politecnico di milano networking security maurizio dècina politecnico di milano/cefriel...
TRANSCRIPT
PolitecnicoPolitecnicodi Milanodi Milano
Networking SecurityNetworking SecurityMaurizio DècinaMaurizio Dècina
Politecnico di Milano/CEFRIELPolitecnico di Milano/CEFRIEL
[email protected]@cefriel.ithttp://www.cefriel.it/~decinahttp://www.cefriel.it/~decina
Ordine degli Ingegneri di Milano,Ordine degli Ingegneri di Milano,Cefriel, Clusit e Cisco SystemsCefriel, Clusit e Cisco Systems
LA SICUREZZA DELLE RETILA SICUREZZA DELLE RETI
Milano, 8 Aprile 2003, Politecnico di MilanoMilano, 8 Aprile 2003, Politecnico di Milano
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--22--
Generalized Moore’s LawGeneralized Moore’s Law
Most Important Information Technology Growth Parameters double every 2 – 3 Years
Number of Transistors in a ChipComputation CyclesMemory Size, Magnetic/Optical DisksDevices Feature SizeBackbone Bandwidth,.......
The Power of Exponential Growth!
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--33--
102
106
1018
1016
1014
1012
1010
108
104
101 10-210-1100 10-3
Num
ero
di co
mpon
enti
per
chip
Dimensione del circuito (micron)
Era Classica Era Quantica
19701980
1990
19952000
20052010
4°K
77°K
295°K
Fonte: Joel Birnbaum, 1999
Muro diMoore
Il calcolo quantico secondo BiernbaumIl calcolo quantico secondo Biernbaum
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--44--
Internet Domain Survey Host CountInternet Domain Survey Host CountJanuary 2003, ISCJanuary 2003, ISC
Jan 2003 - Total Host Count 171,638,297Jan 2003 - Total Host Count 171,638,297
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--55--
Top Domain Names by Host CountTop Domain Names by Host CountISCISC, , January 2003January 2003
Internet Domain Survey di Internet Software Consortium (http://www.isc.org/ds/)
DOMAINSDOMAINS HOST Jan.'99HOST Jan.'99 HOST Jan.'00HOST Jan.'00 HOST Jan.'01HOST Jan.'01 com - Commercialcom - Commercial 12.140.74712.140.747 24.863.33124.863.331 36.352.24336.352.243 net - Networksnet - Networks 8.856.6878.856.687 16.853.65516.853.655 30.885.11630.885.116 edu - Educationaledu - Educational 5.022.8155.022.815 6.085.1376.085.137 7.106.0627.106.062 jp - Japanjp - Japan 1.687.5341.687.534 2.636.5412.636.541 4.640.8634.640.863 ca - Canadaca - Canada 1.119.1721.119.172 1.669.6641.669.664 2.364.0142.364.014 uk - United Kingdomuk - United Kingdom 1.423.8041.423.804 1.901.8121.901.812 2.291.3692.291.369 us - United Statesus - United States 1.562.3911.562.391 1.751.8661.751.866 2.267.0892.267.089 de - Germanyde - Germany 1.316.8931.316.893 1.702.4861.702.486 2.163.3262.163.326 mil - US Militarymil - US Military 1.510.4401.510.440 1.875.6631.875.663 1.844.3691.844.369 it - Italyit - Italy 338.822338.822 658.307658.307 1.630.5261.630.526 au - Australiaau - Australia 192.351192.351 1.090.4681.090.468 1.615.9391.615.939 nl - Netherlandsnl - Netherlands 564.129564.129 820.944820.944 1.309.9111.309.911 org - Organizationsorg - Organizations 744.285744.285 959.827959.827 1.267.6621.267.662 fr - Francefr - France 488.043488.043 779.879779.879 1.229.7631.229.763 tw - Taiwantw - Taiwan 308.676308.676 597.036597.036 1.095.7181.095.718 br - Brazilbr - Brazil 215.086215.086 446.444446.444 876.596876.596
