A security framework for service overlay networks: Access control

Service overlay networks (SONs) have recently been proposed to support various value-added services including multicast, resilient routing, QoS support, and DoS resistant communication in the Internet. Access control plays an important role for various SON applications yet most SON proposals do not consider access control or assume that it is a pre-existing service. The lack of a proper access control mechanism may introduce security or efficiency problems for various SON applications. In this paper, we present a scalable, distributed access control scheme with very low state information required to be maintained at the SON nodes. Using this service, a SON access node can decide if an end userpsilas traffic should be accepted into the SON overlay for processing and forwarding towards its intended destination. We present our scheme and evaluate it via a combination of formal verification, security analysis, and an experimental evaluation work on its practicality.