The doctoral dissertations of the former Helsinki University of Technology (TKK) and Aalto University Schools of Technology (CHEM, ELEC, ENG, SCI) published in electronic format are available in the electronic publications archive of Aalto University - Aaltodoc.

Securing the Internet with Digital Signatures

Dmitrij Lagutin

Doctoral dissertation for the degree of Doctor of Science in Technology to be presented with due permission of the Faculty of Information and Natural Sciences for public examination and debate in Auditorium T2 at the Aalto University School of Science and Technology (Espoo, Finland) on the 10th of December 2010 at 12 noon.

Dissertation in PDF format (ISBN 978-952-60-3465-2)   [2408 KB]
Dissertation is also available in print (ISBN 978-952-60-3464-5)


The security and reliability of the Internet are essential for many functions of a modern society. Currently, the Internet lacks efficient network level security solutions and is vulnerable to various attacks, especially to distributed denial-of-service attacks. Traditional end-to-end security solutions such as IPSec only protect the communication end-points and are not effective if the underlying network infrastructure is attacked and paralyzed.

This thesis describes and evaluates Packet Level Authentication (PLA), which is a novel method to secure the network infrastructure and provide availability with public key digital signatures. PLA allows any node in the network to verify independently the authenticity and integrity of every received packet, without previously established relationships with the sender or intermediate nodes that have handled the packet. As a result, various attacks against the network and its users can be more easily detected and mitigated, before they can cause significant damage or disturbance. PLA is compatible with the existing Internet infrastructure, and can be used with complementary end-to-end security solutions, such as IPSec and HIP. While PLA was originally designed for securing current IP networks, it is also suitable for securing future data-oriented networking approaches.

PLA has been designed to scale from lightweight wireless devices to Internet core network, which is a challenge since public key cryptography operations are very resource intensive. Nevertheless, this work shows that digital signature algorithms and their hardware implementations developed for PLA are scalable to fast core network routers. Furthermore, the additional energy consumption of cryptographic operations is significantly lower than the energy cost of wireless transmission, making PLA feasible for lightweight wireless devices. Digital signature algorithms used by PLA also offer small key and signature sizes and therefore PLA's bandwidth overhead is relatively low.

Strong security mechanisms offered by PLA can also be utilized for various other tasks. This work investigates how PLA can be utilized for controlling incoming connections, secure user authentication and billing, and for providing a strong accountability without an extensive data retention by network service providers.

Keywords: network security, future network technologies, denial-of-service attacks, Internet infrastructure, digital signature algorithms, elliptic curve cryptosystems

This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.

© 2010 Aalto University School of Science and Technology

Last update 2011-05-26