GSP Summary

1
Future Internet Summer School
Reliable Internetworking using the Pub/Sub
Paradigm Nikos Fotiou Advisor Prof. George C.
Polyzos Mobile Multimedia Laboratory, Department
of Informatics Athens University of Economics and
Business fotiou_at_aueb.gr, http//mm.aueb.gr/
Abstract New paradigms for the Future Internet
are receiving an increased attention in the
research community. The publish/subscribe
paradigm is one of these and of particular
interest, turning the Internet into
information-centric rather than endpoint-centric.
Current security architectures cannot be directly
applied to this new paradigm, however the ground
is open for new, innovative security mechanisms
Motivation
Key pub/sub principles

• The current Internet architecture, although very
  successful, remains relatively unchanged since
  its inception, but
• New demands are raised (security, mobility,
  scalability, quality of service, and economics)
  which are tackled using add-ons
• Still this architecture remains fragile and new
  problems keep building up

• Information centric (everything is information!)
• Clients (subscribers) express their interest on
  specific pieces of information published by
  publishers. The network locates and forwards them
• Multicast is the preferred delivery method
• All entities are identified using flat, location
  independent labels

• It becomes apparent that the Internet has to be
  redesigned using a clean slate approach
• Pub/sub is seen as a promising candidate for a
  (clean slate) future Internet architecture,
  however
• it needs to be secured

Challenges

• Identify the security requirements/issues of
  this new paradigm
• Modify and adapt current security mechanisms
• Create new security mechanisms by taking
  advantage of the unique characteristics of pub/sub

A reference pub/sub architecture

• Main entities
• Publishers/Subscribers
• Rendezvous Points that match subscriptions with
  publications
• Rendezvous Nodes that implements the rendezvous
  points
• Scopes logical/physical structures for
  information locating, access control and limiting
  data dissemination
• Publishers/Subscribers usually are not aware of
  each other
• Publication/Subscription decoupled in time and
  space

Current status
Expected outcome

• Security analysis of existing pub/sub
  implementations
• Implementation of solution for mobility in
  pub/sub networks
• Prototype development using overlay multicast
• Simulation modeling using Omnet and Oversim
• Study the application of p2p trust mechanisms in
  the pub/sub paradigm

• Threat models for the pub/sub paradigm
• A robust, reliable and scalable security
  architecture
• Trust mechanisms that will isolate misbehaving
  entities
• Information oriented security solutions
• Effective multicast group key management
• Scope mechanisms for access control, information
  dissemination limitation
• DRM mechanisms for the pub/sub paradigm
• Security solutions targeting spamming, DDoS,
  botnets

This PhD thesis is supported in part by the FP7
funded project Publish Subscribe Internet
Routing Paradigm (PSIRP http//www.psirp.org)