Page 113 - Kaleidoscope Academic Conference Proceedings 2021
P. 113
Connecting physical and virtual worlds
information about how individual packets should be treated constraint-based routing can utilize the flexible addressing in
to meet user and application requirements. providing scoped semantic actions on flexible addresses,
those actions enriched by constraints that may be defined by
Semantic addressing caters to an increasing number of service and network providers alike. Semantic routing
services that utilize the data plane of the network, with the capabilities can enable the provisioning of services without
goal to bring the routing to key services “closer” to the basic explicit mapping services albeit possibly existing alongside
data plane operations. The driver behind supporting such current name resolution systems, such as the DNS. Latency
varying semantics is that digital communication networks reductions of such routing solutions are expected, e.g., by not
are not limited to those operating based on locator-based relying on said explicit mapping services, as well as being
addressing and routing solutions of the Internet, but instead able to accommodate routing changes due to fast changing
use sector-specific packet forwarding solutions that may use availability of compute and storage resources throughout the
service or content identifiers, sensor/host identifiers, path network.
identifiers or others, towards the Internet integration of those
vertical networks that are currently not integrated. 3.3 Intrinsic security and privacy
Different techniques have been proposed to modify the Additional security mechanisms are needed beyond those
default IP forwarding behaviors (such as least-cost path) and that are provided by traditional transport mode IP security.
extend the semantics of IP addresses by assigning additional
meanings to some parts of the address, or by partitioning the Intrinsic security and privacy capabilities address inherent
address into a set of subfields that give scoped addressing security, privacy and trustworthiness vulnerabilities of
instructions [15]. The alternative semantics could be applied current IP-based networks, including source address
to a network overlay [16], or directly embedded into the spoofing, privacy leak, trust model weakness, and
address field, which is the case in some limited domains [17] Distributed Denial of Service (DDoS) attacks, which were
such as LoRaWAN deployments [18] (with their own not considered as one of the original “seven design
challenges in terms of ensuring the perimeter of the domains, principles” [21]. Capabilities have to maximally protect user
and connecting domains across the Internet). privacy, consolidate distributed trust basis, and build secure
and trustable networks, in order to meet the privacy
New semantics can be deployed for new capabilities, better protection requirements represented by GDPR [22] and the
QoS, higher flexibility, and efficiency. As an example of security and trustworthiness requirements of industry-wide
efficiency, embedding service information into the interconnection. The STRIDE security model [23] can offer
addressing scheme used for packet delivery [19] can allow an approach from an architectural point of view [19].
fast redirection to the “optimal” endpoint without requiring
Domain Name System (DNS)-level operations as is the case A key security aspect from the network point of view
today. New semantics also enable incremental deployment concerns the need to verify if a packet is authorized to enter
of new technologies on limited domains, for innovative into the network and if it is sufficiently integrity protected.
solutions that may or may not penetrate the whole Internet at Mechanisms for authorization and integrity protection must
a later stage. be developed to meet the line rate performance as services
delivered can be time sensitive. Homomorphic forms of
Although not explicitly related to the application scenarios encryption may need to be devised in which network
described in Section 2, flexible length addressing caters to an operations can be performed in privacy-preserving manner
increasing number of specialized network deployments: on encrypted packet headers and tunneled packets without
driven by the long-standing recognition of IP header exposing any of their contents [1].
overhead, it is about moving to a variable length address
approach [20] that can be efficiently supported alongside the A security mechanism to verify, authorize, and ensure packet
global reachability, while ensuring the future extensibility of integrity may also be used with respect to network
the hierarchical addressing used by the routing trustworthiness, including verification of the trustworthiness
system. Solutions with a flexible length addressing can allow of the network nodes handling the packets as well as
for localized forwarding based on short purpose-oriented verification of the trustworthiness of the packets themselves.
addresses (with significant savings - e.g., for IoT networks),
while enabling interconnection through a hierarchy of Privacy protection enabling mechanisms include
addressing that also supports the semantic addressing across anonymization, opaque user data, secure storage and flow
domains. anonymization. Appropriate mechanisms have to address
relevant issues of current networks: most of the information
By allowing extensible scopes for an address, new in today’s packet headers is in the clear and therefore
functionality can be introduced into the network layer observable by eavesdroppers; the packets stored in routers’
without the need for lengthy standardization of each buffers are not secured; today it is possible with Deep Packet
extension. Inspection (DPI) telemetry to determine the type of traffic;
users are not able to reconstruct what happened to their
Semantic routing (i.e., the process of routing packets that packets and data.
contain IP addresses with additional semantics [15]) and
– 51 –