gov - Governmentgov - Government 651.200651.200 777.750777.750 834.971834.971 fi - Finlandfi - Finland 546.244546.244 631.248631.248 771.725771.725 se - Swedense - Sweden 431.809431.809 594.627594.627 764.011764.011 es - Spaines - Spain 264.245264.245 415.641415.641 663.553663.553twtw - - TaiwanTaiwan 308.676308.676 597.036597.036 1.095.7181.095.718
TOTALTOTAL 43.230.00043.230.000 72.398.00072.398.000 109.575.000109.575.000
44.520.20944.520.20947.761.38347.761.3837.754.0387.754.0387.118.3337.118.3332.890.2732.890.2732.462.2152.462.2152.125.6242.125.6242.681.3252.681.3251.906.9021.906.9022.282.4572.282.4572.288.5842.288.5841.983.1021.983.1021.321.1041.321.1041.670.6941.670.6941.712.5391.712.5391.644.7571.644.757
793.031793.031944.670944.670
1.141.0931.141.0931.497.4501.497.4501.712.5391.712.539
147.344.723147.344.723
40.555.07240.555.07261.945.61161.945.6117.459.2197.459.2199.260.1179.260.1172.993.9822.993.9822.583.7532.583.7531.735.7341.735.7342.891.4072.891.4071.880.9031.880.9033.864.3153.864.3152.564.3392.564.3392.415.2862.415.2861.116.3111.116.3112.157.6282.157.6282.170.2332.170.2332.237.5272.237.527
607.514607.5141.140.8381.140.8381.209.2661.209.2661.694.6011.694.6011.712.5391.712.539
171.638.29171.638.2977
17%17%growthgrowth
HOSTS Jan.’03HOSTS Jan.’03 HOSTS Jan.’ 02HOSTS Jan.’ 02
69%69%growthgrowth
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--66--
1 MB10 MB
100 MB1 GB
10 GB
100 GB
1 TB10 TB
100 TB1 PB
10 PB100 PB
1EB10 EB
100 EB
1970 1980 1990 2000 2010
Total U.S. Internet Traffic Over Total U.S. Internet Traffic Over TimeTime
Historical and forecasted U.S. Internet Traffic
New MeasurementsFuture Growth
Projected at 2–3/year
ARPA & NSF Data to ’95
TDM Voice Traffic
Byte
s p
er
Mon
th
April 2002 Internet Traffic now 80% of all
traffic and 10% of Revenue
Source: Larry Roberts – May 2002
Double, or more,every year
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--77--
Source: Larry Roberts – May 2002
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
180,000
200,000
2000 2002 2004 2006 2008 2010 2012
$M
/yr
IP Revenue
IP and Voice U.S. Backbone IP and Voice U.S. Backbone RevenueRevenue
TDM Voice Revenue
IP revenue per bit is decreasing at 2:1 per year
This means IP revenue is increasing at 50% / year
Of Total Voice & IP
IP Revenue is 12%
IP traffic is 91%
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--88--
Alcuni Protocolli per InternetAlcuni Protocolli per Internete le loro dipendenzee le loro dipendenze
NATNAT
NAPNAPTT
IGMIGMPP
Data Link &Data Link &PhysicalPhysical
InternetInternet
TransportTransport
ApplicationApplication
ICMPICMP
NetworkNetworkManagement &Management &
ControlControlApplicationsApplications
End UserEnd UserApplicationsApplications
IIPv4Pv4
RIPv2RIPv2 OSPFOSPFSNMPSNMP RIPv1RIPv1DDHCPHCP
HTTPHTTPTelnetTelnet SMTPSMTP
BGPBGPRSVPRSVP
Data LinkData LinkIEEE 802, PPPIEEE 802, PPP
Physical LayerPhysical LayerTwisted Pairs, Coax, Fiber, Radio, Powerline, ..Twisted Pairs, Coax, Fiber, Radio, Powerline, ..
