones were used in the experiments. Performance anomaly drastically reduces the throughput not only in the WLAN which has a terminal with low transmission rate but also in the neighboring WLANs that share the same channel. In order to avoid unnecessary transmission rate degradation by the rate adaptation control, Context Aware multi Rate Control (CARC) is proposed and evaluated. In CARC, Turning the rate adaptation control on/off is controlled according to a context, for example, signal strength. The evaluation results show that the CARC can be cost-effectively implemented and improves the throughput performance of whole WLANs by 3.5 times than that without the application of CARC.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"16 1","pages":"363-370"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90138627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
C. Javali, G. Revadigar, Kasper Bonne Rasmussen, Wen Hu, Sanjay Jha
In recent years, the proliferation of wireless devices has contributed to the emergence of new set of applications termed as Location Based Services (LBS). LBS provide privileges to mobile users based on their proximity to a facility. In order to gain benefits, users may lie or falsely claim their location. Hence, it is essential to verify the legitimacy of users. In this paper, we propose our novel solution for generating location proof for mobile users and verification of the location claim by application services. Our protocol exploits unique Wi-Fi signal characteristics and employs an information theoretically secure fuzzy vault scheme. We provide a detailed theoretical and experimental evaluation of our protocol. Our solution is faster by an order of magnitude, and the performance of our scheme is independent of the location tag size and distance between the mobile user and location proof provider compared to the state-of-the-art.
{"title":"I Am Alice, I Was in Wonderland: Secure Location Proof Generation and Verification Protocol","authors":"C. Javali, G. Revadigar, Kasper Bonne Rasmussen, Wen Hu, Sanjay Jha","doi":"10.1109/LCN.2016.126","DOIUrl":"https://doi.org/10.1109/LCN.2016.126","url":null,"abstract":"In recent years, the proliferation of wireless devices has contributed to the emergence of new set of applications termed as Location Based Services (LBS). LBS provide privileges to mobile users based on their proximity to a facility. In order to gain benefits, users may lie or falsely claim their location. Hence, it is essential to verify the legitimacy of users. In this paper, we propose our novel solution for generating location proof for mobile users and verification of the location claim by application services. Our protocol exploits unique Wi-Fi signal characteristics and employs an information theoretically secure fuzzy vault scheme. We provide a detailed theoretical and experimental evaluation of our protocol. Our solution is faster by an order of magnitude, and the performance of our scheme is independent of the location tag size and distance between the mobile user and location proof provider compared to the state-of-the-art.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"50 1","pages":"477-485"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79670239","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the dramatic growth of network attacks, a new set of challenges has raised in the field of electronic security. Undoubtedly, firewalls are core elements in the network security architecture. However, firewalls may include policy anomalies resulting in critical network vulnerabilities. A substantial step towards ensuring network security is resolving packet filter conflicts. Numerous studies have investigated the discovery and analysis of filtering rules anomalies. However, no such emphasis was given to the resolution of these anomalies. Legacy work for correcting anomalies operate with the premise of creating totally disjunctive rules. Unfortunately, such solutions are impractical from implementation point of view as they lead to an explosion of the number of firewall rules. In this paper, we present a new approach for performing assisted corrective actions, which in contrast to the-state-of-the-art family of radically disjunctive approaches, does not lead to a prohibitive increase of the firewall size. In this sense, we allow relaxation in the correction process by clearly distinguishing between constructive anomalies that can be tolerated and destructive anomalies that should be systematically fixed. This distinction between constructive and destructive anomalies is assisted by the network administrator which supports the fact that he has a major role in the heart of the corrective process. To the best of our knowledge, such assisted approach for relaxed resolution of packet filter conflicts was not investigated before. We provide theoretical analysis that demonstrate that our scheme results is sound and indeed result into a conflict-free policy. In addition, we have implemented our solution in a user friendly tool.
