Several INRIA teams are developing solutions adapted to new Internet
uses while ensuring exchange security.
The Internet has been constantly changing since the beginning of the
1990s and its incredible worldwide development. It must continuously
face new challenges due to evolutions in the way it is implemented.
One of the most worrying of these challenges today is communication
security: it relatively easy to spoof the identity of a user and retrieve
information in his or her name. Much research is devoted to plugging
this hole.
Another concern has assumed growing importance in recent years: the
adaptation of the network to ceaselessly growing user mobility. Like
cell phones, computers also are becoming more and more mobile. The
challenge is to maintain their Internet connection during any kind
of journey, either inside the usual connecting network for the device
(also called its mother network) or over very large distances, from
one country to the next for example. With third generation cell phones,
billions of mobile devices will be connected to the network. Mobility
also poses specific security problems.
These different aspects are the object of standardization proposals
at the IETF (Internet Engineering Task Force), the Internet protocol
standardization body, especially in the context of the new IPv6 Internet
protocol. Like its predecessor IPv4, this protocol automatically allocates
addresses to each machine (the IP address is a long list of numbers),
an indispensable open sesame prior to all network communication. In
order for users not to have to memorize the IP addresses of the machines,
a name is given to each of them. The correspondence between machine
addresses and names is stored in a large database called DNS (Domain
Name System).
Improving transmission security
However, access to this base is not secure, and for the time being,
the identity of each machine is not authenticated. An identity can
thus easily be usurped during a connection request and data can be
hacked. Researchers from project ARMOR in Rennes have been participating
in an IETF work group called DNSext on the topic since 2002. They
are proposing several methods to make IP address requests secure.
The IETF is also thinking about a scheme to make Internet communications
secure. Researchers from project PLANETE in Grenoble are defending
a solution of cryptographic IPv6 addresses called CGA (Cryptographically
Generated Addresses), a secure identifier, together with Sun Microsystems
researchers. The solution makes it possible for a machine to prove
that it is using an address that was allocated to it. There are many
applications. The address spoofing problem can thus be solved, as well
as the IPv6 mobile connection highjacking problem. The protocol used
by the machine to configure its IPv6 address can also be made secure.
Such cryptographic addresses are in the process of being standardized
by the IET.
The ensuing security mechanism is called HIP (Host Identity Protocol).
It introduces a new naming space to securely identify the extremities,
i.e. the terminals, in a communication. Concretely, each extremity
or machine is allocated a secure identifier obtained from its public
key that will then be used by applications in order to identify the
extremities during a communication. In this way, such upper layers
become independent from the IP (v4 or v6) addresses, and thus from
the localization, and use secure identifiers. All this is made possible
by the HIP protocol that performs the conversion between identifiers
and IP addresses. Research scientists from project RESO (INRIA Rhône
Alpes) are participating in this work in the framework of the HIP work
group, in collaboration with Sun Microsystems. Project RESO is studying
data transmission solutions adapted to computing grids in which hundreds
or thousands of computers are pooled together over the network to supply
large computing capacities. Security problems are at the forefront
of the team's concerns for obvious reasons of confidentiality and protection
of interconnected resources. Several of the team's proposals have been
accepted and are on the way to being standardized: one of them consists
in creating an extension of the DNS database for the HIP protocol,
another one in bypassing the DNS. Two implementations have already
been completed, one at INRIA and the other one at HIIT, a Finnish research
department.
Taking mobility into account
Concerning mobility, the solution currently favored by the IETF is
a protocol called Mobile IP. With Mobile IP, mobile devices have
a permanent IP address known to all, and a temporary address in connection
with its displacements. All outside communications arrive at the
permanent address and are then forwarded to the temporary address.
All these exchanges increase the risk of attack through hacking of
the signalization messages. Since the beginning of 2000, research
scientists of project ARMOR, with contributions from PLANETE, have
been supporting a solution to strengthen the security of communications
between a mobile device and its mother network at the IETF. This
solution makes it possible for a device using the Mobile IPv6 protocol
to move without unveiling its permanent IPv6 address. The ARMOR proposition
was accepted and standardized since June 2004 under RFC 3776 (Request
For Comments). Research and implementation work are continuing.
Another problem linked to Mobile IP protocols is that they process
micro and macro-mobility in the same way. A machine must communicate
its new temporary address every time it moves, irrespective of how
far it moved, even though the majority of displacements are local.
Obviously, the resulting quantity of messages generated is likely to
crash the network. Researchers from project PLANETE are proposing to
adopt a hierarchical approach to the problem. The idea is to maintain
the principle of communication with the mother network and the Mobile
IP protocol for large displacements, but to manage local mobility without
systematically sending the information back to the mother network.
An IETF work group was created on the topic in 2000. Among the various
solutions proposed, INRIA's was accepted and is now defended by Ericsson.
This solution is called HMIPv6 (Hierarchical Mobile IPv6). It uses
an internal protocol for local movements that hides them from other
users. In august 2005, the solution achieve the experimental RFC status
4140. Another characteristic of the HMIPv6 protocol is that it makes
it possible to hide the geographical position of Internet mobile devices.
As a matter of fact, it only reveals a global address that supplies
very little information on the geographical location of the device.
This is a sometimes useful feature.
