Jonghoon Kwon (ETH Zürich), Claude Hähni (ETH Zürich), Patrick Bamert (Zürcher Kantonalbank), Adrian Perrig (ETH Zürich)

A central element of designing IT security infrastructures is the logical segmentation of information assets into groups sharing the same security requirements and policies, called network zones. As more business ecosystems are migrated to the cloud, additional demands for cybersecurity emerge and make the network-zone operation and management for large corporate networks challenging. In this paper, we introduce the new concept of an inter-domain transit zone that securely bridges physically and logically non-adjacent zones in large-scale information systems, simplifying complex network-zone structures. With inter-zone translation points, we also ensure communication integrity and confidentiality while providing lightweight security-policy enforcement. A logically centralized network coordinator enables scalable and flexible network management. Our implementation demonstrates that the new architecture merely introduces a few microseconds of additional processing delay in transit.

View More Papers

When DNS Goes Dark: Understanding Privacy and Shaping Policy...

Vijay k. Gurbani and Cynthia Hood ( Illinois Institute of Technology), Anita Nikolich (University of Illinois), Henning Schulzrinne (Columbia University) and Radu State (University of Luxembourg)

Read More

Securing CAN Traffic on J1939 Networks

Jeremy Daily, David Nnaji, and Ben Ettlinger (Colorado State University)

Read More

LaKSA: A Probabilistic Proof-of-Stake Protocol

Daniel Reijsbergen (Singapore University of Technology and Design), Pawel Szalachowski (Singapore University of Technology and Design), Junming Ke (University of Tartu), Zengpeng Li (Singapore University of Technology and Design), Jianying Zhou (Singapore University of Technology and Design)

Read More