Security Architecture and Protocols for Overlay Network Services

Show full item record

Please use this identifier to cite or link to this item:

Title: Security Architecture and Protocols for Overlay Network Services
Author: Srivatsa, Mudhakar
Abstract: Conventional wisdom suggests that in order to build a secure system, security must be an integral component in the system design. However, cost considerations drive most system designers to channel their efforts on the system's performance, scalability and usability. With little or no emphasis on security, such systems are vulnerable to a wide range of attacks that can potentially compromise confidentiality, integrity and availability of sensitive data. It is often cumbersome to redesign and implement massive systems with security as one of the primary design goals. This thesis advocates a proactive approach that cleanly retrofits security solutions into existing system architectures. The first step in this approach is to identify security threats, vulnerabilities and potential attacks on a system or an application. The second step is to develop security tools in the form of customizable and configurable plug-ins that address these security issues and minimally modify existing system code, while preserving its performance and scalability metrics. This thesis uses overlay network applications to shepherd through and address challenges involved in supporting security in large scale distributed systems. In particular, the focus is on two popular applications: publish/subscribe networks and VoIP networks. Our work on VoIP networks has for the first time identified and formalized caller identification attacks on VoIP networks. We have identified two attacks: a triangulation based timing attack on the VoIP network's route set up protocol and a flow analysis attack on the VoIP network's voice session protocol. These attacks allow an external observer (adversary) to uniquely (nearly) identify the true caller (and receiver) with high probability. Our work on the publish/subscribe networks has resulted in the development of an unified framework for handling event confidentiality, integrity, access control and DoS attacks, while incurring small overhead on the system. We have proposed a key isomorphism paradigm to preserve the confidentiality of events on publish/subscribe networks while permitting scalable content-based matching and routing. Our work on overlay network security has resulted in a novel information hiding technique on overlay networks. Our solution represents the first attempt to transparently hide the location of data items on an overlay network.
Type: Dissertation
Date: 2007-05-16
Publisher: Georgia Institute of Technology
Subject: Performance and scalability
Applied cryptography
Systems security
Overlay networks
Computer architecture Security measures
Computer networks Security measures
Plug-ins (Computer programs)
Department: Computing
Advisor: Committee Chair: Liu, Ling; Committee Member: Ahamad, Mustaque; Committee Member: Atluri, Vijay; Committee Member: Lee, Wenke; Committee Member: Pu, Calton; Committee Member: Sivakumar, Raghupathy
Degree: Ph.D.

All materials in SMARTech are protected under U.S. Copyright Law and all rights are reserved, unless otherwise specifically indicated on or in the materials.

Files in this item

Files Size Format View
srivatsa_mudhakar_200708_phd.pdf 2.615Mb PDF View/ Open

This item appears in the following Collection(s)

Show full item record