IIPvPv66
IPSeIPSecc
MobileIPMobileIP
UDUDPP
VoIPVoIPVideoVideo
RTP/RTCPRTP/RTCPRTSPRTSP SIPSIP
ARP/RARPARP/RARP
Source: M. Dècina, 2001Source: M. Dècina, 2001
Some Internet protocolsSome Internet protocols& their dependencies& their dependencies
Some links represent mostlySome links represent mostlyused configurationused configuration
DNSDNS
TCPTCP
FTFTPP
ICMICMPvPv66
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--99--
Sicurezza e Protocolli InternetSicurezza e Protocolli Internetalcune dipendenzealcune dipendenze
NATNAT
PATPAT
IGMPIGMP
Data Link &Data Link &PhysicalPhysical
InternetInternet
TransportTransport
ApplicationApplication
ICMPICMP
NetworkNetworkManagement &Management &
ControlControlApplicationsApplications
End UserEnd UserApplicationsApplications
IIPv4Pv4
RIPv2RIPv2 OSPFOSPFSNMPSNMP RIPv1RIPv1DDHCPHCP
HTTPHTTPTelnetTelnet SMTPSMTP
BGPBGPRSVPRSVP
Data LinkData LinkIEEE 802, PPPIEEE 802, PPP
Physical LayerPhysical LayerTwisted Pairs, Coax, Fiber, Radio, Powerline, ..Twisted Pairs, Coax, Fiber, Radio, Powerline, ..
IIPvPv66IPSecIPSecMobileIMobileI
PP
UDUDPP
VoIPVoIPVideoVideo
RTP/RTCPRTP/RTCPRTSPRTSP SIPSIP
Source: M. Dècina, 2003Source: M. Dècina, 2003
All Internet ProtocolsAll Internet Protocolswill soon includewill soon include
SecuritySecurityThe red ones areThe red ones are
Security ProtocolsSecurity Protocols
DNSDNS
TCPTCP
FTFTPP SMTPSMTP
S/MIMES/MIMEPGPPGPSETSET
KKeerberosrberos
SSL/TLSSSL/TLS
ICMICMPvPv66ARP/ARP/RARPRARP
IKEIKESSHSSH
PAPAPP/CHAP/CHAP
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1010--
A Taxonomy of Security A Taxonomy of Security SolutionsSolutions
Security Management
Access Security
Content Security
•Intelligence & Incident Response•Intrusion Detection, Monitoring•Risk Assessment, Auditing•Vulnerability Assessment, Penetration Testing
•Digital Rights Management•Content Filtering•Managed Antivirus
Communication Security
•Managed Virtual Private Network•Encryption
Connectivity
ApplicationSecurity
•Secure Electronic Transaction•Secure WEB Server, SSL/TSL•Secure Mail, S/MIME
System Security
•Disaster Recovery, Business Continuity•BackUp and Remote BackUp
Source: M. Dècina, 2002
•Biometrics•Authentication/Authorization/Accounting•Certification Authority/Public Key Infrastructure•Managed Firewall
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1111--
Recovery/Audit
Protection
Detection
Response
Security Lyfe CycleSecurity Lyfe Cycle
InformationInformationAssuranceAssurance
Policies,Policies,Procedures,Procedures,
User Awareness,User Awareness,Security TeamSecurity Team
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1212--
Security BenefitsSecurity Benefits
Benefits
A Bby product
Crystal clear situation
• Management & maintenance rationalization
• Band optimization
• Secure and fast engineering & deployment
Security level enhancement
•Savings in:
• Incident recovery
• Business continuity
• Downtime recovery
• Reduced data losses
• Business image damages avoided
• Downtime reduced
to reach a crystal clear situation equals to add
“organization” to an enterprise
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1313--
Security ScenarioSecurity Scenario
MessageMessage MessageMessage
Secret Secret InfoInfo
Security-relatedSecurity-relatedtransformationtransformation
Security-relatedSecurity-relatedtransformationtransformation
PrincipalPrincipal PrincipalPrincipal‘‘TrustedTrusted
Third Third Party’Party’
OpponentOpponent
““Oscar”, “Trudy”, “Eve”, “Mallory”...Oscar”, “Trudy”, “Eve”, “Mallory”...
““Alice”Alice” ““Bob”Bob”
SecrSecret et InfoInfo
““Trent”Trent”
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1414--
Meccanismi di sicurezzaMeccanismi di sicurezza
PrevenzionePrevenzione: politiche, procedure, risk assessment, vulnerability assesment, progetto di reti sicure con meccanismi di protezione e rivelazione, rafforzamento dei sistemi informativi (hardening), audit, ...ProtezioneProtezione
EncryptionFirewallNat/PatVirtual Private Network, TunnelingAccess ControlAntivirusHoneypot ...
