IDSec: An Identification Layer Security Model

Current security protocols such as IPSec and TLS/SSL provide security mechanisms to authenticate and protect the communication between end-hosts over the Internet. Nonetheless, new communication scenarios like mobility and heterogeneous networks have exposed some technical limitations of these protocols. Both protocols employ the IP address as end-host identifier to establish security associations between the parties, entangling the end-host identification with its topological location. In order to overcome these limitations, we propose the Identification Layer Security (IDSec), a security model to provide authentication based on public key cryptography with denial of service resistance capabilities and data integrity and confidentiality. IDSec introduces a new communication substrate based on cryptographic identifiers which natively support new services such as mobility and heterogeneous networks with security embedded in the identification layer. In order to validate the proposal, a prototype was implemented and evaluated, analyzing the performance of legacy applications in static and mobility scenarios.