5 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? Who?? No! Need authentication Who the user is? Manage many accounts take logs → burden
66 User Correspondent Network Administrator the Internet Other Network Malicious Attack! Who!? An ordinary person Maybe, you Use my network FREE! Can I trust him? He can eavesdrop my packets… The administrator can attack to you! Put the blame on the administrator !? No, you are the attacker!
16 Public key Private key Host Identity Tag Host Identity Local Scope Identity Oneway hash 128bits32bits Last digits Overlay Routable Cryptographic Hash Identifiers (ORCHIDs) a special class of IPv6 used at local network 512, 1024, or 2048bits RSA by default
Initiator Responder IPsec data traffic I1 R1 I2 R2 HIP Diffie-Hellman key exchange Encrypted Base Exchange 17
User Correspondent DNS Server the Internet Other Network Service Provider Manage an access point Contract the Internet service Take logs Authentication Provider register users to DNS operate DNSSEC server Tunneling Network Administrator
21 Alice Bob IPsec data traffic I1 R1 I2 R2 The administrator should record relationship of BE packets. Otherwise, the administrator cannot understand which BE is certainly completed. In our network, the administrator allows data packets that has completed Base Exchange.
24 User Correspondent Network Administrator DNS Server the Internet Other Network Once access to DNS… Connection is End-to-End and data is encrypted Check… Malicious Attack… Incorrect! Who!? the attacker!! Cannot eavesdrop packets’ data Feel safe