RivelazioneRivelazioneVulnerability Assessment, Penetration TestIntrusion Detection SystemsMonitoring, ...
ReazioneReazione: emergency response, intelligence, patch, restore, audit,..
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1515--
Managed Security ServicesManaged Security Services
Response Time
EventInfo.
VulnerabilityAssessment
Intrusion Detection System (IDS)
Monitoring
Firewall, Content Filtering, VPN
Detection
DetectionProtection
Detection + Response
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1616--
CPE Managed Security CPE Managed Security
Protection and detection tools at customer premises
Internet
FWVPNIDSAV Client A FWVPN
Client B
SOCSecurity
Management/Monitoring
System
FW
Client C
Monitoring Internal and
External Attacks
Response team
Managing PerimeterSecurity
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1717--
Security, VPN, Routing, and QoSSecurity, VPN, Routing, and QoS
VPN Gateway Server (Voice & Data VPN)
Router
Firewall
BandwidthManager
IPSec & VPNServer
NAPT/ALG
IntrisicallySecureNetwork Element
SSL/TSLAccelerator
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1818--
Wireless Access NetworksWireless Access NetworksThere is a Local Hero: Wireless-Fidelity!There is a Local Hero: Wireless-Fidelity!
GPRS
SMSSMSVIDEOVIDEO
STREAMINGSTREAMINGVOIPVOIP
DOWNLOADDOWNLOADE-MAILE-MAIL
WEB ACCESSWEB ACCESSVIDEOVIDEO
ON DEMON DEM
10 kbit/s 100 kbit/s 1 Mbit/s 10 Mbit/s 100 Mbit/s
CABLECABLEREPLACEMENTREPLACEMENT
HOME, OFFICE,HOME, OFFICE,PUBLIC ACCESSPUBLIC ACCESS
CITY,CITY,SUBURBSSUBURBS
COUNTRYCOUNTRYWIDEWIDE
Ran
ge
Ran
ge
Applications
Bandwidth
GSM
UMTS
Source: Re:Think!, revised by M. Dècina, 2002
Ultra Wide Band
Wi-Fi
Bluetooth
802.11a/gHiperLan/2
1 Gbit/s
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--1919--
Wi-Fi Security SolutionsWi-Fi Security Solutions
Home/SOHOHome/SOHO
Small Small EnterpriseEnterprise
Large Large EnterpriseEnterprise
Public Public AccessAccess
SSIDSSID MACMACFilter.Filter.
WPAWPA
VPNVPN
Auth.Auth.ServerServer
AuthenticationAuthenticationEncryptionEncryption
802.1x802.1x++
WEP/WPAWEP/WPA802.1x802.1x
Auth. Auth. Server Server + VPN+ VPN
WEPWEPWEP2WEP2
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2020--
Full IP NetworkFull IP Network
Internet
PSTN/ISDN
IP Backbone
Network Environment
Service Environment
Internet Application Platforms
InternetApplication Servers
Media Gateway
Mobility, Location,
Connection & Control Servers
Mobility Gateway Intelligent Edge
Broadband Gateway
BTS
AP
Wired Access
RSU
RSU
Wireless Access
Wi-Fi
2G/3G
xDSL
FTTx
LRE
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2121--
3GPP2 All IP3GPP2 All IP
BorderRouter
Legacy MSDomainSupportMobile
Station
AAAPositionServer
AdvertisingAgent
ServiceApplication
MediaGateway
Media GWControl
Function
Mobile IPHomeAgent
MediaResourceFunction
Cdma 2000 Access Network
BTS
BSC/RSC+ PCF
MM
Other Access Networks
PositionDetermining
Entity
TrunkSignalingGateway
RoamingSignalingGateway
NetworkCapabilityGateway
SessionControl
Manager
CoreQoS
Manager
SubscriptionQoS
Manager
AccessGateway
FA/Attendant
EIRSubscription
ProfilePolicyRules
GSTN
Internet
MAP
DSI
DatabasesDatabases
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2222--
Common Internet protcls. (e.g., TCP/IP, HTTP)Common Internet protcls. (e.g., TCP/IP, HTTP)
Extensible Markup Language (XML)Extensible Markup Language (XML)
SOAP - Simple Object Access Protocol SOAP - Simple Object Access Protocol
WDSL - Web Services Description Language WDSL - Web Services Description Language
UDDI - Universal Description, Discovery & UDDI - Universal Description, Discovery & Integration Integration
Busin. Proc. Execution Lang. (BPEL4WS), BPML, WSCIBusin. Proc. Execution Lang. (BPEL4WS), BPML, WSCI
WS-Security, SAML, XRMLWS-Security, SAML, XRML
Web Services for Remote Portals (WSRP) Web Services for Remote Portals (WSRP) Web Services User Interface (WSUI)Web Services User Interface (WSUI)
FormatFormat
TransportTransport
MessageMessage
DescriptionDescription
Search & findSearch & find
Workflow/BPMWorkflow/BPM
User interfaceUser interface
Building trustBuilding trust
IdentifyingIdentifying
BusinessBusinessSemanticSemantic
ss
LibertyLiberty,, Passport Passport
Emerging Web Services Emerging Web Services StandardsStandards
StandardStandard
Source: Gartner Group, 2002Source: Gartner Group, 2002
Em
ergin
g
Em
ergin
gEsta
blish
ed
Esta
blish
ed
In placeIn place
ebXML, ebXML, RosettaNetRosettaNet
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2323--
Managed PKI Managed PKI
VPNsVPNsMessageMessageIntegrityIntegrity
(Signature)(Signature)
EncryptEncryptE-MailE-Mail
(S/MIME)(S/MIME)
AuthorizationAuthorizationPrivilegesPrivilegesand SSOand SSO
EncryptEncryptFilesFiles
SessionSessionConfidenceConfidence
(SSL)(SSL)
KeyKeyRecoveryRecovery
Time/Time/DateDate
StampStamp
IdentifyIdentifyUsers Users andand
ServersServers
Register UsersRegister Users Generate Key PairsGenerate Key Pairs Confidentially Exchange KeysConfidentially Exchange Keys Grant and Archive CertificatesGrant and Archive Certificates Generate/Verify Digital Signatures Generate/Verify Digital Signatures Act as Trusted Third Party Act as Trusted Third Party
(Optional)(Optional) Revoke CertificatesRevoke Certificates Approve and Coordinate PoliciesApprove and Coordinate Policies Operate Secure Servers Operate Secure Servers and Agentsand Agents
Certificate Certificate Authority FunctionsAuthority Functions
•• VersionVersion
•• Serial NumberSerial Number
•• Signature AlgorithmSignature Algorithm
•• Issuer (CA)Issuer (CA)
•• Validity (to, from)Validity (to, from)
•• Subject (End-entity)Subject (End-entity)
•• Subject Public Key InfoSubject Public Key Info
•• Extensions Extensions (solo ver. 3)
(solo ver. 3)(ver. 3 only)(ver. 3 only)
CA signature
Certification
Distribution
Escrowing
Users
Registration •Cifratura e firma digitale (a valore legale)•La Certification Authority ha un ruolo
centrale di garante•Problematiche di interoperabilità•Difficoltà di introduzione nelle applicazioni
Fonte: Gartner Group, 2002
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2424--
Identità DigitaleIdentità DigitaleA Network PerspectiveA Network Perspective
Valu
e D
eliv
ere
dV
alu
e D
eliv
ere
d
Adoption TimelineAdoption Timeline
• Supply chain integrationSupply chain integration• Shared leads – CRMShared leads – CRM• Inventory and fulfillmentInventory and fulfillment• Channel optimizationChannel optimization
• Real-time B2B negotiations and Real-time B2B negotiations and transactionstransactions
• Consumer Consumer single sign-onsingle sign-on
• Shared security infrastructureShared security infrastructure• Transaction context sharingTransaction context sharing• Cost savingsCost savings
• Ease of use/efficiencyEase of use/efficiency
Future Application
Future Application
Immediate Application
Immediate ApplicationOutward-facing Outward-facing e-Commercee-Commerce
Outward-facing Outward-facing e-Commercee-Commerce
Partner CommunityPartner CommunityPartner CommunityPartner Community
Within the EnterpriseWithin the EnterpriseWithin the EnterpriseWithin the Enterprise
Fonte: Burton Group e RSA, 2002Fonte: Burton Group e RSA, 2002
InternalInternalSystemsSystems& Data& Data
Less-knownLess-knownPartner or xSPPartner or xSP
Loosely-coupled,Loosely-coupled, Dynamic Dynamic exteriorexterior
CustomersCustomers
Tightly-coupled,Tightly-coupled, Persistent interiorPersistent interior
EmployeesEmployees UnknownUnknown
ExtranetsExtranets
The InternetThe Internet
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2525--
Progetto Liberty AllianceProgetto Liberty Alliance
User
Browser
E-Commerce Sites
Identity Providers
SSO
SSOModules
Authentication
SSOModules
SSOModules
Internet
Exchange ofIdentity and Profile Information
Trusted Third Parties, Trust Services, ...
