CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Identity-Based Internet Protocol Network

David Pisano - MITRE

Apr 24, 2013

Size: 81.8MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

The Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation, current role, and trust metric (associated with the user and host endpoints). Our motivation is to increase our security posture by leveraging identity, reducing our threat exposure, enhancing situational understanding of our environment, and simplifying network operations. In addition to authentication, we leverage strong anti-spoofing technology to improve accountability. We reduce our threat surface by “hiding” our client hosts and making all infrastructure devices inaccessible. Any attempt to access a hidden host or infrastructure device results in a policy violation attributable to the user/host that caused the violation and provides enhanced situational awareness of such activities. Our servers can also have a “permissible use” policy that ensures that the server only operates across the network per that policy. Finally, as users log in and servers are added to the network, all dynamic configurations for access control initiated by such changes are automatically carried out without manual intervention, thereby reducing potential vulnerabilities caused by human errors.1

1.Extracted from “Nakamoto, G.; Durst, R.; Growney, C.; Andresen, J.; Ma, J.; Trivedi, N.; Quang, R.; Pisano, D., "Identity-Based Internet Protocol Networking," MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012 , vol., no., pp.1,6, Oct. 29 2012-Nov. 1 2012.

About the Speaker

David Pisano is a Senior Network Engineer at the MITRE Corporation, where he has been employed for the last two and a half years. David has devoted most of this time working on networking and networking security challenges. He has been a contributor to The Honeynet Project since 2009. Prior to joining MITRE David earned a Masters in Networking and Systems Administration at the Rochester Institute of Technology (R.I.T.) David completed his undergraduate degree in Applied Networking and Systems Administration with a minor in Criminal Justice, also at R.I.T. David is coauthor on two papers on networking and networking security published in peer-reviewed journals.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.