| [Main] | [News] | [Introduction] | [Background] | [Design goals] | [Architecture] | [Crypto] |
| [Performance] | [Applications] | [Download] | [Publications] | [Contact] | [Links] |
The vulnerabilities of modern IP-based data networks are endangering the operation of the entire Internet. Originally, the Internet was designed to survive nuclear attacks, but today Internet is close to collapse due to various problems, such as hackers, DoS and DDoS attacks, IP-packet spoofing, routing protocol attacks, viruses, worms, and junk mail. As the wireless access technologies have gained popularity dramatically in recent years, we have opened our networks for new kinds of attacks. Since we are more and more relying on the operation of our networks, the potential adversaries can do serious damages to us on various levels: at infrastructure level by attacking our network's capability to route our packets to the right destination at the right time intact; at protocol level by cracking our privacy (data confidentiality, our identities, our location, and time); at application level by forging information that is distributed over the networks.
Usually, the usage of networks in military and civilian environments is considered to be very different, but actually the difference between these two extremes is narrowing all the time. Since our information society is tightly coupled with the operation of the information networks, we should protect our assets against the potential adversaries. For example, Finnish National Emergency Service Agency (NESA) has defined the communication networks of the society to be one of its key functions that must be operational all the time, even during any natural or man-made disasters [NESA]. This is obviously crucial also for the military side. But also ordinary companies must have their communication networks operational all the time in order to survive in the modern business competition.
In addition to survive the security threats, we need good solutions to handle access control, quality of service (QoS) control, charging/billing, micropayment, etc. For example, current solutions require significant signaling before communication over the wireless LAN can be performed what makes fast handoffs difficult.