Learning Centre

Securing the Internet with digital signatures

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Karila, Arto, Dr.
dc.contributor.advisor Kari, Hannu H., Dr.
dc.contributor.advisor Tarkoma, Sasu, Prof.
dc.contributor.author Lagutin, Dmitrij
dc.date.accessioned 2012-08-29T09:43:57Z
dc.date.available 2012-08-29T09:43:57Z
dc.date.issued 2010
dc.identifier.isbn 978-952-60-3465-2 (PDF)
dc.identifier.isbn 978-952-60-3464-5 (printed) #8195;
dc.identifier.issn 1795-4584
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/4887
dc.description.abstract The security and reliability of the Internet are essential for many functions of a modern society. Currently, the Internet lacks efficient network level security solutions and is vulnerable to various attacks, especially to distributed denial-of-service attacks. Traditional end-to-end security solutions such as IPSec only protect the communication end-points and are not effective if the underlying network infrastructure is attacked and paralyzed. This thesis describes and evaluates Packet Level Authentication (PLA), which is a novel method to secure the network infrastructure and provide availability with public key digital signatures. PLA allows any node in the network to verify independently the authenticity and integrity of every received packet, without previously established relationships with the sender or intermediate nodes that have handled the packet. As a result, various attacks against the network and its users can be more easily detected and mitigated, before they can cause significant damage or disturbance. PLA is compatible with the existing Internet infrastructure, and can be used with complementary end-to-end security solutions, such as IPSec and HIP. While PLA was originally designed for securing current IP networks, it is also suitable for securing future data-oriented networking approaches. PLA has been designed to scale from lightweight wireless devices to Internet core network, which is a challenge since public key cryptography operations are very resource intensive. Nevertheless, this work shows that digital signature algorithms and their hardware implementations developed for PLA are scalable to fast core network routers. Furthermore, the additional energy consumption of cryptographic operations is significantly lower than the energy cost of wireless transmission, making PLA feasible for lightweight wireless devices. Digital signature algorithms used by PLA also offer small key and signature sizes and therefore PLA's bandwidth overhead is relatively low. Strong security mechanisms offered by PLA can also be utilized for various other tasks. This work investigates how PLA can be utilized for controlling incoming connections, secure user authentication and billing, and for providing a strong accountability without an extensive data retention by network service providers. en
dc.format.extent Verkkokirja (2408 KB, 168 s.)
dc.format.mimetype application/pdf
dc.language.iso en en
dc.publisher Aalto-yliopiston teknillinen korkeakoulu en
dc.relation.ispartofseries TKK dissertations, 255 en
dc.subject.other Computer science
dc.title Securing the Internet with digital signatures en
dc.type G4 Monografiaväitöskirja fi
dc.contributor.school Aalto-yliopiston teknillinen korkeakoulu fi
dc.contributor.department Tietotekniikan laitos fi
dc.contributor.department Department of Computer Science and Engineering en
dc.subject.keyword network security en
dc.subject.keyword future network technologies en
dc.subject.keyword denial-of-service attacks en
dc.subject.keyword Internet infrastructure en
dc.subject.keyword digital signature algorithms en
dc.subject.keyword elliptic curve cryptosystems en
dc.identifier.urn URN:ISBN:978-952-60-3465-2
dc.type.dcmitype text en
dc.type.ontasot Väitöskirja (monografia) fi
dc.type.ontasot Doctoral dissertation (monograph) en
dc.contributor.supervisor Ylä-Jääski, Antti, Prof.
local.aalto.digifolder Aalto_68242
local.aalto.digiauth ask

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication