Tampere University of Technology

TUTCRIS Research Portal

Applicability of Host Identities in Securing Network Attachment and Ensuring Service Accountability

Research output: Book/ReportDoctoral thesisCollection of Articles


Original languageEnglish
PublisherTampere University of Technology
Number of pages92
ISBN (Electronic)978-952-15-2711-1
ISBN (Print)978-952-15-2684-8
Publication statusPublished - 25 Nov 2011
Publication typeG5 Doctoral dissertation (article)

Publication series

NameTampere University of Technology. Publication
PublisherTampere University of Technology
ISSN (Print)1459-2045


IP is often seen as the “lingua franca” of modern communication. It provides interoperability across various heterogeneous link layer technologies and enables access to a rich set of services available in the Internet. As the number of users has exploded, it has been essential to ensure that the establishment of connectivity is a relatively painless procedure for the ordinary users. However, often the ease of use overcomes the requirement to have proper security in place. This is evident in the current practise of con-figuring the IP access. With the proliferation of ubiquitous and wireless access, such security concerns become more profound. IP access is the part of the attachment procedure that a user has to go through in order to enjoy interworking services. Thus, the attachment dictates the steps that need to be taken in order to enable communication between two entities, which often comprise of the user device and the access point capable of providing interworking services. This thesis investigates mechanisms to ensure the security of that attachment procedure. The approach taken leans heavily on the ideas presented in the development of Host Identity Protocol (HIP), a current Internet Engineering Task Force (IETF) experimental standard. Thus, as a baseline, the nodes are expected to be in possession of secure identities, which can be bound to the configuration procedure in order to enhance the security properties of the attachment process. In essence, these identities are names for which the nodes are able to provide a proof of possession without having to resort to external par-ties. However, the external parties, for example, trusted third parties, can still be used to enhance liability, that is, ensure that a known entity will ultimately cover the generated costs. In order to ensure liability, one needs to find an assured way to account for the actions taken, especially if the accounting is used as a basis of compensation, which most often involves payment. Such assured accounting is another focal point of this thesis. The thesis describes how host identities can be employed to produce non-repudiable evidence in a typical IP-based service. In addition, the scheme allows devising a solution, which takes into account the granularity of the service provisioning. In other words, the participants of the provisioning are able to control their level of commitments, so that neither party is able to get an unfair upper hand. Thus, if no service is provided, provision of undeniable usage evidence can be terminated. Similarly, if no user-committed evidence of service usage is provided, service provisioning can be terminated. The above points are also considered from the point of view of service provisioning platforms, mainly the IP Multimedia Subsystem (IMS). Such systems have been kept tightly in control of one entity, such as an incumbent operator. The concepts of secure identities and non-repudiable evidence are used to enhance the system, so that more technical incentives for moving away from the strict single administrative domain con-cept can be provided. This is especially beneficial in a future networking environment, where the interactions between the operator level entities become more dynamic in nature. While this thesis considers the technical functionalities to enhance the security properties of the evolved networks, there are various hindrances to such visions. The deployability of new solutions, such as HIP, is challenging to well-established platforms, if the migration cannot be done in a compatible way. Also, financial motivations, especially those of dominant entities, do not always favour more open approaches.

Downloads statistics

No data available