Abstract

Service overlay networks have attracted much attention and generated a great deal of research and discussion in recent years. At this time when the Internet is plagued by numerous inefficiencies and security holes, overlay networks have been lauded by many as revolutionary in the testing and deployment of more efficient applications or applying desirable and oft necessary features in the Internet. Some researchers have gone a step further and have proposed overlay networks as the core upon which future Internet models will be based. The attention devoted to overlay networks has resulted in a multitude of overlay architectures, models and applications being proposed. This has led to a very jumbled and disseminated field with little affinity between the different architectures and applications suggested. Additionally, most of the architectures proposed ignore the security of the architecture as a whole and inherit or exacerbate the security issues prevalent in the Internet. The objective of this dissertation is two fold: (1) Identify a generalized overlay architecture that can support or be easily modified to support most overlay applications. (2) Provide a comprehensive security framework for the generalized overlay architecture that can be plugged into any application the overlay supports.

To illustrate the utilization of the generalized architecture and the security framework to support it, two example applications are also discussed. The first application, an overlay for DoS-resistant communication, uses the generalized architecture with little modifications. It demonstrates that the inherent security of the generalized overlay model lends itself to simple additional techniques required for comprehensive protection. The second application is an overlay designed for mission-critical applications. This application requires a much more stringent set of requirements and hence modifications to the generalized architecture. However, the principles behind its design are similar and draws inspiration from the security framework for the generalized architecture.

A combination of theoretical analysis, experimental evaluations and simulations are used to analyze each component of the security framework and the applications discussed. In all cases the results demonstrate marked improvement in the desired metrics when compared to the state-of-art in overlay networks.