Home > Articles > Networking > Network Administration & Management

  • Print
  • + Share This
This chapter is from the book


Security, like every other fitscape of NDC, can hardly be discussed in isolation. But our sciences are narrow fields of study if measured progress is to be made. Security is based in mathematics but enabled by engineering. and in the context of NDC, any discussion of security is ripe with paradox. In more practical terms, security is mired in encryption, but encryption is not nearly enough to provide reasonable assurances for NDC. Information can be hidden by encryption methods, but encryption doesn't solve other, more basic, issues of trust, including data origin, access control, and privacy.

Juxtaposing engineering and pure mathematics is one way to examine NDC security. Another, more paradoxical, dichotomy is that of privacy versus data transparency, which would yield measurable availability characteristics if done well. The IETF has offered the following definition of security in RFC 2828, intended to define Internet needs:[19]

  1. The measures taken to protect a system

  2. The condition of a system that results from the establishment and maintenance of measures to protect the system

  3. The condition of system resources being free from unauthorized access and from unauthorized or accidental change, destruction, or loss

Security is a proper subset of trust. Trust, however, implies not only security as defined by the IETF but also protections against conditions that are not a function of unauthorized access or even accidental damage. Trust implies a correctness of function, including communications, which might define fault-free computing.

Maintaining security within a single node is simple compared to security issues in NDC environments; most breaches of the security in solitary nodes are due to poor engineering, which can theoretically be addressed. Assuring security in NDC environments in which all hardware components are under the physical control of one owner is also relatively simple; many systems are designed to run well in such environments, a good example being Sun Microsystem's NFS, which supports secure sharing of data while also providing sufficient data transparency to users. Next in difficulty is the environment in which the endpoints are controlled by the owner but the networks are public; virtual private networks (VPNs) strive to solve NDC security matters in those cases.

Alas, most modern NDC applications cannot be as constrained as these models if they are to ultimately fulfill the promise of ubiquitous computing. Typically, users have their own nodes—perhaps many of them—connections between which are increasingly intermittent, utilizing the random communications fields that mobile and wireless computing make possible. Furthermore, intelligence is migrating to every conceivable niche; Moore's law implies not only more capable traditional systems but also much smaller technology applications, potentially as disposable as the envelope that delivered your last credit card bill. When processing capabilities are pervasive, no assumptions can be made with respect to their nature. Users will store secrets on computer devices as lacking as today's smartcards, which means NDC security requires radically innovative solutions going forward.

In the context of NDC, security weighs in at many levels. It can potentially be "baked in" at a fundamental protocol level, it can be layered in at higher protocol levels, it can be application specific or even network specific. Clearly, however, it cannot be ignored.

  • + Share This
  • 🔖 Save To Your Account