Page 115 - Kaleidoscope Academic Conference Proceedings 2021
P. 115
Connecting physical and virtual worlds
IPv6 but also allowing for intra-domain short length users. The Onion Router (TOR) goes one step further:
addresses and the integration of vertical-specific name besides using proxies to anonymize the source and
resolution/mapping systems, such as semantic destination IP addresses, it recruits randomly more relay
addressing. Routing evolution may require clean-slate nodes along the way in order to protect the transmission path,
solutions, hybrid solutions, extensions to existing routing but this brings in return delay to the whole communication.
protocols, or potentially no changes [28]. Additional The TOR approach, although affordable for applications
critical requirements for future addressing and routing such as Internet surfing, email checking and video watching,
doesn’t work for applications demanding highly interactive
solutions are security and privacy, as well as routing communications. Making the communications in the IP-
protocols customization to the needs of the applications based networks anonymous could be a possible solution.
[29].
Further studies, among others, should explore new While some initial efforts on supporting intrinsic security
routing technologies and protocols inside limited and privacy in IP-based networks have been observed, the
domains for delivery of new capabilities and better QoS, related standardization is still in its infancy. The need for
enabling application-level innovation and precluding further research studies and standardization efforts is
pollution between domains. On the other hand, it is recognized, including mechanisms for:
recognized that any new addressing and routing system countering source address spoofing, privacy leak, trust
will need to coexist with legacy gear, then requiring a model weakness, and Distributed Denial of Service
robust standardization effort [29]. (DdoS) attacks;
maximizing user privacy protection, consolidating
As far as the network support of intrinsic security and distributed trust basis, and building secure and trustable
privacy capabilities addressing the vulnerabilities of current networks;
IP-based networks as described in Section 3, outstanding verifying, authorizing and integrity protecting the
issues have been addressed by various initiatives, although packets entering the network;
not complemented yet by relevant standardization efforts.
verifying the trustworthiness of network nodes and
The Secure Access Secure Edge (SASE), proposed by packets themselves;
Gartner at the end of 2019, combines security functions with protecting privacy, including anonymization, opaque
Software Defined Wide Area Network (SD-WAN) user data, secure storage and flow anonymization;
capabilities to support the dynamic secure access needs of preventing common tracking at application level;
organizations and enterprises [30]. Those security and ensuring privacy and confidentiality of the network layer
network functions are offered as services implemented in information with respect to cross-domain end-to-end
software making them flexible and easy to be deployed and services.
operated. However, the software implementation might also
lead to relative low performance, not suitable for some 5. CONCLUSION
applications with strict QoS requirements. Enabling the IP-
based networks with some security functions like device The network challenges raised by emerging and future
authentication, access control, DDoS attack protection, etc. industrial applications need to be addressed by relevant
could complement the software implementation of the SASE. network technology advances.
The emerging in-network computing technologies providing
additional computation power in order to satisfy diverse Building on the illustration of a few, but significant,
application and network requirements, could be used to
realize those security and network functions without industrial application scenarios and the related requirements
on the underlying network infrastructure, three networking
sacrificing the forwarding performance.
technology areas have been presented whose advances are
fundamental to addressing the identified network challenges.
As far as privacy protection, in current IP-based networks the
payload is typically protected at application level by using
various encryption mechanisms like HTTPS, but the IP An overview of relevant research studies and/or standards
development efforts up to present time has then highlighted
overhead, which may contain valuable personal information,
is still exposed for packet routing purpose. Several their limitations towards the identified network requirements.
companies and organizations have begun to explore this
issue and some initial solutions have been provided. It is necessary to progress as soon as possible further research
studies and standardization efforts to enable new network
capabilities which can address the requirements of emerging
For instance, Gnatcatcher proposed by Google provides a
near-path NAT to effectively hide the source IP addresses of and future industrial applications. As usual, standardization
is expected to be critical in order to ensure stability, scalability
the end users, while iCloud Private Relay from Apple uses a
chain of two proxies in order to ensure that source and and interoperability of potential solutions.
destination are not linkable. Gnatcatcher and iCloud Private
Relay are taking a similar approach for hiding end users’ As far as standardization is concerned, the authors believe
personal data, consisting in deploying proxies close to end that ITU-T has a key role to play in the context of concerted
– 53 –