{"title":"On Assisted Packet Filter Conflicts Resolution: An Iterative Relaxed Approach","authors":"A. Yazidi, A. Bouhoula","doi":"10.1109/LCN.2016.15","DOIUrl":"https://doi.org/10.1109/LCN.2016.15","url":null,"abstract":"With the dramatic growth of network attacks, a new set of challenges has raised in the field of electronic security. Undoubtedly, firewalls are core elements in the network security architecture. However, firewalls may include policy anomalies resulting in critical network vulnerabilities. A substantial step towards ensuring network security is resolving packet filter conflicts. Numerous studies have investigated the discovery and analysis of filtering rules anomalies. However, no such emphasis was given to the resolution of these anomalies. Legacy work for correcting anomalies operate with the premise of creating totally disjunctive rules. Unfortunately, such solutions are impractical from implementation point of view as they lead to an explosion of the number of firewall rules. In this paper, we present a new approach for performing assisted corrective actions, which in contrast to the-state-of-the-art family of radically disjunctive approaches, does not lead to a prohibitive increase of the firewall size. In this sense, we allow relaxation in the correction process by clearly distinguishing between constructive anomalies that can be tolerated and destructive anomalies that should be systematically fixed. This distinction between constructive and destructive anomalies is assisted by the network administrator which supports the fact that he has a major role in the heart of the corrective process. To the best of our knowledge, such assisted approach for relaxed resolution of packet filter conflicts was not investigated before. We provide theoretical analysis that demonstrate that our scheme results is sound and indeed result into a conflict-free policy. In addition, we have implemented our solution in a user friendly tool.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"117 1","pages":"35-42"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88423566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper proposes a novel priority-aware packet fragmentation extension to high throughput WLANs such as IEEE 802.11n for streaming of H264/AVC encoded videos. Unlike existing fragmentation schemes, the proposed scheme fragments IP packets based on the priority of video packets and the characteristics of MPEG-2 TS, where the original IP packet is fragmented into smaller IP packets containing fewer TS packets and prioritizes individual TS packets, allocated to an appropriate priority queue. The proposed scheme is evaluated on a testbed with various network congestion levels and channel conditions. The results show that the proposed scheme achieves higher quality of the streaming video in terms of PSNR than existing schemes as the network congestion level and the bit error rate increase.
{"title":"An Efficient MAC Layer Packet Fragmentation Scheme with Priority Queuing for Real-Time Video Streaming","authors":"B. Shin, Jalil Abdullayev, Dongman Lee","doi":"10.1109/LCN.2016.18","DOIUrl":"https://doi.org/10.1109/LCN.2016.18","url":null,"abstract":"This paper proposes a novel priority-aware packet fragmentation extension to high throughput WLANs such as IEEE 802.11n for streaming of H264/AVC encoded videos. Unlike existing fragmentation schemes, the proposed scheme fragments IP packets based on the priority of video packets and the characteristics of MPEG-2 TS, where the original IP packet is fragmented into smaller IP packets containing fewer TS packets and prioritizes individual TS packets, allocated to an appropriate priority queue. The proposed scheme is evaluated on a testbed with various network congestion levels and channel conditions. The results show that the proposed scheme achieves higher quality of the streaming video in terms of PSNR than existing schemes as the network congestion level and the bit error rate increase.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"46 1","pages":"69-77"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80739226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this work, we propose RAD, a RApid Deployment localization framework without human sampling. The basic idea of RAD is to automatically generate a fingerprint database through space partition, of which each cell is fingerprinted by its maximum influence APs. Based on this robust location indicator, fine-grained localization can be achieved by a discretized particle filter utilizing sensor data fusion. We devise techniques for CIVD-based field division, graph-based particle filter, EM-based individual character learning, and build a prototype that runs on commodity devices. Extensive experiments show that RAD provides a comparable performance to the state-of-the-art RSS-based methods while relieving it of prior human participation.
