Abstract :
Access to Internet services is granted based on application-layer user identities, which also offer accountability. The revered layered network model dictates a disparate network-layer identity scheme for systems. We challenge this religious layered model adherence by demonstrating the practical benefits derived from a cross-layer identity scheme. Instead of a rigid identity, our malleable identity (MI) scheme empowers a traffic originator to fine-tune, on a per-case basis if necessary, her 3rd-party issued identity attributes embedded in an identity voucher (IV). When tagged to traffic, IVs benefit users, the Internet and services. A user can (a) control her traffic identifiability, ranging from anonymous, pseudonymous to personally-identifiable through attributes fine-tuning and (b) enjoy Internet-wide Single-Sign On (SSO) to network-layer Internet resources and application-layer services through IV persistence, without privacy loss naturally associated with SSO. The Internet and services can prioritize traffic, using IV attributes, as defense against Denial-of-Capability (DoC), Distributed Denial-of-Service (DDoS) and Border Gateway Protocol (BGP) prefix hijack/route forgery. MI is protocol/architecture agnostic, and backwards/forwards compatible.
Keywords :
Internet; authorisation; protocols; user interfaces; Internet services; application-layer user identities; border gateway protocol; cross-layer malleable identity; denial-of-capability; distributed denial-of-service; identity voucher; religious layered model adherence; single-sign on; Electronic mail; Internet; Portals; Protocols; Public key; Receivers;