Trust Domain 1 Trust Domain 2
Fonte: HP, 2002
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2626--
A short term perspectiveA short term perspective
0.01
0.1
1
10
100
1000
1998 2000 2002 2004 2006 2008Maxim
um
Data
Rate
, M
bit
/s
WLANWLAN
PANPAN
CELLULARCELLULAR
GSMGPRSGPRS
UMTSUMTSBluetoothBluetooth
UltrawidebandUltrawideband
802.11b802.11b
Hiperlan2/802.11aHiperlan2/802.11a
HomeRFHomeRF
Smart antennasReconfigurable radioSpace/time codingPiconetsScatternets
Year
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2727--
IPv6 FeaturesIPv6 Features
VersionVersionClassClass Flow LabelFlow LabelPayload LengthPayload Length N. H.N. H.Hop LimitHop Limit
Hop-by-hop Options Extension HeaderHop-by-hop Options Extension Header(Jumbo Patyload Length Option)(Jumbo Patyload Length Option)
(Router Alert Option)(Router Alert Option)
Source AddressSource Address
Destination AddressDestination Address
Destination Options HeaderDestination Options Header
Routing HeaderRouting Header
Fragment HeaderFragment Header
Authentication HeaderAuthentication Header
ESP HeaderESP Header
Destination Options HeaderDestination Options Header
QoSQoS
Active NetworksActive Networks
MulticastMulticast
Optimizing MAC Optimizing MAC
Plug-n-Play Plug-n-Play
MobilityMobility
SecuritySecurity
Router AlertRouter Alert= 1 (RSVP)= 1 (RSVP)
= 2 (AN)= 2 (AN)
= 0 (MLD)= 0 (MLD)
ICMP v6ICMP v6
Route OptimizeRoute Optimize
Binding UpdateBinding Update(Piggybacking)(Piggybacking)
New ServicesNew Services
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2828--
Ubiquitous and Pervasive Ubiquitous and Pervasive ComputingComputing
Small, lightweight, cheap, mobile processors
in almost all everyday objects („embedded computing“)on human body („wearable computing“)embedded in the environment („ambient intelligence“)
A world of “smart objects”
Smart objectsCan remember pertinent events
they have memoryShow context-sensitive behavior
they have sensorsAre responsive
they communicate with their environmentthey are networked with other smart objects
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--2929--
Peer-to-Peer Wireless Networks Peer-to-Peer Wireless Networks MeshnetworksMeshnetworks
Mobile User Devices
Wireless Routers & Access PointsAd-Hoc, Peer-to-Peer Wireless Network
BackboneTo Internet& TelephoneNetworks
Distributed NetworkingDistributed Networking
© © 2003 Maurizio Dècina2003 Maurizio Dècina Networking Security - Milano, 8 Aprile 2003Networking Security - Milano, 8 Aprile 2003--3030--
Privacy and Pervasive Privacy and Pervasive ComputingComputing
Privacy is already a concern with the InternetUse of personal data (e-mail address, …)Use of personal web browsing data (page views, clicks,..)
More dramatic concern in a Pervasive Computing world
many more events of very elementary actions are registeredcan be assembled to perfect profiles
Source: F. Mattern, 2001