{"title":"Rapid Deployment Indoor Localization without Prior Human Participation","authors":"Han Xu, Zimu Zhou, Longfei Shangguan","doi":"10.1109/LCN.2016.89","DOIUrl":"https://doi.org/10.1109/LCN.2016.89","url":null,"abstract":"In this work, we propose RAD, a RApid Deployment localization framework without human sampling. The basic idea of RAD is to automatically generate a fingerprint database through space partition, of which each cell is fingerprinted by its maximum influence APs. Based on this robust location indicator, fine-grained localization can be achieved by a discretized particle filter utilizing sensor data fusion. We devise techniques for CIVD-based field division, graph-based particle filter, EM-based individual character learning, and build a prototype that runs on commodity devices. Extensive experiments show that RAD provides a comparable performance to the state-of-the-art RSS-based methods while relieving it of prior human participation.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"29 1","pages":"547-550"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81296447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Raja Karmakar, Samiran Chattopadhyay, Sandip Chakraborty
High throughput wireless access networks based on IEEE 802.11ac show a significant challenge in dynamically selecting the link configuration parameters based on channel conditions due to large pool of design set, like number of spatial streams, channel bonding, guard intervals, frame aggregation and different modulation and coding schemes. In this paper, we develop a learning based approach for link adaptation motivated by the multi-armed bandit based distributed learning algorithm. The proposed link adaptation algorithm, BanditLink, explores different possible configuration options based on observing their impact over the network performance at various channel conditions. We analyze the performance of BanditLink from simulation results, and observe that it performs significantly better compared to other competing mechanisms proposed in the literature.
{"title":"Dynamic Link Adaptation in IEEE 802.11ac: A Distributed Learning Based Approach","authors":"Raja Karmakar, Samiran Chattopadhyay, Sandip Chakraborty","doi":"10.1109/LCN.2016.20","DOIUrl":"https://doi.org/10.1109/LCN.2016.20","url":null,"abstract":"High throughput wireless access networks based on IEEE 802.11ac show a significant challenge in dynamically selecting the link configuration parameters based on channel conditions due to large pool of design set, like number of spatial streams, channel bonding, guard intervals, frame aggregation and different modulation and coding schemes. In this paper, we develop a learning based approach for link adaptation motivated by the multi-armed bandit based distributed learning algorithm. The proposed link adaptation algorithm, BanditLink, explores different possible configuration options based on observing their impact over the network performance at various channel conditions. We analyze the performance of BanditLink from simulation results, and observe that it performs significantly better compared to other competing mechanisms proposed in the literature.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"8 1","pages":"87-94"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81313593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Wazan, R. Laborde, D. Chadwick, F. Barrère, A. Benzekri
A Public Key Infrastructure (PKI) is based on a trust model defined by the original X.509 standard and is composed of three entities: the Certification Authority, the certificate holder (subject) and the Relying Party. The CA plays the role of a trusted third party between the subject and the RP. A trust evaluation problem is raised when an RP receives a certificate from an unknown subject that is signed by an unknown CA. Different approaches have been proposed to handle this trust problem. We argue that these approaches work only in the closed deployment model where RPs are also subjects, but cannot work in the open deployment model where they are not. Our objective is to identify the deficiencies in the existing trust approaches that try to help RPs to make trust decisions about certificates in the Internet, and to introduce the new X.509 approach based on a trust broker.
{"title":"How Can I Trust an X.509 Certificate? An Analysis of the Existing Trust Approaches","authors":"A. Wazan, R. Laborde, D. Chadwick, F. Barrère, A. Benzekri","doi":"10.1109/LCN.2016.85","DOIUrl":"https://doi.org/10.1109/LCN.2016.85","url":null,"abstract":"A Public Key Infrastructure (PKI) is based on a trust model defined by the original X.509 standard and is composed of three entities: the Certification Authority, the certificate holder (subject) and the Relying Party. The CA plays the role of a trusted third party between the subject and the RP. A trust evaluation problem is raised when an RP receives a certificate from an unknown subject that is signed by an unknown CA. Different approaches have been proposed to handle this trust problem. We argue that these approaches work only in the closed deployment model where RPs are also subjects, but cannot work in the open deployment model where they are not. Our objective is to identify the deficiencies in the existing trust approaches that try to help RPs to make trust decisions about certificates in the Internet, and to introduce the new X.509 approach based on a trust broker.","PeriodicalId":6864,"journal":{"name":"2016 IEEE 41st Conference on Local Computer Networks (LCN)","volume":"49 1","pages":"531-534"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79944475","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: