|
DataMuseum.dkPresents historical artifacts from the history of: DKUUG/EUUG Conference tapes |
This is an automatic "excavation" of a thematic subset of
See our Wiki for more about DKUUG/EUUG Conference tapes Excavated with: AutoArchaeologist - Free & Open Source Software. |
top - metrics - downloadIndex: T p
Length: 342273 (0x53901)
Types: TextFile
Names: »part1.ps«
└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
└─⟦d09ed6d6e⟧ »./papers/Routing_security/gene-thesis.tar.Z«
└─⟦ffa606ded⟧
└─⟦this⟧ »part1.ps«
%!PS-Adobe-2.0
%%Creator: dvips, version 5.4 (C) 1986-90 Radical Eye Software
%%Title: part1.dvi
%%Pages: 35 1
%%BoundingBox: 0 0 612 792
%%EndComments
%%BeginProcSet: tex.pro
/TeXDict 200 dict def TeXDict begin /N /def load def /B{bind def}N /S /exch
load def /X{S N}B /TR /translate load N /isls false N /vsize 10 N /@rigin{
isls{[0 1 -1 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
Resolution VResolution vsize neg mul TR}B /@letter{/vsize 10 N}B /@landscape{
/isls true N /vsize -1 N}B /@a4{/vsize 10.6929133858 N}B /@a3{/vsize 15.5531 N
}B /@ledger{/vsize 16 N}B /@legal{/vsize 13 N}B /@manualfeed{statusdict
/manualfeed true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0
]N /df{/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0
]N df-tail}B /df-tail{/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N
/FontBBox FBB N string /base X array /BitMaps X /BuildChar{CharBuilder}N
/Encoding IE N end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[
}B /E{pop nn dup definefont setfont}B /ch-image{ch-data dup type /stringtype
ne{ctr get /ctr ctr 1 add N}if}B /ch-width{ch-data dup length 5 sub get}B
/ch-height{ch-data dup length 4 sub get}B /ch-xoff{128 ch-data dup length 3
sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127 sub}B /ch-dx{ch-data
dup length 1 sub get}B /ctr 0 N /CharBuilder{save 3 1 roll S dup /base get 2
index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff ch-yoff
ch-height sub ch-xoff ch-width add ch-yoff setcachedevice ch-width ch-height
true[1 0 0 -1 -.1 ch-xoff sub ch-yoff .1 add]{ch-image}imagemask restore}B /D{
/cc X dup type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S
ctr S sf 1 ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr
ctr 1 add N}B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI
save N @rigin 0 0 moveto}B /eop{clear SI restore showpage userdict /eop-hook
known{eop-hook}if}B /@start{userdict /start-hook known{start-hook}if
/VResolution X /Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE S 1
string dup 0 3 index put cvn put}for}B /p /show load N /RMat[1 0 0 -1 0 0]N
/BDot 8 string N /v{/ruley X /rulex X V}B /V{gsave TR -.1 -.1 TR rulex ruley
scale 1 1 false RMat{BDot}imagemask grestore}B /a{moveto}B /delta 0 N /tail{
dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}B /d{
-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{4 M}B /l{p
-4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{p 1 w}B /r{p 2 w}B /s{p 3 w}B /t
{p 4 w}B /w{0 rmoveto}B /x{0 S rmoveto}B /y{3 2 roll p a}B /bos{/SS save N}B
/eos{clear SS restore}B end
%%EndProcSet
%%BeginProcSet: special.pro
TeXDict begin /SDict 200 dict N SDict begin /@SpecialDefaults{/hs 612 N /vs
792 N /ho 0 N /vo 0 N /hsc 1 N /vsc 1 N /ang 0 N /CLIP false N /BBcalc false N
/p 3 def}B /@scaleunit 100 N /@hscale{@scaleunit div /hsc X}B /@vscale{
@scaleunit div /vsc X}B /@hsize{/hs X /CLIP true N}B /@vsize{/vs X /CLIP true
N}B /@hoffset{/ho X}B /@voffset{/vo X}B /@angle{/ang X}B /@rwi{10 div /rwi X}
B /@llx{/llx X}B /@lly{/lly X}B /@urx{/urx X}B /@ury{/ury X /BBcalc true N}B
/magscale true def end /@MacSetUp{userdict /md known{userdict /md get type
/dicttype eq{md begin /letter{}N /note{}N /legal{}N /od{txpose 1 0 mtx
defaultmatrix dtransform S atan/pa X newpath clippath mark{transform{
itransform moveto}}{transform{itransform lineto}}{6 -2 roll transform 6 -2
roll transform 6 -2 roll transform{itransform 6 2 roll itransform 6 2 roll
itransform 6 2 roll curveto}}{{closepath}}pathforall newpath counttomark array
astore /gc xdf pop ct 39 0 put 10 fz 0 fs 2 F/|______Courier fnt invertflag{
PaintBlack}if}N /txpose{pxs pys scale ppr aload pop por{noflips{pop S neg S TR
pop 1 -1 scale}if xflip yflip and{pop S neg S TR 180 rotate 1 -1 scale ppr 3
get ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip
not and{pop S neg S TR pop 180 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if
yflip xflip not and{ppr 1 get neg ppr 0 get neg TR}if}{noflips{TR pop pop 270
rotate 1 -1 scale}if xflip yflip and{TR pop pop 90 rotate 1 -1 scale ppr 3 get
ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip not
and{TR pop pop 90 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if yflip xflip
not and{TR pop pop 270 rotate ppr 2 get ppr 0 get neg sub neg 0 S TR}if}
ifelse scaleby96{ppr aload pop 4 -1 roll add 2 div 3 1 roll add 2 div 2 copy
TR .96 dup scale neg S neg S TR}if}N /cp{pop pop showpage pm restore}N end}if}
if}N /normalscale{Resolution 72 div VResolution 72 div neg scale magscale{
DVImag dup scale}if}N /psfts{S 65536 div N}N /startTexFig{/psf$SavedState save
N userdict maxlength dict begin /magscale false def normalscale currentpoint
TR /psf$ury psfts /psf$urx psfts /psf$lly psfts /psf$llx psfts /psf$y psfts
/psf$x psfts currentpoint /psf$cy X /psf$cx X /psf$sx psf$x psf$urx psf$llx
sub div N /psf$sy psf$y psf$ury psf$lly sub div N psf$sx psf$sy scale psf$cx
psf$sx div psf$llx sub psf$cy psf$sy div psf$ury sub TR /showpage{}N
/erasepage{}N /copypage{}N @MacSetUp}N /doclip{psf$llx psf$lly psf$urx psf$ury
currentpoint 6 2 roll newpath 4 copy 4 2 roll moveto 6 -1 roll S lineto S
lineto S lineto closepath clip newpath moveto}N /endTexFig{end psf$SavedState
restore}N /@beginspecial{SDict begin /SpecialSave save N gsave normalscale
currentpoint TR @SpecialDefaults}B /@setspecial{CLIP{newpath 0 0 moveto hs 0
rlineto 0 vs rlineto hs neg 0 rlineto closepath clip}{initclip}ifelse ho vo TR
hsc vsc scale ang rotate BBcalc{rwi urx llx sub div dup scale llx neg lly neg
TR}if /showpage{}N /erasepage{}N /copypage{}N newpath}B /@endspecial{grestore
clear SpecialSave restore end}B /@defspecial{SDict begin}B /@fedspecial{end}B
/li{lineto}B /rl{rlineto}B /rc{rcurveto}B /np{/SaveX currentpoint /SaveY X N 1
setlinecap newpath}B /st{stroke SaveX SaveY moveto}B /fil{fill SaveX SaveY
moveto}B /ellipse{/endangle X /startangle X /yrad X /xrad X /savematrix matrix
currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc savematrix
setmatrix}B end
%%EndProcSet
TeXDict begin 1000 300 300 @start /Fa 4 116 df<FFFE003FFCFFFE003FFC0FE00007C0
07C000078007C000070007C000060007C0000C0007C0000C0007C000180007C000180007C00030
0007C000700007C000600007C000C00007E000C00003E001800003E001800003E003000003E006
000003E006000003E00C000003E00C000003E018000003E038000003E030000003E060000003F0
60000001F0C0000001F0C0000001F180000001F300000001F300000001F600000001F600000001
FC00000001FC00000001F800000001F000000001F000000001E000000000E000000000C0000000
262A73A82C>86 D<003E000000E1180001C0BC000380FC00070078000F0078001E0078001E0078
003E00F0007C00F0007C00F0007C00F000F801E000F801E000F801E000F801E000F003C000F003
C180F003C180F003C180F0078300700F8300700B82003833860018618C000F80F800191A79991F
>97 D<001C003E003E003C003800000000000000000000000000000000000007800CE0186030F0
30F060F060F061E0C1E001E003C003C00780078007800F000F000F0C1E0C1E0C1E183C181C301C
200C4007800F287BA712>105 D<003F0000E0C001C0600380600300E00701E00701E00700C007
800007E00007FC0007FE0003FF0001FF80001F800007800007803803807C03807C0380F8070070
0600600E00600C003830000FC000131A7B9918>115 D E /Fb 4 116 df<0FE0003838003C1C00
3C1E00181E00001E0000FE000F9E003C1E00781E00F01E00F01E00F01E00786FC01F87C0120F7F
8E14>97 D<07F01C1C383C783C7018F000F000F000F000F0007000780038061C0C07F80F0F7F8E
12>99 D<FCFC3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3CFFFF08177F960B>108
D<1FF060704030C030E000FF007FE03FF00FF80078C018C018E010F020CFC00D0F7F8E10>115
D E /Fc 5 112 df<0000030000000300000007000000070000000F0000000F0000001F000000
2F0000002F0000004F0000004F8000008780000087800001078000020780000207800004078000
0407800008078000080780001007800030078000200780007FFF80004007C0008007C0008003C0
010003C0030003C0020003C0040003C0040003C00C0003C03C0007C0FF003FFC1E237DA224>65
D<007E0001C1000301800703800E07801C07803C0000380000780000780000780000F00000F000
00F00000F00000F00100700100700200300C001830000FC00011157B9416>99
D<00003C0003F80000380000380000380000700000700000700000700000E00000E00000E00000
E00001C000F9C00185C00705C00E03800E03801C03803C0380380700780700780700780700F00E
00F00E00F00E00F00E10F01C20701C20703C20305C40308C400F078016237BA219>I<00F0000F
E00000E00000E00000E00001C00001C00001C00001C00003800003800003800003800007000007
1F0007218007C0C00F00E00F00E00E00E00E00E01C01C01C01C01C01C01C01C038038038038038
0380380704700708700E08700E10700610E006206003C016237DA219>104
D<007E0001C3000381800701C00E01C01C01E03C01E03801E07801E07801E07801E0F003C0F003
C0F00380F00780700700700E00700C0030180018700007C00013157B9419>111
D E /Fd 2 98 df<3FFFC03060C040604040C04080C04080C04000C00001800001800001800001
80000300000300000300000300000600007FE00012117E9012>84 D<072018E0306060606060C0
C0C0C0C0C841C862D03C700D0B7E8A11>97 D E /Fe 2 69 df<00001000000030000000700000
0070000000F8000000B80000013800000238000002380000043800000438000008380000103800
00103C0000201C0000201C00007FFC0000801C0000801C0001001C0003001C0002001C0004001E
0004000E001C001E00FF00FFC01A1A7F991D>65 D<01FFFC000038070000380380003801C00070
00E0007000E0007000E0007000F000E000F000E000F000E000F000E000F001C001E001C001E001
C001E001C001C0038003C0038003C0038003800380070007000E0007001E000700380007007000
0E01E000FFFF00001C1A7E9920>68 D E /Ff 4 104 df<03C00FF01FF83FFC7FFE7FFEFFFFFF
FFFFFFFFFF7FFE7FFE3FFC1FF80FF003C010107E9115>15 D<0000030000000003000000000180
000000018000000000C00000000060007FFFFFF000FFFFFFF8000000000E000000000700000000
01E0000000007800000001E0000000038000000006000000001C00FFFFFFF8007FFFFFF0000000
006000000000C000000001800000000180000000030000000003000025187E952A>41
D<003C00E001C00180038003800380038003800380038003800380038003800380038003000700
1C00F0001C00070003000380038003800380038003800380038003800380038003800380018001
C000E0003C0E297D9E15>102 D<F0001C00070003000380038003800380038003800380038003
800380038003800380018001C000E0003C00E001C0018003800380038003800380038003800380
03800380038003800380030007001C00F0000E297D9E15>I E /Fg 26 122
df<000180000180000380000380000780000780000B800013800013800023C00021C00041C000
C1C00081C00101C001FFC00201C00201C00401C00801C00801C01801C0FE0FF815177E961A>65
D<03FFF000E01800E00C00E00600E00701C00301C00301C00301C0030380070380070380070380
0707000E07000E07000C07001C0E00180E00300E00600E00C01C0380FFFC0018177E961B>68
D<03FFFE00E00E00E00400E00400E00401C00401C00401C10001C10003820003820003FE000386
000704000704080704080700100E00100E00300E00200E00601C01C0FFFFC017177E9618>I<00
3F0400E0880380580600380C00381C0010380010300010700010600000E00000E00000E00000C0
1FF8C001C0C001C0C001C0E00380E00380600380300780181B0007E10016177A961C>71
D<07FE00E000E000E000E001C001C001C001C0038003800380038007000700070007000E000E00
0E000E001C00FF800F177E960E>73 D<03FFE000E03800E01C00E00C00E00C01C01C01C01C01C0
1C01C0380380700380E003FF800380000700000700000700000700000E00000E00000E00000E00
001C0000FF800016177E9618>80 D<03FFE000E03800E01C00E01C00E01C01C01C01C01C01C01C
01C0380380700381C003FF000381800700C00700E00700E00700E00E01C00E01C00E01C20E01C2
1C00C4FF807817177E961A>82 D<007C400182800301800601800601800C01000C01000C00000E
00000FC00007F80003FC00007C00000E00000E00000600200600400C00400C00600800601000D8
600087C00012177D9614>I<072008E018E0306030C060C060C060C0C180C188C1884388659038
E00D0E7C8D12>97 D<03C00C6018E030E030006000600060004000C0004020604021801E000B0E
7C8D10>99 D<007C00180018001800180030003000300030076008E018E0306030C060C060C060
C0C180C188C1884388659038E00E177C9612>I<07001880304060404080FF00C000C000C00080
00C040C08043003C000A0E7B8D10>I<001C0036002E006C00600060006000C000C007FC00C000
C001C00180018001800180018003000300030003000300060006006600E400C80070000F1D8196
0B>I<01C8023806380C180C3018301830183030603060306010E019C00EC000C000C06180E180
C3007C000D147E8D10>I<030706000000000000384C4C4C8C18181830326262243808177D960B>
105 D<3E0C0C0C0C181818183030303060606060C0D0D0D0D06007177C9609>108
D<38787800448C8C0047050400460604008C0C0C000C0C0C000C0C0C000C0C0C00181818001818
188018183080181831003030130030301C00190E7D8D1D>I<387044984708460C8C180C180C18
0C18183018311861186230263038100E7D8D14>I<078018C0304060606060C060C060C06080C0
80C08180C10046003C000B0E7B8D12>I<1C702288230C230C460C060C060C060C0C180C180C10
0C301A601B8018001800300030003000FC000E147E8D12>I<38F04518463846308C000C000C00
0C001800180018001800300030000D0E7D8D0F>114 D<07800C4018E018E038001E001F8007C0
00C060C0E0C0C180C3003E000B0E7D8D0F>I<030003000600060006000600FF800C000C000C00
1800180018001800300031003100310032001C0009147D930C>I<1C0826184618461886300C30
0C300C30186018621862186208E407380F0E7D8D13>I<1C1026184618461886100C100C100C10
1820182018401840088007000D0E7D8D10>I<1C0826184618461886300C300C300C3018601860
1860186008C007C000C000807180730066003C000D147D8D11>121 D E
/Fh 68 123 df<001800001800003C00003C00004E00004E000087000087000103800303C00201
C00601E00400E00C00F008007010007810003820003C20001C40001E7FFFFEFFFFFFFFFFFF1817
7E961D>1 D<00FCF807839C0E079C1C07081C07001C07001C07001C07001C0700FFFFE01C0700
1C07001C07001C07001C07001C07001C07001C07001C07001C07001C07001C0700FF1FE0161780
9615>11 D<00FC000782000E07001C07001C02001C00001C00001C00001C0000FFFF001C07001C
07001C07001C07001C07001C07001C07001C07001C07001C07001C07001C0700FF1FE013178096
14>I<00FF000707000E07001C07001C07001C07001C07001C07001C0700FFFF001C07001C0700
1C07001C07001C07001C07001C07001C07001C07001C07001C07001C0700FFBFE01317809614>
I<00FC7E000703C1000E0783801C0703801C0701001C0700001C0700001C0700001C070000FFFF
FF801C0703801C0703801C0703801C0703801C0703801C0703801C0703801C0703801C0703801C
0703801C0703801C070380FF1FCFF01C1780961D>I<60F0F0F0F0F06060606060606060600000
000060F0F06004177D960A>33 D<60F0F070101020204040040A7D960A>39
D<0102040C1818303070606060E0E0E0E0E0E0E0E0E0E060606070303018180C04020108227D98
0E>I<8040203018180C0C0E060606070707070707070707070606060E0C0C1818302040800822
7E980E>I<60F0F070101020204040040A7D830A>44 D<FF80FF80090280870C>I<60F0F0600404
7D830A>I<0008001800300030003000600060006000C000C000C0018001800180030003000600
060006000C000C000C00180018001800300030003000600060006000C000C0000D217E9812>I<
07C018303018701C600C600CE00EE00EE00EE00EE00EE00EE00EE00EE00E600C600C701C30181C
7007C00F157F9412>I<03000700FF000700070007000700070007000700070007000700070007
00070007000700070007007FF00C157E9412>I<0F8030E040708030C038E03840380038007000
70006000C00180030006000C08080810183FF07FF0FFF00D157E9412>I<0FE030306018701C70
1C001C00180038006007E000300018000C000E000EE00EE00EC00C401830300FE00F157F9412>
I<00300030007000F001F001700270047008701870107020704070C070FFFE0070007000700070
007003FE0F157F9412>I<20303FE03FC0240020002000200020002F8030E02070003000380038
4038E038E0388030406020C01F000D157E9412>I<01F00608080C181C301C70006000E000E3E0
EC30F018F00CE00EE00EE00E600E600E300C3018183007C00F157F9412>I<40007FFE7FFC7FF8
C008801080200040008000800100010003000200060006000E000E000E000E000E0004000F167E
9512>I<07C0183030186018E00CE00CE00EE00EE00E601E301E186E0F8E000E000C001C701870
18603020C01F800F157F9412>57 D<001000003800003800003800005C00005C00005C00008E00
008E00008E0001070001070003078002038002038007FFC00401C00401C00800E00800E01800E0
3800F0FE03FE17177F961A>65 D<FFFE001C03801C00E01C00601C00701C00701C00701C00701C
00E01C01C01FFF801FFFC01C00E01C00701C00301C00381C00381C00381C00381C00701C00E01C
01C0FFFF0015177F9619>I<00FC100383300E00B01C0070380030300030700010600010E00010
E00000E00000E00000E00000E00000E000106000107000103000203800201C00400E0080038300
00FC0014177E9619>I<FFFF001C01C01C00E01C00301C00381C00181C001C1C000C1C000E1C00
0E1C000E1C000E1C000E1C000E1C000E1C000C1C001C1C001C1C00381C00301C00601C01C0FFFF
0017177F961B>I<FFFFE01C00E01C00601C00201C00101C00101C00101C04001C04001C04001C
0C001FFC001C0C001C04001C04081C04081C00081C00181C00101C00101C00301C00F0FFFFF015
177F9618>I<FFFFE01C00E01C00601C00201C00101C00101C00101C04001C04001C04001C0C00
1FFC001C0C001C04001C04001C04001C00001C00001C00001C00001C00001C0000FFC00014177F
9617>I<007E080381980600580C0038180018300018700008700008E00008E00000E00000E000
00E00000E003FEE000387000387000383000381800380C00380600380380D8007F0817177E961C
>I<FF83FE1C00701C00701C00701C00701C00701C00701C00701C00701C00701C00701FFFF01C
00701C00701C00701C00701C00701C00701C00701C00701C00701C0070FF83FE17177F961A>I<
FFE00E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E
000E000E00FFE00B177F960D>I<FE0003F81E0003C0170005C0170005C0170005C0138009C013
8009C011C011C011C011C011C011C010E021C010E021C0107041C0107041C0107041C0103881C0
103881C0101D01C0101D01C0100E01C0100E01C0380E01C0FE040FF81D177F9620>77
D<FC00FE1E00381F001017001013801011C01011C01010E010107010103810103810101C10100E
10100F101007101003901001D01001D01000F0100070100030380030FE001017177F961A>I<00
FC000303000E01C01C00E0380070300030700038600018E0001CE0001CE0001CE0001CE0001CE0
001CE0001C7000387000383000303800701C00E00E01C003030000FC0016177E961B>I<FFFE00
1C03801C00C01C00601C00701C00701C00701C00701C00601C00C01C03801FFE001C00001C0000
1C00001C00001C00001C00001C00001C00001C00001C0000FF800014177F9618>I<FFFC001C03
801C00C01C00E01C00701C00701C00701C00701C00E01C00C01C03801FFE001C07801C01C01C00
E01C00E01C00E01C00E01C00E01C00E11C00E11C0072FF803C18177F961A>82
D<0FC4302C601C400CC004C004C004E00070007F003FE00FF801FC001C000E0006800680068006
C004E008D81087E00F177E9614>I<7FFFF8603818403808403808803804803804803804003800
003800003800003800003800003800003800003800003800003800003800003800003800003800
00380007FFC016177F9619>I<FF80FE1C00381C00101C00101C00101C00101C00101C00101C00
101C00101C00101C00101C00101C00101C00101C00101C00101C00100E00200600200300400181
80007E0017177F961A>I<FF07FC3F803C01E00E001C00E004001C00E004001C017004000E0170
08000E017008000E023808000702381000070238100007041C100003841C200003841C20000388
0E200001C80E400001C80E400001D80F400000F007800000F007800000F0078000006003000000
60030000006003000021177F9624>87 D<FCFCC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0FCFC06217D980A>91 D<FCFC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C
0C0C0C0C0C0C0C0C0C0C0CFCFC062180980A>93 D<1FC0386038301038003803F81E3830387038
E039E039E07970FF1F1E100E7F8D12>97 D<FC00001C00001C00001C00001C00001C00001C0000
1C00001C00001CF8001F06001C03001C03801C01801C01C01C01C01C01C01C01C01C01801C0380
1C03001B0E0010F8001217809614>I<07F01838303870106000E000E000E000E0006000700830
08183007C00D0E7F8D10>I<007E00000E00000E00000E00000E00000E00000E00000E00000E00
07CE001C3E00300E00700E00600E00E00E00E00E00E00E00E00E00600E00700E00301E00182E00
07CFC012177F9614>I<0FC0186030307038E018FFF8E000E000E000600070083010183007C00D
0E7F8D10>I<03E006700E701C201C001C001C001C001C00FF801C001C001C001C001C001C001C
001C001C001C001C001C00FF800C1780960B>I<0F9E18E33060707070707070306018C02F8020
0060003FE03FF83FFC600EC006C006C006600C38380FE010157F8D12>I<FC00001C00001C0000
1C00001C00001C00001C00001C00001C00001C7C001D8E001E07001C07001C07001C07001C0700
1C07001C07001C07001C07001C07001C0700FF9FE01317809614>I<183C3C1800000000007C1C
1C1C1C1C1C1C1C1C1C1C1CFF081780960A>I<0300078007800300000000000000000000001F80
0380038003800380038003800380038003800380038003800380038003804380E300E7007C0009
1D82960B>I<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C3F801C1C00
1C18001C20001C40001CC0001FE0001CF0001C70001C78001C3C001C1E001C1E00FF3FC0121780
9613>I<FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C
001C001C001C001C00FF80091780960A>I<FC7C1F001D8E63801E0781C01C0701C01C0701C01C
0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C0FF9FE7F81D0E808D
1E>I<FC7C001D8E001E07001C07001C07001C07001C07001C07001C07001C07001C07001C0700
1C0700FF9FE0130E808D14>I<07C018303018600C600CE00EE00EE00EE00EE00E701C30181830
07C00F0E7F8D12>I<FCF8001F0E001C03001C03801C01801C01C01C01C01C01C01C01C01C0180
1C03801C07001F0E001CF8001C00001C00001C00001C00001C0000FF80001214808D14>I<07C2
001C2600381E00700E00600E00E00E00E00E00E00E00E00E00600E00700E00301E001C2E0007CE
00000E00000E00000E00000E00000E00007FC012147F8D13>I<FCF01D381E381C101C001C001C
001C001C001C001C001C001C00FF800D0E808D0E>I<1F4060C0C040C040E000FF007F801FC001
E080608060C060E0C09F000B0E7F8D0E>I<080008000800180018003800FF8038003800380038
0038003800380038403840384038401C800F000A147F930E>I<FC3F001C07001C07001C07001C
07001C07001C07001C07001C07001C07001C07001C0F000E170003E7E0130E808D14>I<FE1F3C
0E3C0C1C081C080E100E100720072003C003C003C001800180100E7F8D13>I<FCFE7C38383838
38101C3C201C3C201C4C200E4E400E4E400E8640078780078780070380030300030300160E7F8D
19>I<FE3F3C181C100E20074007C0038001C002E004F008701838383CFC7F100E7F8D13>I<FE1F
3C0E3C0C1C081C080E100E100720072003C003C003C00180018001000100E200E200A400780010
147F8D13>I<FFF0C0E080E081C08380878007000E001E081C08381870107030FFF00D0E7F8D10>
I E /Fi 10 58 df<1F00318060C04040C060C060C060C060C060C060C060C060404060C03180
1F000B107F8F0F>48 D<0C003C00CC000C000C000C000C000C000C000C000C000C000C000C000C
00FF8009107E8F0F>I<1F00618040C08060C0600060006000C00180030006000C00102020207F
C0FFC00B107F8F0F>I<1F00218060C060C000C0008001800F00008000400060C060C060804060
801F000B107F8F0F>I<0300030007000F000B001300330023004300C300FFE003000300030003
001FE00B107F8F0F>I<20803F002C002000200020002F0030802040006000600060C06080C061
801F000B107F8F0F>I<0780184030C060C06000C000CF00F080E040C060C060C060406060C030
801F000B107F8F0F>I<40007FE07FC08080808001000200040004000C00080008001800180018
00180018000B117E900F>I<1F00208040404040404070803F000F00338061C0C060C060C06040
4060801F000B107F8F0F>I<1F00318060C0C040C060C060C06040E021E01E600060004060C060
8043003E000B107F8F0F>I E /Fj 10 58 df<0F0030C0606060604020C030C030C030C030C030
C030C030C030C03040206060606030C00F000C137E9211>48 D<0C001C00EC000C000C000C000C
000C000C000C000C000C000C000C000C000C000C000C00FFC00A137D9211>I<1F0060C06060F0
70F030603000700070006000C001C00180020004000810101020207FE0FFE00C137E9211>I<0F
C030707038703870380038003000E00FC0007000380018001C601CF01CF018E03860701FC00E13
7F9211>I<006000E000E00160026006600C600860106020606060C060FFFC0060006000600060
006003FC0E137F9211>I<60607FC07F8044004000400040004F0070C040E0006000700070E070
E070E06040E021C01F000C137E9211>I<07C00C201070207060006000C000CF00D0C0E060C020
C030C030C03040306020206010C00F000C137E9211>I<40007FFC7FF840108010802000400080
0100010003000200060006000E000E000E000E000E0004000E147E9311>I<0FC0003000084008
600870083C103F600F800FE031F06078C01CC00CC00CC00C601830300FC00E137F9211>I<0F00
308060404060C020C030C030C0304030607030B00F30003000200060E040E08041003E000C137E
9211>I E /Fk 46 123 df<000FF000007FFC0001F80E0003E01F0007C03F000F803F000F803F
000F801E000F800C000F8000000F8000000F8000000F800000FFFFFF00FFFFFF000F801F000F80
1F000F801F000F801F000F801F000F801F000F801F000F801F000F801F000F801F000F801F000F
801F000F801F000F801F000F801F000F801F000F801F000F801F007FF0FFE07FF0FFE01B237FA2
1F>12 D<FFFCFFFCFFFCFFFC0E047F8C13>45 D<387CFEFEFE7C3807077C8610>I<0018000078
0001F800FFF800FFF80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F8
0001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F8
0001F80001F8007FFFE07FFFE013207C9F1C>49 D<03FC000FFF003C1FC07007E07C07F0FE03F0
FE03F8FE03F8FE01F87C01F83803F80003F80003F00003F00007E00007C0000F80001F00003E00
00380000700000E01801C0180380180700180E00380FFFF01FFFF03FFFF07FFFF0FFFFF0FFFFF0
15207D9F1C>I<00FE0007FFC00F07E01E03F03F03F03F81F83F81F83F81F81F03F81F03F00003
F00003E00007C0001F8001FE0001FF000007C00001F00001F80000FC0000FC3C00FE7E00FEFF00
FEFF00FEFF00FEFF00FC7E01FC7801F81E07F00FFFC001FE0017207E9F1C>I<0000E00001E000
03E00003E00007E0000FE0001FE0001FE00037E00077E000E7E001C7E00187E00307E00707E00E
07E00C07E01807E03807E07007E0E007E0FFFFFEFFFFFE0007E00007E00007E00007E00007E000
07E00007E000FFFE00FFFE17207E9F1C>I<1000201E01E01FFFC01FFF801FFF001FFE001FF800
1BC00018000018000018000018000019FC001FFF001E0FC01807E01803E00003F00003F00003F8
0003F83803F87C03F8FE03F8FE03F8FC03F0FC03F07007E03007C01C1F800FFF0003F80015207D
9F1C>I<001F8000FFE003F07007C0F00F01F81F01F83E01F83E01F87E00F07C00007C0000FC08
00FC7FC0FCFFE0FD80F0FF00F8FE007CFE007CFC007EFC007EFC007EFC007E7C007E7C007E7C00
7E3C007C3E007C1E00F80F00F00783E003FFC000FF0017207E9F1C>I<00007000000000700000
0000F800000000F800000000F800000001FC00000001FC00000003FE00000003FE00000003FE00
000006FF000000067F0000000E7F8000000C3F8000000C3F800000183FC00000181FC00000381F
E00000300FE00000300FE00000600FF000006007F00000E007F80000FFFFF80000FFFFF8000180
01FC00018001FC00038001FE00030000FE00030000FE000600007F000600007F00FFE00FFFF8FF
E00FFFF825227EA12A>65 D<FFFFFF8000FFFFFFE00007F001F80007F000FC0007F0007E0007F0
007E0007F0007F0007F0007F0007F0007F0007F0007F0007F0007F0007F0007E0007F000FE0007
F000FC0007F003F80007FFFFF00007FFFFF00007F001FC0007F0007E0007F0003F0007F0003F80
07F0001F8007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0003F
8007F0003F8007F0007F0007F001FE00FFFFFFF800FFFFFFC00022227EA128>I<0003FE008000
1FFF818000FF01E38001F8003F8003E0001F8007C0000F800F800007801F800007803F00000380
3F000003807F000001807E000001807E00000180FE00000000FE00000000FE00000000FE000000
00FE00000000FE00000000FE00000000FE000000007E000000007E000001807F000001803F0000
01803F000003801F800003000F8000030007C000060003F0000C0001F800380000FF00F000001F
FFC0000003FE000021227DA128>I<FFFFFF8000FFFFFFF00007F003FC0007F0007E0007F0003F
0007F0001F8007F0000FC007F00007E007F00007E007F00007F007F00003F007F00003F007F000
03F007F00003F807F00003F807F00003F807F00003F807F00003F807F00003F807F00003F807F0
0003F807F00003F807F00003F007F00003F007F00003F007F00007E007F00007E007F0000FC007
F0001F8007F0003F0007F0007E0007F003FC00FFFFFFF000FFFFFF800025227EA12B>I<FFFFFF
FCFFFFFFFC07F000FC07F0003C07F0001C07F0000C07F0000E07F0000E07F0000607F0180607F0
180607F0180607F0180007F0380007F0780007FFF80007FFF80007F0780007F0380007F0180007
F0180007F0180307F0180307F0000307F0000607F0000607F0000607F0000E07F0000E07F0001E
07F0003E07F001FCFFFFFFFCFFFFFFFC20227EA125>I<0003FE0040001FFFC0C0007F00F1C001
F8003FC003F0000FC007C00007C00FC00003C01F800003C03F000001C03F000001C07F000000C0
7E000000C07E000000C0FE00000000FE00000000FE00000000FE00000000FE00000000FE000000
00FE00000000FE000FFFFC7E000FFFFC7F00001FC07F00001FC03F00001FC03F00001FC01F8000
1FC00FC0001FC007E0001FC003F0001FC001FC003FC0007F80E7C0001FFFC3C00003FF00C02622
7DA12C>71 D<FFFFE0FFFFE003F80003F80003F80003F80003F80003F80003F80003F80003F800
03F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F800
03F80003F80003F80003F80003F80003F80003F80003F800FFFFE0FFFFE013227FA115>73
D<FFFFE000FFFFE00007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0
000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007
F0000007F0000007F0001807F0001807F0001807F0001807F0003807F0003807F0007007F00070
07F000F007F001F007F007F0FFFFFFF0FFFFFFF01D227EA122>76 D<FFF000000FFFFFF800001F
FF07F800001FE006FC000037E006FC000037E006FC000037E0067E000067E0067E000067E0063F
0000C7E0063F0000C7E0061F800187E0061F800187E0060FC00307E0060FC00307E0060FC00307
E00607E00607E00607E00607E00603F00C07E00603F00C07E00601F81807E00601F81807E00601
F81807E00600FC3007E00600FC3007E006007E6007E006007E6007E006003FC007E006003FC007
E006001F8007E006001F8007E006001F8007E006000F0007E0FFF00F00FFFFFFF00600FFFF3022
7EA135>I<FFF8001FFEFFFC001FFE07FC0000C007FE0000C006FF0000C0067F8000C0063FC000
C0061FE000C0060FE000C0060FF000C00607F800C00603FC00C00601FE00C00600FE00C00600FF
00C006007F80C006003FC0C006001FE0C006000FF0C0060007F0C0060007F8C0060003FCC00600
01FEC0060000FFC00600007FC00600007FC00600003FC00600001FC00600000FC006000007C006
000003C006000003C0FFF00001C0FFF00000C027227EA12C>I<0007FC0000003FFF800000FC07
E00003F001F80007E000FC000FC0007E001F80003F001F80003F003F00001F803F00001F807F00
001FC07E00000FC07E00000FC0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE
00000FE0FE00000FE0FE00000FE0FE00000FE07E00000FC07F00001FC07F00001FC03F00001F80
3F80003F801F80003F000FC0007E0007E000FC0003F001F80000FC07E000003FFF80000007FC00
0023227DA12A>I<FFFFFF00FFFFFFE007F007F007F001FC07F000FC07F0007E07F0007E07F000
7F07F0007F07F0007F07F0007F07F0007F07F0007E07F0007E07F000FC07F001FC07F007F007FF
FFE007FFFF0007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007
F0000007F0000007F0000007F0000007F00000FFFF8000FFFF800020227EA126>I<FFFFFE0000
FFFFFFC00007F007F00007F001F80007F000FC0007F0007E0007F0007F0007F0007F0007F0007F
0007F0007F0007F0007F0007F0007F0007F0007E0007F000FC0007F001F80007F007F00007FFFF
C00007FFFF800007F00FE00007F007F00007F003F80007F001FC0007F001FC0007F001FC0007F0
01FC0007F001FC0007F001FC0007F001FC0007F001FC0007F001FC0607F000FE0607F000FF0CFF
FF803FF8FFFF800FF027227EA12A>82 D<01FC0407FF8C1F03FC3C007C7C003C78001C78001CF8
000CF8000CFC000CFC0000FF0000FFE0007FFF007FFFC03FFFF01FFFF80FFFFC03FFFE003FFE00
03FF00007F00003F00003FC0001FC0001FC0001FE0001EE0001EF0003CFC003CFF00F8C7FFE080
FF8018227DA11F>I<7FFFFFFF807FFFFFFF807E03F80F807803F807807003F803806003F80180
E003F801C0E003F801C0C003F800C0C003F800C0C003F800C0C003F800C00003F800000003F800
000003F800000003F800000003F800000003F800000003F800000003F800000003F800000003F8
00000003F800000003F800000003F800000003F800000003F800000003F800000003F800000003
F800000003F800000003F8000003FFFFF80003FFFFF80022227EA127>I<07FC001FFF803F07C0
3F03E03F01E03F01F01E01F00001F00001F0003FF003FDF01FC1F03F01F07E01F0FC01F0FC01F0
FC01F0FC01F07E02F07E0CF81FF87F07E03F18167E951B>97 D<00FF8007FFE00F83F01F03F03E
03F07E03F07C01E07C0000FC0000FC0000FC0000FC0000FC0000FC00007C00007E00007E00003E
00301F00600FC0E007FF8000FE0014167E9519>99 D<0001FE000001FE0000003E0000003E0000
003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0001FC3E00
07FFBE000F81FE001F007E003E003E007E003E007C003E00FC003E00FC003E00FC003E00FC003E
00FC003E00FC003E00FC003E00FC003E007C003E007C003E003E007E001E00FE000F83BE0007FF
3FC001FC3FC01A237EA21F>I<00FE0007FF800F87C01E01E03E01F07C00F07C00F8FC00F8FC00
F8FFFFF8FFFFF8FC0000FC0000FC00007C00007C00007E00003E00181F00300FC07003FFC000FF
0015167E951A>I<003F8000FFC001E3E003C7E007C7E00F87E00F83C00F80000F80000F80000F
80000F80000F8000FFFC00FFFC000F80000F80000F80000F80000F80000F80000F80000F80000F
80000F80000F80000F80000F80000F80000F80000F80000F80000F80007FF8007FF80013237FA2
11>I<03FC1E0FFF7F1F0F8F3E07CF3C03C07C03E07C03E07C03E07C03E07C03E03C03C03E07C0
1F0F801FFF0013FC003000003000003800003FFF801FFFF00FFFF81FFFFC3800FC70003EF0001E
F0001EF0001EF0001E78003C7C007C3F01F80FFFE001FF0018217E951C>I<FF000000FF000000
1F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000
001F0000001F07E0001F1FF8001F307C001F403C001F803E001F803E001F003E001F003E001F00
3E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F
003E001F003E00FFE1FFC0FFE1FFC01A237EA21F>I<1C003F007F007F007F003F001C00000000
0000000000000000000000FF00FF001F001F001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F00FFE0FFE00B247EA310>I<FF000000FF0000001F0000001F000000
1F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F00FF
801F00FF801F0038001F0060001F01C0001F0380001F0700001F0E00001F1C00001F7E00001FFF
00001FCF00001F0F80001F07C0001F03E0001F01E0001F01F0001F00F8001F007C001F003C00FF
E0FFC0FFE0FFC01A237EA21E>107 D<FF00FF001F001F001F001F001F001F001F001F001F001F
001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00
1F001F00FFE0FFE00B237EA210>I<FF07F007F000FF1FFC1FFC001F303E303E001F403E403E00
1F801F801F001F801F801F001F001F001F001F001F001F001F001F001F001F001F001F001F001F
001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F001F001F001F00FFE0FFE0FFE0FFE0FFE0FFE02B167E952F>I<FF07
E000FF1FF8001F307C001F403C001F803E001F803E001F003E001F003E001F003E001F003E001F
003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E00
FFE1FFC0FFE1FFC01A167E951F>I<00FE0007FFC00F83E01E00F03E00F87C007C7C007C7C007C
FC007EFC007EFC007EFC007EFC007EFC007EFC007E7C007C7C007C3E00F81F01F00F83E007FFC0
00FE0017167E951C>I<FF0FE000FF3FF8001FF07C001F803E001F001F001F001F801F001F801F
000FC01F000FC01F000FC01F000FC01F000FC01F000FC01F000FC01F000FC01F001F801F001F80
1F803F001FC03E001FE0FC001F3FF8001F0FC0001F0000001F0000001F0000001F0000001F0000
001F0000001F0000001F000000FFE00000FFE000001A207E951F>I<FE1F00FE3FC01E67E01EC7
E01E87E01E87E01F83C01F00001F00001F00001F00001F00001F00001F00001F00001F00001F00
001F00001F00001F0000FFF000FFF00013167E9517>114 D<0FF3003FFF00781F00600700E003
00E00300F00300FC00007FE0007FF8003FFE000FFF0001FF00000F80C00780C00380E00380E003
80F00700FC0E00EFFC00C7F00011167E9516>I<01800001800001800001800003800003800007
80000780000F80003F8000FFFF00FFFF000F80000F80000F80000F80000F80000F80000F80000F
80000F80000F80000F80000F81800F81800F81800F81800F81800F830007C30003FE0000F80011
207F9F16>I<FF01FE00FF01FE001F003E001F003E001F003E001F003E001F003E001F003E001F
003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F007E00
1F00FE000F81BE0007FF3FC001FC3FC01A167E951F>I<FFE01FE0FFE01FE00F8006000F800600
0FC00E0007C00C0007E01C0003E0180003E0180001F0300001F0300000F8600000F86000007CC0
00007CC000007FC000003F8000003F8000001F0000001F0000000E0000000E00001B167F951E>
I<FFE7FF07F8FFE7FF07F81F007800C00F807801800F807C01800F807C018007C07E030007C0DE
030007E0DE070003E0DF060003E18F060001F18F0C0001F38F8C0001FB079C0000FB07D80000FE
03D800007E03F000007E03F000007C01F000003C01E000003800E000001800C00025167F9528>
I<FFE01FE0FFE01FE00F8006000F8006000FC00E0007C00C0007E01C0003E0180003E0180001F0
300001F0300000F8600000F86000007CC000007CC000007FC000003F8000003F8000001F000000
1F0000000E0000000E0000000C0000000C00000018000078180000FC380000FC300000FC600000
69C000007F8000001F0000001B207F951E>121 D<7FFFF07FFFF07C03E07007C0600FC0E01F80
C01F00C03E00C07E0000FC0000F80001F00003F03007E03007C0300F80701F80703F00603E00E0
7C03E0FFFFE0FFFFE014167E9519>I E /Fl 12 117 df<000100000300000700000780000B80
001B800013800023800023800043800083800083C00101C003FFC00201C00401C00401C00801C0
1801E0FE07F815147F9319>65 D<07FFE000E03801C01801C01C01C01C01C01C03803803807003
80E003FFC00700E00700700700300700380E00700E00700E00E00E00E01C0380FFFE0016147F93
19>I<003F0800C0980300700600300C0030180030380020700000700000700000E00000E00000
E00000E000406000806000803001003002000C1C0007E00015147E9318>I<00F8800305800603
000401000C01000C01000C00000E00000FE00007F80001FC00001C00000E00000E00400C00400C
00400800601800D020008FC00011147E9314>83 D<1FFFF8381C18203818203808403808403810
80701000700000700000700000E00000E00000E00000E00001C00001C00001C00001C000038000
3FF8001514809314>I<07B00C7010703060606060606060C0C0C0C8C0C841C862D03C700D0D7E
8C12>97 D<7C000C00180018001800180030003700388030C060C060C060C060C0C180C180C100
4300660038000A147E930F>I<07800C4010E031C0600060006000C000C0004020404021801E00
0B0D7E8C0F>I<007C000C0018001800180018003007B00C7010703060606060606060C0C0C0C8
C0C841C862D03C700E147E9311>I<31E05A704C709C6098001800180030003000300030006000
60000C0D7F8C0F>114 D<0700188019C0318038001E000F0003804180E180C10082007C000A0D
7E8C10>I<02000600060006000C00FF800C000C00180018001800180030003100310032003200
1C0009127F910D>I E /Fm 30 118 df<60F0F06004047C830C>58 D<60F0F070101010102020
4080040C7C830C>I<00000C0000000C0000001C0000001C0000003C0000007C0000005C000000
9C0000008E0000010E0000010E0000020E0000040E0000040E0000080E0000080E0000100E0000
200E00003FFE000040070000400700008007000100070001000700020007000200070006000700
1E000700FF807FF01C1D7F9C1F>65 D<0001F808000E061800380138006000F001C00070038000
70070000300F0000200E0000201C0000203C0000203C000000780000007800000078000000F000
0000F0000000F0000000F0000000F0000100F0000100F000010070000200700002003000040038
0008001C0010000E0060000701800000FE00001D1E7E9C1E>67 D<01FFFF80003C01E000380070
003800380038001C0038001C0070001C0070001E0070001E0070001E00E0001E00E0001E00E000
1E00E0001E01C0003C01C0003C01C0003C01C000380380007803800070038000F0038000E00700
01C0070003800700070007001C000E007800FFFFC0001F1C7E9B22>I<01FFFFF8003C00780038
00180038001000380010003800100070001000700010007010100070100000E0200000E0200000
E0600000FFE00001C0400001C0400001C0400001C0400003808040038000400380008003800080
070001000700010007000300070006000E003E00FFFFFC001D1C7E9B1F>I<01FFC3FF80003C00
78000038007000003800700000380070000038007000007000E000007000E000007000E0000070
00E00000E001C00000E001C00000E001C00000FFFFC00001C003800001C003800001C003800001
C0038000038007000003800700000380070000038007000007000E000007000E000007000E0000
07000E00000F001E0000FFE1FFC000211C7E9B23>72 D<01FFC07F80003C001E00003800180000
3800200000380040000038008000007002000000700400000070080000007010000000E0400000
00E0C0000000E1E0000000E2E0000001C470000001D070000001E038000001C038000003803800
0003801C000003801C000003800E000007000E000007000E0000070007000007000700000F0007
8000FFE03FF000211C7E9B23>75 D<01FFE0003C00003800003800003800003800007000007000
00700000700000E00000E00000E00000E00001C00001C00001C00001C000038002038002038002
03800407000407000C0700180700380E00F0FFFFF0171C7E9B1C>I<01FC00FF80001C001C0000
2E001800002E001000002E00100000270010000047002000004300200000438020000043802000
0081C040000081C040000081C040000080E040000100E080000100708000010070800001007080
0002003900000200390000020039000002001D000004001E000004000E000004000E00000C000E
00001C00040000FF80040000211C7E9B21>78 D<0003F800000E0E000038038000E001C001C001
C0038000E0070000E00F0000F01E0000F01C0000F03C0000F03C0000F0780000F0780000F07800
00F0F00001E0F00001E0F00001E0F00003C0F00003C0F0000780F0000780F0000F0070000E0070
001C00380038003C0070001C01C0000707800001FC00001C1E7E9C20>I<01FFFF00003C03C000
3800E0003800F00038007000380070007000F0007000F0007000F0007000E000E001E000E003C0
00E0078000E01E0001FFF00001C0000001C0000001C00000038000000380000003800000038000
00070000000700000007000000070000000F000000FFE000001C1C7E9B1B>I<01FFFE00003C03
C0003800E0003800F00038007000380070007000F0007000F0007000F0007001E000E001C000E0
078000E01E0000FFF00001C0300001C0180001C01C0001C01C0003801C0003801C0003801C0003
801C0007003C0007003C0807003C0807003C100F001E10FFE00E20000007C01D1D7E9B20>82
D<000FC100303300400F00800601800603000603000606000406000407000007000007800003F0
0001FF0000FFC0003FE00003E00000F00000700000300000302000302000306000606000606000
C0600080F00300CC060083F800181E7E9C19>I<1FFFFFF01C0380703007003020070020600700
2040070020400E0020800E0020800E0020000E0000001C0000001C0000001C0000001C00000038
00000038000000380000003800000070000000700000007000000070000000E0000000E0000000
E0000000E0000001E000007FFF00001C1C7F9B18>I<01E3000717000C0F00180F00380E00300E
00700E00700E00E01C00E01C00E01C00E01C00E03880E03880E038806078803199001E0E001112
7E9116>97 D<3F00070007000E000E000E000E001C001C001C001C0039E03A303C183818701870
1C701C701CE038E038E038E030E070E060E0C061C023001E000E1D7E9C12>I<01F0030C0E0C1C
1E383C301870007000E000E000E000E000E000E0046008601030601F800F127E9112>I<0007E0
0000E00000E00001C00001C00001C00001C000038000038000038000038001E7000717000C0F00
180F00380E00300E00700E00700E00E01C00E01C00E01C00E01C00E03880E03880E03880607880
3199001E0E00131D7E9C16>I<01F007080C0818043808300870307FC0E000E000E000E000E000
E0046008601030600F800E127E9113>I<007180018B800307800607800E07000C07001C07001C
0700380E00380E00380E00380E00381C00381C00381C00183C0008F80007380000380000380000
7000607000F06000F0E000E180007E0000111A7F9114>103 D<01C003C003C001800000000000
000000000000001C00270047004700870087000E000E001C001C001C0038003880388070807100
32001C000A1C7E9B0E>105 D<0FC00001C00001C0000380000380000380000380000700000700
000700000700000E07000E18800E21C00E23C01C47801C83001D00001E00003F800039C00038E0
0038E00070E10070E10070E10070E200E06200603C00121D7E9C16>107
D<1F800380038007000700070007000E000E000E000E001C001C001C001C003800380038003800
7000700070007000E400E400E400E40064003800091D7E9C0C>I<381F004E61804681C04701C0
8F01C08E01C00E01C00E01C01C03801C03801C03801C0700380710380710380E10380E20700640
30038014127E9119>110 D<00F800030C000E06001C0300180300300300700380700380E00700
E00700E00700E00E00E00E00E01C0060180060300030E0000F800011127E9114>I<383C4E4246
87470F8E1E8E0C0E000E001C001C001C001C0038003800380038007000300010127E9113>114
D<01F0060C04040C0E180C1C001F000FE00FF003F80038201C7018F018F010803060601F800F12
7E9113>I<00C001C001C001C00380038003800380FFF00700070007000E000E000E000E001C00
1C001C001C00382038203840384018800F000C1A80990F>I<1C00C02701C04701C04701C08703
808703800E03800E03801C07001C07001C07001C0700180E20180E20180E201C1E200C264007C3
8013127E9118>I E /Fn 56 122 df<003FC1FE0001F03F818003C03E01C007C07E03E00F807C
03E00F807C03E00F807C01C00F807C00000F807C00000F807C00000F807C0000FFFFFFFFE0FFFF
FFFFE00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F
807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E07FE1FF0FFC
7FE1FF0FFC261D809C28>14 D<0020004001800380030006000E001C001C003C00380038007800
78007800F800F000F000F000F000F000F000F000F000F000F800780078007800380038003C001C
001C000E000600030003800180004000200B297C9E13>40 D<800040003000380018000C000E00
0700070007800380038003C003C003C003E001E001E001E001E001E001E001E001E001E003E003
C003C003C0038003800780070007000E000C00180038003000400080000B297D9E13>I<FFE0FF
E0FFE0FFE00B047F8A10>45 D<78FCFCFCFC7806067D850D>I<00018000038000038000070000
0700000700000E00000E00001C00001C00001C0000380000380000380000700000700000E00000
E00000E00001C00001C00001C0000380000380000380000700000700000E00000E00000E00001C
00001C00001C0000380000380000700000700000700000E00000E00000C0000011297D9E18>I<
03F8000F1E001C07003C07803803807803C07803C07803C0F803E0F803E0F803E0F803E0F803E0
F803E0F803E0F803E0F803E0F803E0F803E0F803E07803C07803C03803803C07801C07000F1E00
03F800131B7E9A18>I<00600001E0000FE000FFE000F3E00003E00003E00003E00003E00003E0
0003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E0
0003E00003E0007FFF807FFF80111B7D9A18>I<07F8001FFE00383F80780FC0FC07C0FC07E0FC
03E0FC03E07803E00007E00007C00007C0000F80001F00001E0000380000700000E00001806003
00600600600800E01FFFC03FFFC07FFFC0FFFFC0FFFFC0131B7E9A18>I<03F8001FFE003C1F00
3C0F807C07C07E07C07C07C03807C0000F80000F80001E00003C0003F800001E00000F800007C0
0007C00007E03007E07807E0FC07E0FC07E0FC07C0780F80781F001FFE0007F800131B7E9A18>
I<000180000380000780000F80001F80003F80006F8000CF80008F80018F80030F80060F800C0F
80180F80300F80600F80C00F80FFFFF8FFFFF8000F80000F80000F80000F80000F80000F8001FF
F801FFF8151B7F9A18>I<1801801FFF001FFE001FFC001FF8001FC00018000018000018000018
000019F8001E0E00180F801007800007C00007E00007E00007E07807E0F807E0F807E0F807C0F0
07C0600F80381F001FFE0007F000131B7E9A18>I<007E0003FF000781800F03C01E07C03C07C0
3C0380780000780000F80000F8F800FB0E00FA0780FC0380FC03C0F803E0F803E0F803E0F803E0
7803E07803E07803C03C03C03C07801E0F0007FE0003F800131B7E9A18>I<6000007FFFE07FFF
E07FFFC07FFF807FFF80E00300C00600C00C00C0180000300000300000600000E00000E00001E0
0001C00003C00003C00003C00003C00007C00007C00007C00007C00007C00007C000038000131C
7D9B18>I<78FCFCFCFC7800000000000078FCFCFCFC7806127D910D>58
D<00038000000380000007C0000007C0000007C000000FE000000FE000001FF000001BF000001B
F0000031F8000031F8000061FC000060FC0000E0FE0000C07E0000C07E0001803F0001FFFF0003
FFFF8003001F8003001F8006000FC006000FC00E000FE00C0007E0FFC07FFEFFC07FFE1F1C7E9B
24>65 D<FFFFF800FFFFFF000FC01F800FC00FC00FC007C00FC007E00FC007E00FC007E00FC007
E00FC007E00FC007C00FC00F800FC03F000FFFFE000FC00F800FC007C00FC007E00FC003E00FC0
03F00FC003F00FC003F00FC003F00FC003F00FC007E00FC007E00FC01FC0FFFFFF00FFFFFC001C
1C7E9B22>I<001FE02000FFF8E003F80FE007C003E00F8001E01F0000E03E0000E03E0000607E
0000607C000060FC000000FC000000FC000000FC000000FC000000FC000000FC000000FC000000
7C0000607E0000603E0000603E0000C01F0000C00F80018007C0030003F80E0000FFFC00001FE0
001B1C7D9B22>I<FFFFF800FFFFFF000FC01FC00FC007E00FC001F00FC001F80FC000F80FC000
FC0FC0007C0FC0007C0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0
007E0FC0007C0FC0007C0FC0007C0FC000F80FC000F80FC001F00FC007E00FC01FC0FFFFFF00FF
FFF8001F1C7E9B25>I<FFFFFF00FFFFFF000FC01F000FC007000FC003000FC003800FC003800F
C181800FC181800FC181800FC180000FC380000FFF80000FFF80000FC380000FC180000FC18000
0FC180600FC180600FC000E00FC000C00FC000C00FC001C00FC001C00FC003C00FC00F80FFFFFF
80FFFFFF801B1C7E9B1F>I<FFFFFF00FFFFFF000FC01F000FC007000FC003000FC003800FC003
800FC001800FC181800FC181800FC180000FC180000FC380000FFF80000FFF80000FC380000FC1
80000FC180000FC180000FC180000FC000000FC000000FC000000FC000000FC000000FC00000FF
FF0000FFFF0000191C7E9B1E>I<000FF008007FFE3801FC07F807E001F80F8000781F0000783F
0000383E0000387E0000187C000018FC000000FC000000FC000000FC000000FC000000FC000000
FC007FFFFC007FFF7C0001F87E0001F83E0001F83F0001F81F0001F80F8001F807E001F801FC07
F8007FFE78000FF818201C7D9B26>I<FFFC3FFFFFFC3FFF0FC003F00FC003F00FC003F00FC003
F00FC003F00FC003F00FC003F00FC003F00FC003F00FC003F00FFFFFF00FFFFFF00FC003F00FC0
03F00FC003F00FC003F00FC003F00FC003F00FC003F00FC003F00FC003F00FC003F00FC003F00F
C003F0FFFC3FFFFFFC3FFF201C7E9B25>I<FFFFFFFF07E007E007E007E007E007E007E007E007
E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E0FFFFFFFF101C7F9B
12>I<FFFF00FFFF000FC0000FC0000FC0000FC0000FC0000FC0000FC0000FC0000FC0000FC000
0FC0000FC0000FC0000FC0000FC0000FC0030FC0030FC0030FC0070FC0070FC0060FC00E0FC01E
0FC07EFFFFFEFFFFFE181C7E9B1D>76 D<FFC00003FFFFE00007FF0FE00007F00DF0000DF00DF0
000DF00DF0000DF00CF80019F00CF80019F00C7C0031F00C7C0031F00C3E0061F00C3E0061F00C
1F00C1F00C1F00C1F00C1F00C1F00C0F8181F00C0F8181F00C07C301F00C07C301F00C03E601F0
0C03E601F00C01FC01F00C01FC01F00C01FC01F00C00F801F00C00F801F0FFC0701FFFFFC0701F
FF281C7E9B2D>I<FFE003FFFFE003FF0FF000300FF800300DFC00300CFE00300C7E00300C3F00
300C1F80300C1FC0300C0FE0300C07F0300C03F0300C01F8300C01FC300C00FE300C007F300C00
3F300C001FB00C001FF00C000FF00C0007F00C0003F00C0001F00C0000F00C0000F0FFC00070FF
C00030201C7E9B25>I<003FE00001F07C0003C01E000F800F801F0007C01E0003C03E0003E07E
0003F07C0001F07C0001F0FC0001F8FC0001F8FC0001F8FC0001F8FC0001F8FC0001F8FC0001F8
FC0001F87C0001F07E0003F07E0003F03E0003E03F0007E01F0007C00F800F8003C01E0001F07C
00003FE0001D1C7D9B24>I<FFFFF800FFFFFE000FC03F800FC00F800FC007C00FC007E00FC007
E00FC007E00FC007E00FC007E00FC007C00FC007C00FC00F800FC03F000FFFFC000FC000000FC0
00000FC000000FC000000FC000000FC000000FC000000FC000000FC000000FC000000FC00000FF
FC0000FFFC00001B1C7E9B21>I<FFFFF00000FFFFFE00000FC03F00000FC00F80000FC007C000
0FC007E0000FC007E0000FC007E0000FC007E0000FC007E0000FC007C0000FC00F80000FC03E00
000FFFF000000FC07C00000FC03E00000FC03F00000FC01F80000FC01F80000FC01F80000FC01F
80000FC01F80000FC01F80000FC01F81800FC01F81800FC00FC180FFFC07C300FFFC01FE00211C
7E9B24>82 D<07F8201FFEE03C07E07801E07000E0F000E0F00060F00060F80000FE0000FFE000
7FFE003FFF003FFF800FFFC007FFE0007FE00003F00001F00000F0C000F0C000F0C000E0E000E0
F001C0FC03C0EFFF0083FC00141C7D9B1B>I<7FFFFFE07FFFFFE0781F81E0701F80E0601F8060
E01F8070C01F8030C01F8030C01F8030C01F8030001F8000001F8000001F8000001F8000001F80
00001F8000001F8000001F8000001F8000001F8000001F8000001F8000001F8000001F8000001F
8000001F800007FFFE0007FFFE001C1C7E9B21>I<FFFC7FFE0FFCFFFC7FFE0FFC0FC007E000C0
0FC007F000C00FE003F001C007E003F0018007E007F8018003F007F8030003F007F8030003F80C
FC070001F80CFC060001F81CFE060001FC187E0E0000FC187E0C0000FC387F0C00007E303F1800
007E303F1800007F601FB800003F601FB000003FE01FF000003FC00FF000001FC00FE000001FC0
0FE000000F8007C000000F8007C000000F0003C0000007000380000007000380002E1C7F9B31>
87 D<0FF8001C1E003E0F803E07803E07C01C07C00007C0007FC007E7C01F07C03C07C07C07C0
F807C0F807C0F807C0780BC03E13F80FE1F815127F9117>97 D<FF0000FF00001F00001F00001F
00001F00001F00001F00001F00001F00001F00001F3F801FE1E01F80701F00781F003C1F003C1F
003E1F003E1F003E1F003E1F003E1F003E1F003C1F003C1F00781F80701EC1E01C3F00171D7F9C
1B>I<03FC000E0E001C1F003C1F00781F00780E00F80000F80000F80000F80000F80000F80000
7800007801803C01801C03000E0E0003F80011127E9115>I<000FF0000FF00001F00001F00001
F00001F00001F00001F00001F00001F00001F001F9F00F07F01C03F03C01F07801F07801F0F801
F0F801F0F801F0F801F0F801F0F801F07801F07801F03C01F01C03F00F0FFE03F9FE171D7E9C1B
>I<01FC000F07001C03803C01C07801C07801E0F801E0F801E0FFFFE0F80000F80000F8000078
00007C00603C00601E00C00F038001FC0013127F9116>I<007F0001E38003C7C00787C00F87C0
0F83800F80000F80000F80000F80000F8000FFF800FFF8000F80000F80000F80000F80000F8000
0F80000F80000F80000F80000F80000F80000F80000F80000F80007FF8007FF800121D809C0F>
I<03F8F00E0F381E0F381C07303C07803C07803C07803C07801C07001E0F000E0E001BF8001000
001800001800001FFF001FFFC00FFFE01FFFF07801F8F00078F00078F000787000707800F01E03
C007FF00151B7F9118>I<FF0000FF00001F00001F00001F00001F00001F00001F00001F00001F
00001F00001F0FC01F31E01F40F01F80F81F80F81F00F81F00F81F00F81F00F81F00F81F00F81F
00F81F00F81F00F81F00F81F00F8FFE7FFFFE7FF181D7F9C1B>I<1E003F003F003F003F001E00
000000000000000000000000FF00FF001F001F001F001F001F001F001F001F001F001F001F001F
001F001F00FFE0FFE00B1E7F9D0E>I<FF0000FF00001F00001F00001F00001F00001F00001F00
001F00001F00001F00001F0FF81F0FF81F03801F07001F0C001F18001F70001FF8001FFC001FBC
001F3E001F1F001F0F001F0F801F07C01F03E0FFC7FCFFC7FC161D7F9C19>107
D<FF00FF001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F001F001F00FFE0FFE00B1D7F9C0E>I<FF0FC07E00FF31E18F001F40
F207801F80FC07C01F80FC07C01F00F807C01F00F807C01F00F807C01F00F807C01F00F807C01F
00F807C01F00F807C01F00F807C01F00F807C01F00F807C01F00F807C0FFE7FF3FF8FFE7FF3FF8
25127F9128>I<FF0FC0FF31E01F40F01F80F81F80F81F00F81F00F81F00F81F00F81F00F81F00
F81F00F81F00F81F00F81F00F81F00F8FFE7FFFFE7FF18127F911B>I<01FC000F07801C01C03C
01E07800F07800F0F800F8F800F8F800F8F800F8F800F8F800F87800F07800F03C01E01E03C00F
078001FC0015127F9118>I<FF3F80FFE1E01F80F01F00781F007C1F003C1F003E1F003E1F003E
1F003E1F003E1F003E1F003C1F007C1F00781F80F01FC1E01F3F001F00001F00001F00001F0000
1F00001F0000FFE000FFE000171A7F911B>I<FE3E00FE47001E8F801E8F801E8F801F07001F00
001F00001F00001F00001F00001F00001F00001F00001F00001F0000FFF000FFF00011127F9114
>114 D<1FD830786018E018E018F000FF807FE07FF01FF807FC007CC01CC01CE01CE018F830CF
C00E127E9113>I<0300030003000300070007000F000F003FFCFFFC1F001F001F001F001F001F
001F001F001F001F0C1F0C1F0C1F0C0F08079803F00E1A7F9913>I<FF07F8FF07F81F00F81F00
F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F01F80F01F80786
FF01F8FF18127F911B>I<FFC1FCFFC1FC1F00601F80E00F80C00FC0C007C18007C18003E30003
E30001F60001F60001FE0000FC0000FC0000780000780000300016127F9119>I<FF8FF8FEFF8F
F8FE1F03E0301F03E0301F83E0700F83F0600F86F06007C6F0C007CEF8C007EC79C003EC7D8003
F83D8001F83F0001F83F0001F01F0000F01E0000E00E0000E00E001F127F9122>I<FFC7FCFFC7
FC1F81800F838007C70003EE0001FC0001F80000F800007C0000FE0001DF00039F00070F800607
C00C03E0FF07FCFF07FC16127F9119>I<FFC1FCFFC1FC1F00601F80E00F80C00FC0C007C18007
C18003E30003E30001F70001F60000FE0000FC0000FC0000780000780000300000300000700070
6000F86000F8C000F980007300003E0000161A7F9119>I E /Fo 28 122
df<0003F83FE0000C0CE03000181D807000381B80600038030000007007000000700700000070
070000007007000000700E000007FFFFFFC000E00E01C000E00E038000E00E038000E01C038001
E01C038001C01C070001C01C070001C01C070001C01C070001C0380E400380380E400380380E40
0380380E40038030068003007003000700700000070070000006006000006630E00000E470C000
00CC61800000703E0000002421819922>14 D<007C000186000203000403800483800883801083
801083801083801107001207000C0E00001C000030000060000180000200000C00001001002001
003C060067FE00C1FC0080F00011187D9714>50 D<001F000060800180800303800603800E0000
1C000018000038000039F000721800740C00780E00700E00F00E00E00E00E00E00E00E00E01C00
E01C0060380060700030C0001F800011187C9714>54 D<03FFF800701C00700600700700E00700
E00700E00700E00701C00E01C00E01C01C01C03803807003FF8003800003800007000007000007
00000700000E00000E00000E00000E00001C0000FFC000181A7D991A>80
D<FF803F801C001C001C0008001C0010001C0010001C0020001C0040001E0040000E0080000E00
80000E0100000E0200000E0200000E0400000E0C00000E0800000E100000071000000720000007
400000074000000780000007800000070000000600000006000000191A78991D>86
D<007E007E00C000C000C000C00180018001800180030003000300030006000600060006000C00
0C000C000C00180018001800180030003000300030006000600060006000C000FC00FC000F257E
9B0C>91 D<007E007E000C000C000C000C00180018001800180030003000300030006000600060
006000C000C000C000C00180018001800180030003000300030006000600060006000C00FC00FC
000F25819B0C>93 D<03CC0E2E181C381C301C701CE038E038E038E038C072C072C07260F26134
1E180F107C8F14>97 D<7E000E000E000E001C001C001C001C00380038003BC03C307830701870
187018E038E038E038E038C070C060C0E060C063801E000D1A7C9912>I<01F006080C18183830
1070006000E000E000E000E000E008E010602030C01F000D107C8F12>I<001F80000380000380
000380000700000700000700000700000E00000E0003CE000E2E00181C00381C00301C00701C00
E03800E03800E03800E03800C07200C07200C0720060F2006134001E1800111A7C9914>I<01E0
06181C08380870087010FFE0E000E000E000E000E0086010602030C01F000D107C8F12>I<0007
00001980001B80003B0000300000300000700000700000700000700007FF0000E00000E00000E0
0000E00000E00001C00001C00001C00001C00001C0000380000380000380000380000380000700
00070000070000660000E40000CC0000700000112181990C>I<00F300038B800607000E07000C
07001C0700380E00380E00380E00380E00301C00301C00301C00183C0018780007B80000380000
3800007000607000E0E000C1C0007F000011177E8F12>I<1F8000038000038000038000070000
0700000700000700000E00000E00000E7C000F86001E07001E07001C07001C0700380E00380E00
380E00381C00701C80701C80703880703900E01900600E00111A7E9914>I<0307060000000000
00384C4E8E9C9C1C3838707272E2E4643808197C980C>I<1F8003800380038007000700070007
000E000E000E0E0E131C271C431C801F003C003F8039C038E070E270E270E270E4E0646038101A
7E9912>107 D<307C1E00598663009E0783809E0703809C0703809C070380380E0700380E0700
380E0700380E0E00701C0E40701C0E40701C1C40701C1C80E0380C80601807001A107C8F1F>
109 D<307C005986009E07009E07009C07009C0700380E00380E00380E00381C00701C80701C80
703880703900E01900600E0011107C8F16>I<01F006180C0C180E300E700E600EE00EE00EE00C
E01CE018E030606030C01F000F107C8F14>I<030F000590C009E0C009C06009C06009C0600380
E00380E00380E00380E00701C00701800703800703000E8E000E78000E00000E00001C00001C00
001C00001C0000FF00001317808F14>I<03C20E2E181C381C301C701CE038E038E038E038C070
C070C07060F061E01EE000E000E001C001C001C001C01FF00F177C8F12>I<30F059189E389C18
9C009C0038003800380038007000700070007000E00060000D107C8F10>I<03E0043008301870
18601C001F801FC00FE000E00060E060E06080C041803E000C107D8F10>I<06000E000E000E00
0E001C001C00FFC01C0038003800380038007000700070007000E100E100E100E200640038000A
177C960D>I<38064C074E0E8E0E9C0E9C0E1C1C381C381C381C7039703970393079389A0F0C10
107C8F15>I<380C304C0E384E1C388E1C189C1C189C1C181C3810383810383810383810707020
70702070704030704018B8800F0F0015107C8F19>119 D<38064C074E0E8E0E9C0E9C0E1C1C38
1C381C381C703870387038307838F00F700070006060E0E1C0C18047003C0010177C8F13>121
D E /Fp 55 123 df<0001FC000703000C03001C07001C03001800003800003800003800003800
00700007FFFC00701C00701C00701C00E03800E03800E03800E03800E07001C07001C07001C070
01C0E201C0E201C0E20380E4038064038038038000030000070000060000C60000E40000CC0000
7000001825819C17>12 D<0001FE0FF0000307380C000607700C000C06601C001C00E00C001C00
C000001C01C000003801C000003801C000003801C000003803800003FFFFFFF000700380700070
038070007003807000700780E000700700E000700700E000E00700E000E00701C000E00701C000
E00E01C000E00E01C001C00E038801C00E038801C00E038801C01C039001C01C019003801C00E0
03801C0000038038000003003800000300300000C630300000E638600000CC30C00000781F0000
002625819C25>14 D<18303C783C783C78040804080810081010202040408081000D0C799C15>
34 D<003C00000063003000C1007001808070038080200301802007038040070300800E000100
0E0002000E0004000EE01A000F1022000E1041000E1081001A20808039C10080300160807000E0
807000E080E0000100E0000100E0000100E0000200E00002006000040070000800300010001800
60000E03800001FC00001C1F7B9D20>38 D<183C3C3C0404080810204080060C779C0D>I<0003
0006000800180030006000C000C0018003000300060006000C000C001C00180018003800300030
00700070006000600060006000E000E000E000E000E00060006000600060006000200030001000
08000800102A7B9E11>I<001000100008000C0004000600060006000600060007000700070007
00070006000600060006000E000E000C000C001C001800180038003000300060006000C000C001
800300030006000C00180010006000C000102A809E11>I<183878380808101020404080050C7D
830D>44 D<FFC0FFC0FFC00A037D890F>I<00000200000600000600000C00000C000018000030
0000300000600000600000C00000C0000180000180000300000600000600000C00000C00001800
00180000300000300000600000C00000C0000180000180000300000300000600000C00000C0000
180000180000300000300000600000600000C0000080000017297F9E15>47
D<00020006000C001C007C039C0038003800380038007000700070007000E000E000E000E001C0
01C001C001C003800380038003800780FFF00F1C7C9B15>49 D<000F0000308000C08001838003
83800300000600000E00000C00001C00001CF0003B18003C0C00380C00780C00700E00700E0070
0E00601C00E01C00E01C00E01C00E03800E03800E0700060600060C0002180001E0000111D7B9B
15>54 D<0FFFFFE01FFFFFF0000000000000000000000000000000000000000000000000000000
0000000000FFFFFF807FFFFF001C0C7C8F20>61 D<000018000000180000003800000038000000
7800000078000000B8000001B800000138000002380000023C0000041C0000041C0000081C0000
181C0000101C0000201C0000201C00007FFC0000401C0000801C0001801C0001001C0002001C00
02001C0004000E000C000E001C001E00FF00FFC01A1D7E9C1F>65 D<01FFFE00003C0780003803
C0003801C0003801C0003801C0007001C0007003C0007003C00070078000E0070000E00E0000E0
3C0000FFF80001C01C0001C00E0001C00F0001C00F0003800F0003800F0003800F0003800F0007
001E0007001C0007003C00070078000E01E000FFFF80001A1C7D9B1D>I<01FFFE00003C078000
3801C0003801C0003800E0003800E0007000F00070007000700070007000F000E000F000E000F0
00E000F000E000F001C001E001C001E001C001E001C001C0038003C00380038003800780038007
0007000E0007001C0007003800070070000E01C000FFFF00001C1C7D9B1F>68
D<01FFFFE0003C00E0003800600038004000380040003800400070004000700040007020400070
200000E0400000E0400000E0C00000FFC00001C0800001C0800001C0800001C080000381010003
8001000380020003800200070004000700040007000C00070018000E007800FFFFF0001B1C7D9B
1C>I<0003F020001E0C60003002E000E003C001C001C0038001C0070000C00E0000801E000080
1C0000803C0000803C000000780000007800000078000000F0000000F0000000F001FFC0F0001E
00F0001C00F0001C00F0001C00F0001C00700038007000380038003800180078000C0090000707
100001F800001B1E7A9C20>71 D<01FFCFFE003C01E0003801C0003801C0003801C0003801C000
70038000700380007003800070038000E0070000E0070000E0070000FFFF0001C00E0001C00E00
01C00E0001C00E0003801C0003801C0003801C0003801C00070038000700380007003800070038
000F007800FFE7FF001F1C7D9B1F>I<01FFC0003C000038000038000038000038000070000070
0000700000700000E00000E00000E00000E00001C00001C00001C00001C0000380000380000380
000380000700000700000700000700000F0000FFE000121C7E9B10>I<01FC03FE001C0070003C
0060002E0040002E0040002E004000470080004700800047008000438080008381000083810000
8181000081C1000101C2000101C2000100E2000100E2000200E400020074000200740002007400
0400380004003800040038000C0018001C001000FF8010001F1C7D9B1F>78
D<01FFFC00003C070000380380003801C0003801C0003801C0007003C0007003C0007003C00070
038000E0078000E0070000E00E0000E0380001FFE00001C0000001C0000001C000000380000003
8000000380000003800000070000000700000007000000070000000F000000FFE000001A1C7D9B
1C>80 D<01FFF800003C0E00003807000038038000380380003803800070078000700780007007
8000700F0000E00E0000E01C0000E0700000FFC00001C0C00001C0600001C0700001C070000380
70000380700003807000038070000700F0000700F0400700F0400700F0800F007880FFE0790000
001E001A1D7D9B1E>82 D<000F8400304C00403C00801801001803001803001806001006001006
000007000007000003E00003FC0001FF00007F800007C00001C00001C00000C00000C02000C020
00C0600180600180600300600200F00400CC180083E000161E7D9C17>I<1FFFFFC01C0701C030
0E00C0200E0080600E0080400E0080401C0080801C0080801C0080001C00000038000000380000
00380000003800000070000000700000007000000070000000E0000000E0000000E0000000E000
0001C0000001C0000001C0000001C0000003C000007FFE00001A1C799B1E>I<FF803FC01C000F
001C0004001C0008001C0008001C0010001C0010001C0020001C0040001C0040001E0080000E00
80000E0100000E0200000E0200000E0400000E0400000E0800000E1800000E1000000E20000007
2000000740000007C0000007800000070000000700000006000000060000001A1D779B1F>86
D<01FF81FE001E00F0001C0060001E0080000E0180000E0100000F020000070400000708000007
90000003A0000003C0000001C0000001C0000001E0000002E0000004E0000008F0000010700000
207000006038000040380000803C0001001C0002001C0006001E001E001E00FF80FFC01F1C7E9B
1F>88 D<FFC00FE00E0007800E0006000F00040007000800070018000780100003802000038040
0003C0800001C1800001C1000001E2000000E4000000EC000000F80000007000000070000000E0
000000E0000000E0000000E0000001C0000001C0000001C0000001C00000038000003FF800001B
1C789B1F>I<003F80007F0000600000600000600000C00000C00000C00000C000018000018000
0180000180000300000300000300000300000600000600000600000600000C00000C00000C0000
0C0000180000180000180000180000300000300000300000300000600000600000600000600000
C00000C00000FE0000FE000011297E9E0D>91 D<003F80007F0000030000030000030000060000
0600000600000600000C00000C00000C00000C0000180000180000180000180000300000300000
300000300000600000600000600000600000C00000C00000C00000C00001800001800001800001
8000030000030000030000030000060000060000FE0000FE00001129819E0D>93
D<03CC063C0C3C181C3838303870387038E070E070E070E070E0E2C0E2C0E261E462643C380F12
7B9115>97 D<3F00070007000E000E000E000E001C001C001C001C0039C03E6038303830703870
3870387038E070E070E070E060E0E0C0C0C1C0618063003C000D1D7B9C13>I<01F007080C0818
1C3838300070007000E000E000E000E000E000E008E010602030C01F000E127B9113>I<001F80
000380000380000700000700000700000700000E00000E00000E00000E0003DC00063C000C3C00
181C00383800303800703800703800E07000E07000E07000E07000E0E200C0E200C0E20061E400
6264003C3800111D7B9C15>I<01E007100C1018083810701070607F80E000E000E000E000E000
E0086010602030C01F000D127B9113>I<0003C0000670000C70001C60001C00001C0000380000
380000380000380000380003FF8000700000700000700000700000700000E00000E00000E00000
E00000E00001C00001C00001C00001C00001C000038000038000038000030000030000070000C6
0000E60000CC00007800001425819C0D>I<00F3018F030F06070E0E0C0E1C0E1C0E381C381C38
1C381C383830383038187818F00F700070007000E000E0C0C0E1C0C3007E00101A7D9113>I<0F
C00001C00001C0000380000380000380000380000700000700000700000700000E78000E8C000F
0E000E0E001C0E001C0E001C0E001C0E00381C00381C00381C0038380070388070388070708070
7100E03200601C00111D7D9C15>I<01800380010000000000000000000000000000001C002600
470047008E008E000E001C001C001C0038003800710071007100720072003C00091C7C9B0D>I<
0FC00001C00001C0000380000380000380000380000700000700000700000700000E0F000E1100
0E23800E43801C83001C80001D00001E00003F800039C00038E00038E00070E20070E20070E200
70E400E06400603800111D7D9C13>107 D<1F800380038007000700070007000E000E000E000E
001C001C001C001C0038003800380038007000700070007000E400E400E400E40068003800091D
7C9C0B>I<3C1E0780266318C04683A0E04703C0E08E0380E08E0380E00E0380E00E0380E01C07
01C01C0701C01C0701C01C070380380E0388380E0388380E0708380E0710701C0320300C01C01D
127C9122>I<3C3C002646004687004707008E07008E07000E07000E07001C0E001C0E001C0E00
1C1C00381C40381C40383840383880701900300E0012127C9117>I<01E007180C0C180C380C30
0E700E700EE01CE01CE01CE018E038E030E06060C031801E000F127B9115>I<07870004D98008
E0C008E0C011C0E011C0E001C0E001C0E00381C00381C00381C003818007038007030007070007
06000E8C000E70000E00000E00001C00001C00001C00001C00003C0000FF8000131A7F9115>I<
03C4062C0C3C181C3838303870387038E070E070E070E070E0E0C0E0C0E061E063C03DC001C001
C0038003800380038007803FF00E1A7B9113>I<3C3C26C2468747078E068E000E000E001C001C
001C001C0038003800380038007000300010127C9112>I<01F006080C080C1C18181C001F001F
C00FF007F0007800386030E030C030806060C01F000E127D9111>I<00C001C001C001C0038003
8003800380FFE00700070007000E000E000E000E001C001C001C001C0038403840384038801900
0E000B1A7D990E>I<1E0300270700470700470700870E00870E000E0E000E0E001C1C001C1C00
1C1C001C1C003838803838801838801839001C5900078E0011127C9116>I<1E06270E470E4706
870287020E020E021C041C041C041C0818083808181018200C4007800F127C9113>I<1E018327
03874703874703838707018707010E07010E07011C0E021C0E021C0E021C0E04180C04181C0418
1C081C1C100C263007C3C018127C911C>I<070E0019910010E38020E38041C30041C00001C000
01C000038000038000038000038000070200670200E70400CB04008B080070F00011127D9113>
I<1E03270747074707870E870E0E0E0E0E1C1C1C1C1C1C1C1C38383838183818381C7007F00070
007000E0E0C0E1C0818047003C00101A7C9114>I<038207C20FEC083810080010002000400080
01000200040008081008383067F043E081C00F127D9111>I E /Fq 47 122
df<1C003E007F00FF80FF80FF807F003E001C0009097B8813>46 D<000E00001E00007E0007FE
00FFFE00FFFE00F8FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE
0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE
0000FE0000FE0000FE0000FE0000FE0000FE007FFFFE7FFFFE7FFFFE17277BA622>49
D<00FF800003FFF0000FFFFC001F03FE003800FF007C007F80FE003FC0FF003FC0FF003FE0FF00
1FE0FF001FE07E001FE03C003FE000003FE000003FC000003FC000007F8000007F000000FE0000
00FC000001F8000003F0000003E00000078000000F0000001E0000003C00E0007000E000E000E0
01C001C0038001C0070001C00FFFFFC01FFFFFC03FFFFFC07FFFFFC0FFFFFF80FFFFFF80FFFFFF
801B277DA622>I<007F800003FFF00007FFFC000F81FE001F00FF003F80FF003F807F803F807F
803F807F801F807F800F007F800000FF000000FF000000FE000001FC000001F8000007F00000FF
C00000FFF0000001FC0000007E0000007F0000007F8000003FC000003FC000003FE000003FE03C
003FE07E003FE0FF003FE0FF003FE0FF003FC0FF007FC07E007F807C007F003F01FE001FFFFC00
07FFF00000FF80001B277DA622>I<00000E0000001E0000003E0000007E000000FE000000FE00
0001FE000003FE0000077E00000E7E00000E7E00001C7E0000387E0000707E0000E07E0000E07E
0001C07E0003807E0007007E000E007E000E007E001C007E0038007E0070007E00E0007E00FFFF
FFF8FFFFFFF8FFFFFFF80000FE000000FE000000FE000000FE000000FE000000FE000000FE0000
00FE00007FFFF8007FFFF8007FFFF81D277EA622>I<0C0003000F803F000FFFFE000FFFFC000F
FFF8000FFFF0000FFFE0000FFFC0000FFE00000E0000000E0000000E0000000E0000000E000000
0E0000000E7FC0000FFFF8000F80FC000E003E000C003F0000001F8000001FC000001FC000001F
E000001FE018001FE07C001FE0FE001FE0FE001FE0FE001FE0FE001FC0FC001FC078003F807800
3F803C007F001F01FE000FFFF80003FFF00000FF80001B277DA622>I<0007F000003FFC0000FF
FE0001FC0F0003F01F8007E03F800FC03F801FC03F801F803F803F801F003F8000007F0000007F
0000007F000000FF000000FF0FC000FF3FF800FF707C00FFC03E00FFC03F00FF801F80FF801FC0
FF001FC0FF001FE0FF001FE0FF001FE07F001FE07F001FE07F001FE07F001FE03F001FE03F001F
C01F801FC01F803F800FC03F0007E07E0003FFFC0000FFF000003FC0001B277DA622>I<1C003E
007F00FF80FF80FF807F003E001C000000000000000000000000000000000000001C003E007F00
FF80FF80FF807F003E001C00091B7B9A13>58 D<000003800000000007C00000000007C0000000
000FE0000000000FE0000000000FE0000000001FF0000000001FF0000000003FF8000000003FF8
000000003FF80000000073FC0000000073FC00000000F3FE00000000E1FE00000000E1FE000000
01C0FF00000001C0FF00000003C0FF80000003807F80000007807FC0000007003FC0000007003F
C000000E003FE000000E001FE000001E001FF000001C000FF000001FFFFFF000003FFFFFF80000
3FFFFFF80000780007FC0000700003FC0000700003FC0000E00001FE0000E00001FE0001E00001
FF0001C00000FF0001C00000FF00FFFE001FFFFEFFFE001FFFFEFFFE001FFFFE2F297EA834>65
D<FFFFFFF80000FFFFFFFF8000FFFFFFFFC00003F8001FF00003F8000FF80003F80007FC0003F8
0003FC0003F80003FC0003F80003FE0003F80001FE0003F80001FE0003F80001FE0003F80003FE
0003F80003FC0003F80003FC0003F80007F80003F8000FF00003F8001FE00003F800FFC00003FF
FFFE000003FFFFFFE00003F80007F00003F80003FC0003F80001FE0003F80001FE0003F80000FF
0003F80000FF0003F80000FF8003F80000FF8003F80000FF8003F80000FF8003F80000FF8003F8
0000FF8003F80000FF0003F80001FF0003F80003FE0003F80007FC0003F8001FF800FFFFFFFFF0
00FFFFFFFFC000FFFFFFFE000029297DA831>I<00003FF001800003FFFE0380000FFFFF878000
3FF007DF8000FF8001FF8001FE00007F8003FC00003F8007F000001F800FF000000F801FE00000
07801FE0000007803FC0000007803FC0000003807FC0000003807F80000003807F8000000000FF
8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF800000
0000FF8000000000FF80000000007F80000000007F80000000007FC0000003803FC0000003803F
C0000003801FE0000003801FE0000007000FF00000070007F000000E0003FC00001E0001FE0000
3C0000FF8000F800003FF007E000000FFFFFC0000003FFFF000000003FF8000029297CA832>I<
FFFFFFF80000FFFFFFFF8000FFFFFFFFE00003FC001FF80003FC0007FC0003FC0001FE0003FC00
00FF0003FC00007F8003FC00003FC003FC00001FC003FC00001FE003FC00001FE003FC00000FF0
03FC00000FF003FC00000FF003FC00000FF003FC00000FF803FC00000FF803FC00000FF803FC00
000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF8
03FC00000FF003FC00000FF003FC00000FF003FC00001FE003FC00001FE003FC00001FC003FC00
003FC003FC00007F8003FC00007F0003FC0001FE0003FC0003FC0003FC001FF800FFFFFFFFE000
FFFFFFFF8000FFFFFFFC00002D297DA835>I<FFFFFFFFE0FFFFFFFFE0FFFFFFFFE003FC001FE0
03FC0007F003FC0001F003FC0001F003FC0000F003FC00007003FC00007003FC00007003FC01C0
7803FC01C03803FC01C03803FC01C03803FC03C00003FC03C00003FC0FC00003FFFFC00003FFFF
C00003FFFFC00003FC0FC00003FC03C00003FC03C00003FC01C00E03FC01C00E03FC01C00E03FC
01C01C03FC00001C03FC00001C03FC00001C03FC00003C03FC00003803FC00007803FC0000F803
FC0001F803FC0003F803FC001FF8FFFFFFFFF0FFFFFFFFF0FFFFFFFFF027297DA82D>I<00007F
E003000003FFFC0700001FFFFF0F00003FF00FFF0000FF8001FF0001FE0000FF0003F800003F00
07F000003F000FF000001F001FE000000F001FE000000F003FC000000F003FC0000007007FC000
0007007F80000007007F8000000000FF8000000000FF8000000000FF8000000000FF8000000000
FF8000000000FF8000000000FF8000000000FF8000000000FF8001FFFFF87F8001FFFFF87F8001
FFFFF87FC00000FF003FC00000FF003FC00000FF001FE00000FF001FE00000FF000FF00000FF00
07F00000FF0003F80000FF0001FE0000FF0000FF8001FF00003FF007BF00001FFFFF1F000003FF
FE0F0000007FF003002D297CA836>71 D<FFFFF01FFFFEFFFFF01FFFFEFFFFF01FFFFE03FC0000
7F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003
FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC0000
7F8003FC00007F8003FFFFFFFF8003FFFFFFFF8003FFFFFFFF8003FC00007F8003FC00007F8003
FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC0000
7F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003FC00007F8003
FC00007F8003FC00007F80FFFFF01FFFFEFFFFF01FFFFEFFFFF01FFFFE2F297DA836>I<FFFFFC
FFFFFCFFFFFC01FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE00
01FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE00
01FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE00FFFFFCFFFFFC
FFFFFC16297EA81A>I<FFFE0000001FFFC0FFFE0000001FFFC0FFFF0000003FFFC003FF000000
3FF00003FF0000003FF00003BF80000077F00003BF80000077F000039FC00000E7F000039FC000
00E7F000038FE00001C7F000038FE00001C7F0000387F0000387F0000387F0000387F0000387F0
000387F0000383F8000707F0000383F8000707F0000381FC000E07F0000381FC000E07F0000380
FE001C07F0000380FE001C07F0000380FF003807F00003807F003807F00003807F003807F00003
803F807007F00003803F807007F00003801FC0E007F00003801FC0E007F00003800FE1C007F000
03800FE1C007F00003800FE1C007F000038007F38007F000038007F38007F000038003FF0007F0
00038003FF0007F000038001FE0007F000038001FE0007F000038000FC0007F000038000FC0007
F000FFFE00FC01FFFFC0FFFE007801FFFFC0FFFE007801FFFFC03A297DA841>77
D<FFFC0000FFFEFFFE0000FFFEFFFF0000FFFE03FF8000038003FF8000038003BFC0000380039F
E0000380039FF0000380038FF80003800387F80003800383FC0003800381FE0003800381FF0003
800380FF80038003807FC0038003803FC0038003801FE0038003800FF0038003800FF803800380
07FC0380038003FC0380038001FE0380038000FF0380038000FF83800380007FC3800380003FE3
800380001FE3800380000FF38003800007FB8003800007FF8003800003FF8003800001FF800380
0000FF80038000007F80038000007F80038000003F80038000001F80038000000F80FFFE000007
80FFFE00000380FFFE000003802F297DA836>I<0000FFE000000007FFFC0000003FC07F800000
7F001FC00001FC0007F00003F80003F80007F00001FC000FF00001FE001FE00000FF001FE00000
FF003FC000007F803FC000007F807FC000007FC07F8000003FC07F8000003FC07F8000003FC0FF
8000003FE0FF8000003FE0FF8000003FE0FF8000003FE0FF8000003FE0FF8000003FE0FF800000
3FE0FF8000003FE0FF8000003FE0FF8000003FE07F8000003FC07FC000007FC07FC000007FC03F
C000007F803FC000007F801FE00000FF001FE00000FF000FF00001FE0007F00001FC0003F80003
F80001FC0007F00000FF001FE000003FC07F8000000FFFFE00000000FFE000002B297CA834>I<
FFFFFFF800FFFFFFFF00FFFFFFFFC003FC003FE003FC000FF003FC0007F803FC0007FC03FC0003
FC03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC00
03FC03FC0007FC03FC0007F803FC000FF003FC003FE003FFFFFF8003FFFFFE0003FC00000003FC
00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003
FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC000000FFFFF00000
FFFFF00000FFFFF0000027297DA82F>I<FFFFFFE00000FFFFFFFE0000FFFFFFFF800003FC007F
E00003FC000FF00003FC0007F80003FC0007FC0003FC0003FC0003FC0003FE0003FC0003FE0003
FC0003FE0003FC0003FE0003FC0003FE0003FC0003FE0003FC0003FC0003FC0007F80003FC0007
F80003FC001FE00003FC007FC00003FFFFFE000003FFFFF0000003FC00FC000003FC007F000003
FC003F800003FC003F800003FC001FC00003FC001FE00003FC001FE00003FC001FE00003FC001F
E00003FC001FE00003FC001FF00003FC001FF00003FC001FF00003FC001FF00703FC001FF80703
FC000FF80703FC0007F80EFFFFF003FE1CFFFFF001FFF8FFFFF0003FF030297DA834>82
D<007F806003FFF0E007FFF9E00F807FE01F001FE03E0007E07C0003E07C0001E0FC0001E0FC00
01E0FC0000E0FE0000E0FE0000E0FF000000FFC000007FFE00007FFFE0003FFFFC001FFFFE000F
FFFF8007FFFFC003FFFFE000FFFFE00007FFF000007FF000000FF8000007F8000003F8600001F8
E00001F8E00001F8E00001F8F00001F0F00001F0F80003F0FC0003E0FF0007C0FFE01F80F3FFFF
00E0FFFE00C01FF0001D297CA826>I<7FFFFFFFFFC07FFFFFFFFFC07FFFFFFFFFC07F803FC03F
C07E003FC007C078003FC003C078003FC003C070003FC001C0F0003FC001E0F0003FC001E0E000
3FC000E0E0003FC000E0E0003FC000E0E0003FC000E0E0003FC000E000003FC0000000003FC000
0000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000000000
3FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000
0000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000000000
3FC00000007FFFFFE000007FFFFFE000007FFFFFE0002B287EA730>I<FFFFE07FFFF007FFF0FF
FFE07FFFF007FFF0FFFFE07FFFF007FFF003FC0001FE00001C0003FC0001FE00001C0001FE0001
FF0000380001FE0000FF0000380001FF0000FF0000780000FF0000FF8000700000FF0000FF8000
700000FF8000FF8000F000007F8001FFC000E000007F8001FFC000E000003FC003FFE001C00000
3FC0039FE001C000003FE0039FE003C000001FE0070FF0038000001FE0070FF0038000001FF00F
0FF0078000000FF00E07F8070000000FF00E07F80700000007F81E07FC0E00000007F81C03FC0E
00000007FC1C03FC1E00000003FC3801FE1C00000003FC3801FE1C00000001FE7801FF38000000
01FE7000FF3800000001FE7000FF3800000000FFF000FFF000000000FFE0007FF000000000FFE0
007FF0000000007FC0003FE0000000007FC0003FE0000000003FC0003FC0000000003F80001FC0
000000003F80001FC0000000001F80001F80000000001F00000F80000000001F00000F80000000
000E00000700000044297FA847>87 D<01FF800007FFF0000F81F8001FC07E001FC07E001FC03F
000F803F8007003F8000003F8000003F8000003F80000FFF8000FFFF8007FC3F800FE03F803F80
3F803F003F807F003F80FE003F80FE003F80FE003F80FE003F807E007F807F00DF803F839FFC0F
FF0FFC01FC03FC1E1B7E9A21>97 D<FFE0000000FFE0000000FFE00000000FE00000000FE00000
000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE000
00000FE00000000FE00000000FE1FE00000FE7FF80000FFE07E0000FF801F0000FF000F8000FE0
00FC000FE000FE000FE0007F000FE0007F000FE0007F000FE0007F800FE0007F800FE0007F800F
E0007F800FE0007F800FE0007F800FE0007F800FE0007F000FE0007F000FE0007F000FE000FE00
0FE000FC000FF001F8000FF803F0000F9E07E0000F07FF80000E01FC0000212A7EA926>I<001F
F80000FFFE0003F01F0007E03F800FC03F801F803F803F801F007F800E007F0000007F000000FF
000000FF000000FF000000FF000000FF000000FF000000FF0000007F0000007F0000007F800000
3F8001C01F8001C00FC0038007E0070003F01E0000FFFC00001FE0001A1B7E9A1F>I<00003FF8
0000003FF80000003FF800000003F800000003F800000003F800000003F800000003F800000003
F800000003F800000003F800000003F800000003F800000003F800000003F800001FE3F80000FF
FBF80003F03FF80007E00FF8000FC007F8001F8003F8003F8003F8007F0003F8007F0003F8007F
0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800
7F0003F8007F0003F8007F0003F8003F8003F8001F8003F8000F8007F80007C00FF80003F03BFF
8000FFF3FF80003FC3FF80212A7EA926>I<003FE00001FFF80003F07E0007C01F000F801F801F
800F803F800FC07F000FC07F0007C07F0007E0FF0007E0FF0007E0FFFFFFE0FFFFFFE0FF000000
FF000000FF0000007F0000007F0000007F0000003F8000E01F8000E00FC001C007E0038003F81F
0000FFFE00001FF0001B1B7E9A20>I<0007F0003FFC00FE3E01F87F03F87F03F07F07F07F07F0
3E07F00007F00007F00007F00007F00007F00007F000FFFFC0FFFFC0FFFFC007F00007F00007F0
0007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F0
0007F00007F00007F00007F00007F0007FFF807FFF807FFF80182A7EA915>I<00FF81F003FFE7
F80FC1FE7C1F80FC7C1F007C383F007E107F007F007F007F007F007F007F007F007F007F007F00
7F003F007E001F007C001F80FC000FC1F8001FFFE00018FF800038000000380000003C0000003E
0000003FFFF8001FFFFF001FFFFF800FFFFFC007FFFFE01FFFFFF03E0007F07C0001F8F80000F8
F80000F8F80000F8F80000F87C0001F03C0001E01F0007C00FC01F8003FFFE00007FF0001E287E
9A22>I<FFE0000000FFE0000000FFE00000000FE00000000FE00000000FE00000000FE0000000
0FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000
000FE07F00000FE1FFC0000FE787E0000FEE03F0000FF803F0000FF803F8000FF003F8000FF003
F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE0
03F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000F
E003F800FFFE3FFF80FFFE3FFF80FFFE3FFF80212A7DA926>I<07000FC01FE03FE03FE03FE01F
E00FC007000000000000000000000000000000FFE0FFE0FFE00FE00FE00FE00FE00FE00FE00FE0
0FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE0FFFEFFFEFFFE0F2B7DAA14
>I<FFE00000FFE00000FFE000000FE000000FE000000FE000000FE000000FE000000FE000000F
E000000FE000000FE000000FE000000FE000000FE000000FE01FFC0FE01FFC0FE01FFC0FE00780
0FE00F000FE01E000FE03C000FE078000FE0E0000FE3C0000FE7C0000FEFE0000FFFE0000FFFF0
000FF3F8000FE3F8000FC1FC000FC0FE000FC07F000FC07F000FC03F800FC01FC00FC00FC00FC0
0FE0FFFC3FFEFFFC3FFEFFFC3FFE1F2A7EA924>107 D<FFE0FFE0FFE00FE00FE00FE00FE00FE0
0FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00F
E00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE0FFFEFFFEFFFE0F2A7DA914>I<FFC07F
800FF000FFC1FFE03FFC00FFC383F0707E000FC603F8C07F000FCC01F9803F000FD801FF003F80
0FF001FE003F800FF001FE003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC
003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800F
E001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC00
3F800FE001FC003F80FFFE1FFFC3FFF8FFFE1FFFC3FFF8FFFE1FFFC3FFF8351B7D9A3A>I<FFC0
7F0000FFC1FFC000FFC787E0000FCE03F0000FD803F0000FD803F8000FF003F8000FF003F8000F
E003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F800
0FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8
00FFFE3FFF80FFFE3FFF80FFFE3FFF80211B7D9A26>I<003FE00001FFFC0003F07E000FC01F80
1F800FC03F800FE03F0007E07F0007F07F0007F07F0007F0FF0007F8FF0007F8FF0007F8FF0007
F8FF0007F8FF0007F8FF0007F8FF0007F87F0007F07F0007F03F800FE03F800FE01F800FC00FC0
1F8007F07F0001FFFC00003FE0001D1B7E9A22>I<FFE1FE0000FFE7FF8000FFFE07E0000FF803
F0000FF001F8000FE000FC000FE000FE000FE000FF000FE0007F000FE0007F000FE0007F800FE0
007F800FE0007F800FE0007F800FE0007F800FE0007F800FE0007F800FE0007F000FE000FF000F
E000FF000FE000FE000FE001FC000FF001F8000FF803F0000FFE0FE0000FE7FF80000FE1FC0000
0FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000
000FE0000000FFFE000000FFFE000000FFFE00000021277E9A26>I<001FC0380000FFF0780003
F838F80007E00DF8000FC007F8001FC007F8003F8003F8007F8003F8007F8003F8007F0003F800
FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF0003F8007F0003F8
007F0003F8007F8003F8003F8003F8001F8007F8000FC007F80007E01FF80003F07BF80000FFF3
F800003FC3F800000003F800000003F800000003F800000003F800000003F800000003F8000000
03F800000003F800000003F80000003FFF8000003FFF8000003FFF8021277E9A24>I<FFC1F0FF
C7FCFFCE3E0FD87F0FD87F0FF07F0FF03E0FF01C0FE0000FE0000FE0000FE0000FE0000FE0000F
E0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE000FFFF00FFFF00FFFF0018
1B7E9A1C>I<03FE300FFFF01E03F03800F0700070F00070F00070F80070FC0000FFE0007FFE00
7FFF803FFFE01FFFF007FFF800FFF80003FC0000FC60007CE0003CF0003CF00038F80038FC0070
FF01E0F7FFC0C1FF00161B7E9A1B>I<00700000700000700000700000F00000F00000F00001F0
0003F00003F00007F0001FFFF0FFFFF0FFFFF007F00007F00007F00007F00007F00007F00007F0
0007F00007F00007F00007F00007F00007F00007F03807F03807F03807F03807F03807F03803F0
3803F87001F86000FFC0001F8015267FA51B>I<FFE03FF800FFE03FF800FFE03FF8000FE003F8
000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003
F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE0
03F8000FE003F8000FE007F80007E007F80007E00FF80003F03BFF8001FFF3FF80003FC3FF8021
1B7D9A26>I<FFFE03FF80FFFE03FF80FFFE03FF8007F000700007F000700007F800F00003F800
E00003FC01E00001FC01C00001FC01C00000FE03800000FE038000007F070000007F070000007F
8F0000003F8E0000003FDE0000001FDC0000001FDC0000000FF80000000FF80000000FF8000000
07F000000007F000000003E000000003E000000001C00000211B7F9A24>I<FFFE7FFC0FFEFFFE
7FFC0FFEFFFE7FFC0FFE0FE007E000E007F003F001C007F003F001C007F807F803C003F807F803
8003F807F8038001FC0EFC070001FC0EFC070001FE1EFC0F0000FE1C7E0E0000FE1C7E0E0000FF
383F1E00007F383F1C00007F783F3C00003FF01FB800003FF01FB800003FF01FF800001FE00FF0
00001FE00FF000000FC007E000000FC007E000000FC007E00000078003C00000078003C0002F1B
7F9A32>I<FFFE03FF80FFFE03FF80FFFE03FF8007F000700007F000700007F800F00003F800E0
0003FC01E00001FC01C00001FC01C00000FE03800000FE038000007F070000007F070000007F8F
0000003F8E0000003FDE0000001FDC0000001FDC0000000FF80000000FF80000000FF800000007
F000000007F000000003E000000003E000000001C000000001C000000003800000000380000038
078000007C07000000FE0F000000FE0E000000FE1E000000FE3C0000007C780000003FE0000000
0FC000000021277F9A24>121 D E /Fr 56 123 df<007E1F8001C170400703C060060380E00E
0380400E0380000E0380000E0380000E0380000E038000FFFFFFE00E0380E00E0380E00E0380E0
0E0380E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380
E00E0380E07F8FE3FC1E1A809920>14 D<00800100020004000C00080018003000300030006000
600060006000E000E000E000E000E000E000E000E000E000E00060006000600060003000300030
00180008000C00040002000100008009267D9B0F>40 D<8000400020001000180008000C000600
060006000300030003000300038003800380038003800380038003800380038003000300030003
000600060006000C0008001800100020004000800009267E9B0F>I<60F0F07010101020204080
040B7D830B>44 D<FFC0FFC00A0280880D>I<60F0F06004047D830B>I<03000700FF0007000700
070007000700070007000700070007000700070007000700070007000700070007000700FFF00C
187D9713>49 D<07801860303070306018E018E018E01CE01CE01C601C603C303C185C0F9C001C
00180018003870307060604021801F000E187E9713>57 D<60F0F060000000000000000060F0F0
6004107D8F0B>I<60F0F060000000000000000060F0F0701010102020408004177D8F0B>I<000C
0000000C0000000C0000001E0000001E0000003F00000027000000270000004380000043800000
4380000081C0000081C0000081C0000100E0000100E00001FFE000020070000200700006007800
040038000400380008001C0008001C001C001E00FF00FFC01A1A7F991D>65
D<FFFF000E01C00E00E00E00700E00780E00780E00780E00780E00780E00F00E00E00E03C00FFF
800E01E00E00700E00780E003C0E003C0E003C0E003C0E003C0E00380E00780E00F00E01E0FFFF
80161A7E991B>I<003F0201C0C603002E0E001E1C000E1C0006380006780002700002700002F0
0000F00000F00000F00000F00000F000007000027000027800023800041C00041C00080E000803
003001C0C0003F00171A7E991C>I<FFFF000E01C00E00E00E00300E00380E001C0E001C0E000E
0E000E0E000F0E000F0E000F0E000F0E000F0E000F0E000F0E000F0E000E0E000E0E001E0E001C
0E00380E00380E00700E01C0FFFF00181A7E991D>I<FFFFF00E00700E00300E00100E00180E00
080E00080E00080E04000E04000E04000E0C000FFC000E0C000E04000E04000E04000E00040E00
040E00080E00080E00080E00180E00380E0070FFFFF0161A7E991A>I<FFFFE00E00E00E00600E
00200E00300E00100E00100E00100E04000E04000E04000E0C000FFC000E0C000E04000E04000E
04000E00000E00000E00000E00000E00000E00000E00000E0000FFF000141A7E9919>I<003F02
0001C0C60003002E000E001E001C000E001C00060038000600780002007000020070000200F000
0000F0000000F0000000F0000000F0000000F001FFC070000E0070000E0078000E0038000E001C
000E001C000E000E000E000300160001C06600003F82001A1A7E991E>I<FFE7FF0E00700E0070
0E00700E00700E00700E00700E00700E00700E00700E00700E00700FFFF00E00700E00700E0070
0E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF181A7E991D>I<FFE0
0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E
000E000E000E000E00FFE00B1A7F990E>I<FFE07F800E001E000E0018000E0010000E0020000E
0040000E0080000E0100000E0200000E0400000E0800000E1C00000E2E00000E4E00000E870000
0F0380000E0380000E01C0000E00E0000E00E0000E0070000E0070000E0038000E001C000E003E
00FFE0FF80191A7E991E>75 D<FFF0000E00000E00000E00000E00000E00000E00000E00000E00
000E00000E00000E00000E00000E00000E00000E00000E00000E00200E00200E00200E00600E00
400E00400E00C00E03C0FFFFC0131A7E9918>I<FF0003FC0F0003C00F0003C00B8005C00B8005
C00B8005C009C009C009C009C009C009C008E011C008E011C008E011C0087021C0087021C00838
41C0083841C0083841C0081C81C0081C81C0081C81C0080F01C0080F01C0080F01C0080601C01C
0601C0FF861FFC1E1A7E9923>I<FE01FF0F00380F00100B80100B801009C01008E01008E01008
7010087010083810081C10081C10080E10080E100807100803900803900801D00801D00800F008
00700800700800301C0030FF8010181A7E991D>I<007F000001C1C000070070000E0038001C00
1C003C001E0038000E0078000F0070000700F0000780F0000780F0000780F0000780F0000780F0
000780F0000780F000078078000F0078000F0038000E003C001E001C001C000E00380007007000
01C1C000007F0000191A7E991E>I<FFFF000E03C00E00E00E00700E00700E00780E00780E0078
0E00780E00700E00700E00E00E03C00FFF000E00000E00000E00000E00000E00000E00000E0000
0E00000E00000E00000E0000FFE000151A7E991A>I<FFFC00000E0780000E01C0000E00E0000E
00F0000E00F0000E00F0000E00F0000E00F0000E00E0000E01C0000E0780000FFC00000E060000
0E0300000E0180000E01C0000E01C0000E01C0000E01E0000E01E0000E01E0000E01E0800E00F0
800E007100FFE03E00191A7E991C>82 D<0FC21836200E6006C006C002C002C002E00070007E00
3FE01FF807FC003E000E00070003800380038003C002C006E004D81887E0101A7E9915>I<7FFF
FF00701C0700401C0100401C0100C01C0180801C0080801C0080801C0080001C0000001C000000
1C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000
001C0000001C0000001C0000001C0000001C000003FFE000191A7F991C>I<FFE1FF0E00380E00
100E00100E00100E00100E00100E00100E00100E00100E00100E00100E00100E00100E00100E00
100E00100E00100E00100E001006002007002003004001804000C180003E00181A7E991D>I<FF
83FF0FF03C007801C01C007800801C007800800E007801000E007801000E009C010007009C0200
07009C020007010E020007010E020003810E04000382070400038207040001C207080001C40388
0001C403880000E403900000E403900000E801D000007801E000007801E000007000E000007000
E000003000C0000020004000241A7F9927>87 D<3F8070C070E020700070007007F01C70307070
70E070E071E071E0F171FB1E3C10107E8F13>97 D<FC00001C00001C00001C00001C00001C0000
1C00001C00001C00001C00001CF8001F0E001E07001C03801C01801C01C01C01C01C01C01C01C0
1C01C01C01C01C03801C03001E07001B0C0010F000121A7F9915>I<07F80C1C381C30087000E0
00E000E000E000E000E0007000300438080C1807E00E107F8F11>I<007E00000E00000E00000E
00000E00000E00000E00000E00000E00000E0003CE000C3E00380E00300E00700E00E00E00E00E
00E00E00E00E00E00E00E00E00600E00700E00381E001C2E0007CFC0121A7F9915>I<07C01C30
30187018600CE00CFFFCE000E000E000E0006000300438080C1807E00E107F8F11>I<01F00318
07380E100E000E000E000E000E000E00FFC00E000E000E000E000E000E000E000E000E000E000E
000E000E000E007FE00D1A80990C>I<0FCE187330307038703870387038303018602FC0200060
0070003FF03FFC1FFE600FC003C003C003C0036006381C07E010187F8F13>I<FC00001C00001C
00001C00001C00001C00001C00001C00001C00001C00001CF8001D0C001E0E001E0E001C0E001C
0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E00FF9FC0121A7F9915>I<
18003C003C001800000000000000000000000000FC001C001C001C001C001C001C001C001C001C
001C001C001C001C001C00FF80091A80990B>I<018003C003C001800000000000000000000000
000FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C0
41C0E180E3007E000A2182990C>I<FC00001C00001C00001C00001C00001C00001C00001C0000
1C00001C00001C3F801C1E001C18001C10001C20001C40001DC0001FE0001CE0001C70001C7800
1C38001C1C001C1E001C1F00FF3FC0121A7F9914>I<FC001C001C001C001C001C001C001C001C
001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C00FF80091A8099
0B>I<FC7C1F001D8E63801E0781C01E0781C01C0701C01C0701C01C0701C01C0701C01C0701C0
1C0701C01C0701C01C0701C01C0701C01C0701C01C0701C0FF9FE7F81D107F8F20>I<FCF8001D
0C001E0E001E0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C
0E00FF9FC012107F8F15>I<07E01C38300C700E6006E007E007E007E007E007E0076006700E38
1C1C3807E010107F8F13>I<FCF8001F0E001E07001C03801C03801C01C01C01C01C01C01C01C0
1C01C01C01C01C03801C03001E07001F0C001CF0001C00001C00001C00001C00001C00001C0000
FF800012177F8F15>I<03C2000C2600381E00300E00700E00E00E00E00E00E00E00E00E00E00E
00E00E00700E00700E00381E001C2E0007CE00000E00000E00000E00000E00000E00000E00007F
C012177F8F14>I<FCE01D701E701E201C001C001C001C001C001C001C001C001C001C001C00FF
C00C107F8F0F>I<1F2060E04020C020C020F0007F003FC01FE000F080708030C030C020F0408F
800C107F8F0F>I<0400040004000C000C001C003C00FFC01C001C001C001C001C001C001C001C
001C201C201C201C201C200E4003800B177F960F>I<FC7E001C0E001C0E001C0E001C0E001C0E
001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C1E000C2E0007CFC012107F8F15>I<FF
1F803C06001C04001C04001E0C000E08000E080007100007100007900003A00003A00001C00001
C00001C00000800011107F8F14>I<FF3F9F803C0E0700380E06001C1604001C1704001E170C00
0E2308000E2388000F239800074190000741D00003C1E0000380E0000380E0000180C000010040
0019107F8F1C>I<FF3F803C1C001C18000E100007200007600003C00001C00001E00003E00002
7000043800083800181C00381E00FC3FC012107F8F14>I<FF1F803C06001C04001C04001E0C00
0E08000E080007100007100007900003A00003A00001C00001C00001C000008000008000010000
010000E10000E20000E4000078000011177F8F14>I<7FF86070407040E041C041C00380070007
000E081C081C08381070107030FFF00D107F8F11>I E /Fs 83 124 df<000300000003000000
07800000078000000FC000000BC0000013E0000011E0000021F0000020F0000040F80000407800
00807C0000803C0001003E0001001E0002001F0002000F0004000F8004000780080007C0080003
C0100003E0100001E0200000F0200000F07FFFFFF8FFFFFFFCFFFFFFFC1E1D7E9C23>1
D<007E1F0001C1B1800303E3C00703C3C00E03C1800E01C0000E01C0000E01C0000E01C0000E01
C0000E01C000FFFFFC000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E
01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0007F87FC00
1A1D809C18>11 D<007E0001C1800301800703C00E03C00E01800E00000E00000E00000E00000E
0000FFFFC00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E
01C00E01C00E01C00E01C00E01C07F87F8151D809C17>I<007FC001C1C00303C00703C00E01C0
0E01C00E01C00E01C00E01C00E01C00E01C0FFFFC00E01C00E01C00E01C00E01C00E01C00E01C0
0E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C07FCFF8151D809C17>
I<003F07E00001C09C18000380F018000701F03C000E01E03C000E00E018000E00E000000E00E0
00000E00E000000E00E000000E00E00000FFFFFFFC000E00E01C000E00E01C000E00E01C000E00
E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E
00E01C000E00E01C000E00E01C000E00E01C000E00E01C007FC7FCFF80211D809C23>I<003F07
FC0001C0DC1C000381F03C000701F03C000E01E01C000E00E01C000E00E01C000E00E01C000E00
E01C000E00E01C000E00E01C00FFFFFFFC000E00E01C000E00E01C000E00E01C000E00E01C000E
00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C00
0E00E01C000E00E01C000E00E01C000E00E01C007FC7FCFF80211D809C23>I<6060F0F0F8F868
68080808080808101010102020404080800D0C7F9C15>34 D<0F0000C0188000C0306003807038
07006027FB00E0100600E0100C00E0100C00E0101800E0101800E0103000E01060006020600070
20C00030418000188180000F0303C00006062000060C10000C1C08001818080018380400303804
006038040060380400C0380400C03804018038040300180803001C0806000C100C000620040003
C01E217E9E23>37 D<60F0F8680808081010204080050C7C9C0C>39 D<00400080010002000600
0C000C0018001800300030007000600060006000E000E000E000E000E000E000E000E000E000E0
00E000E000600060006000700030003000180018000C000C00060002000100008000400A2A7D9E
10>I<800040002000100018000C000C000600060003000300038001800180018001C001C001C0
01C001C001C001C001C001C001C001C001C0018001800180038003000300060006000C000C0018
0010002000400080000A2A7E9E10>I<60F0F0701010101020204080040C7C830C>44
D<FFE0FFE00B0280890E>I<60F0F06004047C830C>I<00010003000600060006000C000C000C00
18001800180030003000300060006000C000C000C0018001800180030003000300060006000C00
0C000C00180018001800300030003000600060006000C000C00010297E9E15>I<03C00C301818
300C300C700E60066006E007E007E007E007E007E007E007E007E007E007E007E007E007600660
06700E300C300C18180C3007E0101D7E9B15>I<030007003F00C7000700070007000700070007
0007000700070007000700070007000700070007000700070007000700070007000F80FFF80D1C
7C9B15>I<07C01830201C400C400EF00FF80FF807F8077007000F000E000E001C001C00380070
006000C00180030006010C01180110023FFE7FFEFFFE101C7E9B15>I<07E01830201C201C781E
780E781E381E001C001C00180030006007E00030001C001C000E000F000F700FF80FF80FF80FF0
0E401C201C183007E0101D7E9B15>I<000C00000C00001C00003C00003C00005C0000DC00009C
00011C00031C00021C00041C000C1C00081C00101C00301C00201C00401C00C01C00FFFFC0001C
00001C00001C00001C00001C00001C00001C0001FFC0121C7F9B15>I<300C3FF83FF03FC02000
2000200020002000200023E024302818301C200E000E000F000F000F600FF00FF00FF00F800E40
1E401C2038187007C0101D7E9B15>I<00F0030C06040C0E181E301E300C700070006000E3E0E4
30E818F00CF00EE006E007E007E007E007E007600760077006300E300C18180C3003E0101D7E9B
15>I<4000007FFF807FFF007FFF00400200800400800400800800001000001000002000006000
00400000C00000C00001C000018000018000038000038000038000038000078000078000078000
078000078000078000030000111D7E9B15>I<03E00C301008200C20066006600660067006780C
3E083FB01FE007F007F818FC307E601E600FC007C003C003C003C00360026004300C1C1007E010
1D7E9B15>I<03C00C301818300C700C600EE006E006E007E007E007E007E0076007700F300F18
170C2707C700060006000E300C780C78187010203030C00F80101D7E9B15>I<60F0F060000000
0000000000000060F0F06004127C910C>I<60F0F0600000000000000000000060F0F070101010
1020204080041A7C910C>I<7FFFFFC0FFFFFFE000000000000000000000000000000000000000
00000000000000000000000000FFFFFFE07FFFFFC01B0C7E8F20>61 D<0FE03038401CE00EF00E
F00EF00E000C001C0030006000C000800180010001000100010001000100000000000000000000
0003000780078003000F1D7E9C14>63 D<000600000006000000060000000F0000000F0000000F
00000017800000178000001780000023C0000023C0000023C0000041E0000041E0000041E00000
80F0000080F0000180F8000100780001FFF80003007C0002003C0002003C0006003E0004001E00
04001E000C001F001E001F00FF80FFF01C1D7F9C1F>65 D<FFFFC00F00F00F00380F003C0F001C
0F001E0F001E0F001E0F001E0F001C0F003C0F00780F01F00FFFE00F00780F003C0F001E0F000E
0F000F0F000F0F000F0F000F0F000F0F001E0F001E0F003C0F0078FFFFE0181C7E9B1D>I<001F
808000E0618001801980070007800E0003801C0003801C00018038000180780000807800008070
000080F0000000F0000000F0000000F0000000F0000000F0000000F0000000F000000070000080
7800008078000080380000801C0001001C0001000E000200070004000180080000E03000001FC0
00191E7E9C1E>I<FFFFC0000F00F0000F003C000F000E000F0007000F0007000F0003800F0003
C00F0001C00F0001C00F0001E00F0001E00F0001E00F0001E00F0001E00F0001E00F0001E00F00
01E00F0001C00F0001C00F0003C00F0003800F0007800F0007000F000E000F001C000F007000FF
FFC0001B1C7E9B20>I<FFFFFC0F003C0F000C0F00040F00040F00060F00020F00020F02020F02
000F02000F02000F06000FFE000F06000F02000F02000F02000F02010F00010F00020F00020F00
020F00060F00060F000C0F003CFFFFFC181C7E9B1C>I<FFFFF80F00780F00180F00080F00080F
000C0F00040F00040F02040F02000F02000F02000F06000FFE000F06000F02000F02000F02000F
02000F00000F00000F00000F00000F00000F00000F00000F8000FFF800161C7E9B1B>I<001F80
8000E0618001801980070007800E0003801C0003801C0001803800018078000080780000807000
0080F0000000F0000000F0000000F0000000F0000000F0000000F000FFF0F0000F807000078078
00078078000780380007801C0007801C0007800E00078007000B800180118000E06080001F8000
1C1E7E9C21>I<FFF3FFC00F003C000F003C000F003C000F003C000F003C000F003C000F003C00
0F003C000F003C000F003C000F003C000F003C000FFFFC000F003C000F003C000F003C000F003C
000F003C000F003C000F003C000F003C000F003C000F003C000F003C000F003C000F003C00FFF3
FFC01A1C7E9B1F>I<FFF00F000F000F000F000F000F000F000F000F000F000F000F000F000F00
0F000F000F000F000F000F000F000F000F000F000F000F00FFF00C1C7F9B0F>I<1FFF00F80078
0078007800780078007800780078007800780078007800780078007800780078007800787078F8
78F878F878F0F040E021C01F00101D7F9B15>I<FFF03FE00F000F000F000C000F0008000F0010
000F0020000F0040000F0080000F0100000F0200000F0400000F0E00000F1F00000F2F00000F27
80000F4780000F83C0000F01E0000F01E0000F00F0000F00F8000F0078000F003C000F003C000F
001E000F001F000F001F80FFF07FF01C1C7E9B20>I<FFF8000F80000F00000F00000F00000F00
000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00
080F00080F00080F00180F00180F00100F00300F00700F01F0FFFFF0151C7E9B1A>I<FF8000FF
800F8000F8000F8000F8000BC00178000BC00178000BC001780009E002780009E002780008F004
780008F004780008F0047800087808780008780878000878087800083C107800083C107800083C
107800081E207800081E207800081E207800080F407800080F4078000807807800080780780008
0780780008030078001C03007800FF8307FF80211C7E9B26>I<FF007FC00F800E000F8004000B
C0040009E0040009E0040008F0040008F8040008780400083C0400083C0400081E0400080F0400
080F0400080784000807C4000803C4000801E4000801E4000800F40008007C0008007C0008003C
0008003C0008001C0008000C001C000C00FF8004001A1C7E9B1F>I<003F800000E0E000038038
0007001C000E000E001C0007003C00078038000380780003C0780003C0700001C0F00001E0F000
01E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0700001C0780003C0780003C038
0003803C0007801C0007000E000E0007001C000380380000E0E000003F80001B1E7E9C20>I<FF
FF800F00E00F00780F003C0F001C0F001E0F001E0F001E0F001E0F001E0F001C0F003C0F00780F
00E00FFF800F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F
0000FFF000171C7E9B1C>I<003F800000E0E0000380380007001C000E000E001C0007003C0007
8038000380780003C0780003C0700001C0F00001E0F00001E0F00001E0F00001E0F00001E0F000
01E0F00001E0F00001E0700001C0780003C0780003C0380003803C0E07801C1107000E208E0007
205C0003A0780000F0E020003FE0200000602000003060000038E000003FC000003FC000001F80
00000F001B257E9C20>I<FFFF00000F01E0000F0078000F003C000F001C000F001E000F001E00
0F001E000F001E000F001C000F003C000F0078000F01E0000FFF00000F03C0000F00E0000F00F0
000F0078000F0078000F0078000F0078000F0078000F0078000F0078100F0078100F0038100F00
3C20FFF01C20000007C01C1D7E9B1F>I<07E0801C1980300580700380600180E00180E00080E0
0080E00080F00000F800007C00007FC0003FF8001FFE0007FF0000FF80000F800007C00003C000
01C08001C08001C08001C0C00180C00180E00300D00200CC0C0083F800121E7E9C17>I<7FFFFF
C0700F01C0600F00C0400F0040400F0040C00F0020800F0020800F0020800F0020000F0000000F
0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F000000
0F0000000F0000000F0000000F0000000F0000000F0000001F800003FFFC001B1C7F9B1E>I<FF
F07FC00F000E000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F000400
0F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004
000F0004000F0004000700080007800800038010000180100000C020000070C000001F00001A1D
7E9B1F>I<FFE00FF01F0003C00F0001800F0001000F800300078002000780020003C0040003C0
040003C0040001E0080001E0080001F0080000F0100000F0100000F83000007820000078200000
3C4000003C4000003C4000001E8000001E8000001F8000000F0000000F00000006000000060000
000600001C1D7F9B1F>I<FFE0FFE0FF1F001F003C1E001E00180F001F00100F001F00100F001F
001007801F00200780278020078027802003C027804003C043C04003C043C04003E043C04001E0
81E08001E081E08001E081E08000F100F10000F100F10000F100F100007900FA00007A007A0000
7A007A00003E007C00003C003C00003C003C00003C003C00001800180000180018000018001800
281D7F9B2B>I<7FF0FFC00FC03E000780180003C0180003E0100001E0200001F0600000F04000
00788000007D8000003D0000001E0000001F0000000F0000000F8000000F80000013C0000023E0
000021E0000041F00000C0F8000080780001007C0003003C0002001E0006001F001F003F80FFC0
FFF01C1C7F9B1F>I<FFF007FC0F8001E00780008007C0018003C0010003E0020001F0020000F0
040000F8040000780800007C1800003C1000001E2000001F2000000F4000000FC0000007800000
078000000780000007800000078000000780000007800000078000000780000007800000078000
007FF8001E1C809B1F>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0FEFE07297C9E0C>91 D<FEFE06060606060606060606060606060606
060606060606060606060606060606060606060606FEFE0729809E0C>93
D<1FC000307000783800781C00301C00001C00001C0001FC000F1C00381C00701C00601C00E01C
40E01C40E01C40603C40304E801F870012127E9115>97 D<FC00001C00001C00001C00001C0000
1C00001C00001C00001C00001C00001C00001C7C001D86001E03001C01801C01C01C00C01C00E0
1C00E01C00E01C00E01C00E01C00E01C00C01C01C01C01801E030019060010F800131D7F9C17>
I<07E00C301878307870306000E000E000E000E000E000E00060007004300418080C3007C00E12
7E9112>I<003F0000070000070000070000070000070000070000070000070000070000070003
E7000C1700180F00300700700700600700E00700E00700E00700E00700E00700E0070060070070
0700300700180F000C370007C7E0131D7E9C17>I<03E00C301818300C700E6006E006FFFEE000
E000E000E00060007002300218040C1803E00F127F9112>I<00F8018C071E061E0E0C0E000E00
0E000E000E000E00FFE00E000E000E000E000E000E000E000E000E000E000E000E000E000E000E
000E007FE00F1D809C0D>I<00038003C4C00C38C01C3880181800381C00381C00381C00381C00
1818001C38000C300013C0001000003000001800001FF8001FFF001FFF803003806001C0C000C0
C000C0C000C06001803003001C0E0007F800121C7F9215>I<FC00001C00001C00001C00001C00
001C00001C00001C00001C00001C00001C00001C7C001C87001D03001E03801C03801C03801C03
801C03801C03801C03801C03801C03801C03801C03801C03801C03801C0380FF9FF0141D7F9C17
>I<18003C003C0018000000000000000000000000000000FC001C001C001C001C001C001C001C
001C001C001C001C001C001C001C001C001C00FF80091D7F9C0C>I<00C001E001E000C0000000
00000000000000000000000FE000E000E000E000E000E000E000E000E000E000E000E000E000E0
00E000E000E000E000E000E000E060E0F0C0F1C061803E000B25839C0D>I<FC00001C00001C00
001C00001C00001C00001C00001C00001C00001C00001C00001C3FC01C0F001C0C001C08001C10
001C20001C40001CE0001DE0001E70001C78001C38001C3C001C1C001C0E001C0F001C0F80FF9F
E0131D7F9C16>I<FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C
001C001C001C001C001C001C001C001C001C001C001C001C00FF80091D7F9C0C>I<FC7E07E000
1C838838001D019018001E01E01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C
001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C0
1C00FF8FF8FF8021127F9124>I<FC7C001C87001D03001E03801C03801C03801C03801C03801C
03801C03801C03801C03801C03801C03801C03801C03801C0380FF9FF014127F9117>I<03F000
0E1C00180600300300700380600180E001C0E001C0E001C0E001C0E001C0E001C0600180700380
3003001806000E1C0003F00012127F9115>I<FC7C001D86001E03001C01801C01C01C00C01C00
E01C00E01C00E01C00E01C00E01C00E01C01C01C01C01C01801E03001D06001CF8001C00001C00
001C00001C00001C00001C00001C0000FF8000131A7F9117>I<03C1000C3300180B00300F0070
0700700700E00700E00700E00700E00700E00700E00700600700700700300F00180F000C370007
C700000700000700000700000700000700000700000700003FE0131A7E9116>I<FCE01D301E78
1E781C301C001C001C001C001C001C001C001C001C001C001C001C00FFC00D127F9110>I<1F90
30704030C010C010E010F8007F803FE00FF000F880388018C018C018E010D0608FC00D127F9110
>I<04000400040004000C000C001C003C00FFE01C001C001C001C001C001C001C001C001C001C
101C101C101C101C100C100E2003C00C1A7F9910>I<FC1F801C03801C03801C03801C03801C03
801C03801C03801C03801C03801C03801C03801C03801C03801C07800C07800E1B8003E3F01412
7F9117>I<FF07E03C03801C01001C01000E02000E020007040007040007040003880003880003
D80001D00001D00000E00000E00000E00000400013127F9116>I<FF3FCFE03C0F03801C070180
1C0701001C0B01000E0B82000E0B82000E1182000711C4000711C4000720C40003A0E80003A0E8
0003C0680001C0700001C0700001803000008020001B127F911E>I<7F8FF00F03800F03000702
0003840001C80001D80000F00000700000780000F800009C00010E00020E000607000403801E07
C0FF0FF81512809116>I<FF07E03C03801C01001C01000E02000E020007040007040007040003
880003880003D80001D00001D00000E00000E00000E000004000004000008000008000F08000F1
0000F300006600003C0000131A7F9116>I<7FFC70386038407040F040E041C003C0038007000F
040E041C043C0C380870087038FFF80E127F9112>I<FFFFF01401808B15>I
E /Ft 21 122 df<00001800000000180000000018000000003C000000003C000000003C000000
007E000000007E00000000FF000000009F000000009F000000011F800000010F800000010F8000
000207C000000207C000000207C000000403E000000403E000000403E000000801F000000801F0
00001801F800001000F800001000F800002000FC000020007C00003FFFFC00007FFFFE00004000
3E000040003E000080001F000080001F000080001F000100000F800100000F800100000F800200
0007C007000007C01F80000FE0FFF000FFFFFFF000FFFF282A7EA92D>65
D<0000FF00100007FFE030001FC07830003E000C7000F80006F001F00003F003E00001F007C000
00F00F800000700F800000701F000000303F000000303E000000303E000000107E000000107E00
0000107C00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC
00000000FC00000000FC000000007C000000007E000000007E000000103E000000103E00000010
3F000000101F000000200F800000200F8000006007C000004003E000008001F000018000F80003
00003E000E00001FC038000007FFE0000000FF8000242B7DA92B>67 D<FFFFFFFF80FFFFFFFF80
07E0001F8003E000078003E00001C003E00000C003E00000C003E000004003E000004003E00000
4003E000004003E000002003E001002003E001002003E001000003E001000003E003000003E003
000003E00F000003FFFF000003FFFF000003E00F000003E003000003E003000003E001000003E0
01001003E001001003E001001003E000001003E000002003E000002003E000002003E000002003
E000006003E000006003E00000E003E00001E003E00003C007E0001FC0FFFFFFFFC0FFFFFFFFC0
24297EA829>69 D<FFFF80FFFF8007F00003E00003E00003E00003E00003E00003E00003E00003
E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003
E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003
E00003E00007F000FFFF80FFFF8011297EA816>73 D<FFFFFF8000FFFFFFF00007E000FC0003E0
003E0003E0001F0003E0000F8003E0000FC003E00007C003E00007E003E00007E003E00007E003
E00007E003E00007E003E00007E003E00007C003E0000FC003E0000F8003E0001F0003E0003E00
03E001F80003FFFFE00003E000000003E000000003E000000003E000000003E000000003E00000
0003E000000003E000000003E000000003E000000003E000000003E000000003E000000003E000
000003E000000003E000000003E000000007F0000000FFFF800000FFFF80000023297EA829>80
D<01FC00000E0780001001C0003C00E0003E00F0003E0078001C00780008007800000078000000
780000007800007FF80003E078000F8078001F0078003E0078007C00780078007820F8007820F8
007820F8007820F800F8207C00F8203C013C401F063FC007F80F001B1A7E991E>97
D<007F8001C0700780080F003C1E007C3C007C3C00387C0010780000F80000F80000F80000F800
00F80000F80000F80000F800007800007C00003C00043C00041E00080F001007802001C0C0007F
00161A7E991B>99 D<00000F000001FF000001FF0000001F0000000F0000000F0000000F000000
0F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00003F0F0001
C0CF0003802F000F001F001E001F001C000F003C000F007C000F0078000F0078000F00F8000F00
F8000F00F8000F00F8000F00F8000F00F8000F00F8000F0078000F0078000F003C000F003C000F
001E001F000E002F0007004F8001C18FF8007E0FF81D2A7EA921>I<007E0003C3800700E00E00
F01C00703C00783C003878003C78003CF8003CF8003CFFFFFCF80000F80000F80000F80000F800
007800007C00003C00043C00041E00080E001007002001C0C0007F00161A7E991B>I<001F0000
70C000E1E001C3E003C3E00381C007808007800007800007800007800007800007800007800007
8000078000FFFE00FFFE0007800007800007800007800007800007800007800007800007800007
800007800007800007800007800007800007800007800007800007800007800007800007C000FF
FE00FFFE00132A7FA912>I<07000F801F801F800F800700000000000000000000000000000000
00000007807F807F800F8007800780078007800780078007800780078007800780078007800780
078007800780078007800780FFF8FFF80D297FA811>105 D<07800000FF800000FF8000000F80
000007800000078000000780000007800000078000000780000007800000078000000780000007
800000078000000780000007807FF007807FF007801F8007801C00078018000780200007804000
07808000078100000782000007870000079F800007A7800007C7C0000783E0000781E0000781F0
000780F8000780780007807C0007803E0007801E0007801F0007801F80FFFC7FF8FFFC7FF81D2A
7FA920>107 D<0780FF80FF800F80078007800780078007800780078007800780078007800780
078007800780078007800780078007800780078007800780078007800780078007800780078007
800780078007800780FFFCFFFC0E2A7FA911>I<0781F800FC00FF860E030700FF98070C03800F
A0079003C007A003D001E007C003E001E007C003E001E0078003C001E0078003C001E0078003C0
01E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E007
8003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C0
01E0078003C001E0FFFC7FFE3FFFFFFC7FFE3FFF301A7F9932>I<0783F800FF8C1C00FF900E00
0FA0070007A0078007C0078007C007800780078007800780078007800780078007800780078007
800780078007800780078007800780078007800780078007800780078007800780078007800780
078007800780FFFCFFFCFFFCFFFC1E1A7F9921>I<007F000001C1C000070070000E0038001C00
1C003C001E003C001E0078000F0078000F00F8000F80F8000F80F8000F80F8000F80F8000F80F8
000F80F8000F80F8000F8078000F0078000F003C001E003C001E001E003C000E00380007007000
01C1C000007F0000191A7E991E>I<0787C0FF98E0FF91F00FA1F007C1F007C0E007C000078000
078000078000078000078000078000078000078000078000078000078000078000078000078000
07800007800007C000FFFE00FFFE00141A7F9917>114 D<07F8401C06C03001C06000C06000C0
E00040E00040F00040F800007E00007FF0003FFE000FFF0003FF80003FC00007C08001E08001E0
C000E0C000E0C000E0E000C0F001C0F80180C4070083F800131A7E9918>I<0080000080000080
000080000180000180000180000380000380000780000F80001FFF80FFFF800780000780000780
000780000780000780000780000780000780000780000780000780000780000780400780400780
4007804007804007804007804003C08001C08000E100003E0012257FA417>I<FFF1FFC1FFFFF1
FFC1FF0F803E00780F001E003007801E002007801E002007801F002003C03F004003C027004003
C027804001E067808001E043808001E043C08000F081C10000F081C10000F881E300007900E200
007900E200007D00F600003E007400003E007400001E007800001C003800001C003800000C0030
000008001000281A7F992B>119 D<FFF00FF8FFF00FF80F8003C0078003800780010003C00200
03C0020003E0020001E0040001E0040000F0080000F0080000F818000078100000781000003C20
00003C2000003E6000001E4000001E4000000F8000000F80000007000000070000000700000002
0000000200000004000000040000000400000008000070080000F8100000F8100000F8200000F0
400000608000001F0000001D267F9920>121 D E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 300
TeXDict begin @letter /letter where {pop letter} if
%%EndSetup
%%Page: 0 1
bop 249 453 a Ft(Access)17 b(Con)n(trol)k(and)f(P)n(olicy)e(Enforcemen)n(t)i
(in)g(In)n(ternet)n(w)n(orks)968 617 y Fs(b)o(y)874 732 y(Gene)14
b(Tsudik)p 849 1049 283 2 v 701 1400 a(A)g(Dissertation)g(Presen)o(ted)i(to)e
(the)581 1480 y(F)-5 b(A)o(CUL)m(TY)14 b(OF)g(THE)g(GRADUA)m(TE)f(SCHOOL)554
1559 y(UNIVERSITY)h(OF)g(SOUTHERN)g(CALIF)o(ORNIA)738 1639
y(In)g(P)o(artial)f(F)m(ul\014llmen)o(t)e(of)i(the)730 1719
y(Requiremen)o(ts)g(for)h(the)g(Degree)714 1799 y(DOCTOR)f(OF)i(PHILOSOPHY)
810 1879 y(\(Computer)e(Science\))902 2256 y Fr(April)f(1991)721
2620 y Fs(Cop)o(yrigh)o(t)27 b(1991)g(Gene)14 b(Tsudik)p eop
%%Page: 2 2
bop 2047 2770 a Fs(ii)p eop
%%Page: 3 3
bop 828 266 a Fq(Dedication)-90 375 y Fs(T)m(o)13 b Fp(R&D)h
Fs(and)g(179)f(steps)i(of)f(wisdom.)2035 2770 y(iii)p eop
%%Page: 4 4
bop 705 284 a Fq(Ac)n(kno)n(wledgemen)n(ts)-90 389 y Fr(This)13
b(is)f(one)i(of)e(the)i(most)f(di\016cult)f(sections)i(of)f(this)f(thesis)i
(as)f(there)g(are)g(so)g(man)o(y)h(p)q(eople)f(I)g(w)o(ould)g(lik)o(e)f(to)h
(thank.)-28 453 y(First)e(and)g(foremost,)g(I)g(can)g(only)g(scratc)o(h)h
(the)f(surface)g(of)f(m)o(y)h(deep)q(est)h(gratitude)f(to)g(m)o(y)g(advisor,)
g(Dr.)17 b(Deb)q(orah)12 b(Estrin,)f(whose)g(guidance,)-90
498 y(friendship)j(and)h(piquan)o(t)f(sense)h(of)e(h)o(umor)i(I)e(enjo)o(y)o
(ed)i(during)f(m)o(y)g(y)o(ears)g(at)g(USC.)f(Our)h(inn)o(umerable)g
(meetings,)g(discussions)h(and)g(\(at)e(times)-90 544 y(heated\))18
b(debates)h(at)f(v)n(arious)g(exotic)g(lo)q(cations)g(ha)o(v)o(e)g(con)o
(tributed)h(greatly)f(to)f(this)h(dissertation)g(and)h(m)o(y)e(in)o
(tellectual)g(maturit)o(y)m(.)32 b(Most)-90 590 y(imp)q(ortan)o(tly)m(,)13
b(she)g(is)g(resp)q(onsible)h(for)e(con)o(vincing)i(me)f(not)g(to)g(view)g
(researc)o(h)h(as)f(a)g(sequence)h(of)f(sprin)o(ts,)g(and)g(to)g(use)g
(analogies)h(sparingly)m(.)-28 653 y(I)d(w)o(ould)h(also)f(lik)o(e)g(to)g
(thank)h(other)g(mem)o(b)q(ers)g(of)f(m)o(y)g(dissertation)h(committee,)f
(Drs.)17 b(Silv)o(ester)11 b(and)h(McLeo)q(d)g(for)f(their)g(helpful)g
(commen)o(ts)-90 699 y(and)j(for)e(enduring)j(m)o(y)d(ram)o(blings,)h(b)q
(oth)h(written)f(and)g(sp)q(ok)o(en.)-28 762 y(I)i(sincerely)g(thank)h(all)e
(former)h(and)h(curren)o(t)f(mem)o(b)q(ers)h(of)e(the)h(Computer)h(Net)o(w)o
(orks)f(and)g(Distributed)h(Systems)g(Lab)f(for)g(main)o(taining)-90
808 y(a)h(stim)o(ulating)g(and)g(friendly)g(researc)o(h)h(milieu.)25
b(I)15 b(am)h(indebted)h(to)f(Lee)g(Breslau)g(and)g(Stev)o(e)h(Hotz)f(for)f
(commen)o(ts)i(on)f(this)g(thesis)g(and)g(its)-90 854 y(presen)o(tation.)i
(Kamal)13 b(Anand,)h(Dann)o(y)g(Mitzel)f(and)g(Ron)h(Co)q(cc)o(hi)f(ha)o(v)o
(e)h(con)o(tributed)g(to)f(v)n(arious)g(stages)h(of)f Fo(Visa)e
Fr(proto)q(col)j(implemen)o(tation,)-90 899 y(testing)g(and)g(exp)q(erimen)o
(ts.)19 b(I)13 b(am)g(also)h(grateful)f(to)g(fello)o(w)g(IDPR-ers:)18
b(Lee)13 b(Breslau,)h(T)m(on)o(y)f(Li)g(and)h(Katia)f(Obraczk)n(a)i(with)e
(whom)g(I)g(enjo)o(y)o(ed)-90 945 y(ha)o(ving)i(man)o(y)f(a)g(brainstorming)h
(session.)20 b(Sp)q(ecial)14 b(thanks)h(to)f(Debbie)h(Galtman)f(for)g
Fo(c)n(onquering)d Fr(DESNC.)i(I)h(am)g(also)g(indebted)h(to)f(Sharon)-90
991 y(Anderson)g(who)f(is,)f(tragically)m(,)h(no)g(longer)g(with)g(us.)-28
1054 y(I)e(am)f(thankful)h(to)g(all)f(mem)o(b)q(ers)h(of)f(the)h(In)o(ternet)
g(Op)q(en)g(Routing)g(W)m(orking)g(Group)h(who)e(con)o(tributed)i(to)f(the)f
(design)h(and)h(implemen)o(tation)-90 1100 y(of)i(IDPR.)f(In)h(particular,)g
(I)f(w)o(ould)h(lik)o(e)f(to)h(thank)h(Martha)f(Steenstrup)h(and)g(Helen)e
(Bo)o(wns)h(at)g(BBN,)f(and)i(Rob)q(ert)f(\(W)m(o)q(o)q(dy\))h(W)m(o)q(o)q
(dburn)h(at)-90 1146 y(SAIC.)-28 1213 y(Last,)e(but)h(certainly)f(not)g
(least,)g(I)g(wish)g(to)g(thank)h(m)o(y)f(family)m(.)20 b(My)14
b(paren)o(ts)h(ha)o(v)o(e)g(alw)o(a)o(ys)f(b)q(een)g(an)h(endless)g(source)f
(of)g(w)o(arm)o(th,)g(under-)-90 1263 y(standing)j(and)f(supp)q(ort.)26
b(My)17 b(wife,)e(Rima,)h(is)f(imp)q(ossible)h(to)g(thank)g(prop)q(erly)h(in)
e(this)h(con)o(text;)h(an)o(y)g(expression)f(of)g(gratitude)g(will)e(b)q(e)i
(an)-90 1313 y(understatemen)o(t.)22 b(Finally)m(,)14 b(m)o(y)h(daugh)o(ter,)
g(Daniela,)g(has)g(b)q(een)g(instrumen)o(tal)f(to)h(this)f(dissertation)h(b)o
(y)f(b)q(eing)h(the)g(c)o(hief)f(motiv)n(ation)g(for)g(its)-90
1363 y(ev)o(en)o(tual)g(completion,)e(and)i(b)o(y)f(sta)o(ying)h
(exceptionally)f(quiet)h(in)e(di\016cult)h(momen)o(ts.)2037
2770 y Fs(iv)p eop
%%Page: 5 5
bop -90 192 a Fq(Con)n(ten)n(ts)-90 535 y Fn(Dedication)1892
b(iii)-90 644 y(Ac)o(kno)o(wledgemen)o(ts)1722 b(iv)-90 753
y(Abstract)1951 b(x)-90 862 y(1)38 b(In)o(tro)q(duction)1807
b(1)-28 930 y Fs(1.1)42 b(Ov)o(erview)d Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(1)68 998 y(1.1.1)46 b(Organization)13
b(of)g(This)h(Chapter)21 b Fm(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(1)-28 1065 y(1.2)42 b(In)o(terconnection)
15 b(of)e(Autonomous)g(Net)o(w)o(orks)35 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(1)68 1133 y(1.2.1)46
b(Administrativ)o(e)12 b(Domains)k Fm(:)k(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(2)68
1201 y(1.2.2)46 b(P)o(olicies)35 b Fm(:)21 b(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)83 b Fs(2)201 1268 y(1.2.2.1)50 b(Stub)14 b(and)g(T)m(ransit)f(P)o
(olicies)26 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)83 b Fs(2)201 1336 y(1.2.2.2)50 b(P)o(olicy)13 b(A)o(ttributes)g
Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)83 b Fs(3)201 1404 y(1.2.2.3)50 b(Problematic)12
b(P)o(olicies)20 b Fm(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)83 b Fs(3)68 1471 y(1.2.3)46 b(In)o(ternet)o(w)o(ork)14
b(T)m(op)q(ology)i Fm(:)k(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(3)-28 1539 y(1.3)42
b(Access)16 b(Con)o(trol)d(Requiremen)o(ts)31 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83
b Fs(4)68 1607 y(1.3.1)46 b(End-systems)14 b(and)g(Applications)40
b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)83 b Fs(4)68 1674 y(1.3.2)46 b(Net)o(w)o(ork)14 b(Resources)22
b Fm(:)e(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(5)201 1742 y(1.3.2.1)50
b(AD)13 b(Boundaries)h Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(5)201 1810 y(1.3.2.2)50
b(Stub)14 b(ADs)j Fm(:)j(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(6)201 1877
y(1.3.2.3)50 b(T)m(ransit)13 b(ADs)37 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83
b Fs(6)68 1945 y(1.3.3)46 b(Route)13 b(selection)25 b Fm(:)20
b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(7)-28 2013 y(1.4)42 b(Design)13
b(Choices)31 b Fm(:)21 b(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83
b Fs(7)68 2081 y(1.4.1)46 b(Securit)o(y)14 b(Services)29 b
Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(7)68 2148 y(1.4.2)46
b(Enforcemen)o(t)13 b(Lo)q(cation)29 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83
b Fs(8)68 2216 y(1.4.3)46 b(Enforcemen)o(t)13 b(Proto)q(col)34
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(9)68 2284 y(1.4.4)46 b(Principal)13
b(Gran)o(ularit)o(y)39 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)
g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)83 b Fs(9)68 2351
y(1.4.5)46 b(Comm)n(unication)11 b(Gran)o(ularit)o(y)h(and)i(Enforcemen)o(t)f
(Mo)q(de)29 b Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(10)68 2419
y(1.4.6)46 b(Summary)27 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(11)-28 2487 y(1.5)42 b(Conclusions)25 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)
f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(11)-28 2554 y(1.6)42 b(Ov)o(erview)14
b(of)f(This)h(Thesis)26 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(11)-90 2664 y Fn(2)38 b(Bac)o(kground)1799 b(13)2048 2770
y Fs(v)p eop
%%Page: 6 6
bop -28 -108 a Fs(2.1)42 b(Related)14 b(W)m(ork)20 b Fm(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(13)68 -41 y(2.1.1)46
b(Net)o(w)o(ork)14 b(Securit)o(y)20 b Fm(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(13)68 27 y(2.1.2)46 b Fp(A)n(d)14 b(ho)n(c)h Fs(Metho)q(ds)39
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(14)68 95 y(2.1.3)46
b(In)o(ternet)o(w)o(ork)14 b(Routing)38 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(15)201 162 y(2.1.3.1)50 b(Exterior)14 b(Gatew)o(a)o(y)f(Proto)q(col)29
b Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(16)201 230 y(2.1.3.2)50 b(Border)15 b(Gatew)o(a)o(y)e(Proto)q(col)22
b Fm(:)e(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(16)201 298 y(2.1.3.3)50 b(In)o(ter-Domain)12 b(Routing)g(Proto)q(col)g
Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b
Fs(17)201 365 y(2.1.3.4)50 b(Routing)12 b(with)i(Multiple)f(Hierarc)o(hical)h
(Addresses)44 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(17)201 433 y(2.1.3.5)50
b(IDPR)25 b Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(18)201
501 y(2.1.3.6)50 b(Secure)15 b(and)f(Robust)g(Routing)h Fm(:)20
b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b
Fs(18)-28 568 y(2.2)42 b(Supp)q(ort)14 b(Mec)o(hanisms)21 b
Fm(:)g(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)
h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(19)68 636 y(2.2.1)46
b(Encryption)14 b(and)g(Signature)g(Supp)q(ort)26 b Fm(:)20
b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(19)68 704 y(2.2.2)46 b(Certi\014cation)c Fm(:)21 b(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)62 b Fs(20)68 771 y(2.2.3)46 b(Time)12 b(Sync)o(hronization)31
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(21)-90 881 y Fn(3)38 b(Stub)14
b(P)o(olicy)g(Enforcemen)o(t:)19 b Fp(Visa)d Fn(Proto)q(col)1215
b(23)-28 948 y Fs(3.1)42 b(Ov)o(erview)d Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)
f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(23)-28 1016 y(3.2)42 b(History)f
Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(23)-28 1084 y(3.3)42 b(Goals)e Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(24)-28 1151 y(3.4)42
b(Net)o(w)o(ork)14 b(En)o(vironmen)o(t)32 b Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(24)-28 1219 y(3.5)42 b(P)o(articipan)o(ts)20 b Fm(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(25)68 1287 y(3.5.1)46
b(A)o(CSs)40 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(25)68 1354 y(3.5.2)46 b(Border)15 b(Routers)22 b Fm(:)e(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)62 b Fs(25)68 1422 y(3.5.3)46 b(P)o(articipating)12
b(End-systems)k Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(26)-28 1490 y(3.6)42 b(Proto)q(col)21
b Fm(:)g(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(27)68 1557 y(3.6.1)46 b(Setup)14 b(Phase)f Fm(:)20 b(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(27)201 1625 y(3.6.1.1)50 b(Exit)13 b(Authorization)g
Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)62 b Fs(27)201 1693 y(3.6.1.2)50 b(En)o(try)14 b(Authorization)k
Fm(:)i(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)
g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)
62 b Fs(28)201 1761 y(3.6.1.3)50 b(Visa)13 b(Distribution)42
b Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)62 b Fs(29)201 1828 y(3.6.1.4)50 b(Setup)14 b(Summary)30
b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(30)68 1896 y(3.6.2)46 b(P)o(ac)o(k)o(et)14
b(F)m(orw)o(arding)25 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(30)201
1964 y(3.6.2.1)50 b(Exiting)13 b Fm(AD)583 1970 y Fl(a)631
1964 y Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(30)201 2031 y(3.6.2.2)50
b(En)o(tering)14 b Fm(AD)606 2037 y Fl(b)663 2031 y Fm(:)20
b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)62 b Fs(31)68 2099 y(3.6.3)46 b(T)m(eardo)o(wn)26 b
Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(31)-28
2167 y(3.7)42 b(Design)13 b(Issues)33 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)62 b Fs(32)68 2234 y(3.7.1)46 b(Visas)11
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(32)68 2302 y(3.7.2)46 b(Repla)o(y)13 b(Prev)o(en)o(tion)31
b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(32)68 2370 y(3.7.3)46
b(Visa)13 b(Expiration)h Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(32)68 2437 y(3.7.4)46 b(Visa)13 b(Rev)o(o)q(cation)37
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(33)68 2505 y(3.7.5)46
b(Co)o(v)o(erage)13 b(of)h(P)o(ac)o(k)o(et)g(Signatures)42
b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(33)68 2573 y(3.7.6)46 b(F)m(ragmen)o(tation)34 b
Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(33)68 2640 y(3.7.7)46
b(Loss)14 b(of)f(State)34 b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(34)2037 2770 y(vi)p eop
%%Page: 7 7
bop 68 -108 a Fs(3.7.8)46 b(Stateful)13 b(Mo)q(del)33 b Fm(:)20
b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(35)-28 -41 y(3.8)42 b(Securit)o(y)14
b(Analysis)23 b Fm(:)d(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(35)68 27 y(3.8.1)46 b(VISA-REQUEST)16 b Fm(:)k(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(35)68 95 y(3.8.2)46 b(VISA-GRANT)31 b Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(36)68 162 y(3.8.3)46 b(Data)13 b(pac)o(k)o(ets)33
b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(36)-28 230
y(3.9)42 b(Proto)q(col)14 b(Costs)37 b Fm(:)21 b(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(37)68 298 y(3.9.1)46 b(Setup)14 b(and)g(Distribution)c
Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)62 b Fs(37)68 365 y(3.9.2)46 b(State)14
b(Ov)o(erhead)21 b Fm(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(38)68
433 y(3.9.3)46 b(P)o(er)14 b(pac)o(k)o(et)h(costs)40 b Fm(:)20
b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(38)-28 501 y(3.10)21 b(Summary)31
b Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(39)-90 610 y Fn(4)38 b(T)l(ransit)14 b(P)o(olicy)g(Enforcemen)o(t:)19
b(Con)o(trol)14 b(of)i(T)l(ransit)e(In)o(ternet)o(w)o(ork)f(T)l(ra\016c)627
b(40)-28 678 y Fs(4.1)42 b(Con)o(trolling)12 b(T)m(ransit)h(T)m(ra\016c)19
b Fm(:)h(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(40)68 745 y(4.1.1)46 b(Extending)14
b(Net)o(w)o(ork)g(Access)i(Con)o(trols)35 b Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(40)201 813 y(4.1.1.1)50
b(T)m(ransit)13 b Fp(Visa)h Fs(Proto)q(col)27 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(41)201
881 y(4.1.1.2)50 b(Discussion)38 b Fm(:)21 b(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(41)68 948 y(4.1.2)46 b(P)o(olicy)13 b(Routing)29 b Fm(:)20
b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(41)201 1016 y(4.1.2.1)50
b(IDPR)13 b(Arc)o(hitecture)h Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(42)201 1084
y(4.1.2.2)50 b(Discussion)38 b Fm(:)21 b(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b
Fs(43)-28 1151 y(4.2)42 b(Securit)o(y)14 b(Issues)i(in)d(T)m(ransit)h(Con)o
(trol)h Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)62 b Fs(43)68 1219 y(4.2.1)46 b(Sp)q(eci\014c)15
b(Threats)42 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(43)68
1287 y(4.2.2)46 b(T)m(erminology)39 b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(44)68 1354 y(4.2.3)46 b(Distribution)13 b(of)g(P)o(olicy)g(T)m
(erms)39 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(44)68 1422 y(4.2.4)46 b(Route)13 b(Setup)43
b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(45)68 1490
y(4.2.5)46 b(P)o(ac)o(k)o(et)14 b(F)m(orw)o(arding)25 b Fm(:)20
b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)62 b Fs(46)201 1557 y(4.2.5.1)50 b(Signature)14
b(computation)36 b Fm(:)21 b(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(46)201 1625 y(4.2.5.2)50 b(Signature)14
b(Co)o(v)o(erage)37 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(47)201 1693 y(4.2.5.3)50
b(Signature)14 b(V)m(eri\014cation)26 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(48)201 1761
y(4.2.5.4)50 b(Prev)o(en)o(ting)14 b(Repla)o(y)f(of)g(Data)h(P)o(ac)o(k)o
(ets)e Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b
Fs(49)-28 1828 y(4.3)42 b(Proto)q(col)14 b(Description)26 b
Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(50)68 1896 y(4.3.1)46
b(P)o(articipan)o(ts)16 b Fm(:)k(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(51)68 1964 y(4.3.2)46 b(P)o(ac)o(k)o(et)14 b(Handling)33
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(52)68 2031 y(4.3.3)46
b(PR)13 b(Setup)29 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)
g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(53)201 2099 y(4.3.3.1)50 b(PR)13 b(Setup)i(Summary)22
b Fm(:)e(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(55)68 2167 y(4.3.4)46 b(P)o(ac)o(k)o(et)14 b(F)m(orw)o(arding)25
b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(55)-28 2234 y(4.4)42
b(Securit)o(y)14 b(Analysis)23 b Fm(:)d(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(56)68 2302 y(4.4.1)46 b(PR)13 b(Setup)29 b Fm(:)20
b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(56)201 2370
y(4.4.1.1)50 b(SETUP)14 b(Pro)q(cessing)f Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(56)201
2437 y(4.4.1.2)50 b(A)o(CCEPT)14 b(Pro)q(cessing)41 b Fm(:)20
b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(57)68 2505 y(4.4.2)46 b(P)o(ac)o(k)o(et)14 b(F)m(orw)o(arding)25
b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(57)-28 2573 y(4.5)42
b(Assessmen)o(t)15 b(and)e(Cost)18 b Fm(:)j(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(58)68 2640 y(4.5.1)46 b(P)o(ac)o(k)o(et)14 b(Signatures)42
b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(58)2025 2770 y(vii)p
eop
%%Page: 8 8
bop 68 -108 a Fs(4.5.2)46 b(Costs)14 b(Due)g(to)g(Increased)i(P)o(ac)o(k)o
(et)e(Length)24 b Fm(:)d(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(58)68 -41 y(4.5.3)46 b(Setup)14 b(Ov)o(erhead)44 b Fm(:)20
b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(58)68 27 y(4.5.4)46 b(Other)15
b(P)o(er)f(P)o(ac)o(k)o(et)h(Pro)q(cessing)g(Costs)22 b Fm(:)e(:)g(:)h(:)f(:)
g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(59)-28 95
y(4.6)42 b(Conclusions)25 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)62 b Fs(59)-90 204 y Fn(5)38 b(Exp)q(erimen)o(tal)13
b(Results)1597 b(60)-28 271 y Fs(5.1)42 b(Exp)q(erimen)o(tal)13
b(Platform)g Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)
f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(60)-28
339 y(5.2)42 b(Visa)13 b(Exp)q(erimen)o(ts)j Fm(:)k(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(60)-28 407 y(5.3)42 b(IDPR)13 b(Exp)q(erimen)o(ts)22
b Fm(:)e(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(64)68 475
y(5.3.1)46 b(Additional)12 b(Bac)o(kground)40 b Fm(:)20 b(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(64)201 542 y(5.3.1.1)50 b(P)o(olicy)13 b(Routes)42 b Fm(:)20
b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)62 b Fs(64)201 610 y(5.3.1.2)50 b(Proto)q(col)14 b(Description:)k
(ORIGINA)m(TOR)13 b(PG)19 b Fm(:)i(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)
h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(66)201 678 y(5.3.1.3)50 b(Proto)q(col)14 b(Description:)k(TRANSIT)c(and)
f(T)m(AR)o(GET)g(PGs)e Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(66)201 745 y(5.3.1.4)50
b(PR)13 b(T)m(eardo)o(wn)42 b Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(67)68
813 y(5.3.2)46 b(Exp)q(erimen)o(ts)40 b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(68)-90 922 y Fn(6)38 b(Conclusions)13 b(and)j(F)l(uture)e(W)l(ork)
1425 b(72)-28 990 y Fs(6.1)42 b(Con)o(tributions)13 b(of)g(This)h(Thesis)42
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(72)68 1058 y(6.1.1)46 b(F)m(ramew)o(ork)33
b Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(72)68
1125 y(6.1.2)46 b(Stub)14 b(AD)f(P)o(olicy)h(Enforcemen)o(t)29
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)62 b Fs(73)68 1193 y(6.1.3)46 b(T)m(ransit)13 b(AD)h(P)o(olicy)f
(Enforcemen)o(t)j Fm(:)k(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(73)68 1261 y(6.1.4)46 b(Securit)o(y)14
b(.vs.)k(Cost)41 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(74)-28
1328 y(6.2)42 b(F)m(uture)14 b(W)m(ork)39 b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(74)68 1396 y(6.2.1)46 b(Multicasting)40
b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(74)68 1464
y(6.2.2)46 b(F)m(ault)13 b(T)m(olerance)18 b Fm(:)i(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(74)201 1531 y(6.2.2.1)50 b(State)14 b(Reco)o(v)o(ery)20
b Fm(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)62 b Fs(75)201 1599 y(6.2.2.2)50 b(Connection)14
b(and)g(Route)f(Repair)40 b Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)62 b Fs(75)68 1667 y(6.2.3)46 b(Accoun)o(ting)14 b(and)f(Billing)d
Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)62 b Fs(76)68 1734 y(6.2.4)46 b(In)o(tegration)35
b Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(76)201
1802 y(6.2.4.1)50 b(Border)15 b(Routers)e Fm(:)20 b(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(76)201 1870 y(6.2.4.2)50 b(Sp)q(ecialized)14 b(Serv)o(ers)i
Fm(:)k(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(76)68 1937 y(6.2.5)46 b(Other)15 b(P)o(olicy)e(Routing)f(Approac)o
(hes)43 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(77)-90 2047 y Fn(App)q(endix)14 b(A)-28 2114 y Fs(Message)h
(Authen)o(tication)f(with)g(One-W)m(a)o(y)f(Hash)h(F)m(unctions)39
b Fm(:)20 b(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(83)-28
2182 y(A.1)32 b(In)o(tro)q(duction)13 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(83)-28 2250 y(A.2)32 b(Motiv)n(ation)40
b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(83)-28 2317 y(A.3)32 b(Proto)q(col)14 b(Description)26
b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(84)-28 2385
y(A.4)32 b(Informal)11 b(Analysis)16 b Fm(:)k(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g
(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)62 b Fs(84)68 2453 y(A.4.1)36 b(De\014nitions)k Fm(:)20
b(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(84)68 2520 y(A.4.2)36
b(Secret)15 b(Pre\014x)37 b Fm(:)21 b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62
b Fs(85)68 2588 y(A.4.3)36 b(Secret)15 b(Su\016x)41 b Fm(:)21
b(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(85)-28 2656 y(A.5)32
b(Cost)c Fm(:)20 b(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)
g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g
(:)g(:)62 b Fs(85)2013 2770 y(viii)p eop
%%Page: 9 9
bop -28 -108 a Fs(A.6)32 b(An)14 b(Extension)25 b Fm(:)20 b(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(85)-28 -41 y(A.7)32
b(Applications)12 b Fm(:)20 b(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)62 b Fs(86)-28 27 y(A.8)32 b(Summary)f Fm(:)20 b(:)g(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)g
(:)h(:)f(:)g(:)h(:)f(:)g(:)g(:)62 b Fs(86)2037 2770 y(ix)p
eop
%%Page: 10 10
bop 858 266 a Fq(Abstract)-90 375 y Fs(A)20 b(collection)g(of)g(indep)q
(enden)o(t)i(Administrativ)o(e)c(Domains)g(\(ADs\))j(can)g(b)q(e)f(joined)g
(together)i(in)d(an)h(in)o(ternet)o(w)o(ork)h(in)f(order)h(to)-90
425 y(supp)q(ort)13 b(in)o(ter-organizational)e(comm)o(unicatio)o(n)f(and)i
(resource)i(sharing.)j(Despite)d(the)e(in)o(terconnection,)i(ADs)e(are)h
(concerned)h(with)-90 475 y(main)o(taining)6 b(v)n(arying)i(degrees)k(of)d
(autonom)o(y)e(b)o(y)i(exerting)h(lo)q(cal)f(con)o(trol)g(o)o(v)o(er)h(their)
g(net)o(w)o(ork)f(resources.)19 b(Eac)o(h)10 b(AD)f(sp)q(eci\014es)j(its)d(o)
o(wn)-90 525 y(net)o(w)o(ork)15 b Fn(p)q(olicy)f Fs(that)h(represen)o(ts)j(a)
c(tradeo\013)i(b)q(et)o(w)o(een)g(autonom)o(y)d(and)i(in)o(terdep)q(endence.)
24 b(Ho)o(w)o(ev)o(er,)15 b(existing)g(in)o(ternet)o(w)o(orking)-90
575 y(approac)o(hes)g(attempt)e(to)h(ac)o(hiev)o(e)g(full)e(connectivit)o(y)i
(without)g(m)o(uc)o(h)f(regard)h(to)g(p)q(olicy)m(.)-28 642
y(This)k(researc)o(h)h(represen)o(ts)i(the)d(\014rst)h(broad-scale)f
(treatmen)o(t)f(of)g(p)q(olicy)g(enforcemen)o(t)h(in)f(in)o(ternet)o(w)o(ork)
i(en)o(vironmen)o(ts.)28 b(W)m(e)-90 692 y(explore)15 b(the)f(range)h(of)f(p)
q(oten)o(tial)f(p)q(olicies)h(and)g(consider)i(p)q(olicy)d(enforcemen)o(t)i
(in)e(the)i(con)o(text)g(of)f(end-p)q(oin)o(t)g(and)g(transit)h(ADs.)k(A)-90
742 y(w)o(ell-kno)o(wn)14 b Fp(end-to-end)i Fs(argumen)o(t)f(is)g(applied)f
(to)i(pro)o(vide)f(a)g(comprehensiv)o(e)g(framew)o(ork)f(for)h(the)h
(placemen)o(t)f(and)g(comp)q(osition)-90 792 y(of)e(access)j(con)o(trols)f
(to)f(supp)q(ort)g(p)q(olicy)g(enforcemen)o(t.)19 b(F)m(or)13
b(end-p)q(oin)o(t)h(ADs,)g(w)o(e)h(prop)q(ose)g(\014ne-grained)f(enforcemen)o
(t)g(pro)o(vided)g(b)o(y)-90 842 y Fp(Visa)e Fs(proto)q(col)g(whic)o(h)h(con)
o(trols)f(the)h(\015o)o(w)f(of)g(pac)o(k)o(et)h(tra\016c)f(at)h(AD)f(b)q
(oundaries.)18 b(In)12 b(order)h(to)g(con)o(trol)f Fp(tr)n(ansit)f
Fs(in)o(ternet)o(w)o(ork)i(tra\016c,)-90 891 y(p)q(olicy)h(supp)q(ort)h(m)o
(ust)f(b)q(e)h(in)o(tegrated)g(in)o(to)e(in)o(ternet)o(w)o(ork)i(routing)f
(and)h(pac)o(k)o(et-forw)o(arding)e(proto)q(cols.)20 b(Secure)d(proto)q(cols)
d(for)g(the)-90 941 y(In)o(ter-Domain)e(P)o(olicy)h(Routing)g(arc)o
(hitecture)i(are)g(presen)o(ted.)-28 1009 y(The)i(cen)o(tral)h(theme)e(of)g
(proto)q(col)h(securit)o(y)g(is)g(addressed)i(throughout.)26
b(In)17 b(order)g(to)g(minim)o(ize)d(the)k(p)q(erformance)e(impact)g(of)-90
1059 y(t)o(ypically)11 b(costly)i(securit)o(y)h(services,)g(inno)o(v)n(ativ)o
(e)d(cryptographic)i(proto)q(cols)g(are)g(in)o(tro)q(duced)g(and)g(the)g
(cost)g(of)f(securit)o(y)i(is)e(ev)n(aluated)-90 1109 y(in)20
b(detail.)35 b(F)m(urthermore,)21 b(metho)q(ds)f(for)f(strong,)j(y)o(et)e
(inexp)q(ensiv)o(e,)i(encryption-free)f(data)f(in)o(tegrit)o(y)f(and)h
(authen)o(tication)g(are)-90 1158 y(presen)o(ted.)-28 1226
y(Protot)o(yp)q(e)13 b(implemen)o(tations)d(of)i(the)h(prop)q(osed)g(p)q
(olicy)f(enforcemen)o(t)h(mec)o(hanisms)d(ha)o(v)o(e)i(b)q(een)i(dev)o(elop)q
(ed.)k(W)m(e)12 b(discuss)i(imple-)-90 1276 y(men)o(tation)e(issues)j(and)f
(p)q(erformance)g(results.)2048 2770 y(x)p eop
%%Page: 1 11
bop -90 192 a Fq(Chapter)23 b(1)-90 367 y(In)n(tro)r(duction)-90
626 y(1.1)70 b(Ov)n(erview)-90 735 y Fs(Increasing)15 b(use)h(of)e(computers)
g(for)h(comm)o(uni)o(cation)d(has)i(prompted)g(widespread)i(in)o
(terconnection)f(of)f(autonomous)f(net)o(w)o(orks.)21 b(In)-90
785 y(an)c(en)o(vironmen)o(t)e(of)i(in)o(terconnected)i(Administrativ)o(e)c
(Domains)f(\(ADs\),)k(access)h(to)d(net)o(w)o(ork)i(resources)h(is)e(an)f
(issue)i(of)e(gro)o(wing)-90 834 y(concern.)22 b(In)15 b(the)g(absence)h(of)f
(sp)q(ecial)f(mec)o(hanisms,)f(net)o(w)o(ork)i(in)o(terconnection)h(using)e
(existing)h(in)o(ternet)o(w)o(orking)f(proto)q(cols)h(\(e.g.,)-90
884 y(IP)d([73)o(])f(or)g(OSI)h([43)o(]\))f(attempts)g(to)g(ac)o(hiev)o(e)h
(full)e(connectivit)o(y)m(.)17 b(Ho)o(w)o(ev)o(er,)12 b(ADs)g(should)f(b)q(e)
h(able)f(to)h(in)o(terconnect)h(without)e(exp)q(osing)-90 934
y(their)16 b(in)o(ternal)f(resources)i(to)f(unrestricted)h(external)f(access)
h([24)o(,)e(27)o(].)22 b(Moreo)o(v)o(er,)16 b(in)o(ternet)o(w)o(ork)g(comp)q
(onen)o(ts)f(should)g(b)q(e)h(able)f(to)-90 984 y(con)o(trol)f(incoming)d
(and)j(outgoing)e(tra\016c)i(b)o(y)g(sp)q(ecifying)g(or)g(constraining)f(the)
i(ADs)f(to,)f(and)h(through,)f(whic)o(h)h(the)g(tra\016c)g(can)g(\015o)o(w)
-90 1034 y([26)o(].)-28 1101 y(While)e(complete)g(autonom)o(y)f(implies)g(no)
i(in)o(terconnection,)g(increased)h Fp("op)n(enness")h Fs(sacri\014ces)f
(autonom)o(y)m(.)h(Th)o(us,)e(eac)o(h)g(partici-)-90 1151 y(pan)o(t)h
(organization)e(m)o(ust)h(reac)o(h)h(its)g(o)o(wn)f(tradeo\013)h(b)q(et)o(w)o
(een)i(autonom)o(y)11 b(and)j(in)o(terdep)q(endence.)21 b(The)14
b(particulars)g(of)f(this)g(tradeo\013)-90 1201 y(are)h(em)o(b)q(o)q(died)f
(in)h(what)f(w)o(e)i(refer)g(to)e(as)h Fn(p)q(olicy)p Fs(.)-28
1269 y(The)21 b(purp)q(ose)h(of)d(this)i(thesis)g(is)f(to)g(presen)o(t)i(the)
f(design)g(of)f(a)g(p)q(olicy)f(enforcemen)o(t)i(arc)o(hitecture)h(for)e(an)g
(en)o(vironmen)o(t)g(of)-90 1318 y(in)o(terconnected)15 b(ADs.)j(In)13
b(this)h(c)o(hapter,)f(w)o(e)h(in)o(tro)q(duce)g(some)e(basic)h(concepts)i
(necessary)g(for)e(the)h(appreciation)f(of)g(the)g(underlying)-90
1368 y(problem)18 b(and)h(prop)q(ose)h(a)e(framew)o(ork)g(for)h(the)g
(subsequen)o(t)i(design)e(of)g(p)q(olicy)f(enforcemen)o(t)i(mec)o(hanisms.)31
b(In)19 b(Chapter)h(2,)g(w)o(e)-90 1418 y(discuss)14 b(curren)o(t)g(p)q
(olicy)e(enforcemen)o(t)h(approac)o(hes)g(and)g(a)f(n)o(um)o(b)q(er)g(of)g
(supp)q(ort)i(mec)o(hanisms)d(to)h(b)q(e)h(used)h(as)f(basic)g(building)e
(blo)q(c)o(ks)-90 1468 y(in)16 b(our)h(design.)26 b(Chapter)17
b(3)g(is)f(dedicated)i(to)e(the)h(treatmen)o(t)g(of)e(access)k(con)o(trol)d
(at)h(end-p)q(oin)o(t)f(AD)h(b)q(oundaries)g(and)f(Chapter)h(4)-90
1518 y(addresses)i(the)f(con)o(trol)f(of)f(transit)i(in)o(ternet)o(w)o(ork)f
(tra\016c.)28 b(Chapter)18 b(5)f(describ)q(es)i(the)f(exp)q(erimen)o(tal)e
(results)i(obtained)f(from)e(the)-90 1567 y(implemen)o(tatio)o(ns)f(of)h(the)
i(mec)o(hanisms)d(prop)q(osed)j(in)f(Chapters)h(3)e(and)h(4.)25
b(Finally)m(,)14 b(Chapter)i(6)g(summarizes)f(the)h(results)h(of)f(this)-90
1617 y(thesis)f(and)e(discusses)j(topics)f(for)e(future)i(researc)o(h.)-90
1756 y Fk(1.1.1)55 b(Organization)19 b(of)f(This)h(Chapter)-90
1850 y Fs(This)11 b(c)o(hapter)i(is)e(organized)g(as)h(follo)o(ws.)557
1835 y Fj(1)591 1850 y Fs(W)m(e)f(b)q(egin)h(in)f(Section)g(1.2)g(b)o(y)g
(addressing)h(the)g(in)o(ternet)o(w)o(ork)g(en)o(vironmen)o(t)e(and)i
(exploring)-90 1900 y(the)17 b(range)f(of)f(net)o(w)o(ork)h(p)q(olicies)g
(that)g(an)g(organization)e(migh)o(t)g(wish)i(to)g(express.)26
b(In)16 b(Section)g(1.3,)f(w)o(e)h(iden)o(tify)f(three)i(ob)r(jects)h(of)-90
1950 y(in)o(ternet)o(w)o(ork)h(access)i(con)o(trol:)423 1935
y Fj(2)470 1950 y Fs(end-systems,)f(net)o(w)o(ork-la)o(y)o(er)f(resources,)j
(and)d(in)o(ternet)o(w)o(ork)g(routes.)34 b(W)m(e)19 b(then)g(consider)h(the)
-90 2000 y(w)o(ell-kno)o(wn)c Fp(end-to-end)j Fs(argumen)o(t)d(for)h(the)h
(placemen)o(t)f(of)g(con)o(trols)h(in)f(net)o(w)o(ork)g(la)o(y)o(er)g(proto)q
(cols)h([78)o(].)28 b(Section)18 b(1.4)f(describ)q(es)-90 2050
y(the)d(securit)o(y)h(services)h(needed)f(to)f(address)h(eac)o(h)f(of)f
(these)i(requiremen)o(ts)f(and)g(the)g(corresp)q(onding)h(design)f(c)o
(hoices)h(of)e(enforcemen)o(t)-90 2099 y(lo)q(cation,)g(proto)q(col,)g(and)g
(gran)o(ularit)o(y)m(.)k(Section)d(1.6)f(concludes)i(this)f(c)o(hapter)h
(with)e(an)h(o)o(v)o(erview)g(of)f(the)h(rest)i(of)d(the)h(thesis.)-90
2255 y Fq(1.2)70 b(In)n(terconnection)21 b(of)i(Autonomous)h(Net)n(w)n(orks)
-90 2363 y Fs(In)19 b(order)g(to)g(pro)o(vide)f(appropriate)h(bac)o(kground)g
(for)f(the)h(subsequen)o(t)i(discussion,)f(this)e(section)i(de\014nes)g(our)f
(terminology)d(and)-90 2413 y(assumptions)d(regarding)h(in)o(ternet)o(w)o
(ork)g(en)o(vironmen)o(ts,)f(p)q(olicies,)g(and)h(proto)q(col)f(design)h
(principles.)p -90 2493 864 2 v -44 2520 a Fi(1)-26 2532 y
Fh(P)o(ortions)9 b(of)j(this)e(c)o(hapter)g(app)q(eared)f(in)i([30)o(].)-44
2560 y Fi(2)-26 2572 y Fh(Throughout)e(this)h(thesis,)h(the)f(terms)h
Fg(ac)n(c)n(ess)i(c)n(ontr)n(ol)g Fh(and)e Fg(p)n(olicy)j(enfor)n(c)n(ement)g
Fh(are)d(used)f(in)o(terc)o(hangea)o(bly)l(.)2049 2770 y Fs(1)p
eop
%%Page: 2 12
bop -90 -108 a Fk(1.2.1)55 b(Administrativ)n(e)17 b(Domains)-90
-14 y Fs(In)e(the)g(con)o(text)h(of)e(this)g(thesis,)i(an)e(in)o(ternet)o(w)o
(ork)h(is)g(comp)q(osed)f(of)h(a)f(n)o(um)o(b)q(er)g(of)g(Administrativ)o(e)f
(Domains,)f(or)j(ADs.)21 b(An)15 b(AD)f(is)-90 36 y(de\014ned)h(as)e(a)g
(collection)g(of)g(net)o(w)o(ork)h(resources)h(under)g(con)o(trol)e(of)g(a)g
(single)g(administrativ)o(e)e(en)o(tit)o(y)i([26)o(].)18 b(W)m(e)13
b(distinguish)g(b)q(et)o(w)o(een)-90 86 y(t)o(w)o(o)19 b(t)o(yp)q(es)h(of)f
(ADs:)29 b Fp(stub)19 b Fs(and)h Fp(tr)n(ansit)p Fs(.)33 b
Fp(Stub)20 b Fs(ADs)g(are)f(in)o(terested)j(mainly)16 b(in)j(comm)o
(unication)d(with)j(other)h(stub)g(ADs,)g(i.e.,)-90 135 y(pro)o(viding)15
b(comm)o(unication)f(for)i(their)h(constituen)o(t)h(end-systems.)27
b(A)17 b(campus)f(net)o(w)o(ork)h(is)f(an)h(example)e(of)h(a)h(stub)g(AD.)f
Fp(T)m(r)n(ansit)-90 185 y Fs(ADs)f(pro)o(vide)g(comm)o(unicati)o(on)d
(service)k(\(i.e.,)e(bandwidth)g(and)h(switc)o(hing\))g(for)f(stub)i(AD)e
(tra\016c.)21 b(Finally)m(,)13 b(there)j(are)f(also)f(h)o(ybrid)-90
235 y(ADs)g(that)g(com)o(bine)f(transit)h(service)h(with)e(end-system)i(comm)
o(uni)o(cation.)-90 374 y Fk(1.2.2)55 b(P)n(olicies)-90 468
y Fs(As)16 b(frequen)o(tly)f(happ)q(ens)i(with)e(a)g(new)h(concept,)g(an)f
(analogy)f(can)i(lead)f(to)g(b)q(etter)i(understanding)f(of)f(the)h(problem)e
(at)h(hand.)22 b(W)m(e)-90 518 y(can)17 b(view)g(ADs)g(as)h(so)o(v)o(ereign)f
(coun)o(tries,)h(eac)o(h)g(with)e(a)h(sp)q(eci\014c)i(set)f(of)e(foreign)h(p)
q(olicy)f(statemen)o(ts)h(regarding)g(in)o(teraction)g(with)-90
568 y(foreign)e(en)o(tities)i(\(other)g(ADs\).)24 b(F)m(or)16
b(example,)f(a)h(coun)o(try)g(ma)o(y)e(ha)o(v)o(e)i(p)q(olicies)g
(restricting)h(foreign)e(visitors)h(to)g(sp)q(eci\014c)h(areas)g(or)-90
618 y(restricting)12 b(tra)o(v)o(el)e(privileges)g(of)g(the)i(lo)q(cal)d(p)q
(opulace)i(when)g(visiting)f(foreign)g(coun)o(tries.)18 b(Coun)o(tries)11
b(ma)o(y)e(also)h(ha)o(v)o(e)g(sp)q(eci\014c)i(p)q(olicies)-90
667 y(p)q(ertaining)i(to)h(transit)f(tra)o(v)o(elers,)h(e.g.,)e(restricting)j
(en)o(try)f(on)f(the)h(basis)g(of)f(the)h(tra)o(v)o(eler's)g(itinerary)m(.)k
(Securit)o(y)c(p)q(olicies)f(regarding)-90 717 y(in)o(ternational)g(tra)o(v)o
(el)i(can)f(express)j(p)q(olicy)c(with)i(regard)g(to)f(passp)q(ort)h(and)g
(visa)f(requiremen)o(ts,)h(length)f(of)g(sta)o(y)m(,)g(etc.)24
b(Accoun)o(ting)-90 767 y(or)14 b(billing)e(p)q(olicies)h(ma)o(y)f(concern,)j
(for)f(example,)e(visa)h(fees)i(or)f(departure)h(taxes.)-28
835 y(ADs)21 b(can)g(express)h(similar)d(p)q(olicies)h(regarding)g(comm)o
(unication)e(with)i(external)h(en)o(tities,)h(e.g.,)f(restrict)i(in)o(ternal)
d(systems)-90 884 y(a)o(v)n(ailable)11 b(for)j(external)g(access)h(or)f
(restrict)h(external)f(systems)g(a)o(v)n(ailable)d(for)j(in)o(ternal)f
(access.)20 b(T)m(ransit)13 b(tra\016c)h(ma)o(y)d(or)j(ma)o(y)e(not)h(b)q(e)
-90 934 y(allo)o(w)o(ed,)h(or)h(it)g(ma)o(y)f(b)q(e)i(restricted)h(to)f(sp)q
(eci\014c)g(source,)h(destination)e(ADs)h(or)f(end-systems.)23
b(P)o(olicies)15 b(can)h(also)f(em)o(b)q(o)q(dy)f(securit)o(y)-90
984 y(requiremen)o(ts,)j(e.g.,)g(authen)o(tication)f(and)h(authorization)f
(for)h(in)o(ter-AD)g(tra\016c,)g(as)g(w)o(ell)f(as)h(accoun)o(ting)g(and)f
(billing)f(conditions)-90 1034 y([26)o(].)-28 1102 y(Net)o(w)o(ork)f(lev)o
(el)e(p)q(olicies)h(are)g(primarily)e(concerned)k(with)e(unauthorized)g
(access)i(to)e(resources,)i(denial)d(of)h(service,)h(and)f(inappro-)-90
1151 y(priate)g(accrual)h(of)f(comm)o(unicati)o(on-related)e(c)o(harges.)19
b(These)14 b(threats)h(can)e(all)f(come)h(ab)q(out)g(through)g(attac)o(ks)h
(on)f(the)h(authen)o(ticit)o(y)-90 1201 y(and)g(the)h(in)o(tegrit)o(y)f(of)g
(in)o(ternet)o(w)o(ork)g(pac)o(k)o(et)h(tra\016c.)20 b(Some)13
b(concerns)j(are)f(of)e(greater)j(imp)q(ortance)d(to)h(stub)h(net)o(w)o(orks)
g(and)f(others,)-90 1251 y(to)g(transit)g(net)o(w)o(orks.)-90
1381 y Fn(1.2.2.1)48 b(Stub)14 b(and)h(T)l(ransit)f(P)o(olicies)-90
1476 y Fs(Due)j(largely)f(to)h(the)h(nature)g(of)e(service)j(pro)o(vided,)e
(stub)h(and)e(transit)i(ADs)f(tend)h(to)f(express)h(di\013eren)o(t)g(p)q
(olicies.)28 b(Most)17 b(p)q(olicies)-90 1526 y(expressed)i(b)o(y)d(stub)h
(ADs)f(protect)i(in)o(ternal)e(resources)j(from)c(external)h(access,)j(while)
d(those)h(expressed)i(b)o(y)d(transit)g(ADs)h(tend)g(to)-90
1575 y(b)q(e)f(cost-related.)25 b(Another)16 b(w)o(a)o(y)f(of)g(making)f
(this)h(distinction)h(is)f(to)h(observ)o(e)g(that)g(transit)g(ADs,)g(b)o(y)f
(virtue)h(of)f(pro)o(viding)g(transit)-90 1625 y(service,)f(are)g(inheren)o
(tly)f(more)f Fp(op)n(en)i Fs(than)f(their)h(stub)g(coun)o(terparts.)19
b(F)m(urthermore,)13 b(sub)o(v)o(ersion)g(of)g(transit)g(AD's)g(p)q(olicies)g
(will,)e(in)-90 1675 y(the)16 b(w)o(orst)g(case,)g(result)h(in)e(denial)g(of)
g(comm)o(unicati)o(on)e(services,)k(whereas)g(sub)o(v)o(ersion)f(of)f(stub)h
(net)o(w)o(ork)g(p)q(olices)f(can)h(p)q(oten)o(tially)-90 1725
y(disrupt)d(the)g(end-systems)g(themselv)o(es.)k(Another)d(reason)f(for)f
(separating)g(the)h(resp)q(ectiv)o(e)i(p)q(olicies)d(is)g(the)h(di\013erence)
h(in)e(accoun)o(ting)-90 1775 y(and)j(billing)d(requiremen)o(ts.)21
b(Stub)15 b(ADs)g(are)g(more)f(lik)o(ely)f(to)i(bundle)g(comm)o(unicatio)o(n)
d(costs)k(in)o(to)e(billing)f(for)h(end)h(services,)i(if)c(an)o(y)-90
1824 y(suc)o(h)f(billing)d(o)q(ccurs.)19 b(T)m(ransit)11 b(ADs)g(are)h(more)f
(lik)o(ely)f(to)h(c)o(harge)h(for)f(the)h(comm)o(unicati)o(on)d(itself.)16
b(Finally)m(,)10 b(stub)i(AD)f(p)q(olicies)g(include)-90 1874
y(route)k(selection)f(criteria,)g(whic)o(h)g(dictate)g(ho)o(w)f(the)i(AD's)f
(pac)o(k)o(ets)g(tra)o(v)o(el)g(to)g(their)g(destinations.)-28
1942 y(In)e(some)f(resp)q(ects,)k(the)e(requiremen)o(ts)f(for)g(transit)g(p)q
(olicy)f(enforcemen)o(t)i(are)f(simpler)f(than)h(those)h(for)e(stub)i(p)q
(olicy)e(enforcemen)o(t.)-90 1992 y(Ho)o(w)o(ev)o(er,)18 b(sev)o(eral)f
(factors)g(complicate)f(the)h(implemen)o(tation)c(of)k(the)g(latter.)27
b(First,)18 b(in)e(an)h(in)o(ternet)o(w)o(ork,)h(a)e(pac)o(k)o(et)h(ma)o(y)e
(tra)o(v)o(el)-90 2042 y(through)g(a)f(n)o(um)o(b)q(er)g(of)g(transit)g(ADs)h
(on)f(its)h(w)o(a)o(y)f(to)g(the)h(destination.)20 b(Consequen)o(tly)m(,)14
b(applicable)g(p)q(olicies)g(from)f(all)g(transit)i(ADs)-90
2091 y(m)o(ust)e(b)q(e)h(considered)h(when)g(a)e(pac)o(k)o(et)h(is)g(b)q
(eing)g(sen)o(t;)g(whereas)h(for)e(con)o(trol)h(of)f(stub)h(resources,)i
(only)d(the)h(p)q(olicies)g(of)f(the)h(t)o(w)o(o)g(end-)-90
2141 y(p)q(oin)o(t)d(ADs)g(need)h(to)f(b)q(e)h(tak)o(en)f(in)o(to)f(accoun)o
(t.)18 b(In)11 b(addition,)f(transit)h(con)o(trol)g(has)g(to)g(b)q(e)h
(reconciled)g(with)f(top)q(ology)f(c)o(hanges)i(\(routers)-90
2191 y(or)j(links)f(going)f(do)o(wn\).)20 b(If)14 b(in)g(the)i(middle)c(of)i
(a)h(connection)g(an)o(y)f(comp)q(onen)o(t)g(of)g(the)h(route)g(b)q(ecomes)g
(disabled,)f(en)o(tirely)h(di\013eren)o(t)-90 2241 y(p)q(olicies)h(ma)o(y)e
(come)h(in)o(to)g(e\013ect.)26 b(Also,)16 b(when)g(a)g(transit)g(AD)g
(decides)h(to)f(accoun)o(t)g(or)g(c)o(harge)h(for)e(resource)j(usage,)f(co)q
(ordination)-90 2291 y(is)d(required)h(to)f(pass)h(c)o(harges)g(bac)o(k)g(to)
f(the)h(end)g(p)q(oin)o(ts.)k(Moreo)o(v)o(er,)14 b(stub)h(AD)f(route)h
(selection)g(criteria)f(m)o(ust)g(b)q(e)h(in)o(tegrated)f(with)-90
2340 y(transit)d(con)o(trol)f(p)q(olicies)g(to)g(determine)h(the)g
(appropriate)f(routes.)18 b(These)12 b(factors)f(add)f(to)g(the)i(complexit)o
(y)c(of)i(p)q(oten)o(tial)g(enforcemen)o(t)-90 2390 y(mec)o(hanisms.)-28
2458 y(Based)18 b(in)f(part)g(on)f(the)i(di\013erence)g(in)f(p)q(olicies,)g
(and)f(in)h(part)g(on)g(the)g(functionalit)o(y)e(required)j(in)f(an)o(y)f
(routing)g(\(i.e.,)h(transit\))-90 2508 y(mec)o(hanism,)10
b(transit)j(and)f(stub)h(AD)g Fp(me)n(chanisms)f Fs(also)g(di\013er.)18
b(By)13 b(analogy)e(with)h(in)o(ternational)g(tra)o(v)o(el,)g(in)g(most)f
(coun)o(tries)j(transit)-90 2558 y(tra)o(v)o(elers)k(are)f(set)i(apart)e
(from)e(other)j(visitors.)27 b(They)18 b(are)f(issued)h(sp)q(ecial)g
Fp(tr)n(ansit)e Fs(visas)h(and)g(are)h(restricted)h(in)e(mo)o(v)o(emen)o(t)d
(and)-90 2607 y(length)g(of)f(sta)o(y)m(.)18 b(W)m(e)13 b(discuss)i(transit)f
(mec)o(hanisms)e(further)j(in)e(later)h(sections.)2049 2770
y(2)p eop
%%Page: 3 13
bop -90 -108 a Fn(1.2.2.2)48 b(P)o(olicy)14 b(A)o(ttribut)o(es)-90
-14 y Fs(P)o(olicies)g(can)g(b)q(e)g(based)h(up)q(on)f(a)f(n)o(um)o(b)q(er)g
(of)h(attributes:)-28 87 y Ff(\017)21 b Fn(Endp)q(oin)o(t)11
b Fs(p)q(olicies)i(place)i(restrictions)g(on)e(the)i(source)g(and/or)e
(destination)h(of)f(tra\016c.)14 137 y(Example:)j Fp([No)f(tr)n(a\016c)f
(to/fr)n(om)g(AD)h(X)g(is)g(ac)n(c)n(epte)n(d])-28 220 y Ff(\017)21
b Fn(P)o(ath)12 b Fs(p)q(olicies)i(place)g(restrictions)h(on)f(other)g(ADs)g
(of)g(the)g(path)g(in)f(addition)g(to)h(the)g(source)i(and)d(destination)h
(ADs.)14 270 y(Example:)i Fp([T)m(r)n(ansit)e(tr)n(a\016c)g(must)h
(enter/exit)f(thr)n(ough)h(AD)g(Y])-28 353 y Ff(\017)21 b Fn(Securit)o(y)11
b Fs(attributes)k(express)h(requiremen)o(ts)e(for)f(authen)o(tication,)g
(data)h(in)o(tegrit)o(y)m(,)e(repla)o(y)i(detection)h(and)f(priv)n(acy)m(.)14
402 y(Example:)i Fp([A)o(l)r(l)e(inc)n(oming)h(tr)n(a\016c)f(must)h(b)n(e)g
(encrypte)n(d])-28 485 y Ff(\017)21 b Fn(T)l(emp)q(oral)14
b(parameters)d Fs(include)i(restrictions)h(on)f(usage)h(based)f(on)g(time)f
(of)h(da)o(y)m(,)e(da)o(y)i(of)g(the)g(w)o(eek)h(or)f(other)h(time-related)14
535 y(parameters.)14 585 y(Example:)i Fp([T)m(r)n(a\016c)e(fr)n(om)g(AD)h(X)g
(is)f(only)h(ac)n(c)n(epte)n(d)h(b)n(etwe)n(en)e(midnight)h(and)h(6)f(am])-28
668 y Ff(\017)21 b Fn(T)o(yp)q(e)15 b(of)f(Service)g(\(T)l(oS\))d
Fs(p)q(olicies)i(discriminate)f(according)h(to)g(the)h(service)g(parameters)g
(\(e.g.,)e(dela)o(y)m(,)g(throughput\))h(made)14 718 y(a)o(v)n(ailable)e(to)j
(di\013eren)o(t)h(users.)14 768 y(Example:)h Fp([High-b)n(andwidth,)f
(low-delay)f(tr)n(a\016c)g(is)h(not)g(hand)r(le)n(d])-28 851
y Ff(\017)21 b Fn(Accoun)o(ting/Bi)o(l)o(li)o(n)o(g)11 b Fs(p)q(olicies)j
(express)i(conditions)d(related)i(to)e(c)o(harging)h(and)f(accoun)o(ting.)14
901 y(Example:)j Fp([T)m(r)n(ansit)e(servic)n(e)g(is)h(char)n(ge)n(d)g(for)f
(on)h(p)n(er)g(p)n(acket)g(b)n(asis])-90 1001 y Fs(A)d(t)o(ypical)f(p)q
(olicy)g(statemen)o(t)h(can)g(b)q(e)g(based)h(up)q(on)f(sev)o(eral)g(p)q
(olicy)f(attributes.)18 b(F)m(or)12 b(example,)e(the)j(p)q(olicy)e(statemen)o
(t)h(b)q(elo)o(w)f(applies)-90 1051 y(to)j(transit)g(tra\016c)g(and)g(com)o
(bines)f(T)m(oS,)f(temp)q(oral)h(and)h(accoun)o(ting/billing)d(attributes:)
225 1101 y Fo([Priority)i(tr)n(ansit)f(tr)n(a\016c)g(fr)n(om)i
Fe(AD)769 1105 y Fd(a)801 1101 y Fo(is)f(ac)n(c)n(epte)n(d)e(b)n(etwe)n(en)h
(2)i(and)e(6)h(am)h(with)f(a)h(p)n(er)f(p)n(acket)f(char)n(ge])-90
1151 y Fs(F)m(urther)j(examples)e(of)g(p)q(olicy)g(t)o(yp)q(es)i(can)f(b)q(e)
h(found)e(in)g([26)o(].)-90 1281 y Fn(1.2.2.3)48 b(Problematic)13
b(P)o(olicies)-90 1376 y Fs(P)o(olicy)h(t)o(yp)q(es)h(discussed)i(th)o(us)e
(far)f(in)o(v)o(olv)o(e)f(static)i(attributes)g(and)g(are)g(deterministic)f
(in)g(nature,)h(i.e.,)e(a)i(p)q(olicy)e(either)j(p)q(ermits)e(or)-90
1425 y(prohibits)g(comm)o(unicatio)o(n)d(b)q(et)o(w)o(een)16
b(a)e(set)h(of)e(en)o(tities.)19 b(P)o(olicies)14 b(can)g(also)f(b)q(e)i
(based)g(up)q(on)f(highly)f(dynamic)f(parameters)i(suc)o(h)h(as)-90
1475 y(curren)o(t)j(load)e(or)g(link)g(a)o(v)n(ailabili)o(t)o(y)m(.)23
b(Suc)o(h)17 b(p)q(olicies)f(are)h(kno)o(wn)f(as)h Fp(non-deterministic)f
Fs(p)q(olicies.)26 b(F)m(or)16 b(example,)f Fm(AD)1858 1481
y Fl(a)1896 1475 y Fs(ma)o(y)f(ha)o(v)o(e)-90 1525 y(a)i(p)q(olicy)f(to)h
(carry)h(transit)f(tra\016c)g(as)g(long)f(as)i(it)e(do)q(es)i(not)f(in)o
(terfere)h(with)f(lo)q(cal)f(comm)o(unication.)21 b(Or,)c Fm(AD)1723
1531 y Fl(a)1759 1525 y Fs(will)e(carry)i(transit)-90 1575
y(tra\016c)12 b(as)h(long)e(as)i(it)e(consumes)i(less)g(than,)f(sa)o(y)m(,)f
(30\045)h(of)g Fm(AD)899 1581 y Fl(a)919 1575 y Fs('s)g(total)g(bandwidth.)17
b(The)c(ubiquit)o(y)e(of)h(these)h(p)q(olicies)g(is)f(that)g(an)g(AD)-90
1625 y(can)i(express)h(conditional)d(p)q(olicy)g(statemen)o(ts)i(based)g(on)f
(the)h(constan)o(tly)f(c)o(hanging)g(state)h(of)f(the)h(net)o(w)o(ork.)k(The)
c(di\016cult)o(y)e(is)h(that,)-90 1674 y(outside)g(of)g(the)g(AD)g(that)g
(expresses)j(non-deterministic)c(p)q(olicies,)g(it)h(is)g(generally)f(imp)q
(ossible)g(to)g(determine)h(whether)i(a)d(particular)-90 1724
y(p)q(olicy)h(p)q(ermits)h(or)f(prohibits)h(comm)o(unication)d(at)i(a)h(giv)o
(en)f(p)q(oin)o(t)h(in)f(time.)-90 1863 y Fk(1.2.3)55 b(In)n(ternet)n(w)n
(ork)19 b(T)-5 b(op)r(ology)-90 1957 y Fs(Some)12 b(routing)h(proto)q(cols)g
(place)g(restrictions)i(on)d(in)o(ternet)i(scale)g(and)f(top)q(ology)m(,)e
(e.g.,)h(EGP)h([77)o(].)k(An)o(y)c(in)o(ter-AD)h(routing)e(proto)q(col)-90
2007 y(should)j(ha)o(v)o(e)h(the)g(p)q(oten)o(tial)e(of)h(supp)q(orting)h(v)o
(ery)g(large)f(scale)h(in)o(ternet)o(w)o(orking.)22 b(W)m(e)15
b(an)o(ticipate)h(on)f(the)h(order)g(of)f(10)1866 1992 y Fj(5)1899
2007 y Fs(ADs.)1990 1992 y Fj(3)2032 2007 y Fs(In)-90 2057
y(an)g(in)o(ternet)i(of)e(suc)o(h)i(enormous)d(size,)j(it)e(w)o(ould)g(b)q(e)
h(impractical)e(to)i(design)f(a)h(proto)q(col)f(that)h(relied)g(on)f(top)q
(ological)f(restrictions;)-90 2107 y(enforcemen)o(t)21 b(w)o(ould)e(b)q(e)i
(near)g(imp)q(ossible.)36 b(Consequen)o(tly)m(,)21 b(one)g(of)f(our)g(design)
h(goals)e(is)i(to)f(allo)o(w)f(for)h(maxim)n(um)c(degree)22
b(of)-90 2157 y(\015exibilit)o(y)12 b(in)g(regard)i(to)f(the)h
(con\014guration)f(of)f(the)i(in)o(ternet)o(w)o(ork.)k(The)c(proto)q(cols)f
(discussed)i(b)q(elo)o(w)e(do)g(not)g(place)h(restrictions)g(on)-90
2206 y(the)g(in)o(ternet)o(w)o(ork)h(top)q(ology)m(.)-28 2274
y(Figure)i(1.1)f(depicts)i(an)f(example)f(of)g(AD)h(in)o(terconnection)h(top)
q(ology)m(.)26 b(It)17 b(resem)o(bles)g(a)g(traditional)e(three-lev)o(el)j
(hierarc)o(h)o(y)g(of)-90 2324 y(long)e(haul,)h(regional)f(and)h(stub)h(ADs.)
28 b(Ho)o(w)o(ev)o(er,)18 b(there)h(are)f(exceptions)g(to)f(the)h(hierarc)o
(h)o(y)f(in)g(the)h(form)d(of)i(lateral)g(and)g(b)o(ypass)-90
2374 y(links.)22 b(These)17 b(exceptions)f(to)g(the)g(otherwise)g(regular)f
(top)q(ology)g(are)h(not)f(disp)q(ensable)h(and)f(m)o(ust)g(b)q(e)h(supp)q
(orted,)h(p)q(erhaps)f(at)f(the)-90 2424 y(exp)q(ense)g(of)e(routing)f(proto)
q(col)h(o)o(v)o(erhead.)18 b(Absence)e(of)c(restrictions)j(on)d(AD)h(in)o
(terconnection)i(allo)o(ws)c(us)j(to)f(accommo)q(date)e(this,)i(or)-90
2473 y(an)o(y)g(other,)h(top)q(ology)f(that)h(ma)o(y)e(ev)o(olv)o(e)i(in)f
(future)h(in)o(ternet)o(w)o(orks.)1011 2458 y Fj(4)p -90 2554
864 2 v -44 2580 a Fi(3)-26 2592 y Fh(Although)9 b(the)i(ma)r(jorit)o(y)e
(will)j(b)q(e)f(stub)f(ADs,)i(our)f(mo)q(del)f(assumes)g(a)h(large)f(n)o(um)o
(b)q(er)g(of)h(transit)f(and)h(h)o(ybrid)e(ADs)j(as)g(w)o(ell.)-44
2620 y Fi(4)-26 2632 y Fh(F)m(or)f(further)e(discussion)h(of)h(in)o(ternet)o
(w)o(ork)e(top)q(ology)g(see)i([26)o(].)2049 2770 y Fs(3)p
eop
%%Page: 4 14
bop 157 -150 a
26049576 21313290 0 0 40258437 52099153 startTexFig
157 -150 a
%%BeginDocument: topology.ps
/FMversion (2.0) def
/FrameDict 170 dict def
systemdict /errordict known not { /errordict 10 dict def
errordict /rangecheck { stop } put } if
FrameDict /tmprangecheck errordict /rangecheck get put
errordict /rangecheck {FrameDict /bug true put} put
FrameDict /bug false put
mark
currentfile 5 string readline
00
0000000000
cleartomark
errordict /rangecheck FrameDict /tmprangecheck get put
FrameDict /bug get {
/readline {
/gstring exch def
/gfile exch def
/gindex 0 def
{
gfile read pop
dup 10 eq {exit} if
dup 13 eq {exit} if
gstring exch gindex exch put
/gindex gindex 1 add def
} loop
pop
gstring 0 gindex getinterval true
} def
} if
/FMVERSION {
FMversion ne {
/Times-Roman findfont 18 scalefont setfont
100 100 moveto
(FrameMaker version does not match postscript_prolog!)
dup =
show showpage
} if
} def
/FMLOCAL {
FrameDict begin
0 def
end
} def
/gstring FMLOCAL
/gfile FMLOCAL
/gindex FMLOCAL
/orgxfer FMLOCAL
/orgproc FMLOCAL
/organgle FMLOCAL
/orgfreq FMLOCAL
FrameDict /graymode true put
/yscale FMLOCAL
/xscale FMLOCAL
/PrintInColor systemdict /colorimage known def
PrintInColor
{
/HUE 0 def
/SAT 0 def
/BRIGHT 0 def
% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
/Colors
[[0 0 ] % black
[0 0 ] % white
[0.00 1.0] % red
[0.37 1.0] % green
[0.60 1.0] % blue
[0.50 1.0] % cyan
[0.83 1.0] % magenta
[0.16 1.0] % comment
] def
/BEGINBITMAPCOLOR {
BITMAPCOLOR } def
/BEGINBITMAPCOLORc {
BITMAPCOLORc } def
/K {
Colors exch get dup
0 get /HUE exch store
1 get /BRIGHT exch store
HUE 0 eq BRIGHT 0 eq and
{1.0 SAT sub setgray }
{HUE SAT BRIGHT sethsbcolor }
ifelse
} def
/mysetgray {
/SAT exch 1.0 exch sub store
HUE 0 eq BRIGHT 0 eq and
{1.0 SAT sub setgray }
{HUE SAT BRIGHT sethsbcolor }
ifelse
} bind def
}
{
/BEGINBITMAPCOLOR {
BITMAPGRAY } def
/BEGINBITMAPCOLORc {
BITMAPGRAYc } def
/mysetgray { setgray } bind def
/K {
pop
} def
}
ifelse
/max {2 copy lt {exch} if pop} bind def
/min {2 copy gt {exch} if pop} bind def
/mtx matrix defaultmatrix def
/setmanualfeed {
statusdict /manualfeed true put
} def
/FMDOCUMENT {
array /FMfonts exch def
/#copies exch def
0 ne dup {setmanualfeed} if
FrameDict begin
/manualfeed exch def
/paperheight exch def
/paperwidth exch def
setpapername
manualfeed {true} {papersize} ifelse
{manualpapersize} {false} ifelse
{desperatepapersize} if
/yscale exch def
/xscale exch def
currenttransfer cvlit /orgxfer exch def
currentscreen cvlit /orgproc exch def
/organgle exch def /orgfreq exch def
end
} def
/pagesave FMLOCAL
/orgmatrix FMLOCAL
/landscape FMLOCAL
/FMBEGINPAGE {
FrameDict begin
/pagesave save def
3.86 setmiterlimit
/landscape exch 0 ne store
landscape {
90 rotate 0 exch neg translate pop
}
{ pop pop }
ifelse
xscale yscale scale
/orgmatrix matrix def
gsave
} def
/FMENDPAGE {
grestore
pagesave restore
end
showpage
} def
/fontname FMLOCAL
/fontscale FMLOCAL
/fontnum FMLOCAL
/fontdict FMLOCAL
/FMDEFINEFONT {
FrameDict begin
/fontname exch def
/fontscale exch def
/fontnum exch def
/fontdict fontname findfont fontscale scalefont def
fontdict /Encoding get StandardEncoding eq
{
fontdict DiacriticEncode
/fontdict exch def
} {
fontdict NonDiacriticEncode
/fontdict exch def
} ifelse
FMfonts fontnum
fontnum fontdict definefont
put
end
} def
/FMNORMALIZEGRAPHICS {
newpath
0.0 0.0 moveto
1 setlinewidth
0 setlinecap
0 mysetgray
} bind def
/FMBEGINEPSF {
end
/FMEPSF save def
/showpage {} def
FMNORMALIZEGRAPHICS
[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall
fx fy translate
rotate
fw urx llx sub div fh ury lly sub div scale
llx neg lly neg translate
} bind def
/FMENDEPSF {
FMEPSF restore
FrameDict begin
} bind def
FrameDict begin
/pagedimen {
paperheight sub abs 16 lt exch
paperwidth sub abs 16 lt and
{/papername exch def} {pop} ifelse
} def
/inch {72 mul} def
/setpapername {
/papersizedict 14 dict def
papersizedict begin
/papername /unknown def
/Letter 8.5 inch 11.0 inch pagedimen
/LetterSmall 7.68 inch 10.16 inch pagedimen
/Tabloid 11.0 inch 17.0 inch pagedimen
/Ledger 17.0 inch 11.0 inch pagedimen
/Legal 8.5 inch 14.0 inch pagedimen
/Statement 5.5 inch 8.5 inch pagedimen
/Executive 7.5 inch 10.0 inch pagedimen
/A3 11.69 inch 16.5 inch pagedimen
/A4 8.26 inch 11.69 inch pagedimen
/A4Small 7.47 inch 10.85 inch pagedimen
/B4 10.125 inch 14.33 inch pagedimen
/B5 7.16 inch 10.125 inch pagedimen
end
} def
/papersize {
papersizedict begin
/Letter {lettertray} def
/LetterSmall {lettertray lettersmall} def
/Tabloid {11x17tray} def
/Ledger {ledgertray} def
/Legal {legaltray} def
/Statement {statementtray} def
/Executive {executivetray} def
/A3 {a3tray} def
/A4 {a4tray} def
/A4Small {a4tray a4small} def
/B4 {b4tray} def
/B5 {b5tray} def
/unknown {unknown} def
papersizedict dup papername known {papername} {/unknown} ifelse get
end
statusdict begin stopped end
} def
/manualpapersize {
papersizedict begin
/Letter {letter} def
/LetterSmall {lettersmall} def
/Tabloid {11x17} def
/Ledger {ledger} def
/Legal {legal} def
/Statement {statement} def
/Executive {executive} def
/A3 {a3} def
/A4 {a4} def
/A4Small {a4small} def
/B4 {b4} def
/B5 {b5} def
/unknown {unknown} def
papersizedict dup papername known {papername} {/unknown} ifelse get
end
stopped
} def
/desperatepapersize {
statusdict /setpageparams known
{
paperwidth paperheight 0 1
statusdict begin
{setpageparams} stopped pop
end
} if
} def
/savematrix {
orgmatrix currentmatrix pop
} bind def
/restorematrix {
orgmatrix setmatrix
} bind def
/dmatrix matrix def
/dpi 72 0 dmatrix defaultmatrix dtransform
dup mul exch dup mul add sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq { pop 1 } if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/DiacriticEncoding [
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
] def
/basefontdict FMLOCAL
/newfontdict FMLOCAL
/DiacriticEncode {
/basefontdict exch def
/newfontdict basefontdict maxlength dict def
basefontdict
{exch dup /FID ne
{dup /Encoding eq
{exch pop DiacriticEncoding}
{exch}
ifelse
newfontdict 3 1 roll put
}
{pop pop}
ifelse
} forall
newfontdict
} bind def
/NonDiacriticEncode {
/basefontdict exch def
/newfontdict basefontdict maxlength dict def
basefontdict
{exch dup /FID ne
{exch newfontdict 3 1 roll put}
{pop pop}
ifelse
} forall
newfontdict
} bind def
/bwidth FMLOCAL
/bpside FMLOCAL
/bstring FMLOCAL
/onbits FMLOCAL
/offbits FMLOCAL
/xindex FMLOCAL
/yindex FMLOCAL
/x FMLOCAL
/y FMLOCAL
/setpattern {
/bwidth exch def
/bpside exch def
/bstring exch def
/onbits 0 def /offbits 0 def
freq sangle landscape {90 add} if
{/y exch def
/x exch def
/xindex x 1 add 2 div bpside mul cvi def
/yindex y 1 add 2 div bpside mul cvi def
bstring yindex bwidth mul xindex 8 idiv add get
1 7 xindex 8 mod sub bitshift and 0 ne
{/onbits onbits 1 add def 1}
{/offbits offbits 1 add def 0}
ifelse
}
setscreen
{} settransfer
offbits offbits onbits add div mysetgray
/graymode false store
} bind def
/grayness {
mysetgray
graymode not {
/graymode true store
orgxfer cvx settransfer
orgfreq organgle orgproc cvx setscreen
} if
} bind def
/normalize {
transform round exch round exch itransform
} bind def
/dnormalize {
dtransform round exch round exch idtransform
} bind def
/lnormalize {
0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
} bind def
/H {
lnormalize setlinewidth
} bind def
/Z {
setlinecap
} bind def
/X {
fillprocs exch get exec
} bind def
/V {
gsave eofill grestore
} bind def
/N {
stroke
} bind def
/M {newpath moveto} bind def
/E {lineto} bind def
/D {curveto} bind def
/O {closepath} bind def
/n FMLOCAL
/L {
/n exch def
newpath
normalize
moveto
2 1 n {pop normalize lineto} for
} bind def
/Y {
L
closepath
} bind def
/x1 FMLOCAL
/x2 FMLOCAL
/y1 FMLOCAL
/y2 FMLOCAL
/rad FMLOCAL
/R {
/y2 exch def
/x2 exch def
/y1 exch def
/x1 exch def
x1 y1
x2 y1
x2 y2
x1 y2
4 Y
} bind def
/RR {
/rad exch def
normalize
/y2 exch def
/x2 exch def
normalize
/y1 exch def
/x1 exch def
newpath
x1 y1 rad add moveto
x1 y2 x2 y2 rad arcto
x2 y2 x2 y1 rad arcto
x2 y1 x1 y1 rad arcto
x1 y1 x1 y2 rad arcto
closepath
16 {pop} repeat
} bind def
/C {
grestore
gsave
R
clip
} bind def
/U {
grestore
gsave
} bind def
/F {
FMfonts exch get
setfont
} bind def
/T {
moveto show
} bind def
/RF {
rotate
0 ne { -1 1 scale } if
} bind def
/TF {
gsave
moveto
RF
show
grestore
} bind def
/P {
moveto
0 32 3 2 roll widthshow
} bind def
/PF {
gsave
moveto
RF
0 32 3 2 roll widthshow
grestore
} bind def
/S {
moveto
0 exch ashow
} bind def
/SF {
gsave
moveto
RF
0 exch ashow
grestore
} bind def
/B {
moveto
0 32 4 2 roll 0 exch awidthshow
} bind def
/BF {
gsave
moveto
RF
0 32 4 2 roll 0 exch awidthshow
grestore
} bind def
/x FMLOCAL
/y FMLOCAL
/dx FMLOCAL
/dy FMLOCAL
/dl FMLOCAL
/t FMLOCAL
/t2 FMLOCAL
/Cos FMLOCAL
/Sin FMLOCAL
/r FMLOCAL
/W {
dnormalize
/dy exch def
/dx exch def
normalize
/y exch def
/x exch def
/dl dx dx mul dy dy mul add sqrt def
dl 0.0 gt {
/t currentlinewidth def
savematrix
/Cos dx dl div def
/Sin dy dl div def
/r [Cos Sin Sin neg Cos 0.0 0.0] def
/t2 t 2.5 mul 3.5 max def
newpath
x y translate
r concat
0.0 0.0 moveto
dl t 2.7 mul sub 0.0 rlineto
stroke
restorematrix
x dx add y dy add translate
r concat
t 0.67 mul setlinewidth
t 1.61 mul neg 0.0 translate
0.0 0.0 moveto
t2 1.7 mul neg t2 2.0 div moveto
0.0 0.0 lineto
t2 1.7 mul neg t2 2.0 div neg lineto
stroke
t setlinewidth
restorematrix
} if
} bind def
/G {
gsave
newpath
normalize translate 0.0 0.0 moveto
dnormalize scale
0.0 0.0 1.0 5 3 roll arc
closepath fill
grestore
} bind def
/A {
gsave
savematrix
newpath
2 index 2 div add exch 3 index 2 div sub exch
normalize 2 index 2 div sub exch 3 index 2 div add exch
translate
scale
0.0 0.0 1.0 5 3 roll arc
restorematrix
stroke
grestore
} bind def
/x FMLOCAL
/y FMLOCAL
/w FMLOCAL
/h FMLOCAL
/xx FMLOCAL
/yy FMLOCAL
/ww FMLOCAL
/hh FMLOCAL
/FMsaveobject FMLOCAL
/FMoptop FMLOCAL
/FMdicttop FMLOCAL
/BEGINPRINTCODE {
/FMdicttop countdictstack 1 add def
/FMoptop count 4 sub def
/FMsaveobject save def
userdict begin
/showpage {} def
FMNORMALIZEGRAPHICS
3 index neg 3 index neg translate
} bind def
/ENDPRINTCODE {
count -1 FMoptop {pop pop} for
countdictstack -1 FMdicttop {pop end} for
FMsaveobject restore
} bind def
/gn {
0
{ 46 mul
cf read pop
32 sub
dup 46 lt {exit} if
46 sub add
} loop
add
} bind def
/str FMLOCAL
/cfs {
/str sl string def
0 1 sl 1 sub {str exch val put} for
str def
} bind def
/ic [
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
0
{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
] def
/sl FMLOCAL
/val FMLOCAL
/ws FMLOCAL
/im FMLOCAL
/bs FMLOCAL
/cs FMLOCAL
/len FMLOCAL
/pos FMLOCAL
/ms {
/sl exch def
/val 255 def
/ws cfs
/im cfs
/val 0 def
/bs cfs
/cs cfs
} bind def
400 ms
/ip {
is
0
cf cs readline pop
{ ic exch get exec
add
} forall
pop
} bind def
/wh {
/len exch def
/pos exch def
ws 0 len getinterval im pos len getinterval copy pop
pos len
} bind def
/bl {
/len exch def
/pos exch def
bs 0 len getinterval im pos len getinterval copy pop
pos len
} bind def
/s1 1 string def
/fl {
/len exch def
/pos exch def
/val cf s1 readhexstring pop 0 get def
pos 1 pos len add 1 sub {im exch val put} for
pos len
} bind def
/hx {
3 copy getinterval
cf exch readhexstring pop pop
} bind def
/h FMLOCAL
/w FMLOCAL
/d FMLOCAL
/lb FMLOCAL
/bitmapsave FMLOCAL
/is FMLOCAL
/cf FMLOCAL
/wbytes {
dup
8 eq { pop } { 1 eq { 7 add 8 idiv } { 3 add 4 idiv } ifelse } ifelse
} bind def
/BEGINBITMAPBWc {
1 {} COMMONBITMAPc
} bind def
/BEGINBITMAPGRAYc {
8 {} COMMONBITMAPc
} bind def
/BEGINBITMAP2BITc {
2 {} COMMONBITMAPc
} bind def
/COMMONBITMAPc {
/r exch def
/d exch def
gsave
translate rotate scale /h exch def /w exch def
/lb w d wbytes def
sl lb lt {lb ms} if
/bitmapsave save def
r
/is im 0 lb getinterval def
ws 0 lb getinterval is copy pop
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{ip} image
bitmapsave restore
grestore
} bind def
/BEGINBITMAPBW {
1 {} COMMONBITMAP
} bind def
/BEGINBITMAPGRAY {
8 {} COMMONBITMAP
} bind def
/BEGINBITMAP2BIT {
2 {} COMMONBITMAP
} bind def
/COMMONBITMAP {
/r exch def
/d exch def
gsave
translate rotate scale /h exch def /w exch def
/bitmapsave save def
r
/is w d wbytes string def
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{ cf is readhexstring pop } image
bitmapsave restore
grestore
} bind def
/Fmcc {
/proc2 exch cvlit def
/proc1 exch cvlit def
/newproc proc1 length proc2 length add array def
newproc 0 proc1 putinterval
newproc proc1 length proc2 putinterval
newproc cvx
} bind def
/colorsetup {
currentcolortransfer
/gryt exch def
/blut exch def
/grnt exch def
/redt exch def
/ngrayt 256 array def
/nredt 256 array def
/nbluet 256 array def
/ngreent 256 array def
0 1 255 {
/indx exch def
/cynu 1 red indx get 255 div sub def
/magu 1 green indx get 255 div sub def
/yelu 1 blue indx get 255 div sub def
/k cynu magu min yelu min def
/u k currentundercolorremoval exec def
nredt indx 1 0 cynu u sub max sub redt exec put
ngreent indx 1 0 magu u sub max sub grnt exec put
nbluet indx 1 0 yelu u sub max sub blut exec put
ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
} for
{255 mul cvi nredt exch get}
{255 mul cvi ngreent exch get}
{255 mul cvi nbluet exch get}
{255 mul cvi ngrayt exch get}
setcolortransfer
{pop 0} setundercolorremoval
{} setblackgeneration
} bind def
/fakecolorsetup {
/tran 256 string def
0 1 255 { /ind exch def
tran ind
red ind get 77 mul
green ind get 151 mul
blue ind get 28 mul
add add 256 idiv put } for
currenttransfer
{ 255 mul cvi tran exch get 255.0 div }
exch Fmcc settransfer
} bind def
/BITMAPCOLOR {
/d 8 def
gsave
translate rotate scale /h exch def /w exch def
/bitmapsave save def
colorsetup
/is w d wbytes string def
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{ cf is readhexstring pop } {is} {is} true 3 colorimage
bitmapsave restore
grestore
} bind def
/BITMAPCOLORc {
/d 8 def
gsave
translate rotate scale /h exch def /w exch def
/lb w d wbytes def
sl lb lt {lb ms} if
/bitmapsave save def
colorsetup
/is im 0 lb getinterval def
ws 0 lb getinterval is copy pop
/cf currentfile def
w h d [w 0 0 h neg 0 h]
{ip} {is} {is} true 3 colorimage
bitmapsave restore
grestore
} bind def
/BITMAPGRAY {
8 {fakecolorsetup} COMMONBITMAP
} bind def
/BITMAPGRAYc {
8 {fakecolorsetup} COMMONBITMAPc
} bind def
/ENDBITMAP {
} bind def
end
(2.0) FMVERSION
1 1 2 2 0 1 1 FMDOCUMENT
/fillprocs 32 array def
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 9 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<03060c183060c081> 8 1 setpattern } put
fillprocs 14 {<8040201008040201> 8 1 setpattern } put
fillprocs 15 {} put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 25 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
fillprocs 30 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 31 {} put
0 14 /Palatino-Roman FMDEFINEFONT
612 792 0 FMBEGINPAGE
0 0 612 792 C
0 0 612 792 R
7 X
0 K
V
72 744 540 756 R
V
72 32 540 44 R
V
18 76.65 576 775 R
V
3 H
2 Z
0 X
N
0 F
(regional transit AD) 134.93 161.6 T
48.31 302.14 111.11 262.71 2 L
1 H
10 X
N
48.31 593.89 50.48 507.15 2 L
11 X
N
245.35 365.22 347.12 384.93 2 L
10 X
N
54.81 609.66 128.43 609.66 2 L
0.5 H
0 X
N
4 X
90 450 33.56 10.37 90.54 194.91 G
0 Z
0 X
90 450 33.56 10.37 90.54 194.91 A
5 X
90 450 24.9 9.42 90.54 169.47 G
0 X
90 450 24.9 9.42 90.54 169.47 A
6 X
90 450 14.83 9.31 91.45 139.21 G
0 X
90 450 14.83 9.31 91.45 139.21 A
302 195.21 403.77 195.21 2 L
2 Z
N
301.07 141.46 405 141.46 2 L
3 H
N
(Hierarchical Link) 425.07 194.03 T
(Lateral Link) 425.07 167.64 T
(Bypass Link) 425.07 139.37 T
48.31 724 264.84 692.46 2 L
N
111.11 270.59 256.18 487.44 2 L
N
52.64 700.34 132.76 629.38 2 L
0.5 H
N
52.64 503.21 145.75 475.61 2 L
N
56.97 392.82 145.75 451.96 2 L
N
111.11 282.42 152.25 459.84 2 L
N
193.39 282.42 232.36 357.33 2 L
N
282.16 282.42 236.69 357.33 2 L
N
362.28 282.42 254.01 361.27 2 L
N
461.88 270.59 364.44 365.22 2 L
N
535.5 357.33 373.1 380.99 2 L
N
537.66 361.27 440.23 499.27 2 L
N
535.5 440.13 444.56 518.98 2 L
N
535.5 522.92 444.56 538.69 2 L
N
537.66 530.81 440.23 629.38 2 L
N
535.5 617.55 444.56 645.15 2 L
N
537.66 708.23 442.39 668.8 2 L
N
433.73 684.57 329.8 680.63 2 L
N
433.73 558.41 316.81 676.69 2 L
N
438.06 522.92 314.64 499.27 2 L
N
351.45 396.76 316.81 475.61 2 L
N
236.69 377.05 273.5 471.67 2 L
N
152.25 495.33 258.35 574.18 2 L
N
141.42 613.6 260.51 668.8 2 L
N
5 X
90 450 12.99 47.31 440.23 668.8 G
0 Z
0 X
90 450 12.99 47.31 440.23 668.8 A
5 X
90 450 31.4 23.66 356.86 388.87 G
0 X
90 450 31.4 23.66 356.86 388.87 A
5 X
90 450 12.99 47.31 438.06 530.81 G
0 X
90 450 12.99 47.31 438.06 530.81 A
5 X
90 450 31.4 25.63 231.28 363.25 G
0 X
90 450 31.4 25.63 231.28 363.25 A
5 X
90 450 11.91 49.28 149 481.53 G
0 X
90 450 11.91 49.28 149 481.53 A
5 X
90 450 12.99 47.31 137.09 621.49 G
0 X
90 450 12.99 47.31 137.09 621.49 A
6 X
90 450 13 23.66 542 349.45 G
0 X
90 450 13 23.66 542 349.45 A
6 X
90 450 13 21.68 542 434.21 G
0 X
90 450 13 21.68 542 434.21 A
6 X
90 450 13 21.68 542 517.01 G
0 X
90 450 13 21.68 542 517.01 A
6 X
90 450 13 23.66 542 617.55 G
0 X
90 450 13 23.66 542 617.55 A
6 X
90 450 13 23.66 542 716.11 G
0 X
90 450 13 23.66 542 716.11 A
6 X
90 450 12.99 23.66 191.22 266.65 G
0 X
90 450 12.99 23.66 191.22 266.65 A
6 X
90 450 11.91 23.66 285.41 266.65 G
0 X
90 450 11.91 23.66 285.41 266.65 A
6 X
90 450 12.99 23.66 368.77 266.65 G
0 X
90 450 12.99 23.66 368.77 266.65 A
6 X
90 450 11.91 23.66 465.13 266.65 G
0 X
90 450 11.91 23.66 465.13 266.65 A
6 X
90 450 12.99 23.66 48.31 388.87 G
0 X
90 450 12.99 23.66 48.31 388.87 A
2 X
90 450 12.99 25.63 48.31 505.18 G
0 X
90 450 12.99 25.63 48.31 505.18 A
2 X
90 450 12.99 23.66 48.31 597.83 G
0 X
90 450 12.99 23.66 48.31 597.83 A
6 X
90 450 12.99 23.66 48.31 716.11 G
0 X
90 450 12.99 23.66 48.31 716.11 A
6 X
90 450 12.99 21.68 48.31 304.11 G
0 X
90 450 12.99 21.68 48.31 304.11 A
288.66 586.01 292.99 499.27 2 L
1 H
2 Z
11 X
N
4 X
90 450 50.88 35.48 291.91 483.5 G
0.5 H
0 Z
0 X
90 450 50.88 35.48 291.91 483.5 A
282.16 672.74 271.34 593.89 2 L
1 H
2 Z
11 X
N
4 X
90 450 50.88 35.48 287.58 586 G
0.5 H
0 Z
0 X
90 450 50.88 35.48 287.58 586 A
4 X
90 450 50.88 33.51 287.58 694.43 G
0 X
90 450 50.88 33.51 287.58 694.43 A
301.65 169.47 403.42 169.47 2 L
1 H
2 Z
10 X
N
0 X
(backbone transit AD) 135 189.38 T
2 X
90 450 12.99 23.66 111.11 266.65 G
0.5 H
0 Z
0 X
90 450 12.99 23.66 111.11 266.65 A
2 X
90 450 12.99 8.36 90.01 107.78 G
0 X
90 450 12.99 8.36 90.01 107.78 A
(stub AD) 134 132.27 T
(hybrid AD) 134 104.83 T
FMENDPAGE
%%EndDocument
157 -150 a
endTexFig
590 1321 a Fs(Figure)14 b(1.1:)j(Example)12 b(of)i(AD)f(in)o(terconnection.)
-90 1454 y Fq(1.3)70 b(Access)21 b(Con)n(trol)i(Requiremen)n(ts)-90
1563 y Fs(This)17 b(section)h(addresses)i(access)f(con)o(trol)e(requiremen)o
(ts)h(for)f(all)f(ob)r(jects)j(of)e(p)q(olicy)m(.)27 b(It)18
b(b)q(egins)f(with)g(a)h(brief)f(discussion)h(of)f(end-)-90
1613 y(system)d(con)o(trol)f(in)h(an)f(in)o(ter-AD)h(con)o(text.)19
b(W)m(e)14 b(then)g(argue)g(for)g(con)o(trolling)e(access)k(to)e(AD)f(net)o
(w)o(ork)i(resources)h(indep)q(enden)o(tly)f(of)-90 1662 y(end-system)f
(access)i(con)o(trol.)-90 1801 y Fk(1.3.1)55 b(End-systems)18
b(and)h(Applications)-90 1895 y Fs(End-system)c(securit)o(y)g(is)g(a)f
(requiremen)o(t)h(for)f(all)f(stub)j(ADs.)k(Previous)15 b(w)o(ork)g(has)f
(addressed)j(the)e(design)g(of)f(secure)i(applications,)-90
1945 y(op)q(erating)e(systems,)f(as)h(w)o(ell)f(as)h(the)h(adaptation)e(of)g
(secure)j(systems)e(to)g(a)f(net)o(w)o(ork)h(con)o(text)h([89)o(,)e(51,)g
(90,)g(89,)g(46,)g(27)o(].)-28 2013 y(Mo)q(dern)18 b(distributed)g(op)q
(erating)f(systems,)h(e.g.,)f(Andrew)h([80)o(])f(and)g(Amo)q(eba)f([64)o(],)h
(illustrate)g(metho)q(ds)g(for)g(e\016cien)o(t)h(imple-)-90
2063 y(men)o(tation)c(of)g(securit)o(y)j(features)f(in)f(a)g(distributed)h
(computing)e(en)o(vironmen)o(t)g(with)h(high)g(a)o(v)n(ailabili)o(t)o(y)d(of)
j(services.)24 b(In)15 b(the)h(realm)-90 2113 y(of)i(secure)j(applications,)e
(Priv)n(acy-Enhanced)g(Electronic)h(Mail)e([51)o(],)h(for)f(example,)g(pro)o
(vides)i(v)n(aluable)d(insigh)o(ts)i(p)q(ertaining)f(to)-90
2162 y(the)i(implem)o(en)o(tation)c(of)i(securit)o(y)i(services)h(in)d(a)h
(large-scale)g(distributed)h(en)o(vironmen)o(t)e(with)g(a)h(v)o(ery)g(large)g
(and)g(v)o(olatile)e(user)-90 2212 y(p)q(opulation.)-28 2280
y(W)m(e)e(emphasize)g(end-system)g(and)g(application-lev)o(el)e(con)o(trols)i
(as)h(a)e(p)q(oin)o(t)h(of)g(comparison)e(for)i(the)h(other)f(con)o(trols)h
(addressed,)-90 2330 y(and)j(commen)o(t)d(on)j(the)g(division)f(of)g(lab)q
(or)g(b)q(et)o(w)o(een)j(end-system)e(and)f(net)o(w)o(ork)h(con)o(trols.)33
b(But)20 b(\014rst,)g(w)o(e)f(brie\015y)g(discuss)h(ho)o(w)-90
2379 y(in)o(ter-AD)14 b(connections)h(in\015uence)g(the)f(requiremen)o(ts)g
(for)g(end-system)g(con)o(trols)g(themselv)o(es.)-28 2447 y(In)o(ter-AD)k
(connections)h(impact)d(ADs)i(that)f(ha)o(v)o(e)h(relativ)o(ely)f(op)q(en)h
(in)o(ternal)f(computing)f(en)o(vironmen)o(ts)h(more)g(so)g(than)h(ADs)-90
2497 y(with)11 b(closed,)h(protectiv)o(e)g(in)o(ternal)f(en)o(vironmen)o(ts.)
17 b(F)m(or)11 b(an)g(AD)g(that)g(emplo)o(ys)f(rigorous)h(securit)o(y)h(mec)o
(hanisms)e(on)h Fp(al)r(l)g Fs(end-systems,)-90 2547 y(in)o(tro)q(duction)g
(of)h(an)f(in)o(ter-AD)h(link)e(need)j(not)f(induce)g(signi\014can)o(t)f(mo)q
(di\014cation)f(of)h(the)h(end-systems)g(themselv)o(es.)18
b(Ho)o(w)o(ev)o(er,)12 b(man)o(y)-90 2597 y(ADs)h(emplo)o(y)f(a)g(more)h
Fp(laissez-fair)n(e)e Fs(approac)o(h)j(to)f(securit)o(y{implemen)o(ting)d
(stringen)o(t)k(con)o(trols)f(on)g(only)f(a)h(small)e(subset)k(of)d(critical)
-90 2646 y(systems)g(and)g(lea)o(ving)f(the)i(balance)f(of)f(end-systems)i
(relativ)o(ely)e(vulnerable)i(to)f(in)o(tra-AD)f(access.)19
b(This)12 b(should)g(not)g(b)q(e)h(view)o(ed)f(as)g(a)2049
2770 y(4)p eop
%%Page: 5 15
bop -90 -108 a Fs(criticism)11 b(or)g(failing)f(of)h(in)o(tra-AD)g(securit)o
(y)m(.)18 b(Rather,)11 b(to)h(the)g(exten)o(t)h(that)f(con)o(trols)g(ma)o(y)d
(inhibit)i(in)o(ternal)g(resource)j(sharing,)e(it)f(ma)o(y)-90
-59 y(b)q(e)j(in)f(the)h(organization's)e(in)o(terest)i(to)g(main)o(tain)c(a)
j(relativ)o(ely)g(op)q(en)h(en)o(vironmen)o(t.)j(In)o(tro)q(ducing)c
(additional)e(con)o(trols)j(throughout)-90 -9 y(an)c(AD)g(is)g(often)h
(impractical)d(b)q(ecause)k(of)d(the)i(large)f(n)o(um)o(b)q(er)g(of)g(in)o
(ternal)f(end-systems)i(and)f(the)h(subsequen)o(t)h(di\016culties)e(in)g(v)o
(erifying)-90 41 y(the)16 b(correct)g(op)q(eration)f(of)f(these)j(con)o
(trols.)k(Nev)o(ertheless,)c(in)o(tro)q(duction)e(of)f(in)o(ter-AD)h(links)f
(ma)o(y)f(require)j(some)e(reassessmen)o(t)j(of)-90 91 y(this)d(approac)o(h.)
-28 158 y(In)c(addition,)f(some)f(comm)o(unication-o)o(rien)o(ted)g
(applications)g(will)g(require)j(sp)q(ecial)e(consideration.)17
b(Among)8 b(them)h(are:)16 b(electronic)-90 208 y(mail,)e(video)i
(conferencing,)i(\014le)f(sharing)f(and)g(pro)q(cess)j(migration.)k(Eac)o(h)
17 b(demands)f(a)g(unique)h(com)o(bination)d(of)h(securit)o(y-related)-90
258 y(services.)30 b(In)17 b(video)g(conferencing,)h(for)f(example,)f(priv)n
(acy)h(is)g(often)g(imp)q(ortan)o(t)f(while)h(data)f(in)o(tegrit)o(y)h(is)g
(somewhat)f(secondary;)-90 308 y(also,)d(bandwidth)g(a)o(v)n(ailabilit)o(y)e
(is)i(critical.)18 b(Hence,)d(denial)e(of)g(service)j(\(malicious)11
b(or)j(otherwise\))h(is)f(of)f(signi\014can)o(t)g(concern.)-90
446 y Fk(1.3.2)55 b(Net)n(w)n(ork)19 b(Resources)-90 541 y
Fs(Man)o(y)14 b(discussions)i(of)e Fp(network)h(se)n(curity)f
Fs(are)h(actually)e(discussions)j(of)e(end-system)h(protection)g(in)f(a)g
(net)o(w)o(ork)h(en)o(vironmen)o(t,)e(e.g.,)-90 591 y([85)o(,)k(69)o(,)g(48,)
g(46)o(,)g(27)o(,)g(90].)28 b(While)16 b(this)i(is)f(an)g(imp)q(ortan)o(t)e
(consideration,)j(w)o(e)g(claim)d(that)i(it)g(is)h(not)f(adequate)h(in)f(the)
h(m)o(ulti-AD)-90 641 y(con)o(text.)h(F)m(or)13 b(b)q(oth)h(stub)h(and)e
(transit)i(ADs,)e(there)i(are)g(v)n(aluable)d(net)o(w)o(ork)i(resources)j
(that)d(are)g(also)f(the)i(ob)r(ject)f(of)g(p)q(olicy)m(.)-28
708 y(This)g(is)f(in)g(agreemen)o(t)g(with)g(a)h(w)o(ell-kno)o(wn)e(design)h
(principle,)g(the)i Fp(end-to-end)f Fs(argumen)o(t)e([78)o(].)18
b(It)13 b(states)i(that)f(the)g(placemen)o(t)-90 758 y(of)g(con)o(trols)h
(should)g(b)q(e)h(in)e(the)i(highest)f(proto)q(col)g(la)o(y)o(er)f(at)h(the)h
(end-p)q(oin)o(ts)f(of)f(comm)o(unication.)k(F)m(rom)13 b(a)i(functional)f
(standp)q(oin)o(t,)-90 808 y(features)d(suc)o(h)f(as)g(reliabilit)o(y)e(and)i
(securit)o(y)g(m)o(ust)f(tak)o(e)h(place)g(in)f(the)h(highest)g(la)o(y)o(ers)
g(if)f(they)h(are)g(to)g(co)o(v)o(er)g(all)f(sources)i(of)e(vulnerabilit)o(y)
m(.)-90 858 y(Therefore,)14 b(the)h(argumen)o(t)d(is)h(that)h(lo)o(w)o(er-la)
o(y)o(er)e(e\013orts)j(are)f(alw)o(a)o(ys)f(redundan)o(t)h(and)f(should)g(b)q
(e)i(implem)o(en)o(ted)d(only)h(to)g(the)h(exten)o(t)-90 907
y(that)e(they)h(impro)o(v)o(e)d(e\016ciency)m(.)18 b(In)12
b(the)h(case)g(of)f(securit)o(y)m(,)h(the)f(argumen)o(t)g(suggests)h(that)f
(end-system)h(resources)h(are)f(b)q(est)g(protected)-90 957
y(b)o(y)19 b(the)i(end-systems)f(themselv)o(es,)h(e.g.,)f(securit)o(y)g
(services)i(should)d(b)q(e)i(pro)o(vided)e(in)h(the)g(transp)q(ort)g(la)o(y)o
(er)g(as)f(opp)q(osed)i(to)e(the)-90 1007 y(net)o(w)o(ork)c(or)g(data)f(link)
g(la)o(y)o(er)g([90)o(].)20 b(W)m(e)14 b(observ)o(e,)i(ho)o(w)o(ev)o(er,)f
(that)f(in)h(the)g(sense)h(of)e(the)i Fp(end-to-end)f Fs(argumen)o(t,)f(net)o
(w)o(ork)h(resources)-90 1057 y(are)10 b Fp(endp)n(oints)h
Fs(to)f(the)h(exten)o(t)g(they)f(require)h(protection)g(in)e(their)i(o)o(wn)e
(righ)o(t.)17 b(Therefore,)11 b(it)f(is)g(imp)q(erativ)o(e)f(to)g(address)j
(the)e(protection)-90 1107 y(of)i(net)o(w)o(ork)i(resource)h(in)e(addition)f
(to)g(the)i(more)e(traditional)g(end-system)h(protection.)18
b(This)13 b(implies)f(the)h(need)h(for)f(con)o(trols)g(at)g(the)-90
1157 y(AD)h(exit)g(and)f(en)o(try)i(p)q(oin)o(ts.)-28 1224
y(If)f(con)o(trol)g(is)g(left)g(to)f(the)i(end-systems,)f(v)n(aluable)f
(stub-AD)h(net)o(w)o(ork)h(resources)h(ma)o(y)c(b)q(e)j(consumed)f(b)o(y)g
(unauthorized)g(tra\016c.)-90 1274 y(Rejecting)g(pac)o(k)o(ets)h(at)g(the)f
(end-system)h(is)f Fp(to)n(o)h(late)f Fs(from)f(the)i(p)q(ersp)q(ectiv)o(e)h
(of)e(net)o(w)o(ork)g(resource)j(usage.)i(Moreo)o(v)o(er,)c(unrestricted)-90
1324 y(net)o(w)o(ork)i(access)h(increases)h(the)e(vulnerabilit)o(y)e(of)h
(ADs)h(to)g(denial)f(of)g(service)i(attac)o(ks)f(in)f(the)i(form)d(of)h(pac)o
(k)o(et)h(storms.)26 b(In)16 b(other)-90 1374 y(w)o(ords,)e(the)h(net)o(w)o
(ork)g(in)o(terfaces)g(of)f(end-systems)h(are)g(themselv)o(es)g(net)o(w)o
(ork)f(resources)j(and)d(should)h(b)q(e)g(sub)r(ject)h(to)e(access)i(con)o
(trol)-90 1423 y(\(whic)o(h)11 b(can)h(only)f(b)q(e)h(ac)o(hiev)o(ed)g(b)q
(elo)o(w)f(the)h(transp)q(ort)g(la)o(y)o(er\).)17 b(Similarly)l(,)9
b(some)h(ADs)i(ha)o(v)o(e)f(no)g(relev)n(an)o(t)h(end-systems)g(\(they)g(pro)
o(vide)-90 1473 y(transit)g(services)h(only\))e(and)g(therefore)i(m)o(ust)d
(implemen)o(t)f(desired)k(con)o(trols)e(in)g(the)h(net)o(w)o(ork-la)o(y)o(er)
f(routing)g(proto)q(col.)17 b(Since)12 b(routing)-90 1523 y(is)f(a)g(net)o(w)
o(ork)h(la)o(y)o(er)f(function,)g(these)h(con)o(trols)g(m)o(ust)e(also)h(in)o
(v)o(olv)o(e)f(net)o(w)o(ork)h(lev)o(el)g(en)o(tities)h(and)f(can)h(not)f(b)q
(e)h(left)f(to)g(transp)q(ort)h(session)-90 1573 y(endp)q(oin)o(ts.)-28
1641 y(Net)o(w)o(ork)e(in)o(terconnection)h(is)e(t)o(ypically)f(done)i(at)f
(the)i(net)o(w)o(ork)e(la)o(y)o(er)g(for)h(reasons)g(of)f(transparency)m(,)i
(\015exibilit)o(y)d(and)i(p)q(erformance.)-90 1690 y(Consequen)o(tly)m(,)20
b(transp)q(ort)g(and)f(higher)g(la)o(y)o(ers)g(are)h(generally)f(not)g(w)o
(ell-suited)g(for)g(the)g(implemen)o(tation)d(of)j(net)o(w)o(ork)g(resource)
-90 1740 y(con)o(trols.)36 b(Moreo)o(v)o(er,)22 b(lo)o(w)o(er)e(la)o(y)o(ers)
g(\(ph)o(ysical)f(and)h(data-link\))f(do)g(not)h(pro)o(vide)g(access)i(to)e
(sub)r(ject)h(and)f(ob)r(ject)h(information)-90 1790 y(necessary)15
b(to)d(mak)o(e)f(p)q(olicy)h(decisions)h(with)g(resp)q(ect)i(to)d(net)o(w)o
(ork)h(resources.)20 b(This)12 b(leads)h(to)g(our)f(assertion)i(that)e(the)i
(net)o(w)o(ork)e(la)o(y)o(er)-90 1840 y(is)i(most)e(appropriate)i(for)g(the)g
(implemen)o(tation)d(of)i(net)o(w)o(ork)h(resource)i(con)o(trols.)-28
1908 y(In)e(summary)m(,)c(to)j(the)h(exten)o(t)h(net)o(w)o(ork)f(resources)i
(require)e(protection,)g(the)g(highest)g(relev)n(an)o(t)f(endp)q(oin)o(t)h
(is)f(the)h(net)o(w)o(ork)g(router)-90 1957 y(and)f(asso)q(ciated)h(pac)o(k)o
(et)g(forw)o(arding)e(and)h(routing)g(proto)q(cols.)18 b(In)13
b(this)h(sense,)g(the)g Fp(end-to-end)h Fs(argumen)o(t)d(supp)q(orts)i
(implemen)o(ting)-90 2007 y(these)h(con)o(trols)f(at)g(the)h(net)o(w)o(ork)f
(la)o(y)o(er.)-90 2137 y Fn(1.3.2.1)48 b(AD)16 b(Boundaries)-90
2232 y Fs(An)f(AD)f(represen)o(ts)k(a)c(set)h(of)f(resources)j(that)e(are)g
(go)o(v)o(erned)g(b)o(y)g(common)c(p)q(olicies.)20 b(W)m(e)15
b(argue)f(that)h(the)g(enforcemen)o(t)g(of)f(p)q(olicies)-90
2282 y(p)q(ertaining)h(to)h(in)o(ter-AD)g(comm)o(uni)o(cation)d(is)i(b)q(est)
i(carried)g(out)e(at)h(the)g(AD)f(b)q(oundaries.)1395 2267
y Fj(5)1438 2282 y Fs(Throughout)h(our)f(discussion)i(w)o(e)e(will)-90
2332 y(exploit)d(the)h(AD)f(abstraction)h(to)f(decouple)i(requiremen)o(ts)f
(and)f(mec)o(hanisms)f(for)h(in)o(tra-AD)g(comm)o(uni)o(cation)e(from)g
(those)k(for)e(in)o(ter-)-90 2381 y(AD)i(comm)o(unication.)i(In)f
(particular,)f(w)o(e)g(assume)g(net)o(w)o(ork)h(la)o(y)o(er)f(enforcemen)o(t)
g(only)g(in)g(those)h(routers)h(that)e(connect)i(the)f(AD)f(to)-90
2431 y(other)h(ADs,)e(i.e.,)f(b)q(order)j(routers)g(\(also)f(referred)i(to)d
(as)h(P)o(olicy)f(Gatew)o(a)o(ys)h([50)o(]\).)-28 2499 y(Another)19
b(motiv)n(ating)14 b(factor)j(for)g(implemen)o(ting)d(con)o(trols)k(at)f(b)q
(order)i(routers)f(is)g(the)g(trend)g(to)o(w)o(ards)g(commerciali)o(zation)d
(of)-90 2549 y(p)q(ortions)20 b(of)f(the)h(In)o(ternet.)36
b(Some)19 b(net)o(w)o(ork)g(resources)j(ma)o(y)c(b)q(e)i(c)o(harged)g(for)f
(on)h(a)f(usage-sensitiv)o(e)i(basis.)35 b(This)19 b(op)q(ens)i(new)p
-90 2629 864 2 v -44 2656 a Fi(5)-26 2668 y Fh(P)o(olicies)10
b(that)g(apply)g(to)h(in)o(tra-AD)g(comm)o(unic)o(atio)o(n)e(can)h(b)q(e)h
(enforced)f(b)o(y)h(eac)o(h)f(AD)i(indep)q(enden)o(t)o(ly)m(.)2049
2770 y Fs(5)p eop
%%Page: 6 16
bop -90 -108 a Fs(incen)o(tiv)o(es)19 b(and)f(opp)q(ortunities)g(for)g
(fraud.)30 b(Consequen)o(tly)m(,)19 b(b)q(order)g(routers)g(m)o(ust)e(b)q(e)i
(equipp)q(ed)g(to)f(detect)i(suc)o(h)e(abuse)h(b)q(efore)-90
-59 y(v)n(aluable)13 b(net)o(w)o(ork)h(resources)i(are)e(consumed)g(and)g(c)o
(harges)g(are)h(accrued.)-28 9 y(In)f(the)h(follo)o(wing)c(sections,)j(w)o(e)
h(address)g(suc)o(h)f(securit)o(y)h(concerns)h(in)d(the)i(con)o(text)f(of)g
(b)q(oth)g(stub)g(and)g(transit)g(ADs.)-90 139 y Fn(1.3.2.2)48
b(Stub)14 b(ADs)-90 234 y Fs(Stub)k(ADs)h(need)g(to)f(protect)h(the)f(in)o
(tegrit)o(y)g(of)f(their)i(in)o(ternal)f(net)o(w)o(ork)g(in)f(the)i(presence)
i(of)c(in)o(ter-AD)h(connections.)32 b(Net)o(w)o(ork)-90 284
y(resources)14 b(that)d(ma)o(y)e(require)j(protection)g(include)f(links,)g
(bridges,)g(routers,)i(and)e(end-system)g(net)o(w)o(ork)h(in)o(terfaces.)18
b(In)11 b(the)h(follo)o(wing)-90 333 y(paragraphs)g(w)o(e)g(further)h
(justify)e(the)i(need)g(to)f(con)o(trol)f(access)j(to)e(comm)o(unicatio)o(n)d
(resources)15 b(themselv)o(es,)d(and)g(the)g(need)h(to)f(include)-90
383 y(end-system)i(net)o(w)o(ork)g(in)o(terfaces)h(among)d(the)i(resources)j
(b)q(eing)c(protected.)-28 451 y(Most)j(in)o(ternal)e(net)o(w)o(orks)i(are)f
(implemen)o(ted)e(without)h(explicit)h(access)i(con)o(trols)e(in)f(the)i(no)q
(des)g(or)f(routers.)22 b(In)15 b(the)h(con)o(text)g(of)-90
501 y(in)o(tra-AD)10 b(use,)i(limitatio)o(ns)d(on)h(access)j(to)e(priv)n(ate)
g(information)d(or)i(resources)k(applies)c(primarily)f(to)h(end-systems.)18
b(Comm)o(uni)o(cation)-90 550 y(is)9 b(most)g(often)g(treated)i(as)f(a)f
Fp(fr)n(e)n(e)h(go)n(o)n(d)g Fs(within)f(organizations.)16
b(It)10 b(is)f(neither)i(c)o(harged)f(for,)f(nor)h(con)o(trolled)f(on)h(a)f
(usage-sensitiv)o(e)h(basis.)-90 600 y(Most)k(often,)g(in)o(ternal)f(net)o(w)
o(ork)h(access)i(is)d(unrestricted)j(if)d(a)h(user)h(has)f(legitimate)e
(end-system)i(access.)19 b(Ev)o(en)c(within)e(the)h(AD)g(this)-90
650 y(can)d(lead)g(to)h(undesired)g(dep)q(endencies)i(among)9
b(hosts,)j(departmen)o(ts,)f(etc;)i(for)e(example,)f(misb)q(eha)o(ving)f
(hosts)j(generating)f(broadcast)-90 700 y(storms,)i(or)h(p)q(o)q(or)g(transp)
q(ort)h(proto)q(col)e(implemen)o(tations)e(degrading)j(p)q(erformance)g(of)f
(a)h(b)q(ottlenec)o(k)h(resource.)20 b(Ho)o(w)o(ev)o(er,)14
b(in)f(most)-90 750 y(cases,)19 b(the)e(existence)i(of)e(a)g(common)d
(administrativ)o(e)h(um)o(brella)g(alleviates)h(the)i(need)g(for)f(in)o
(tra-AD)f(con)o(trol)h(of)f(comm)o(unication)-90 800 y(resource)g(usage.)-28
867 y(When)c(an)f(in)o(ter-AD)g(connection)g(is)g(\014rst)h(established,)g
(it)f(ma)o(y)e(violate)h(some)h(of)f(the)i(assumptions)e(under)i(whic)o(h)f
(these)i(in)o(tra-AD)-90 917 y(protection)18 b(decisions)g(w)o(ere)g(made.)27
b(There)18 b(is)f(no)g(longer)g(a)g(common)e(administration,)g(nor)i(the)h
(common)d(organizational)g(goals)-90 967 y(that)h(can)g(b)q(e)g(assumed)f(in)
g(the)i(in)o(tra-AD)e(con)o(text.)24 b(In)15 b(addition,)g(there)i(is)e(no)h
(con)o(trol)f(o)o(v)o(er)h(implem)o(en)o(tation)d(and)i(con\014guration)-90
1017 y(of)g(end-systems)g(and)g(routers)i(in)d(other)i(ADs.)22
b(The)16 b(n)o(um)o(b)q(er)e(and)h(nature)h(of)f(the)h(p)q(oten)o(tial)e
(users)j(increases)g(qualitativ)o(ely)c(in)h(the)-90 1067 y(presence)21
b(of)d(an)g(in)o(ter-AD)h(link.)31 b(In)18 b(this)h(con)o(text,)h(the)f(comm)
o(unicatio)o(n)d(resources)21 b(can)d(no)h(longer)f(b)q(e)h(considered)h
Fp(fr)n(e)n(e)e Fs(to)g(all)-90 1116 y(p)q(oten)o(tial)13 b(users.)20
b(F)m(or)14 b(this)g(reason,)g(stub)h(AD)f(net)o(w)o(ork)g(resources)i
(themselv)o(es)f(m)o(ust)e(b)q(e)h(considered)i(as)e(ob)r(jects)h(of)e
(access)j(con)o(trol)-90 1166 y(p)q(olicy)d(in)h(a)f(m)o(ulti-AD)e(in)o
(ternet.)-28 1234 y(The)k(external)f(connection)h(in)e(a)h(stub)g(AD)g
(usually)f(exists)i(for)f(the)g(purp)q(oses)h(of)f(a)f(small)f(subset)k(of)d
(in)o(ternal)g(end-systems)i([24)o(].)-90 1284 y(It)e(ma)o(y)e(b)q(e)j
(undesirable)g(to)e(exp)q(ose)j(all)c(in)o(ternal)i(end-systems.)18
b(F)m(urthermore,)13 b(as)g(discussed)i(in)e(section)g(1.3.1,)e(it)i(is)g
(impractical)e(to)-90 1333 y(assume)f(that)h(all)e(end-systems)i(in)g(ev)o
(ery)g(AD)f(will)g(implem)o(en)o(t)e(adequate)k(defenses)g(to)f(b)q(e)g
(considered)h(secure)h(in)d(the)h(face)g(of)f(a)g(greatly)-90
1383 y(expanded)k(and)f(div)o(ersi\014ed)h(user)h(comm)o(unit)o(y)10
b(\(e.g.,)i(a)i(global)d(in)o(ternet)o(w)o(ork\).)1189 1368
y Fj(6)1226 1383 y Fs(Therefore,)k(ADs)e(require)i(mec)o(hanisms)c(that)j
(allo)o(w)-90 1433 y(them)h(to)g(designate)h(those)h(end-systems)f(that)g
(will)e(b)q(e)i(reac)o(hable)g(from)e(the)i(outside,)g(and)g(those)g(that)g
(will)e(not.)23 b(Similarly)l(,)13 b(ADs)-90 1483 y(ma)o(y)g(wish)i(to)f
(restrict)j(origination)c(of)h(outgoing)g(tra\016c)h(to)g(those)g
(end-systems)h(that)e(are)i(explicitly)e(authorized,)h(e.g.,)f(to)g(restrict)
-90 1533 y(the)i(usage)h(of)e(pa)o(y-p)q(er-pac)o(k)o(et)h(transit)g
(services)i(or)e(to)f(reduce)j(the)e(risk)g(of)f(undesired)j(information)13
b(exp)q(ortation.)23 b(Hereafter,)18 b(w)o(e)-90 1583 y(refer)d(to)f(the)g
(externally-accessible)h(\(reac)o(hable\))g(end-systems)f(as)g
Fp(e)n(quipp)n(e)n(d)p Fs(,)g(and)g(the)h(rest)g(as)f Fp(une)n(quipp)n(e)n(d)
h Fs(end-systems.)-28 1650 y(Access)k(to)e(unequipp)q(ed)h(end-systems)f(is)g
(treated)h(as)f(a)f(net)o(w)o(ork-lev)o(el)h(access)h(con)o(trol)f(problem.)
26 b(In)16 b(other)i(w)o(ords,)f(the)h(end-)-90 1700 y(system)13
b(net)o(w)o(ork)h(in)o(terfaces)h(are)f(view)o(ed)f(as)h(net)o(w)o(ork)g
(resources)i(that)d(require)i(protection.)j(By)c(con)o(trolling)e(access)j
(to)f(end-system)-90 1750 y(in)o(terfaces,)g(ADs)g(can)h(also)e(address)i
(the)f(susceptibilit)o(y)g(of)g(all)e(end-systems)j(to)e(denial)h(of)f
(service)i(attac)o(ks)f(through)g(\015o)q(o)q(ding)f([27)o(].)-28
1818 y(Finally)m(,)k(ev)o(en)h(comm)o(unication)d(with)i(equipp)q(ed)i
(end-systems)f(m)o(ust)f(b)q(e)i(con)o(trolled)e(at)h(the)h(net)o(w)o(ork)f
(la)o(y)o(er.)29 b(Eac)o(h)19 b(time)d(an)-90 1867 y(unauthorized)j(external)
g(user)g(attempts)f(to)g(comm)o(unicate)e(with)i(an)g(equipp)q(ed)h
(end-system,)g(stub)g(AD)f(net)o(w)o(ork)h(resources)i(are)-90
1917 y(consumed.)e(Ev)o(en)c(if)e(the)i(end-system)f(kno)o(ws)h(to)f(reject)h
(the)g(transaction,)f(it)g(is)g(to)q(o)g(late)g(with)g(resp)q(ect)j(to)d(the)
h(exp)q(ended)h(net)o(w)o(ork)-90 1967 y(resources.)-28 2035
y(In)j(summary)m(,)d(if)h(a)i(stub)g(AD)f(wishes)h(to)f(con)o(trol)g(usage)h
(of)f(its)g(in)o(ternal)g(net)o(w)o(ork)h(resources)i(\(links,)d(bridges,)i
(routers,)g(and)-90 2084 y(end-system)14 b(net)o(w)o(ork)g(in)o(terfaces\))h
(it)f(can)g(not)g(rely)g(solely)f(on)h(the)g(protection)h(mec)o(hanisms)c(in)
j(end-systems.)-90 2215 y Fn(1.3.2.3)48 b(T)l(ransit)14 b(ADs)-90
2309 y Fs(T)m(ransit)f(ADs)h(are)g(concerned)i(with)d(con)o(trolling)f(usage)
i(of,)f(and)g(access)j(to,)d(their)h(in)o(ternal)f(routers)i(and)e(links.)18
b(Their)13 b(p)q(olicies)h(ma)o(y)-90 2359 y(b)q(e)g(based)g(up)q(on)f(the)h
(source)g(or)g(destination)f(AD,)f(the)i(previous)g(or)f(next)h(hop)f(AD,)f
(or)i(other)f(c)o(haracteristics)i(suc)o(h)f(as)g(user)g(classes,)-90
2409 y(c)o(harge)j(co)q(des,)h(or)f(t)o(yp)q(e)g(of)f(service)j([26)o(].)26
b(T)m(ransit)16 b(resources)j(ma)o(y)c(b)q(e)i(billed)f(on)g(a)h
(usage-sensitiv)o(e)g(basis.)27 b(In)17 b(addition,)f(service)-90
2459 y(qualit)o(y)g(is)i(dep)q(enden)o(t)h(up)q(on)f(adequate)g(capacit)o(y)g
(to)f(meet)h(demand.)28 b(Consequen)o(tly)m(,)18 b(con)o(trol)g(of)f(access)i
(to)f(these)h(resources)h(is)-90 2508 y(critical)13 b(to)h(their)h(op)q
(eration.)p -90 2589 864 2 v -44 2616 a Fi(6)-26 2627 y Fh(W)m(e)c(consider)f
(ph)o(ysical)f(isolation)h(of)h(reac)o(hable)e(end-systems)g(from)h(strictly)
g(in)o(ternal)f(end-systems)g(to)i(b)q(e)g(an)h(o)o(v)o(erly)e(restrictiv)o
(e)f(solution.)k(F)m(or)e(most)-90 2667 y(en)o(vironmen)n(ts,)e(it)i(w)o
(ould)g(infringe)e(on)i(in)o(ternal)f(comm)o(unic)o(atio)o(n)f(and)h(in)o
(tegration)f(to)i(an)g(unacceptab)o(le)e(exten)o(t.)2049 2770
y Fs(6)p eop
%%Page: 7 17
bop -28 -108 a Fs(As)16 b(with)f(stub)g(ADs,)g(transit)h(resource)h
(protection)f(can)f(not)g(b)q(e)h(left)f(to)g(end-systems.)22
b(By)15 b(the)h(time)e(tra\016c)h(reac)o(hes)i(the)f(end-)-90
-59 y(systems,)i(the)g(comm)o(unication)d(resources)20 b(w)o(ould)c(ha)o(v)o
(e)i(b)q(een)g(used.)30 b(Moreo)o(v)o(er,)19 b(in)e(the)h(case)h(of)e
(transit)h(ADs,)g(the)g(destination)-90 -9 y(end-system)g(is)g(not)g(within)g
(the)h(particular)e(transit)i(AD's)f(administrativ)o(e)e(con)o(trol)i(and)g
(can)g(not)g(b)q(e)h(exp)q(ected)h(to)e(reco)o(v)o(er)h(the)-90
41 y(transit)d(AD's)g(costs.)26 b(F)m(urthermore,)16 b(transit)h(ADs)f
(should)g(not)g(rely)h(on)f(stub)g(ADs)h(to)f(enforce)h(transit)f(p)q
(olicies;)h(this)f(represen)o(ts)-90 91 y(an)d(excessiv)o(e)i(compromise)d
(of)g(transit)i(ADs')f(autonom)o(y)m(.)j(Ev)o(en)e(if)e(transit)i(ADs)g(are)f
(op)q(en)h(to)g(all)e(pa)o(ying)g(customers,)i(they)g(need)g(to)-90
141 y(monitor)c(and)i(c)o(harge)h(for)e(tra\016c.)18 b(Monitoring)11
b(and)h(c)o(harging)f(are)i(just)f(di\013eren)o(t)h(t)o(yp)q(es)g(of)f(net)o
(w)o(ork-la)o(y)o(er)g(con)o(trol)f(mec)o(hanisms.)16 b(In)-90
190 y(an)o(y)e(case,)i(net)o(w)o(ork)f(la)o(y)o(er)f(con)o(trols)h(are)g
(needed)h(at)f(the)g(b)q(oundaries)h(of)e(transit)h(ADs)g(to)f(protect)i
(against)f(unauthorized)g(resource)-90 240 y(usage)f(and)g(denial)f(of)g
(service)j(attac)o(ks.)-90 379 y Fk(1.3.3)55 b(Route)18 b(selection)-90
473 y Fs(The)d(last)g(p)q(olicy)f(requiremen)o(t)h(faced)g(in)f(the)h(m)o
(ulti-AD)e(con)o(text)i(is)g(con)o(trol)f(of)g(route)i(selection.)21
b(Di\013eren)o(t)16 b(routes)f(ha)o(v)o(e)g(di\013eren)o(t)-90
523 y(c)o(haracteristics.)k(F)m(or)12 b(example,)f(some)g(routes)i(ma)o(y)e
(tra)o(v)o(el)h(via)f(ADs)h(that)h(c)o(harge)f(on)g(a)g(usage)h(sensitiv)o(e)
g(basis.)k(Other)d(ADs)e(ma)o(y)e(b)q(e)-90 573 y(a)o(v)o(oided)k(b)q(ecause)
j(they)f(are)f(not)g(trusted.)23 b(Stub)15 b(ADs)g(ma)o(y)f(wish)h(to)f
(express)j(p)q(olicies)e(regarding)g(the)h(particulars)f(of)f(their)i
(tra\016c)-90 623 y(\015o)o(ws,)e(i.e.,)g(where)i(a)e(pac)o(k)o(et)i(can)f(b)
q(e)g(sen)o(t,)g(ho)o(w)g(it)f(should)h(get)g(there,)g(and)g(whic)o(h)g(in)o
(ternal)f(systems)h(can)g(originate)f(it.)20 b(Similarly)l(,)-90
672 y(some)14 b(ADs)i(will)d(w)o(an)o(t)i(to)g(enforce)h(p)q(olicies)f
(regarding)g(the)h(routes)g(tak)o(en)f(b)o(y)g(incoming)e(tra\016c.)22
b(Con)o(trol)14 b(of)g(transit)i(AD)f(net)o(w)o(ork)-90 722
y(resources)f(and)e(route)h(selection)g(are)f(similar)e(to)i(the)g(exten)o(t)
i(that)e(they)g(b)q(oth)g(restrict)i(access)g(to)e(transit)g(resources.)20
b(Ho)o(w)o(ev)o(er,)12 b(route)-90 772 y(selection)i(is)g(based)g(on)f
(preferences)j(of)d(stub)h(ADs,)g(whereas)g(transit)g(ADs)g(protect)g(their)g
(resources)i(on)d(the)i(basis)e(of)g(lo)q(cal)g(p)q(olicies.)-28
840 y(Therefore,)21 b(a)e(stub)g(AD)f(ma)o(y)f(need)j(to)e(con)o(trol)h
(access)i(to)d(in)o(ter-AD)h(routes)h(according)e(to)h(their)g(c)o
(haracteristics.)34 b(Not)19 b(all)-90 890 y(in)o(ternal)14
b(tra\016c)h(sources)h(will)d(b)q(e)j(giv)o(en)e(external)h(access.)22
b(Ev)o(en)15 b(those)g(sources)i(allo)o(w)o(ed)c(external)i(access)i(ma)o(y)
12 b(not)j(b)q(e)g(p)q(ermitted)-90 939 y(to)g(use)h(routes)g(that)f(incur)g
(usage-sensitiv)o(e)h(c)o(harges.)22 b(Still)14 b(others)i(ma)o(y)d(b)q(e)j
(p)q(ermitted)e(to)h(transmit)f(only)g(o)o(v)o(er)h(routes)h(comp)q(osed)-90
989 y(of)f(highly)f(trusted)i(ADs.)22 b(Some)14 b(AD)h(destinations)h(ma)o(y)
d(ev)o(en)j(b)q(e)g(considered)g(o\013)g(limits)c(to)k(all)e(outgoing)g
(tra\016c.)22 b(These)16 b(p)q(olicies)-90 1039 y(can)d(not)g(b)q(e)g
(enforced)h(b)o(y)e(transp)q(ort)i(la)o(y)o(er)e(proto)q(cols)h(as)g(routing)
f(is)h(transparen)o(t)h(to)e(them.)17 b(Hence,)d(enforcemen)o(t)f(m)o(ust)f
(tak)o(e)h(place)-90 1089 y(at)h(the)g(lev)o(el)g(of)f(in)o(ternet)o(w)o(ork)
h(routing)g(and)g(pac)o(k)o(et)g(forw)o(arding)f(proto)q(cols.)-90
1244 y Fq(1.4)70 b(Design)21 b(Choices)-90 1353 y Fs(This)g(section)g
(addresses)i(the)e(design)g(of)f(enforcemen)o(t)h(mec)o(hanisms)e(to)h(meet)g
(all)g(three)i(con)o(trol)e(requiremen)o(ts:)32 b(end-system,)-90
1403 y(net)o(w)o(ork)19 b(resource,)i(and)d(route)h(selection.)33
b(It)18 b(b)q(egins)h(with)f(the)h(discussion)g(of)f(applicable)g(securit)o
(y)h(services)h(and)f(pro)q(ceeds)h(to)-90 1452 y(discuss)15
b(appropriate)g(enforcemen)o(t)f(lo)q(cations,)f(enforcemen)o(t)h(proto)q
(cols,)g(and)g(gran)o(ularit)o(y)f(of)h(principals.)k(In)c(the)h(\014nal)f
(subsection)-90 1502 y(the)g(ob)r(ject)h(gran)o(ularit)o(y)d(and)i(mo)q(de)e
(of)i(enforcemen)o(t)f(are)i(discussed.)k(The)14 b(results)h(of)e(our)h
(discussion)g(are)g(summarized)e(in)i(Section)-90 1552 y(1.4.6.)-90
1691 y Fk(1.4.1)55 b(Securit)n(y)18 b(Services)-90 1785 y Fs(The)d(OSI)g(mo)q
(del)e(sp)q(eci\014es)k(fourteen)f(securit)o(y)f(services)i([44)o(].)j
(\(They)15 b(are)g(summarized)e(in)h(T)m(able)g(1.1\).)20 b(These)c
(services,)g(ho)o(w)o(ev)o(er,)-90 1835 y(are)e(not)g(uniformly)d(applicable)
i(to)h(all)f(t)o(yp)q(es)i(of)e(ob)r(jects:)-39 1936 y(1.)20
b(End-systems)14 1986 y(Due)e(to)f(the)i(v)n(ariet)o(y)e(of)g(applications)g
(and)g(services)j(pro)o(vided,)e(end-systems)g(are)g(sub)r(ject)i(to)d(a)h
(wide)f(range)h(of)g(p)q(oten)o(tial)14 2035 y(securit)o(y)g(threats.)30
b(T)m(o)16 b(coun)o(ter)j(these)g(threats,)g(end-systems)f(ma)o(y)d(require)j
(all)e(or)i(most)e(of)h(the)h(\(fourteen\))g(OSI)g(securit)o(y)14
2085 y(services.)-39 2168 y(2.)i(Net)o(w)o(ork)14 b(resources)31
2251 y(\(a\))21 b(Stub)14 b(ADs)105 2301 y(In)e(order)h(to)f(prev)o(en)o(t)h
(unauthorized)g(access)h(to)e(their)g(in)o(ternal)g(net)o(w)o(ork)g
(resources)j(and)d(unauthorized)g(exp)q(ort)h(of)f(tra\016c)105
2351 y(across)17 b(AD)f(b)q(oundaries,)g(stub)h(ADs)f(need)h(to)f(enforce)h
(access)h(con)o(trol)e(p)q(olicies.)24 b(This)16 b(en)o(tails)f(the)i(authen)
o(tication)f(of)105 2401 y(principals)10 b(\(p)q(eers\))j(in)o(v)o(olv)o(ed.)
i(F)m(urthermore,)c(since)h(a)e(compromised)e(comm)o(unication)f(c)o(hannel)k
(b)q(et)o(w)o(een)h(an)e(authorized)105 2451 y(pair)i(of)g(principals)g(can)g
(lead)g(to)g(improp)q(er)g(usage)g(of)g(stub)h(AD's)f(in)o(ternal)g(net)o(w)o
(ork)g(resources)j(\(i.e.,)c(compromised)f(data)105 2500 y(still)15
b(consumes)h(stub)g(AD)f(net)o(w)o(ork)h(resources)i Fp(en)f(r)n(oute)p
Fs(\),)f(data)f(origin)f(authen)o(tication)i(and)f(data)h(in)o(tegrit)o(y)f
(m)o(ust)f(b)q(e)105 2550 y(main)o(tained)d(as)h(w)o(ell.)17
b(Non-repudiation)12 b(of)h(origin)e(ma)o(y)g(b)q(e)i(needed)h(if)e(an)h(AD)f
(needs)i(to)f(accoun)o(t)g(for)g(usage)g(of)f(net)o(w)o(ork)105
2600 y(resources.)20 b(On)14 b(the)g(other)f(hand,)g(con\014den)o(tialit)o(y)
f(of)h(the)h(end-to-end)g(data)f(is)g(logically)d(a)j(function)g(of)g(higher)
g(proto)q(col)105 2650 y(la)o(y)o(ers)h(in)f(end-systems.)2049
2770 y(7)p eop
%%Page: 8 18
bop 378 -107 1225 2 v 378 -105 V 377 -57 2 50 v 386 -57 V 411
-72 a Fn(No.)p 510 -57 V 191 w(ISO)16 b(Securit)o(y)d(Service)p
1274 -57 V 189 w(Applicabil)o(i)o(t)o(y)p 1593 -57 V 1602 -57
V 378 -55 1225 2 v 378 -45 V 377 4 2 50 v 386 4 V 438 -11 a
Fs(1)p 510 4 V 186 w(P)o(eer)j(En)o(tit)o(y)d(Authen)o(tication)p
1274 4 V 279 w(Y)p 1593 4 V 1602 4 V 378 6 1225 2 v 377 56
2 50 v 386 56 V 438 41 a(2)p 510 56 V 182 w(Data)g(Origin)g(Authen)o
(tication)p 1274 56 V 274 w(Y)p 1593 56 V 1602 56 V 378 58
1225 2 v 378 68 V 377 117 2 50 v 386 117 V 438 102 a(3)p 510
117 V 228 w(Access)j(Con)o(trol)d(Service)p 1274 117 V 321
w(Y)p 1593 117 V 1602 117 V 378 119 1225 2 v 378 129 V 377
179 2 50 v 386 179 V 438 164 a(4)p 510 179 V 190 w(Connection)h(Con\014den)o
(tialit)o(y)p 1274 179 V 281 w(N)p 1593 179 V 1602 179 V 378
180 1225 2 v 377 230 2 50 v 386 230 V 438 215 a(5)p 510 230
V 159 w(Connectionless)g(Con\014den)o(tialit)o(y)p 1274 230
V 250 w(N)p 1593 230 V 1602 230 V 378 232 1225 2 v 377 282
2 50 v 386 282 V 438 267 a(6)p 510 282 V 161 w(Selectiv)o(e)h(Field)f
(Con\014den)o(tialit)o(y)p 1274 282 V 252 w(N)p 1593 282 V
1602 282 V 378 283 1225 2 v 377 333 2 50 v 386 333 V 438 318
a(7)p 510 333 V 183 w(T)m(ra\016c)g(Flo)o(w)f(Con\014den)o(tialit)o(y)p
1274 333 V 274 w(N)p 1593 333 V 1602 333 V 378 335 1225 2 v
378 345 V 377 395 2 50 v 386 395 V 438 380 a(8)p 510 395 V
109 w(Connection)i(In)o(tegrit)o(y)e(with)h(Reco)o(v)o(ery)p
1274 395 V 202 w(N)p 1593 395 V 1602 395 V 378 396 1225 2 v
377 446 2 50 v 386 446 V 438 431 a(9)p 510 446 V 79 w(Connection)h(In)o
(tegrit)o(y)e(without)h(Reco)o(v)o(ery)p 1274 446 V 172 w(N)p
1593 446 V 1602 446 V 378 448 1225 2 v 377 498 2 50 v 386 498
V 428 483 a(10)p 510 498 V 97 w(Selectiv)o(e)g(Field)g(Connection)g(In)o
(tegrit)o(y)p 1274 498 V 200 w(N)p 1593 498 V 1602 498 V 378
499 1225 2 v 377 549 2 50 v 386 549 V 428 534 a(11)p 510 549
V 203 w(Connectionless)h(In)o(tegrit)o(y)p 1274 549 V 307 w(Y)p
1593 549 V 1602 549 V 378 551 1225 2 v 377 601 2 50 v 386 601
V 428 586 a(12)p 510 601 V 65 w(Selectiv)o(e)g(Field)f(Connectionless)g(In)o
(tegrit)o(y)p 1274 601 V 169 w(N)p 1593 601 V 1602 601 V 378
602 1225 2 v 378 612 V 377 662 2 50 v 386 662 V 428 647 a(13)p
510 662 V 185 w(Non-repudiation)f(at)h(Origin)p 1274 662 V
287 w(Y)p 1593 662 V 1602 662 V 378 664 1225 2 v 377 713 2
50 v 386 713 V 428 698 a(14)p 510 713 V 167 w(Non-repudiation)f(at)h(Deliv)o
(ery)p 1274 713 V 276 w(?)p 1593 713 V 1602 713 V 378 715 1225
2 v 378 717 V 403 750 a Fn(Legend:)454 800 y Fs(Y)50 b({)14
b(applicable)454 850 y(N)50 b({)14 b(not)g(applicable)466 899
y(?)49 b({)14 b(p)q(oten)o(tially)f(applicable)549 1030 y(T)m(able)g(1.1:)k
(Applicabilit)o(y)12 b(of)h(ISO)h(Securit)o(y)h(Services)29
1163 y(\(b\))21 b(T)m(ransit)14 b(ADs)105 1213 y(Because)j(transit)d(AD)h
(net)o(w)o(ork)g(resources)i(are)e(similar)d(to)i(those)h(of)f(stub)i(ADs)e
(\(with)h(the)g(exception)g(of)f(end-systems\))105 1263 y(they)20
b(are)g(sub)r(ject)i(to)d(the)h(same)f(securit)o(y)i(threats,)h(and,)e
(hence,)i(require)f(m)o(uc)o(h)d(the)j(same)e(securit)o(y)h(services.)37
b(As)105 1312 y(discussed)16 b(later,)d(di\013erences)j(arise)f(in)e(other)h
(c)o(haracteristics)i(of)d(p)q(olicy)h(enforcemen)o(t.)-39
1395 y(3.)20 b(Route)14 b(selection)g(p)q(olicies)g(can)g(b)q(e)h(though)o(t)
f(of)f(as)h(access)i(con)o(trol)e(restrictions)h(with)f(resp)q(ect)i(to)e(in)
o(ternet)o(w)o(ork)h(routes.)k(This)14 1445 y(requires)c(authen)o(tication)f
(of)g(the)h(principals)f(requesting)h(access)h(to)f(routes.)20
b(F)m(urthermore,)14 b(it)g(also)g(requires)h(authen)o(tication)14
1495 y(and)j(in)o(tegrit)o(y)f(of)h(routing)g(information)d(pro)o(vided)j(b)o
(y)g(the)h(transit)f(ADs)h(\(b)q(ecause)h(this)e(routing)g(information)d(is)j
(used)h(to)14 1545 y(asso)q(ciate)14 b(cost)h(and)f(securit)o(y)g(c)o
(haracteristics)i(with)e(computed)f(routes\).)-90 1646 y(In)e(summary)m(,)c
(w)o(e)k(are)g(primarily)d(concerned)13 b(with)d(\014v)o(e)h(securit)o(y)g
(services:)18 b(access)13 b(con)o(trol,)d(p)q(eer)i(en)o(tit)o(y)e(authen)o
(tication,)h(data)f(origin)-90 1696 y(authen)o(tication,)i(data)f(in)o
(tegrit)o(y)h(and)g(non-repudiation.)k(The)d(remaining)d(services)k(ma)o(y)c
(b)q(e)j(of)e(concern)i(to)f(some)g(end-systems)g(but,)-90
1745 y(in)17 b(general,)i(are)f(not)g(a\013ected)h(b)o(y)f(the)g(particular)f
(issue)i(of)e(AD)h(in)o(terconnection.)30 b(Not)18 b(surprisingly)m(,)g(the)g
(Standard)g(for)f(In)o(ter-)-90 1795 y(op)q(erable)i(LAN)h(Securit)o(y)f
(\(SILS\))h(recommends)e(atten)o(tion)h(to)f(these)j(same)d(\014v)o(e)h
(securit)o(y)h(services)h([42)o(].)33 b(Moreo)o(v)o(er,)20
b(the)g(SILS)-90 1845 y(do)q(cumen)o(t)15 b(p)q(oin)o(ts)h(out)g(the)g(in)o
(ter-dep)q(endencies)i(among)c(these)j(\014v)o(e)f(services:)24
b(access)17 b(con)o(trol)f(on)f(authen)o(tication)h(and)f(in)o(tegrit)o(y)m
(,)-90 1895 y(authen)o(tication)f(on)f(in)o(tegrit)o(y)m(,)g(and)g
(non-repudiation)h(on)f(authen)o(tication)h(and)g(in)o(tegrit)o(y)m(.)-90
2033 y Fk(1.4.2)55 b(Enforcemen)n(t)18 b(Lo)r(cation)-90 2128
y Fs(One)e(of)f(the)h(most)e(critical)h(decisions)h(in)f(the)h(design)g(of)f
(enforcemen)o(t)g(mec)o(hanisms)f(is)h(their)h(ph)o(ysical)f(lo)q(cation.)22
b(W)m(e)15 b(address)h(the)-90 2178 y(enforcemen)o(t)i(of)f(net)o(w)o(ork)i
(p)q(olicies)e(in)h(the)g(con)o(text)h(of)e(end-systems,)i(b)q(order)g
(routers,)h(and)e(sp)q(ecialized)g(serv)o(ers.)32 b(In)o(ternal)18
b(AD)-90 2227 y(routers)e(\(i.e.,)d(those)i(that)f(sp)q(eak)h(the)g(AD's)f
(in)o(terior)g(routing)g(proto)q(col\))g(are)h(p)q(oten)o(tially)e(large)h
(in)g(n)o(um)o(b)q(er.)k(Mo)q(di\014cation,)13 b(in)h(the)-90
2277 y(form)f(of)h(additional)e(access)k(con)o(trol)f(mec)o(hanisms,)d
(raises)j(concerns)h(regarding)e(the)i(cost)f(of)f(implem)o(en)o(ting)e(and)i
(v)o(erifying)f(system)-90 2327 y(con\014gurations,)h(and)g(in)o(terference)i
(of)e(in)o(ter-AD)g(protection)g(mec)o(hanisms)f(with)h(in)o(tra-AD)f(comm)o
(unication.)i(In)g(Section)f(1.3.2)f(w)o(e)-90 2377 y(justi\014ed)h(the)h
(placemen)o(t)e(of)g(con)o(trols)i(only)e(in)g(those)i(routers)g(that)f(act)h
(as)f(p)q(oin)o(ts)f(of)h(connections)h(to)f(other)g(ADs,)g(i.e.,)e(the)j(b)q
(order)-90 2427 y(routers.)-28 2494 y(In)e(determining)f(the)i(appropriate)f
(lo)q(cations)g(for)f(the)i(enforcemen)o(t)f(of)g(sp)q(eci\014c)h(p)q
(olicies,)f(w)o(e)g(based)h(our)f(decisions)h(on)f(the)g(prin-)-90
2544 y(ciple)h(that,)f(ideally)m(,)f(unauthorized)j(resource)g(usage)g
(attempts)e(should)h(b)q(e)g(detected)j(b)q(efore)d(an)o(y)g(resources)i(ha)o
(v)o(e)e(b)q(een)h(consumed,)-90 2594 y(i.e.,)d(at)i(the)h(earliest)f(p)q
(ossible)g(p)q(oin)o(t.)2049 2770 y(8)p eop
%%Page: 9 19
bop -39 -108 a Fs(1.)20 b Fn(End-system)11 b(resources)p Fs(:)k(equipp)q(ed)d
(end-systems)g(can)f(b)q(e)h(con)o(trolled)f(b)o(y)g(mec)o(hanisms)e(in)i
(the)h(transp)q(ort)g(and)f(application)14 -59 y(la)o(y)o(ers.)24
b(Con)o(trols)16 b(for)f(unequipp)q(ed)i(end-systems)g(are)f(placed)g(with)g
(the)h(stub)f(AD's)g(net)o(w)o(ork)g(resource)i(con)o(trols)e(\(see)h(next)14
-9 y(item\).)25 b(This)16 b(is)g(b)q(ecause)j(no)d(external)h(tra\016c)g
(whatso)q(ev)o(er)g(should)g(b)q(e)g(allo)o(w)o(ed)e(to)h(reac)o(h)i(these)g
(end-systems)f(as)f(they)i(are)14 41 y(assumed)13 b(to)h(b)q(e)h
(unprotected.)-39 119 y(2.)20 b Fn(Net)o(w)o(ork)c(resources)p
Fs(:)i(Stub)d(and)g(transit)g(AD)g(net)o(w)o(ork)g(resources)i(are)e(b)q(oth)
g(con)o(trolled)g(b)o(y)f(mec)o(hanisms)f(lo)q(cated)i(in)f(the)14
169 y(b)q(order)h(routers)h(of)e(the)h(ADs.)20 b(Border)15
b(routers)h(ma)o(y)c(w)o(ork)i(in)g(conjunction)h(with)f(serv)o(ers)i
(\(e.g.,)e(authen)o(tication)g(and)g(access)14 219 y(con)o(trol)g(serv)o
(ers,)i(p)q(olicy)e(serv)o(ers,)i(and)e(route)h(serv)o(ers\))i(that)d(will)f
(also)h(enforce)i(p)q(olicy)m(.)j(Suc)o(h)14 b(serv)o(ers)j(are)e(needed)h
(to)e(o\017oad)14 269 y(time)9 b(and)i(space)g(consuming)e(functions)i(for)g
(p)q(erformance-critical)f(routers,)i(and)e(as)h(a)f(p)q(oin)o(t)g(of)g(co)q
(ordination)g(and)h(in)o(tegration)14 318 y(of)i(p)q(olicy)m(.)-39
397 y(3.)20 b Fn(Route)c(selection)p Fs(:)h(Stub)e(ADs)g(con)o(trol)g(access)
i(to)d(routes)i(within)e(the)i(route)g(serv)o(ers)g(that)f(compute)g
(external)g(routes)h(and)14 446 y(within)d(b)q(order)i(routers)g(that)f(ma)o
(y)e(v)n(alidate)g(tra\016c.)-90 583 y Fk(1.4.3)55 b(Enforcemen)n(t)18
b(Proto)r(col)-90 677 y Fs(Closely)f(related)g(to)g(the)h(enforcemen)o(t)f
(lo)q(cation)f(is)h(the)g(enforcemen)o(t)h(proto)q(col.)27
b(W)m(e)17 b(consider)g(mec)o(hanisms)f(in)g(the)i(end-system)-90
727 y(transp)q(ort)d(\(and)f(higher)h(la)o(y)o(er\))f(proto)q(cols,)g(the)h
(in)o(ternet)o(w)o(ork)f(pac)o(k)o(et-forw)o(arding)g(proto)q(col,)g(and)g
(the)h(in)o(ternet)o(w)o(ork)f(routing)g(pro-)-90 777 y(to)q(col.)26
b(W)m(e)16 b(distinguish)g(b)q(et)o(w)o(een)h(mec)o(hanisms)e(implemen)o(ted)
f(in)i(the)h(in)o(tra-AD)f(proto)q(cols,)h(and)f(those)h(required)h(in)e(the)
h(b)q(order)-90 827 y(router)e(proto)q(cols)f(only)m(.)-39
918 y(1.)20 b(End-systems)12 b(can)g(protect)h(themselv)o(es)f(at)g(an)o(y)f
(\(or)h(all\))f(la)o(y)o(ers)g(in)h(the)g(proto)q(col)g(hierarc)o(h)o(y)g
(\(transp)q(ort)h(la)o(y)o(er)e(b)q(eing)h(the)g(most)14 968
y(applicable\).)17 b(Of)d(course,)h(this)f(only)f(holds)g(for)h(the)g(reac)o
(hable)h(end-systems)f(that)g(are)g(su\016cien)o(tly)g(equipp)q(ed.)-39
1046 y(2.)37 b(\(a\))21 b(The)d(unequipp)q(ed)h(end-systems)g(and)e(the)i
(rest)g(of)e(the)i(stub)f(AD)g(net)o(w)o(ork)g(resources)i(are)e(protected)i
(b)o(y)e(the)g(b)q(order)105 1096 y(routers)i(as)f(discussed)i(ab)q(o)o(v)o
(e.)32 b(Since)20 b(ADs)f(in)o(terconnect)h(at)f(the)g(net)o(w)o(ork)g(la)o
(y)o(er)g(and)f(the)i(net)o(w)o(ork-la)o(y)o(er)e Fn(pac)o(k)o(et-)105
1146 y(forw)o(arding)11 b Fs(proto)q(col)i(is)h(the)g(highest)g(la)o(y)o(er)f
(with)g(resp)q(ect)j(to)d(these)i(resources,)h(it)d(is)g(the)h(most)f
(appropriate)g(proto)q(col)105 1196 y(for)h(the)g(enforcemen)o(t)g(of)f
(access)j(restrictions)f(to)f(unequipp)q(ed)h(end-systems.)29
1257 y(\(b\))21 b(In)e(order)h(to)e(protect)j(net)o(w)o(ork)e(resources)i(of)
d(transit)h(ADs,)h(access)h(con)o(trols)e(m)o(ust)f(also)g(b)q(e)i(incorp)q
(orated)f(in)o(to)f(the)105 1307 y(net)o(w)o(ork-la)o(y)o(er)f
Fn(routing)h(proto)q(col)p Fs(.)27 b(This)17 b(is)h(necessary)h(b)q(ecause,)h
(unlik)o(e)d(stub)h(AD)f(p)q(olicies,)h(transit)g(AD)f(p)q(olicies)105
1357 y(ma)o(y)11 b(prev)o(en)o(t)i(comm)o(unication)d(ev)o(en)j(when)g(a)f
(viable)g(route)h(exists.)19 b(If)12 b(a)g(stub)h(AD's)g(p)q(olicy)f(disallo)
o(ws)f(comm)o(unicatio)o(n,)105 1407 y(the)j(user)h(ma)o(y)d(b)q(e)j(incon)o
(v)o(enienced.)j(Ho)o(w)o(ev)o(er,)c(the)h(p)q(olicy)e(is)g(ha)o(ving)g(its)h
(desired)h(a\013ect.)k(On)14 b(the)g(other)h(hand,)e(transit)105
1457 y(AD)h(p)q(olicies)f(ha)o(v)o(e)h(more)e(far-reac)o(hing)i(impact.)i
(The)e(shortest)i(route)e(computed)f(b)o(y)h(a)f(traditional)f(routing)i
(algorithm)105 1506 y(ma)o(y)d(not)h(b)q(e)i(usable)e(b)o(y)h(a)f(particular)
g(source)i(due)f(to)g(a)f(p)q(olicy)g(of)g(one)h(of)f(the)h(transit)g(ADs.)18
b(Without)12 b(access)i(to)f(transit)105 1556 y(p)q(olicy)e(information,)e
(the)j(routing)f(proto)q(col)g(has)h(no)g(means)e(of)h(\014nding)h(an)f
(alternativ)o(e,)g(p)q(erhaps)i Fp(longer)p Fs(,)e(route)i(for)e(that)105
1606 y(source.)105 1662 y(As)j(a)g(result,)g(transit)g(ADs)f(can)h(not)g
(simply)d(enforce)k(p)q(olicy)e(restrictions)i(on)f(a)f(unilateral)g(basis)g
(at)h(pac)o(k)o(et)g(forw)o(arding)105 1712 y(time.)j(Instead,)d(p)q(olicies)
f(p)q(ertaining)h(to)g(transit)g(AD)f(net)o(w)o(ork)h(resources)i(m)o(ust)d
(b)q(e)i(either)f(implicit)d(in)j(the)g(top)q(ology)f(of)105
1761 y(an)e(in)o(ternet)o(w)o(ork,)g(or)g(adv)o(ertised)h(to)f(the)h(an)o
(ticipated)e(resource)j(users)g(as)e(part)g(of)f(the)i(net)o(w)o(ork-la)o(y)o
(er)e(routing)h(proto)q(col.)2052 1746 y Fj(7)-39 1840 y Fs(3.)20
b(Route)15 b(selection)g(p)q(olicies)g(are)g(enforced)i(at)d(b)q(oth)h(b)q
(order)h(routers)h(and)d(route)i(serv)o(ers.)23 b(In)15 b(route)h(serv)o
(ers,)g(the)g(enforcemen)o(t)14 1889 y(proto)q(col)e(is)g(the)i
Fn(routing)d(proto)q(col)g Fs(application)g(that)i(computes)f(in)o(ternet)o
(w)o(ork)h(routes)g(and)g(distributes)g(them)f(to)g(appro-)14
1939 y(priate)d(end-systems.)18 b(In)11 b(addition,)f(b)q(order)i(routers)g
(ha)o(v)o(e)f(to)g(v)n(alidate)f(route)i(selection)f(made)f(b)o(y)h(the)h
(route)g(serv)o(ers)h(at)e(pac)o(k)o(et)14 1989 y(forw)o(arding)i(time.)j
(The)f(latter)f(function)f(needs)j(to)d(tak)o(e)h(place)g(in)g(the)g(net)o(w)
o(ork-la)o(y)o(er)g(pac)o(k)o(et-forw)o(arding)f(proto)q(col.)-90
2126 y Fk(1.4.4)55 b(Principal)18 b(Gran)n(ularit)n(y)-90 2220
y Fs(W)m(e)11 b(refer)i(to)e(the)h(sub)r(ject)i(of)d(a)g(securit)o(y)h(p)q
(olicy)f(as)h(a)f Fp(princip)n(al)g Fs([79)o(])h(\(i.e.,)e(a)i(principal)e
(is)i(p)q(ermitted)f(to)h(access,)h(or)f(is)f(restricted)j(from)-90
2270 y(accessing)g(a)e(particular)g(ob)r(ject\).)19 b(P)o(olicies)12
b(ma)o(y)f(b)q(e)i(applied)f(to)g(ADs)h(as)f(a)h(whole,)f(to)g(user)i
(classes)g(that)e(are)h(lo)q(cation-indep)q(enden)o(t,)-90
2320 y(to)k(particular)g(end-systems)g(within)g(ADs,)g(or)g(to)g(particular)g
(users)i(or)e(user)h(pro)q(cesses.)30 b(The)18 b(coarser)g(grain)e(p)q
(olicies)h(\(i.e,)g(those)-90 2370 y(based)f(on)f(AD)g(or)h(user)g(class\))g
(are)g(easier)g(to)g(manage)d(but,)j(b)o(y)f(de\014nition,)g(less)h(precise.)
24 b(Of)16 b(these)g(p)q(olicies,)g(ones)g(based)g(on)f(user)-90
2419 y(classes)g(are)f(more)f(di\016cult)g(to)h(implemen)o(t,)d(but)j
(o\013er)g(\015exibilit)o(y)f(of)g(grouping)g(users)i(indep)q(enden)o(t)g(of)
f(the)g(ph)o(ysical)f(lo)q(cation.)18 b(The)-90 2469 y(di\016cult)o(y)d
(arises)h(from)e(ha)o(ving)g(to)i(bind)f(a)g(user)i(or)e(user)i(class)f(to)f
(lo)o(w)o(er-lev)o(el)g(units)h(of)f(comm)o(uni)o(cation,)e(i.e.,)h(pac)o(k)o
(ets.)24 b(Whereas)-90 2519 y(pac)o(k)o(ets)18 b(routinely)g(include)f
(end-system)h(addresses)i(that)d(can)h(b)q(e)g(mapp)q(ed)f(more)g(easily)g
(in)o(to)g(AD)g(addresses)j(through)d(existing)-90 2569 y(mec)o(hanisms.)p
-90 2631 864 2 v -44 2658 a Fi(7)-26 2670 y Fh(As)12 b(argued)d(in)i([7],)g
(it)h(is)f(di\016cult)f(to)i(re\015ect)d(a)j(ric)o(h)e(set)i(of)f(p)q
(olicies)e(in)j(the)e(top)q(ology)f(when)j(the)e(in)o(ternet)o(w)o(ork)f(is)j
(of)f(this)g(scale)f(and)h(heterogene)o(it)o(y)m(.)2049 2770
y Fs(9)p eop
%%Page: 10 20
bop -39 -108 a Fs(1.)20 b(F)m(or)13 b(p)q(olicy)h(enforcemen)o(t)g(at)g(the)h
(end-system)f(lev)o(el,)f(the)i(c)o(hoice)f(of)g(principal)f(gran)o(ularit)o
(y)g(dep)q(ends)j(on)d(the)i(proto)q(col)f(la)o(y)o(er.)14
-59 y(Since)19 b(end-systems)g(can)g(implemen)o(t)d(con)o(trols)j(at)f(sev)o
(eral)h(proto)q(col)g(la)o(y)o(ers,)g(principals)f(of)g(di\013eren)o(t)i
(gran)o(ularit)o(y)d(can)i(b)q(e)14 -9 y(sp)q(eci\014ed.)g(F)m(or)14
b(example,)e(end-systems)i(at)g(the)h(transp)q(ort)f(la)o(y)o(er)g(and)g
(application)e(proto)q(cols)i(or)g(users)h(at)f(higher)g(la)o(y)o(ers.)-39
69 y(2.)20 b(The)d(ends-p)q(oin)o(ts)g(of)f(in)o(ter-AD)h(comm)o(uni)o
(cation)d(with)i(resp)q(ect)j(to)d(stub)h(AD)g(net)o(w)o(ork)g(resources)i
(are)e(the)g(end-p)q(oin)o(t)f(stub)14 118 y(ADs)f(This)f(implies)f(that)h
(the)h(principal)f(gran)o(ularit)o(y)g(for)g(stub)h(AD)f(access)j(con)o(trol)
d(should)g(b)q(e)i(at)e(the)h(lev)o(el)g(of)f(ADs)g(or)h(user)14
168 y(classes.)27 b(Ho)o(w)o(ev)o(er,)18 b(as)f(men)o(tioned)e(b)q(efore,)j
(net)o(w)o(ork)f(resources)i(of)d(stub)h(ADs)g(include)g(the)g
Fp(une)n(quipp)n(e)n(d)h Fs(end-systems.)27 b(T)m(o)14 218
y(preclude)17 b(all)d(access)j(to)e(these)i(end-systems,)f(it)f(is)h
(necessary)h(to)f(discriminate)e(incoming)f(tra\016c)j(on)f(the)h(basis)g(of)
e(the)j(end-)14 268 y(system)12 b(destination)h(address.)19
b(Therefore,)13 b(principal)f(gran)o(ularit)o(y)g(for)g(stub)h(AD)g(net)o(w)o
(ork)g(resources)i(ma)o(y)c(b)q(e)i(end-system)g(as)14 318
y(w)o(ell)g(as)h(AD.)-39 395 y(3.)20 b(Since)g(transit)g(ADs)g(pro)o(vide)f
(comm)o(unication)e(facilities)h(for)i(large)f(n)o(um)o(b)q(ers)g(of)g(stub)i
(ADs,)g(it)e(is)g(impractical)f(for)i(their)14 445 y(resource)e(usage)f(p)q
(olicy)f(to)h(sp)q(ecify)g(\014ne-grained)g(principals)f(suc)o(h)h(as)g
(end-systems.)1414 430 y Fj(8)1459 445 y Fs(Therefore,)h(the)f(sub)r(jects)i
(of)d(transit)14 495 y(resource)g(p)q(olicy)d(enforcemen)o(t)h(are)g(exp)q
(ected)i(to)e(b)q(e)g(ADs)g(and)g(user)h(classes.)-39 572 y(4.)20
b(F)m(or)f(route)h(selection)g(p)q(olicies,)g(w)o(e)g(m)o(ust)e(consider)j
(the)f(gran)o(ularities)f(of)f(the)i(t)o(w)o(o)f(end-p)q(oin)o(t)h(\(source)h
(and)e(destination\))14 622 y(principals.)j(They)16 b(ma)o(y)e(b)q(e)i(the)g
(same)f(\(e.g.,)f(a)i(single)f(route)h(b)q(et)o(w)o(een)h(a)e(pair)g(of)g
(ADs\))h(or)f(they)h(ma)o(y)e(di\013er,)i(e.g.,)e(a)i(p)q(olicy)14
672 y(ma)o(y)i(prescrib)q(e)k(a)e(sp)q(eci\014c)h(route)g(for)e(a)h(giv)o(en)
f Ff(f)p Fp(end-system,destination-AD)p Ff(g)i Fs(pair.)35
b(It)21 b(is)e(exp)q(ected)j(that)f(most)d(route)14 722 y(selection)c(p)q
(olicies)g(will)e(restrict)k(based)e(on)g(source)h(AD)f(\(or)g(user)h
(class\))f(and)g(destination)g(AD.)-90 858 y Fk(1.4.5)55 b(Comm)n(unication)
19 b(Gran)n(ularit)n(y)f(and)i(Enforcemen)n(t)d(Mo)r(de)-90
952 y Fs(P)o(olicies)g(ma)o(y)e(b)q(e)i(applied)g(to)f(comm)o(unication)e
(units)j(of)f(di\013eren)o(t)i(gran)o(ularit)o(y)m(.)26 b(In)17
b(particular,)g(there)h(are)f(tradeo\013s)h(asso)q(ciated)-90
1002 y(with)c(implemen)o(ting)d(con)o(trols)j(p)q(er)h(pac)o(k)o(et,)g(p)q
(er)g(end-system)f(asso)q(ciation)g(\(i.e.,)f(connection\),)i(and)f(p)q(er)h
(AD)f(asso)q(ciation.)19 b(W)m(e)14 b(also)-90 1052 y(consider)f(the)f
(appropriateness)h(of)e(using)h(a)f(priori)g(\(prev)o(en)o(tiv)o(e\))i(or)f
(p)q(ost)g(facto)g(\(accoun)o(ting\))g(detection,)g(of)g(unauthorized)g
(resource)-90 1102 y(use,)i(in)g(the)g(con)o(text)h(of)e(di\013eren)o(t)i(p)q
(olicy)e(ob)r(jects)i(and)f(securit)o(y)h(services.)-39 1192
y(1.)20 b(A)o(t)e(the)h(end-systems,)h(the)f(gran)o(ularit)o(y)f(of)f(con)o
(trolled)i(comm)o(unicati)o(on)d(units)i(dep)q(ends)j(on)d(their)h(reac)o
(habilit)o(y)m(.)30 b(F)m(or)18 b(the)14 1242 y(reac)o(hable)13
b(end-systems,)g(gran)o(ularit)o(y)e(dep)q(ends)j(up)q(on)f(the)g(particular)
g(enforcemen)o(t)g(proto)q(col.)k(F)m(or)12 b(example,)f(p)q(er-pac)o(k)o(et)
j(at)14 1291 y(the)g(net)o(w)o(ork)g(la)o(y)o(er,)e(and)i(p)q(er)g
(end-system)g(asso)q(ciation)f(at)h(the)g(transp)q(ort)g(la)o(y)o(er.)k
(Regardless)c(of)f(the)h(proto)q(col,)f(the)h(mo)q(de)f(of)14
1341 y(enforcemen)o(t)h(has)g(to)g(b)q(e)g(prev)o(en)o(tiv)o(e)h(\(at)f
(real-time\))e(since)j(end-system)f(disruption)g(can)g(not)f(usually)h(b)q(e)
g(tolerated.)14 1405 y(Access)g(con)o(trol)e(for)f(unequipp)q(ed)i
(end-systems)g(has)f(to)g(b)q(e)g(done)h(on)e(a)h(p)q(er)h(pac)o(k)o(et)f
(prev)o(en)o(tiv)o(e)h(basis)f(in)f(b)q(order)i(routers.)19
b(This)14 1455 y(is)14 b(b)q(ecause)h(ev)o(en)g(a)e(single)h(pac)o(k)o(et)g
(can)g(disrupt)h(these)g(unprotected)h(end-systems.)-39 1532
y(2.)k(It)15 b(is)g(less)h(straigh)o(t)f(forw)o(ard)g(to)g(determine)h(the)g
(appropriate)f(basis)g(for)g(protection)h(of)f(other)h(stub)f(AD)h(net)o(w)o
(ork)f(resources.)14 1582 y(If)f(reac)o(hable)i(end-systems)f(implemen)o(t)d
(con)o(trols,)j(and)f(external)i(tra\016c)f(to)f(unequipp)q(ed)i(end-systems)
f(is)g(prev)o(en)o(ted)h(at)f(AD)14 1632 y(b)q(oundaries,)21
b(the)f(only)e(p)q(oten)o(tial)h(for)g(unauthorized)h(use)h(of)d(stub)i(AD)g
(net)o(w)o(ork)f(resources)j(is)d(the)i(compromised)c(tra\016c)14
1682 y(addressed)f(to)e(reac)o(hable)g(end-systems.)20 b(Suc)o(h)14
b(tra\016c)h(consumes)f(net)o(w)o(ork)g(resources)j Fp(en)e(r)n(oute)p
Fs(.)1592 1667 y Fj(9)1629 1682 y Fs(Ho)o(w)o(ev)o(er,)f(authen)o(ticating)14
1731 y(the)j(origin)e(and)h(c)o(hec)o(king)h(data)f(in)o(tegrit)o(y)g(of)g
(ev)o(ery)h(incoming)d(pac)o(k)o(et)j(ma)o(y)d(b)q(e)j(exp)q(ensiv)o(e)h(in)e
(terms)g(of)g(p)q(erformance)g(and)14 1781 y(implemen)o(tati)o(on.)i(Th)o
(us,)d(some)f(ADs)h(ma)o(y)e(elect)i(to)g(allo)o(w)e(for)i(some)f
(unauthorized)h(resource)i(usage)e(of)f(this)h(sort)g(in)g(return)14
1831 y(for)g(faster)i(pac)o(k)o(et)f(switc)o(hing)g(in)g(b)q(order)h
(routers,)g(while)e(others)i(ma)o(y)d(go)i(to)g(the)g(trouble)g(of)g
(scrutinizing)g(ev)o(ery)h(pac)o(k)o(et)f(to)14 1881 y(assure)g(non-in)o
(terference)h(of)d(compromised)f(tra\016c.)21 b(In)15 b(summary)m(,)d(for)j
(net)o(w)o(ork)g(resources)i(other)f(than)e(end-systems,)i(b)q(oth)14
1931 y(real-time)c(and)i(p)q(ost)g(facto)g(\(accoun)o(ting-based\))g
(detection)h(metho)q(ds)f(can)g(b)q(e)g(used.)-39 2008 y(3.)20
b(F)m(or)14 b(transit)h(AD)f(net)o(w)o(ork)h(resources,)h(the)g(comm)o(uni)o
(cation)c(unit)i(gran)o(ularit)o(y)f(is)i(dep)q(enden)o(t)h(up)q(on)f(the)g
(particular)f(securit)o(y)14 2058 y(service.)26 b(It)16 b(is)h(impractical)d
(to)i(con)o(trol)g(access)i(on)e(the)h(basis)f(of)g(pac)o(k)o(ets)h(or)f
(end-system)g(asso)q(ciations)g(due)h(to)f(p)q(oten)o(tially)14
2108 y(large)j(n)o(um)o(b)q(ers)f(of)h(them.)33 b(It)19 b(is)g(more)f
(manageable)f(to)i(apply)f(enforcemen)o(t)h(to)g(stub)h(AD)f(asso)q
(ciations.)33 b(Because)21 b(AD-)14 2158 y(pair)c(asso)q(ciations)g(are)h
(coarse-grained)g(\(i.e.,)e(can)i(encompass)f(large)g(v)o(olumes)f(of)g(pac)o
(k)o(et)i(tra\016c\),)g(establishmen)o(t)f(of)f(suc)o(h)14
2208 y(asso)q(ciations)c(ma)o(y)e(b)q(e)i(v)o(eri\014ed)h(and)f(v)n(alidated)
f(b)o(y)g(in)o(terv)o(ening)h(transit)g(AD.)g(Ho)o(w)o(ev)o(er,)g(due)h(to)e
(the)i(p)q(oten)o(tial)e(risks)i(in)o(v)o(olv)o(ed,)14 2257
y(this)h(t)o(yp)q(e)g(of)f(enforcemen)o(t)h(should)g(b)q(e)h(addressed)g
(using)f(prev)o(en)o(tiv)o(e)h(metho)q(ds.)14 2321 y(Once)g(a)f(stub)h
(AD-pair)e(asso)q(ciation)h(is)g(v)n(alidated)f(b)o(y)h(a)g(transit)h(AD,)e
(individual)f(data)i(pac)o(k)o(ets)h(m)o(ust)f(b)q(e)g(asso)q(ciated)h(with)f
(a)14 2371 y(particular)i(AD-pair,)f(e.g.,)g(to)h(pass)h(c)o(harges)g
(appropriately)m(.)23 b(The)17 b(implicatio)o(n)d(is)h(that)i(at)e(least)i
(some)e(enforcemen)o(t)h(m)o(ust)14 2421 y(tak)o(e)11 b(place)g(on)f(p)q
(er-pac)o(k)o(et)i(basis.)17 b(One)12 b(p)q(ossible)f(scenario)g(is)g(to)f
(enforce)i(certain)g Fp(inexp)n(ensive)f Fs(con)o(trols)g(\(based)h(on)e
(addressing)14 2470 y(and/or)i(route\))i(in)f(real-time,)e(\(i.e.,)h(without)
g(exp)q(ensiv)o(e)i(data)f(authen)o(tication)g(and)f(in)o(tegrit)o(y)h(c)o
(hec)o(ks\),)h(com)o(bined)e(with)g(bulk)14 2520 y(pac)o(k)o(et-based)j
(accoun)o(ting)e(to)h(later)g(detect)i(fraudulen)o(t)d(\(or)h(unaccoun)o(ted)
h(for\))f(resource)i(usage.)p -90 2592 864 2 v -44 2619 a Fi(8)-26
2630 y Fh(T)m(ransit)10 b(ADs)i(are)f(also)g(more)f(lik)o(ely)g(to)h(bundle)f
(usage)g(c)o(harges)g(on)h(the)g(basis)f(of)i(ADs)g(rather)e(than)g
(end-systems.)-44 2658 y Fi(9)-26 2670 y Fh(Ho)o(w)o(ev)o(er,)g(it)i(p)q
(oses)e(no)h(direct)f(threat)g(to)h(end-systems,)e(as)i(they)f(are)h
(su\016cien)o(tly)f(protected.)2028 2770 y Fs(10)p eop
%%Page: 11 21
bop -90 -108 a Fs(In)20 b(summary)m(,)e(the)j(design)f(c)o(hoices)h(of)f(ob)r
(ject)h(gran)o(ularit)o(y)d(and)i(enforcemen)o(t)g(mo)q(de)f(are)i(more)e
(con)o(text-dep)q(enden)o(t)j(than)f(are)-90 -59 y(enforcemen)o(t)14
b(lo)q(cation,)f(proto)q(col,)g(or)h(principal)f(gran)o(ularit)o(y)m(.)-90
80 y Fk(1.4.6)55 b(Summary)-90 174 y Fs(W)m(e)13 b(conclude)i(this)f(section)
h(with)e(the)i(results)g(of)e(the)i(ab)q(o)o(v)o(e)e(discussion)i(summarized)
d(in)h(T)m(able)g(1.2.)1560 159 y Fj(10)p 202 267 1575 2 v
202 269 V 202 269 V 202 271 V 201 319 2 50 v 210 319 V 236
304 a Fs(Resources)p 488 319 V 497 319 V 115 w(Securit)o(y)p
705 319 V 87 w(Enforcemen)o(t)p 1046 319 V 148 w(Enforcemen)o(t)p
1459 319 V 164 w(Principal)p 1768 319 V 1777 319 V 201 369
V 210 369 V 488 369 V 497 369 V 533 354 a(services)p 705 369
V 136 w(lo)q(cation)p 1046 369 V 229 w(proto)q(col)p 1459 369
V 187 w(gran)o(ularit)o(y)p 1768 369 V 1777 369 V 202 370 1575
2 v 202 372 V 202 372 V 202 374 V 201 422 2 50 v 210 422 V
488 422 V 497 422 V 705 422 V 757 407 a(End-systems,)p 1046
422 V 1459 422 V 1768 422 V 1777 422 V 201 471 V 210 471 V
236 457 a(End-systems)p 488 471 V 497 471 V 111 w(All)p 705
471 V 112 w(Access)j(Con)o(trol)p 1046 471 V 150 w(T)m(ransp)q(ort)p
1459 471 V 234 w(An)o(y)p 1768 471 V 1777 471 V 201 521 V 210
521 V 488 521 V 497 521 V 705 521 V 812 506 a(Serv)o(ers)p
1046 521 V 221 w(and)e(ab)q(o)o(v)o(e)p 1459 521 V 1768 521
V 1777 521 V 202 523 1575 2 v 201 573 2 50 v 210 573 V 236
558 a(Stub)g(AD)p 488 573 V 497 573 V 705 573 V 333 w(Border)h(Routers,)p
1046 573 V 1459 573 V 1768 573 V 1777 573 V 201 623 V 210 623
V 236 608 a(Net)o(w)o(ork)p 488 623 V 497 623 V 134 w(2,3,11,13)p
705 623 V 58 w(Access)h(Con)o(trol)p 1046 623 V 164 w(Net)o(w)o(ork)p
1459 623 V 174 w(End-system,)p 1768 623 V 1777 623 V 201 672
V 210 672 V 236 657 a(Resources)p 488 672 V 497 672 V 705 672
V 399 w(Serv)o(ers)p 1046 672 V 1459 672 V 545 w(AD,)d(user)i(class)p
1768 672 V 1777 672 V 202 674 1575 2 v 201 724 2 50 v 210 724
V 236 709 a(T)m(ransit)e(AD)p 488 724 V 497 724 V 705 724 V
288 w(Border)i(Routers,)p 1046 724 V 1459 724 V 1768 724 V
1777 724 V 201 774 V 210 774 V 236 759 a(Net)o(w)o(ork)p 488
774 V 497 774 V 134 w(2,3,11,13)p 705 774 V 58 w(Access)h(Con)o(trol)p
1046 774 V 168 w(Routing)p 1459 774 V 157 w(AD,)d(user)i(class)p
1768 774 V 1777 774 V 201 823 V 210 823 V 236 809 a(Resources)p
488 823 V 497 823 V 705 823 V 399 w(Serv)o(ers)p 1046 823 V
1459 823 V 1768 823 V 1777 823 V 202 825 1575 2 v 201 875 2
50 v 210 875 V 236 860 a(Route)p 488 875 V 497 875 V 230 w(2,3)p
705 875 V 102 w(Border)g(Routers,)p 1046 875 V 118 w(Routing)e(and)p
1459 875 V 210 w(An)o(y)p 1768 875 V 1777 875 V 201 925 V 210
925 V 236 910 a(Selection)p 488 925 V 497 925 V 705 925 V 354
w(Route)g(Serv)o(ers)p 1046 925 V 71 w(Route)h(Computation)p
1459 925 V 1768 925 V 1777 925 V 202 926 1575 2 v 202 928 V
202 928 V 202 930 V 605 1044 a(T)m(able)f(1.2:)k(P)o(olicy)c(Enforcemen)o(t)h
(P)o(arameters)-90 1257 y Fq(1.5)70 b(Conclusions)-90 1366
y Fs(In)19 b(conclusion,)h(an)f(in)o(tegrated)h(view)f(of)g(access)i(con)o
(trol)e(is)g(needed)i(in)e(an)g(en)o(vironmen)o(t)f(of)g(in)o(terconnected)k
(ADs)d(in)g(order)h(to)-90 1416 y(ac)o(hiev)o(e)14 b(e\013ectiv)o(e)h(and)f
(e\016cien)o(t)g(placemen)o(t)g(of)f(function)g(for)h(di\013eren)o(t)h(t)o
(yp)q(es)g(of)e(p)q(olicy)m(,)f(and)i(to)f(de\014ne)i(consisten)o(t)g(p)q
(olicies)f(across)-90 1465 y(the)k(man)o(y)e(net)o(w)o(ork)h(elemen)o(ts,)h
(proto)q(cols,)g(and)f(serv)o(ers)j(that)d(are)h(in)o(v)o(olv)o(ed.)27
b(In)18 b(this)f(c)o(hapter,)i(w)o(e)f(prop)q(osed)g(a)f(framew)o(ork)f(for)
-90 1515 y(placemen)o(t)c(of)g(access)i(con)o(trol)e(functions.)18
b(W)m(e)12 b(applied)g(the)h(original)e Fp(end-to-end)i Fs(argumen)o(t)f(to)g
(net)o(w)o(ork)h(resources)i(and)d(concluded)-90 1565 y(that)i(resources)i
(other)e(than)g(su\016cien)o(tly)g(protected)h(end-systems)f(are)h(b)q(est)f
(protected)i(at)e(the)g(b)q(order)h(routers.)k(This)13 b(argumen)o(t)g(is)-90
1615 y(reinforced)j(b)o(y)e(the)i(increasing)f(concerns)i(with)d(resp)q(ect)j
(to)e(resource)i(usage)e(feedbac)o(k)h(and)f(cost)g(reco)o(v)o(ery)h(that)f
(are)g(raised)h(b)o(y)e(the)-90 1665 y(commercialization)c(of)k(in)o(ternet)o
(w)o(ork)g(transit)g(facilities)f([33)o(].)-90 1820 y Fq(1.6)70
b(Ov)n(erview)21 b(of)i(This)f(Thesis)-90 1929 y Fs(The)c(remainder)f(of)h
(this)f(thesis)i(is)f(organized)g(as)f(follo)o(ws.)29 b(Chapter)18
b(2)f(b)q(egins)i(b)o(y)e(reviewing)h(and)f(discussing)i(related)f(researc)o
(h)-90 1978 y(in)i(p)q(olicy)g(enforcemen)o(t.)38 b(W)m(e)20
b(concen)o(trate)i(on)f(t)o(w)o(o)f(areas:)32 b(i\))20 b(net)o(w)o(ork)g
(securit)o(y)i(and)e(in)o(ternet)o(w)o(ork)h(access)i(con)o(trol,)e(and)f
(i\))-90 2028 y(in)o(ternet)o(w)o(ork)e(routing.)27 b(Subsequen)o(tly)m(,)18
b(in)e(the)i(second)g(part)g(of)e(the)i(c)o(hapter,)g(w)o(e)g(iden)o(tify)e
(and)h(discuss)h(sev)o(eral)g(basic)f(supp)q(ort)-90 2078 y(mec)o(hanisms)12
b(used)j(as)f(building)e(blo)q(c)o(ks)i(in)f(our)h(design.)-28
2146 y(Chapter)k(3)e(addresses)j(stub)f(AD)e(p)q(olicy)g(enforcemen)o(t)h
(mec)o(hanisms.)25 b(W)m(e)17 b(in)o(tro)q(duce)g Fp(Visa)g
Fs(proto)q(col)g(for)f(con)o(trolling)g(pac)o(k)o(et)-90 2195
y(tra\016c)21 b(at)g(stub)g(AD)f(b)q(oundaries;)25 b(its)20
b(main)f(purp)q(ose)j(is)f(the)g(establishmen)o(t)f(of)g(authorized)i(and)e
(authen)o(ticated)i(end-system)-90 2245 y(asso)q(ciations.)c(The)c(k)o(ey)g
(features)h(of)f(the)g(proto)q(col)g(are:)-28 2346 y Ff(\017)21
b Fs(A)14 b(sp)q(ecial)g(tic)o(k)o(et,)g(called)f(a)h Fp(visa)g
Fs(is)f(required)i(for)f(comm)o(unicati)o(on)d(outside)j(an)g(AD.)-28
2429 y Ff(\017)21 b Fs(Only)13 b(select)j(end-systems)e(\(those)h(that)f(are)
g(su\016cien)o(tly)g(protected\))i(are)e(gran)o(ted)g(visas.)-28
2512 y Ff(\017)21 b Fs(Access)16 b(Con)o(trol)d(Serv)o(ers)i(in)f(b)q(oth)g
(end-p)q(oin)o(t)g(ADs)g(m)o(ust)f(authorize)h(comm)o(unicatio)o(n)d(b)q
(efore)k(a)f(visa)f(is)h(issued.)p -90 2592 864 2 v -59 2619
a Fi(10)-26 2631 y Fh(W)m(e)f(exclude)e(the)h(issues)g(discussed)g(in)g
(Section)f(1.4.5)h(b)q(ecause)f(the)i(suggested)e(approac)o(h)f(is)j(v)o(ery)
f(con)o(text-dep)q(e)o(nd)o(en)o(t)e(and)i(do)q(es)g(not)h(lend)f(itself)g
(to)-90 2670 y(accurate)d(represen)o(tatio)o(n)g(in)i(a)g(table.)2028
2770 y Fs(11)p eop
%%Page: 12 22
bop -28 -108 a Ff(\017)21 b Fs(Visas)14 b(are)g(distributed)h(to)e(the)i
(authorized)f(end-systems)h(and)e(b)q(order-routers)j(in)e(the)g(end-p)q(oin)
o(t)g(ADs.)-28 -25 y Ff(\017)21 b Fs(Ev)o(ery)15 b(pac)o(k)o(et)f(that)h
(attempts)f(to)g(lea)o(v)o(e)g(or)g(en)o(ter)h(an)f(AD)h(is)f(exp)q(ected)i
(to)e(b)q(e)h(stamp)q(ed)f(with)g(a)g(v)n(alid)f(visa)g(thereb)o(y)j(pro)o
(ving)14 24 y(its)e(authen)o(ticit)o(y)m(.)-90 125 y(After)j(describing)g
(the)h(proto)q(col)e(and)g(discussing)i(n)o(umerous)e(design)g(issues,)i(w)o
(e)f(analyze)g(its)f(securit)o(y)i(and)e(asso)q(ciated)i(o)o(v)o(erhead)-90
175 y(costs.)-28 243 y(Chapter)d(4)f(is)g(concerned)i(with)e(con)o(trolling)f
(access)j(to)e(transit)g(AD)g(net)o(w)o(ork)h(resources,)h(i.e.,)d(con)o
(trol)g(of)h(transit)g(in)o(ternet)o(w)o(ork)-90 293 y(tra\016c.)24
b(It)16 b(b)q(egins)g(b)o(y)f(attempting)f(to)i(extend)h(net)o(w)o(ork)f
(access)h(con)o(trol)f(metho)q(ds)f(to)h(con)o(trol)f(of)g(transit)h
(tra\016c.)24 b(In)15 b(resp)q(onse)j(to)-90 342 y(some)11
b(fundamen)o(tal)f(de\014ciencies)k(of)e(existing)g(approac)o(hes,)g(w)o(e)h
(conclude)g(that)f(no)o(v)o(el)f(proto)q(cols)i(are)f(necessary)i(in)e(order)
h(to)f(address)-90 392 y(the)i(problem)e(e\013ectiv)o(ely)m(.)18
b(Suc)o(h)c(proto)q(cols)g(are)g(em)o(b)q(o)q(died)e(in)h(the)h(In)o
(ter-Domain)e(P)o(olicy)g(Routing)g(\(IDPR\))i(arc)o(hitecture)h(whic)o(h)e
(is)-90 442 y(used)i(as)f(a)f(springb)q(oard)h(for)g(our)g(design.)k(IDPR)13
b(has)h(the)h(follo)o(wing)c(k)o(ey)j(features:)-28 543 y Ff(\017)21
b Fs(Eac)o(h)e(AD)f(expresses)k(its)d(p)q(olicy)f(in)g(P)o(olicy)g(T)m(erms)g
(\(PTs\))i(whic)o(h)e(are)i(disseminated)e(to)g(all)g(other)h(ADs)g(along)f
(with)g(the)14 593 y(in)o(ter-AD)c(top)q(ology)e(information.)-28
676 y Ff(\017)21 b Fs(Individual)12 b(end-system)j(connection)g(are)g
(aggregated)f(in)o(to)f(coarser-grained)j(P)o(olicy)d(Routes)i(\(PRs\).)k(A)
14 b(PR)g(is)h(an)f(AD-lev)o(el)14 726 y(source)h(route)f(that)g(also)g
(includes)g(PTs)g(necessary)i(to)e(mak)o(e)f(p)q(olicy)g(authorization)g
(decisions)h(in)g(transit)g(ADs.)-28 809 y Ff(\017)21 b Fs(PRs)14
b(are)g(installed)f(\(and)h(authorized\))h(in)e(all)g(in)o(terv)o(ening)h
(ADs)g(b)q(efore)g(an)o(y)g(comm)o(unicati)o(on)d(can)j(tak)o(e)g(place.)-28
892 y Ff(\017)21 b Fs(Since)10 b(the)h("exp)q(ensiv)o(e")f(part)g(of)g(p)q
(olicy)f(enforcemen)o(t)h(is)g(done)g(at)g(PR)g(installation)e(time,)g
(subsequen)o(t)k(data)e(pac)o(k)o(ets)g(encoun)o(ter)14 941
y(little)j(scrutin)o(y)m(,)g(i.e.,)g(dela)o(y)m(.)-90 1042
y(After)f(iden)o(tifying)e(a)h(n)o(um)o(b)q(er)g(of)g(securit)o(y)h(issues)h
(and)e(threats)h(facing)f(IDPR,)f(w)o(e)i(sp)q(ecify)g(secure)h(PR)f(setup)g
(and)f(pac)o(k)o(et)h(forw)o(arding)-90 1092 y(proto)q(cols,)i(analyze)f
(their)i(securit)o(y)f(and)g(address)h(the)g(p)q(erformance)f(costs.)-28
1160 y(Chapter)i(5)f(supp)q(orts)h(the)g(c)o(hoices)g(made)e(in)h(our)g
(proto)q(col)g(design)g(b)o(y)g(demonstrating)f(and)h(ev)n(aluating)f(exp)q
(erimen)o(tal)g(results)-90 1210 y(obtained)f(from)e(protot)o(yp)q(e)j
(implem)o(en)o(tations)d(of)h(proto)q(cols)h(prop)q(osed)h(in)f(Chapters)h(3)
f(and)g(4.)k(In)c(conclusion,)g(Chapter)h(6,)e(reviews)-90
1259 y(the)i(con)o(tributions)g(of)g(this)g(thesis)g(and)g(discusses)i
(topics)e(for)g(future)g(researc)o(h.)2028 2770 y(12)p eop
%%Page: 13 23
bop -90 192 a Fq(Chapter)23 b(2)-90 367 y(Bac)n(kground)-90
601 y Fs(This)14 b(c)o(hapter)h(sets)h(the)e(stage)h(for)f(proto)q(col)g
(design)g(b)o(y)g(reviewing)g(related)h(w)o(ork)f(in)f(net)o(w)o(ork)i
(securit)o(y)g(and)f(in)o(ternet)o(w)o(ork)g(routing)-90 651
y(and)h(iden)o(tifying)f(the)i(inadequacies)g(of)f(the)h(existing)f(p)q
(olicy)g(enforcemen)o(t)g(approac)o(hes.)24 b(It)15 b(also)g(discusses)i(a)f
(n)o(um)o(b)q(er)e(of)h(supp)q(ort)-90 701 y(mec)o(hanisms)d(that)i(are)g
(emplo)o(y)o(ed)f(throughout)g(the)i(rest)g(of)e(this)h(thesis.)-90
856 y Fq(2.1)70 b(Related)20 b(W)-6 b(ork)-90 964 y Fs(P)o(olicy)15
b(enforcemen)o(t)h(is)g(not)g(an)f(en)o(tirely)h(new)h(sub)r(ject.)25
b(Muc)o(h)17 b(e\013ort)f(has)g(b)q(een)h(put)f(in)o(to)f(the)i(enforcemen)o
(t)f(of)f(certain)i(t)o(yp)q(es)g(of)-90 1014 y(p)q(olicy)m(,)e(esp)q
(ecially)m(,)h(access)i(con)o(trol)e(in)g(stub)h(AD)f(en)o(vironmen)o(ts.)25
b(Most)16 b(of)g(the)h(related)f(w)o(ork)g(comes)g(from)f(t)o(w)o(o)h(areas:)
23 b Fp(Network)-90 1064 y(Se)n(curity)15 b Fs(and)f Fp(Internetwork)h(R)n
(outing)p Fs(.)22 b(Previous)15 b(results)h(in)f(these)h(t)o(w)o(o)e(areas)i
(form)d(a)h(solid)g(bac)o(kground)h(for)g(the)g(design)g(of)f(stub)-90
1114 y(and)g(transit)g(p)q(olicy)f(enforcemen)o(t,)h(resp)q(ectiv)o(ely)m(.)
-90 1252 y Fk(2.1.1)55 b(Net)n(w)n(ork)19 b(Securit)n(y)-90
1347 y Fs(Researc)o(h)c(in)e(net)o(w)o(ork)g(securit)o(y)i(dates)f(bac)o(k)f
(to)h(the)g(mid-sev)o(en)o(ties)f(when)h(computer)f(net)o(w)o(orks)h(\014rst)
g(b)q(egan)g(to)f(proliferate.)18 b(There)-90 1396 y(has)d(b)q(een)h(a)e(lot)
h(of)f(researc)o(h)i(in)f(the)g(\014eld,)g(as)g(evidenced)h(b)o(y)e(the)i
(enormous)e(amoun)o(t)f(of)h(literature.)21 b(It)15 b(is)g(imp)q(ossible)e
(to)i(treat)g(all)-90 1446 y(of)e(it)h(thoroughly;)e(related)j(w)o(ork)f
(considered)h(b)q(elo)o(w)e(w)o(as)h(selected)i(for)d(b)q(eing)h(the)h(most)e
(applicable)g(to)g(the)i(sub)r(ject)g(of)e(this)h(thesis.)-28
1514 y(Since)d(early)f(net)o(w)o(orks)h(w)o(ere,)h(for)e(the)h(most)e(part,)i
(tec)o(hnically)f(and)h(administrativ)o(ely)c(homogeneous,)j(securit)o(y)h
(issues)h(concerned)-90 1564 y(basic)i(services,)h(suc)o(h)g(as)f(session)h
(and)e(user)i(authen)o(tication,)e(data)h(in)o(tegrit)o(y)f(and)h(con\014den)
o(tialit)o(y)m(.)-28 1631 y(In)19 b(their)f(pioneering)g(w)o(ork)g([67)o(],)h
(Needham)e(and)h(Sc)o(hro)q(eder)i(in)o(tro)q(duced)f(third)g(part)o(y)f
(authen)o(tication)g(proto)q(cols)g(based)h(on)-90 1681 y(b)q(oth)h(con)o(v)o
(en)o(tional)f(and)h(public)f(k)o(ey)h(encryption.)37 b(The)20
b(purp)q(ose)h(of)f(these)h(simple,)e(but)i(elegan)o(t,)f(proto)q(cols)h(is)e
(to)h(allo)o(w)e(the)-90 1731 y(establishmen)o(t)c(of)h(a)f(secure)j(c)o
(hannel)e(b)q(et)o(w)o(een)i(t)o(w)o(o)d(m)o(utually)f(suspicious)i
(principals)g(b)o(y)f(pro)o(viding)g(them)g(with)h(a)f(shared)i(secret,)-90
1781 y(that)h(can)f(consequen)o(tly)i(b)q(e)f(used)h(a)e(session)h(k)o(ey)m
(.)26 b(The)17 b(proto)q(cols)g(mak)o(e)e(use)i(of)f(a)h(trusted)h(Authen)o
(tication)e(Serv)o(er)i(that)f(shares)-90 1831 y(pairwise)d(k)o(eys)g(with)g
(all)e(principals)i(and)f(can)i(b)q(e)f(trusted)h(to)f(to)g(generate)h
Fp(go)n(o)n(d)f Fs(session)h(k)o(eys.)-28 1898 y(V)m(ariations)i(of)g(the)i
(Needham-Sc)o(hro)q(eder)g(proto)q(cols)f(are)h(used)f(in)g(existing)g(con)o
(trol)f(mec)o(hanisms,)g(most)g(notably)m(,)g(Kerb)q(eros)-90
1948 y(Authen)o(tication)d(Serv)o(er[85].)-28 2016 y(V)m(o)o(ydo)q(c)o(k)h
(and)g(Ken)o(t)h(in)e([90)o(])h(treated)h(securit)o(y)g(in)f(high-lev)o(el)f
(net)o(w)o(ork)i(proto)q(cols)f(b)o(y)g(considering)g(a)g(broad)g(range)g(of)
g(securit)o(y)-90 2066 y(risks)g(and)f(p)q(ossible)g(attac)o(ks)h(and)f
(suggesting)g(a)g(n)o(um)o(b)q(er)g(of)g(encryption-based)h(coun)o
(termeasures.)21 b(Their)14 b(main)e(con)o(tribution)i(lies)-90
2116 y(in)h(outlining)f(the)h(relationship)g(b)q(et)o(w)o(een)i
(cryptographic)f(and)f(net)o(w)o(ork)g(proto)q(cols)h(in)f(the)g(con)o(text)i
(of)d(structured)k(proto)q(cols)d(suc)o(h)-90 2165 y(as)f(the)g(OSI)h
(reference)h(mo)q(del.)-28 2233 y(In)h(the)g(late)f(sev)o(en)o(ties,)j(the)e
(D)o(ARP)m(A)e(In)o(ternet)754 2218 y Fj(1)791 2233 y Fs(ev)o(olv)o(ed)h(in)o
(to)g(the)h(\014rst)h(truly)e(heterogeneous,)j(dynamic)c(in)o(ternet)o(w)o
(ork)i([12)o(].)-90 2283 y(This)d(prompted)f(increased)i(concern)h(with)d
(access)j(con)o(trol)d(across)i(autonomous)d(net)o(w)o(ork)i(b)q(oundaries.)
-28 2351 y(This)f(sub)r(ject)h(and)f(other)h(securit)o(y-related)g(issues)g
(in)f(in)o(ter-organizational)e(setting)i(w)o(ere)h(\014rst)g(discussed)g(in)
f(a)f(series)j(of)d(pap)q(ers)-90 2400 y(b)o(y)j(Estrin)g([24)o(,)g(25)o(].)
21 b(The)16 b(main)d(con)o(tribution)h(of)h(this)g(w)o(ork)f(is)h(t)o(w)o
(ofold:)k(i\))c(it)f(iden)o(ti\014ed)i(a)e(n)o(um)o(b)q(er)h(of)f(issues)i
(that)f(set)h(in)o(ter-AD)-90 2450 y(access)j(con)o(trol)e(apart)g(from)f
(the)i(more)e(traditional)g(access)j(con)o(trol)e(scenarios)i(and)e
(demonstrated)g(the)h(need)g(for)f(net)o(w)o(ork-la)o(y)o(er)-90
2500 y(con)o(trols,)c(and)g(ii\))g(it)f(suggested)j(a)e(range)h(of)e(p)q
(ossible)i(solutions,)e(some)h(of)f(whic)o(h)h(later)h(serv)o(ed)g(as)g(the)g
(basis)f(for)g(proto)q(col)g(design)g(in)-90 2550 y(this)h(thesis)h(\(e.g.,)d
Fp(Visa)i Fs(Proto)q(col)g([24)o(,)f(32]\).)p -90 2631 864
2 v -44 2658 a Fi(1)-26 2670 y Fh(Hereafter)c(referred)h(to)h(as)g(simply)f
Fg(Internet)p Fh(.)2028 2770 y Fs(13)p eop
%%Page: 14 24
bop -28 -108 a Fs(A)o(t)12 b(the)g(same)f(time,)f(\(non-military\))f(go)o(v)o
(ernmen)o(t)i(agencies)h(b)q(ecame)g(a)o(w)o(are)f(of)g(the)h(securit)o(y)h
(issues)g(and)e(pro)q(duced)i(a)f(n)o(um)o(b)q(er)f(of)-90
-59 y(rep)q(orts)k(and)e(guidelines,)g(most)f(notably)m(,)f(a)j(pap)q(er)g(b)
o(y)f(Gom)o(b)q(erg)e(describing)j(a)f(mo)q(del)f(for)h(in)o
(ter-administration)e(net)o(w)o(ork)j(authen-)-90 -9 y(tication)g(and)g
(access)j(con)o(trol[38)n(].)j(Also,)14 b(w)o(ork)g(b)o(y)g(Nessett)j(at)d
(DOE)h(analyzed)f(the)i(securit)o(y)f(implications)d(of)i(the)h
(heterogeneous)-90 41 y(net)o(w)o(ork)f(administration[69)m(].)-28
109 y(A)20 b(sub)r(ject)h(that)f(receiv)o(ed)h(a)e(lot)g(of)g(atten)o(tion)g
(is)h(the)g(authen)o(tication)f(of)g(principals)g(in)h(a)f(suspicious)h
(distributed)g(system)-90 158 y(en)o(vironmen)o(t.)c(In)c(particular,)f(a)h
(pap)q(er)g(b)o(y)f(Birrell)h(et)g(al.)k(presen)o(ts)e(an)d(authen)o
(tication)h(service)h(without)e(global)f(trust[6].)17 b(Ho)o(w)o(ev)o(er,)-90
208 y(since)c(the)f(same)g(\(rather)h(elab)q(orate\))f(authen)o(tication)g
(mec)o(hanism)e(is)h(prescrib)q(ed)j(for)e(use)h(b)o(y)f(all)f(in)o(tended)h
(participan)o(ts,)g(autonom)o(y)-90 258 y(and)18 b(\015exibilit)o(y)g(are)h
(sacri\014ced.)33 b(Another)20 b(authen)o(tication)e(scenario)h(for)g(a)f
(distributed)h(system)g(en)o(vironmen)o(t)e(is)i(describ)q(ed)h(b)o(y)-90
308 y(Sollins[83)n(])14 b(in)h(the)g(pap)q(er)h(on)e(cascaded)i(authen)o
(tication.)21 b(In)15 b(it,)f(authen)o(tication)g(b)q(et)o(w)o(een)j(parties)
e(not)g(enjo)o(ying)f(m)o(utual)e(trust)k(is)-90 358 y(ac)o(hiev)o(ed)e(b)o
(y)g(c)o(haining)f(pairwise)h(authen)o(tication)f(b)q(et)o(w)o(een)i(adjacen)
o(t)f(parties)h(that)f(enjo)o(y)f(suc)o(h)i(trust.)-28 425
y(F)m(or)g(the)h(most)e(part,)i(in)o(terconnection)g(of)f(autonomous)e(net)o
(w)o(orks)j(tak)o(es)g(place)f(at)g(the)h(net)o(w)o(ork)g(la)o(y)o(er)f(to)g
(pro)o(vide)g(datagram-)-90 475 y(lev)o(el)e(connectivit)o(y)m(.)k(\(In)o
(terconnection)e(at)d(higher)h(la)o(y)o(ers)g(is)g(p)q(ossible)g
(commensurate)f(with)h(losses)g(in)g(p)q(erformance)g(and)f(\015exibilit)o(y)
m(.)-90 525 y(A)i(comparison)e(b)q(et)o(w)o(een)j(net)o(w)o(ork)f(and)g
(higher-la)o(y)o(er)f(access)i(con)o(trol)f(approac)o(hes)g(can)g(b)q(e)h
(found)e(in)g([25)o(]\).)18 b(A)o(t)c(the)g(net)o(w)o(ork)g(la)o(y)o(er,)-90
575 y(comm)o(unication)c(b)q(et)o(w)o(een)k(a)f(pair)f(of)h(end-systems)g(in)
g(di\013eren)o(t)h(ADs)f(in)o(v)o(olv)o(es)f(tra)o(v)o(ersing)i(a)e(sequence)
j(of)e(\(at)g(least)g(t)o(w)o(o\))g(net)o(w)o(ork-)-90 625
y(la)o(y)o(er)d(b)q(order)i(routers.)19 b(Therefore,)12 b(more)e(than)h(t)o
(w)o(o)f(principals)g(w)o(ould)h(ha)o(v)o(e)f(to)h(b)q(e)h(in)o(v)o(olv)o(ed)
d(in)i(net)o(w)o(ork-la)o(y)o(er)f(p)q(olicy)g(enforcemen)o(t.)-90
674 y(F)m(or)j(this)h(reason,)g(metho)q(ds)g(describ)q(ed)i(ab)q(o)o(v)o(e)d
(are)h(not)g(applicable)f(to)h(access)i(con)o(trol)d(across)i(net)o(w)o
(ork-la)o(y)o(er)f(AD)f(b)q(oundaries.)-28 742 y(One)j(ma)r(jor)d(e\013ort)j
(to)e(pro)o(vide)h(net)o(w)o(ork-la)o(y)o(er)g(access)h(con)o(trol)f(for)g
(the)g(in)o(ternet)o(w)o(ork)g(en)o(vironmen)o(t)f(is)h(the)g(Securit)o(y)h
(Proto)q(col)-90 792 y(3)g(\(SP3\))h([81)o(].)25 b(SP3)16 b(originated)g
(from)f(a)h(larger)g(pro)r(ject,)i(Secure)g(Data)d(Net)o(w)o(ork)i(Systems)f
(\(SDNS\),)g(o)o(v)o(erseen)i(b)o(y)e(the)h(National)-90 842
y(Securit)o(y)11 b(Agency)m(.)210 827 y Fj(2)246 842 y Fs(The)g(goal)e(of)h
(SP3)g(is)h(to)f(pro)o(vide)g Fp(tr)n(ansp)n(ar)n(ent)g Fs(securit)o(y)h
(services)i(\(connectionless)f(con\014den)o(tialit)o(y)d(and)h(in)o(tegrit)o
(y)m(,)-90 892 y(access)19 b(con)o(trol)d(and)h(data)g(origin)e(authen)o
(tication\))i(for)g(the)g(constituen)o(t)h(end-systems.)28
b(SP3)17 b(is)f(implemen)o(ted)f(in)h(so-called)h(SP3)-90 941
y(systems,)c(eac)o(h)g(SP3)g(system)g(serv)o(es)i(a)d(set)i(of)e
(end-systems.)19 b(\(An)13 b(SP3)g(system)g(can)g(b)q(e)g(view)o(ed)g(as)g(a)
g(b)q(order)h(router\).)19 b(Because)c(it)d(is)-90 991 y(decoupled)f(from)e
(the)i(end-systems,)g(SP3)g(assumes)f(a)g Fp(truste)n(d)h(p)n(ath)g
Fs(b)q(et)o(w)o(een)h(an)e(end-system)g(and)h(its)f(SP3)g(system.)17
b(Since)11 b(individual)-90 1041 y(end-systems)h(are)h(not)e(authen)o
(ticated,)i(SP3)f(do)q(es)g(not)g(\(as)g(sp)q(eci\014ed\))h(protect)g
(against)e(masquerading)g(attac)o(ks.)17 b(F)m(urthermore,)12
b(SP3)-90 1091 y(has)f(no)f(facilit)o(y)e(for)i(on-demand)f(asso)q(ciation)h
(establishmen)o(t)g(b)q(et)o(w)o(een)i(SP3)e(systems)h(with)f(no)g(history)g
(of)g(previous)h(comm)o(unicatio)o(n.)-90 1141 y(Last)j(\(but)g(not)g
(least\),)g(SP3)g(is)g(not)f(sp)q(eci\014ed)j(to)d(detect)j(repla)o(y)e
(attac)o(ks,)f(i.e.,)g(duplicate)h(or)g(out-of-order)f(pac)o(k)o(ets.)-28
1208 y(An)i(instan)o(tiation)e(of)h(SP3)g(arc)o(hitecture)i(is)e(the)h(The)g
(Blac)o(k)o(er)g(system[5)o(].)1178 1193 y Fj(3)1215 1208 y
Fs(It)g(is)f(is)g(a)g(hardw)o(are)h(unit)f(designed)h(to)g(secure)h(user)-90
1258 y(tra\016c)i(in)g(sensitiv)o(e)g(pac)o(k)o(et)h(net)o(w)o(orks.)31
b(It)18 b(protects)i(data)e(from)e(disclosure)j(during)f(transit,)g(ensures)i
(correct)g(iden)o(ti\014cation)e(of)-90 1308 y(pac)o(k)o(ets)d(b)o(y)e
(address,)i(and)f(enforces)h(securit)o(y)g(lab)q(els.)-28 1376
y(Another)k(w)o(ork)n(able)e(approac)o(h)h(is)g Fp(Visa)f Fs(proto)q(col)h
([32)o(,)g(27)o(],)g(a)g(net)o(w)o(ork-la)o(y)o(er)f(mec)o(hanism)f(for)h
(establishing)h(authorized)g(and)-90 1425 y(authen)o(ticated)f(in)o(ter-AD)f
(net)o(w)o(ork)h(connections.)27 b(\(A)16 b(simpler)f(and)h(less)h(secure)i
(v)n(arian)o(t)c(using)h(pac)o(k)o(et)h(\014ltering)f(is)g(describ)q(ed)i(in)
-90 1475 y([61)o(]\).)27 b(In)17 b(ISO)g(parlance,)h Fp(Visa)e
Fs(proto)q(col)h(pro)o(vides)g(connectionless)h(in)o(tegrit)o(y)m(,)f(data)f
(origin)g(authen)o(tication)h(and)f(access)j(con)o(trol)-90
1525 y(services.)29 b(It)17 b(in)o(v)o(olv)o(es)f(Access)j(Con)o(trol)d(Serv)
o(ers)j(\(A)o(CSs\),)f(b)q(order)g(gatew)o(a)o(ys)e(and)h(select)h
(end-systems)g(\(those)g(that)f(are)g(allo)o(w)o(ed)-90 1575
y(external)c(access\).)20 b(Before)14 b(an)e(in)o(ter-AD)h(connection)g(is)g
(established,)g(b)q(oth)g(end-systems)g(m)o(ust)f(b)q(e)h(authorized)h(and)e
(authen)o(ticated)-90 1625 y(b)o(y)17 b(their)h(resp)q(ectiv)o(e)i(A)o(CSs.)
29 b(After)19 b(establishing)e(authorization,)g(A)o(CSs)h(join)o(tly)e(issue)
i(a)g(visa)f(to)g(the)h(requesting)h(end-systems.)-90 1675
y(The)d(same)g(visa)f(is)h(distributed)h(to)e(the)i(b)q(order)g(routers)g(in)
f(eac)o(h)g(AD.)g(A)g Fp(visa)g Fs(is)f(a)h(certi\014cate)i(authorizing)d(t)o
(w)o(o)h(end-systems)g(to)-90 1724 y(comm)o(unicate.)f(Included)f(in)e(a)h
(visa)f(is)h(a)f(visa-k)o(ey)m(,)g(a)g(secret)j(quan)o(tit)o(y)d(whic)o(h)h
(end-systems)g(use)h(to)e(sign)h(subsequen)o(t)h(data)f(pac)o(k)o(ets.)-90
1774 y(In)o(terv)o(ening)e(b)q(order)g(routers)h(authen)o(ticate)f(data)f
(pac)o(k)o(ets)h(b)o(y)f(v)o(erifying)f(pac)o(k)o(et)i(signatures.)18
b(W)m(e)10 b(describ)q(e)i Fp(Visa)e Fs(proto)q(col)g(in)g(greater)-90
1824 y(detail)j(in)h(Chapter)g(3.)-90 1963 y Fk(2.1.2)55 b
Fc(A)n(d)17 b(ho)n(c)i Fk(Metho)r(ds)-90 2057 y Fs(In)d(order)i(to)e(further)
h(motiv)n(ate)d(the)j(need)h(for)e(a)g(comprehensiv)o(e)g(p)q(olicy)g
(enforcemen)o(t)h(arc)o(hitecture,)h(this)e(section)i(reviews)f(some)-90
2107 y(simple,)h(ad)g(ho)q(c)h(stub)h(AD)e(access)j(con)o(trol)d(metho)q(ds)g
(curren)o(tly)i(in)e(use.)34 b(Some)17 b(are)i(direct)h(applications)e(of)g
(the)h(related)g(w)o(ork)-90 2157 y(describ)q(ed)d(in)d(the)i(previous)f
(section.)-28 2258 y Ff(\017)21 b Fs(Ph)o(ysical)13 b(isolation)14
2307 y(Ph)o(ysical)g(isolation)e(of)i(externally)g(accessible)i(resources)g
(is,)e(b)o(y)g(far,)g(the)h(simplest)e(and)h(the)h(most)e(drastic)i(of)e(all)
h(metho)q(ds.)k(It)14 2357 y(requires)12 b(con\014guration)f(of)g(a)g
(separate)h(net)o(w)o(ork)g(and)f(increased)i(end-p)q(oin)o(t)e(securit)o(y)h
(for)f(all)f(externally)h(accessible)i(resources.)14 2407 y(While)h(this)h
(pro)o(vides)h(p)q(erfect)h(securit)o(y)f(\(only)e(in)h(a)g(sense)i(of)e
(separation\))g(comm)o(unication)d(b)q(et)o(w)o(een)k(externally)g
(accessible)14 2457 y(and)f(in)o(ternal)h(resources)i(is)e(imp)q(ossible.)22
b(It)16 b(also)f(requires)i(that)f(ev)o(ery)h(distinct)f(set)h(of)e
(externally)h(accessible)h(resources)h(b)q(e)14 2507 y(isolated,)13
b(an)g(impractical)f(task)i(in)g(case)h(of)e(m)o(ultiple)e(o)o(v)o(erlapping)
i(sets)i(of)f(externally-accessible)h(resources.)p -90 2587
864 2 v -44 2614 a Fi(2)-26 2625 y Fh(In)c(co)q(op)q(eratio)o(n)e(with)i(sev)
o(eral)f(other)g(go)o(v)o(ernmen)o(t)e(agencies)i(and)g(priv)n(ate)g(corp)q
(oration)o(s.)-44 2653 y Fi(3)-26 2665 y Fh(The)h(name)f(refers)g(to)i(the)e
(pro)o(v)o(erbial)f(blac)o(k)h(b)q(o)o(x.)2028 2770 y Fs(14)p
eop
%%Page: 15 25
bop -28 -108 a Ff(\017)21 b Fs(Protection)14 b(of)g(all)e(in)o(ternal)i
(resources)14 -59 y(If)j(stronger)h(securit)o(y)g(mec)o(hanisms)d(are)j
(incorp)q(orated)g(in)o(to)e(all)g(in)o(ternal)h(resources,)j(p)q(olicy)c
(can)h(b)q(e)h(enforced,)h(but)e(at)g(the)14 -9 y(price)h(of)f(infringing)f
(up)q(on)i(in)o(tra-AD)f(comm)o(unicatio)o(n.)27 b(Moreo)o(v)o(er,)19
b(when)f(the)g(set)h(of)e(externally-accessible)i(resources)h(is)14
41 y(small)11 b(as)j(compared)g(to)f(the)i(rest)g(of)e(the)i(AD,)e(this)h(b)q
(ecomes)g(a)g(highly)e(impractical)g(approac)o(h[24)o(].)-28
122 y Ff(\017)21 b Fs(Application-sp)q(eci\014c)14 b(\014ltering)14
172 y(If)f(tra\016c)g(is)g(restricted)j(to)d(a)g(sp)q(eci\014c)h
(application,)e(e.g.,)g(mail)f(or)i(v)o(oice,)g(application-sp)q(eci\014c)g
(\014lters)h(can)g(b)q(e)f(build)g(to)g(imple-)14 222 y(men)o(t)c(this)i(p)q
(olicy)m(.)16 b(In)11 b(general,)g(ho)o(w)o(ev)o(er,)g(a)f(separate)i
(\014lter)f(m)o(ust)f(b)q(e)h(built)f(for)g(eac)o(h)h(application)f(an)o
(ticipated[61)n(].)17 b(Moreo)o(v)o(er,)14 272 y(p)q(erformance)10
b(o)o(v)o(erhead)g(of)g(application-lev)o(el)e(\014ltering)i(ma)o(y)e(pro)o
(v)o(e)i(prohibitiv)o(ely)f(high,)g(esp)q(ecially)m(,)h(for)g
(throughput-orien)o(ted)14 322 y(applications,)i(e.g.,)h(real-time)f(v)o
(oice)i(and)g(video[25)n(].)-28 403 y Ff(\017)21 b Fs(Access)16
b(con)o(trol)d(lists)14 453 y(If)i(external)h(access)i(is)d(con\014ned)i(to)e
(a)h(relativ)o(ely)f(static)h(set)h(of)e(en)o(tities,)h(access)h(con)o(trol)f
(lists)f(can)h(b)q(e)h(used,)f(once)h(again,)d(to)14 503 y(\014lter)h
(tra\016c.)23 b(Unfortunately)m(,)14 b(this)i(will)d(not)i(accommo)q(date)f
(dynamic)f(requiremen)o(ts.)23 b(In)15 b(addition,)f(list-based)h
(\014ltering)g(is)14 553 y(sub)r(ject)g(to)f(sp)q(o)q(o\014ng)g(as)g(net)o(w)
o(ork)g(addresses)i(can)e(b)q(e)h(easily)e(mo)q(di\014ed.)-28
634 y Ff(\017)21 b Fs(Bilateral)13 b(p)q(olicy)g(agreemen)o(ts)14
684 y(Tw)o(o)h(or)h(more)g(ADs)g(can)g(alw)o(a)o(ys)f(agree)i(out)f(of)f
(band)h(to)g(follo)o(w)e(a)i(sp)q(eci\014c)i(p)q(olicy)d(or)h(agree)h(on)f(a)
g(set)h(of)e(p)q(olicies.)22 b(Suc)o(h)15 b(an)14 734 y(agreemen)o(t)d(ma)o
(y)e(include)i(adopting)g(a)g(common)d(c)o(harging)j(sc)o(heme)g(or)g(a)g
(common)d(authen)o(tication)j(proto)q(col.)18 b(This)12 b(can)g(w)o(ork)14
784 y(for)h(a)h(limited)e(n)o(um)o(b)q(er)h(of)g(p)q(olicies,)g(but)h
(requires)h(that)f(autonom)o(y)e(b)q(e)j(sacri\014ced.)-90
881 y(An)o(y)f(of)g(the)g(ab)q(o)o(v)o(e)g(metho)q(ds)g(can)g(b)q(e)h
(e\013ectiv)o(e)g(under)g(sp)q(ecial)g(circumstances.)k(Their)c(main)d(\015a)
o(w)h(is)h(the)h(lac)o(k)e(of)h(\015exibilit)o(y)m(.)j(Eac)o(h)-90
931 y(addresses)f(a)e(small)d(subset)16 b(of)d(p)q(ossible)h(p)q(olicies,)f
(while)h(compromisi)o(ng)d(p)q(erformance,)i(\015exibilit)o(y)g(or)h(autonom)
o(y)m(.)-90 1069 y Fk(2.1.3)55 b(In)n(ternet)n(w)n(ork)19 b(Routing)-90
1163 y Fs(Net)o(w)o(ork)14 b(routing)g(has)g(receiv)o(ed)h(a)f(lot)f(of)h
(atten)o(tion)f(since)i(the)g(late)f(\014fties)g(as)g(evidenced)h(b)o(y)f
(the)h(enormous)e(amoun)o(t)f(of)h(literature)-90 1213 y(in)j(the)g(\014eld.)
25 b(Sev)o(eral)17 b(fundamen)o(tal)d(routing)i(algorithms)d(w)o(ere)18
b(dev)o(elop)q(ed,)f(most)e(notably)m(,)f(Dijkstra's)i(Shortest)h(P)o(ath)f
([22)o(])g(and)-90 1263 y(F)m(ord)g(and)g(F)m(ulk)o(erson's)g(Max)g(Flo)o(w)f
(algorithms)f([35)o(].)25 b(The)16 b(former)g(ga)o(v)o(e)f(rise)i(to)f(a)g
(family)d(of)j(routing)g(proto)q(cols)g(kno)o(wn)g(as)g Fp(link)-90
1313 y(state)p Fs(,)h(and)f(the)h(latter,)g(to)f(a)g(collection)h(of)e(proto)
q(cols)i(kno)o(wn)f(as)h Fp(distanc)n(e)g(ve)n(ctor)p Fs(.)26
b(Link)16 b(state)h(proto)q(cols)g(are)g(c)o(haracterized)h(b)o(y)-90
1363 y(eac)o(h)d(no)q(de)f(k)o(eeping)g(a)g("map")e(of)i(the)g(en)o(tire)h
(net)o(w)o(ork)f(o)o(v)o(er)h(whic)o(h)f(it)f(computes)h(shortest)i(paths)e
(to)g(all)f(destinations.)19 b(Eac)o(h)c(no)q(de)-90 1413 y(con)o(tributes)g
(to)e(this)h("map")e(b)o(y)h(\015o)q(o)q(ding)g(the)h(net)o(w)o(ork)g(with)g
(a)f(link)g(state)h(pac)o(k)o(et,)g(i.e.,)e(a)i(pac)o(k)o(et)g(that)g(con)o
(tains)f(the)i(status)f(of)f(all)-90 1462 y(inciden)o(t)i(links.)20
b(In)15 b(distance)h(v)o(ector)f(proto)q(cols,)g(no)q(des)h(k)o(eep)f(tables)
g(of)f(the)i(b)q(est)g(paths)f(and)g(asso)q(ciated)g(metrics)g(for)f(all)g(p)
q(ossible)-90 1512 y(destinations)g(and)g(p)q(erio)q(dically)f(exc)o(hange)h
(the)h(con)o(ten)o(ts)g(of)e(this)h(table)g(with)f(neigh)o(b)q(ors.)-28
1580 y(As)f(men)o(tioned)e(b)q(efore,)i(the)g(D)o(ARP)m(A)f(In)o(ternet)h(ev)
o(olv)o(ed)g(in)o(to)e(the)i(\014rst)g(large,)f(decen)o(tralized)i(and)e
(dynamic)f(datagram)f(net)o(w)o(ork.)-90 1630 y(A)o(t)19 b(\014rst,)h(its)f
(routing)g(proto)q(col)g(w)o(as)f(of)h(a)f(distance)i(v)o(ector)g(v)n(ariet)o
(y)m(,)e(as)h(describ)q(ed)i(in)e([55)o(].)32 b(Ho)o(w)o(ev)o(er,)20
b(as)f(the)h(net)o(w)o(ork)f(grew,)-90 1679 y(shortcomings)13
b(of)g(the)h(distance)g(v)o(ector)h(b)q(ecame)e(more)g(apparen)o(t.)18
b(F)m(requen)o(t)c(oscillations)f(and)g(otherwise)i(unstable)f(b)q(eha)o
(vior)f(that)-90 1729 y(it)h(exhibited)g(w)o(ere)h(due)g(mostly)d(to)i(long)f
(propagation)g(dela)o(ys)h(with)g(resp)q(ect)i(to)e(c)o(hanges)h(in)f(top)q
(ology)m(.)j(The)d(successor)j([56)o(],)c(w)o(as)h(a)-90 1779
y(link)e(state)h(proto)q(col)g(with)g(a)f(relativ)o(ely)g(short)i(con)o(v)o
(ergence)g(p)q(erio)q(d)f(and)g(lo)q(oping)e(a)o(v)o(oidance.)17
b(Neither)d(proto)q(col)f(incorp)q(orated)g(an)o(y)-90 1829
y(notion)g(of)g(securit)o(y)i(or)f(p)q(olicy)m(.)-28 1897 y(As)c(the)g(In)o
(ternet)h(grew,)f(it)f(b)q(egan)g(to)h(encompass)f(a)g(greater)h(n)o(um)o(b)q
(er)f(of)g(autonomous)e(net)o(w)o(orks,)j(or)g(ADs,)g(using)f(our)g
(terminology)m(.)-90 1946 y(With)k(regard)i(to)e(routing,)g(this)h(gro)o(wth)
g(presen)o(ted)i(t)o(w)o(o)d(problems:)-28 2044 y Ff(\017)21
b Fn(Autonom)o(y)14 2094 y Fs(while)9 b(electing)i(to)e(b)q(ecome)h(part)g
(of)g(the)g(In)o(ternet,)i(ADs)e(do)g(not)g(necessarily)h(wish)f(to)g(exp)q
(ose)h(their)f(in)o(ternal)g(net)o(w)o(ork)g(structure)14 2144
y(to)k(the)g(rest)h(of)e(the)i(w)o(orld.)i(In)d(other)h(w)o(ords,)e(there)i
(is)f(a)g(need)h(to)e(limit)f(the)i(dissemination)e(of)h(routing)h
(information.)-28 2225 y Ff(\017)21 b Fn(Scale)14 2275 y Fs(the)12
b(size)f(of)g(the)h(In)o(ternet)g(mak)o(es)e(the)i(deplo)o(ymen)o(t)e(of)g(a)
h(global)e(routing)i(proto)q(col)g(undesirable.)18 b(Since)11
b(routing)g(information)d(is)14 2325 y(t)o(ypically)k(propagated)h
(throughout)g(the)h(en)o(tire)g(domain)d(of)i(a)g(routing)g(proto)q(col,)g
(routing)f(tables)i(in)f(participating)f(gatew)o(a)o(ys)14
2375 y(gro)o(w)18 b(in)g(prop)q(ortion)h(to)f(the)h(size)h(of)e(the)h(In)o
(ternet.)34 b(Therefore,)20 b(in)f(order)g(to)f(a)o(v)o(oid)g(an)g
Fp(information)h(explosion)g Fs(routing)14 2425 y(information)11
b(gran)o(ularit)o(y)h(m)o(ust)h(b)q(e)i(coarser)g(than)f(end-systems)g(or)g
(net)o(w)o(orks.)-90 2522 y(In)g(resp)q(onse)i(to)d(these)j(problems,)c(t)o
(w)o(o)i(t)o(yp)q(es)g(of)g(routing)f(proto)q(cols)h(w)o(ere)h(de\014ned:)-28
2620 y Ff(\017)21 b Fn(In)o(terior)9 b(Gatew)o(a)o(y)i(Proto)q(cols)f
(\(IGPs\))f Fs(are)i(in)o(tended)g(for)f(use)h(within)f(a)g(single)g
(administrativ)o(e)f(en)o(tit)o(y)m(,)h(i.e.,)g(AD.)f(Routers)14
2670 y(emplo)o(ying)i(an)j(IGP)f(exc)o(hange)i(reac)o(habilit)o(y)e
(information)e(p)q(ertaining)j(to)f(en)o(tities)i(within)e(an)g(AD)h([65)o
(].)2028 2770 y(15)p eop
%%Page: 16 26
bop -28 -108 a Ff(\017)21 b Fn(Exterior)16 b(Routing)e(Proto)q(cols)i
(\(EGPs\))d Fs(are)j(used)g(b)o(y)f(AD)g(b)q(order)h(routers)g(to)f(learn)h
(ab)q(out)f(reac)o(habilit)o(y)f(of)g(net)o(w)o(orks)14 -59
y(in)f(other)i(ADs)f([65)o(].)j(\(W)m(e)d(discuss)h(EGPs)f(in)g(the)g(follo)o
(wing)d(subsections\).)-90 42 y(Some)i(of)h(the)i(notable)e(IGPs)h(are:)k
(IGRP)14 b([40)o(],)g(OSPF)h([62)o(])g(and)f(DEC)g(IS-IS)h([21)o(].)20
b(IGRP)m(,)13 b(a)h(distance)h(v)o(ector)h(proto)q(col,)e(supp)q(orts)-90
92 y(T)m(oS)e(routing)g(indirectly)g(b)o(y)h(distributing)f(sev)o(eral)h
(di\013eren)o(t)g(metrics)g(\(e.g.,)e(dela)o(y)m(,)h(bandwidth\).)17
b(Routers)c(assign)g(a)f(w)o(eigh)o(t)g(to)g(eac)o(h)-90 142
y(metric)h(b)q(efore)h(com)o(bining)e(them)g(in)o(to)h(a)h(single)f(comp)q
(osite)g(metric)g(whic)o(h)g(then)h(serv)o(es)i(as)d(a)h(basis)f(for)h
("shortest")g(path)g(selection.)-90 192 y(Both)g(OSPF)g(and)g(IS-IS)f(are)h
(links)g(state)g(proto)q(cols.)k(They)c(ma)o(y)e(include)i(a)f(n)o(um)o(b)q
(er)g(of)g(metrics)h(corresp)q(onding)g(to)g(di\013eren)o(t)g(T)m(oSs)-90
241 y(in)f(link)g(state)i(up)q(dates.)-28 309 y(These)h(IGPs)f(are)g(w)o
(ell-suited)f(for)h(their)g(in)o(tended)g(application)e(domain,)f(i.e.,)i(a)g
(single-AD)g(en)o(vironmen)o(t.)19 b(Ho)o(w)o(ev)o(er,)c(they)g(do)-90
359 y(not)j(scale)g(to)g(a)g(large)g(n)o(um)o(b)q(er)f(of)g(T)m(oS-s)h(and)g
(require)h(route)f(computation)f(to)h(b)q(e)g(rep)q(eated)i(for)e(eac)o(h)g
(T)m(oS)f(supp)q(orted)j([7)o(].)30 b(In)-90 409 y(addition,)15
b(most)h(IGPs)g(are)h(designed)g(with)f(little)g(concern)i(for)e(securit)o(y)
h(as)g(comp)q(onen)o(ts)f(are)h(assumed)f(to)g(share)h(a)f(certain)h(lev)o
(el)-90 459 y(of)c(trust.)19 b(This)14 b(assumption)e(is)i(unreasonable)h(in)
e(a)h(m)o(ulti-AD)d(en)o(vironmen)o(t)i(where)i(routing)e(information)e(ma)o
(y)h(not)i(b)q(e)g("trusted")-90 508 y(across)h(AD)e(b)q(oundaries.)-90
639 y Fn(2.1.3.1)48 b(Exterior)14 b(Gatew)o(a)o(y)i(Proto)q(col)-90
733 y Fs(As)f(the)f(In)o(ternet)i(incorp)q(orated)f(a)f(more)f(div)o(erse)i
(organizational)d(mix,)g(co)q(existence)k(of)e(m)o(ultiple)e(administrations)
g(\(and)i(the)h(asso-)-90 783 y(ciated)f(securit)o(y)h(implications\))c(w)o
(as)j(recognized)h(as)f(an)f(imp)q(ortan)o(t)f(problem.)17
b(The)d(Exterior)h(Gatew)o(a)o(y)e(Proto)q(col)h Fp(\(EGP\))g
Fs([77)o(])f(w)o(as)-90 833 y(the)h(\014rst)h(routing)f(proto)q(col)f(to)h
(address)h(this)f(issue.)752 818 y Fj(4)-28 900 y Fp(EGP)f
Fs(w)o(as)g(designed)h(to)e(comm)o(unicate)f(reac)o(habilit)o(y)h
(information)e(among)h(administrativ)o(e)f(regions)j(that)g(do)g(not)g(enjo)o
(y)f(m)o(utual)-90 950 y(trust.)18 b(It)12 b(includes)f(an)g(authen)o
(tication)g(facilit)o(y)f(for)h(v)n(alidating)e(routing)i(information)d(exc)o
(hanged)13 b(among)c(the)j(regions.)17 b(The)12 b(regions)-90
1000 y(ho)q(ok)o(ed)i(together)h(b)o(y)e Fp(EGP)i Fs(can)f(b)q(e)g(view)o(ed)
g(as)g(ADs.)-28 1068 y Fp(EGP)g Fs(supp)q(orts)g(a)e(v)o(ery)i(limited)d
(notion)h(of)g(p)q(olicy)m(.)17 b(Individual)11 b(ADs)i(are)h(allo)o(w)o(ed)d
(to)i(hide)g(p)q(ortions)g(of)g(their)g(routing)g(database)-90
1118 y(that)f(they)g(are)g(not)g(willing)d(to)j(share.)18 b(Also,)11
b(ADs)h(are)g(free)h(to)e(manipulate)f(route)i(metrics)g(that)g(they)g
(assign)f(to)h(other)g(ADs)g(in)f(order)-90 1167 y(to)h(fa)o(v)o(or)f(or)i
(preclude)g(certain)g(transit)g(AD)f(hops.)17 b(Ho)o(w)o(ev)o(er,)c
Fp(EGP)g Fs(do)q(es)g(not)f(pro)o(vide)g(for)g(T)m(oS-based)g(or)g(other)h
(\014ne-grained)g(p)q(olicy)-90 1217 y(enforcemen)o(t.)20 b(In)15
b Fp(EGP)p Fs(,)g(an)f(AD)g(mak)o(es)g(routing)g(decisions)h(based)g(only)f
(on)h(its)f(o)o(wn)g(p)q(olicy)m(,)g(since)h Fp(EGP)g Fs(pro)o(vides)g(no)f
(facilit)o(y)f(for)-90 1267 y(the)h(distribution)g(of)f(p)q(olicy)g
(information)e(across)k(AD)f(b)q(oundaries.)-28 1335 y(F)m(urthermore,)j(in)f
(order)h(to)f(a)o(v)o(oid)f(routing)h(lo)q(ops)g Fp(EGP)g Fs(imp)q(oses)g(a)g
(top)q(ological)f(restriction)i(on)f(AD)g(in)o(terconnection)h(in)f(the)-90
1385 y(form)11 b(of)g(a)h(cycle-free)i(hierarc)o(h)o(y)m(.)k(As)12
b(Clark)g(p)q(oin)o(ts)g(out)h(in)e([13],)g Fp(EGP's)i Fs(restriction)g(on)f
(the)h(in)o(terconnection)g(top)q(ology)e(has)i(pro)o(v)o(ed)-90
1434 y(unsatisfactory)m(.)19 b(In)14 b(general,)g(top)q(ological)e
(restrictions)j(are)g(undesirable)g(as)f(they)g(inhibit)f(autonom)o(y)f(and)i
(are)h(near)g(imp)q(ossible)d(to)-90 1484 y(enforce)j([7)o(,)f(26)o(].)-90
1614 y Fn(2.1.3.2)48 b(Border)14 b(Gatew)o(a)o(y)i(Proto)q(col)-90
1709 y Fs(BGP)c(is)g(a)f(recen)o(tly)i(prop)q(osed)g(addition)d(to)i(the)g
(In)o(ternet)h(Proto)q(col)f(family[5)o(3)m(].)17 b(It)12 b(w)o(as)g
(designed)g(to)g(b)q(e)g(a)g(successor)i(to)d Fp(EGP)i Fs(and)e(a)-90
1759 y(v)n(arian)o(t)g(has)i(b)q(een)g(submitted)f(as)h(an)f(in)o
(ternational)f(standard[2].)17 b(Its)c(foremost)e(goal)h(is)g(to)g(pro)o
(vide)g(e\016cien)o(t)h(and)g(robust)g(In)o(ter-AD)-90 1809
y(routing)i(with)h(rapid)f(con)o(v)o(ergence)i(and)f(lo)q(op)f(detection)h
(for)g(arbitrary)f(in)o(ternet)o(w)o(ork)h(top)q(ologies.)1534
1793 y Fj(5)1576 1809 y Fs(It)f(is)h(primarily)d(in)o(tended)j(for)-90
1858 y(use)f(b)o(y)e(transit)h(ADs)h(and)e(in)o(ter-op)q(erates)j(with)d
(other)i(in)o(terior)e(routing)h(proto)q(cols.)-28 1926 y(BGP)g(is)g
(designed)h(under)f(the)h(follo)o(wing)c(assumptions:)-39 2027
y(1.)20 b(P)o(olicies)13 b(can)h(b)q(e)h(expressed)h(using)e(information)d
(ab)q(out)j(the)g(full)f(AD)g(path)h(that)g(pac)o(k)o(ets)h(will)d(tra)o(v)o
(el)i(to)g(a)f(destination.)-39 2110 y(2.)20 b(T)m(ransit)13
b(p)q(olicies)h(apply)f(uniformly)e(to)j(all)f(sources.)-90
2211 y(BGP)i(uses)h(hop-b)o(y-hop)e(routing)g(and)g(a)h(distance)g(v)o(ector)
h(algorithm)c(for)i(the)h(next)g(hop)g(selection)g([55)o(].)20
b(One)c(common)c(b)q(ene\014t)k(of)-90 2261 y(traditional)11
b(distance)j(v)o(ector)g(algorithms)d(is)h(the)i(abilit)o(y)d(to)i(hide)g
(net)o(w)o(ork)g(structure.)20 b(Neigh)o(b)q(oring)12 b(no)q(des)i(exc)o
(hange)g(reac)o(habilit)o(y)-90 2310 y(information)g(for)j(a)f(sp)q(eci\014c)
j(destination)e(in)f(the)i(form)d(of)h(distance)i(metrics)f(corresp)q(onding)
h(to)e(eac)o(h)i(next)f(hop.)27 b(No)q(des)18 b(do)f(not)-90
2360 y(exc)o(hange)11 b(information)c(ab)q(out)j(subsequen)o(t)i(hops)f(to)f
(the)g(destination.)17 b(BGP)10 b(augmen)o(ts)f(this)i(traditional)d(approac)
o(h)j(b)o(y)e(distributing)-90 2410 y(full)i(AD-lev)o(el)g(paths.)17
b(In)12 b(other)h(w)o(ords,)f(for)f(eac)o(h)h(destination)g(adv)o(ertised,)h
(no)q(des)f(sp)q(ecify)h(the)f(AD-lev)o(el)f(path)h(to)g(that)g(destination.)
p -90 2490 864 2 v -44 2517 a Fi(4)-26 2529 y Fh(In)i(this)f(section,)g(the)h
(term)f Fg(EGP)i Fh(denotes)e(a)h(sp)q(eci\014c)e(proto)q(col.)22
b(Whereas,)14 b(EGP)m(,)g(as)g(referred)f(to)h(in)g(the)g(previous)e
(section,)h(denoted)f(a)j Fb(class)g Fh(of)-90 2568 y(proto)q(cols.)-44
2596 y Fi(5)-26 2608 y Fh(BGP)d(and)g Fg(EGP)i Fh(use)e(the)g(term)g
Fg(A)o(utonomous)j(System)f Fh(and)e Fg(R)n(outing)j(Domain)p
Fh(,)f(resp)q(ectiv)o(ely)l(.)j(W)m(e)c(use)g(the)f(term)g
Fg(A)n(dministr)n(ative)j(Domain)p Fh(.)21 b(They)-90 2647
y(are)11 b(not)g(completely)d(equiv)n(alen)o(t)h(but,)h(for)h(the)g(sak)o(e)f
(of)i(this)e(discussion,)f(they)i(can)g(b)q(e)g(in)o(terc)o(hang)o(ed.)h(See)
f([54)o(,)g(26])g(for)g(further)f(discussion.)2028 2770 y Fs(16)p
eop
%%Page: 17 27
bop -90 -108 a Fs(As)17 b(a)f(result,)i(BGP)f(pro)o(vides)f(less)i
(information)13 b(hiding)j(in)g(return)i(for)e(the)h(abilit)o(y)e(to)h
(detect)i(routing)f(lo)q(ops)f(quic)o(kly)m(.)24 b(By)17 b(using)-90
-59 y(full)d(AD)h(paths)g(to)h(detect)g(lo)q(ops)f(BGP)h(a)o(v)o(oids)e(con)o
(v)o(ergence)j(problems)d([56)o(])h(without)f(imp)q(osing)f(top)q(ological)h
(restrictions)i(on)f(AD)-90 -9 y(in)o(terconnection.)k(In)14
b(addition,)e(AD)i(path)g(information)d(can)j(b)q(e)g(used)h(as)f(p)q(olicy)f
(criteria)h(for)g(route)g(selection.)-28 59 y(BGP)f(allo)o(ws)f(for)h
(limited)d(p)q(olicy-based)j(route)h(selection.)k(A)13 b(BGP)g(router)h(can)f
(select)i(its)e(next)g(hop)g(based)h(on)e(the)i(information)-90
109 y(pro)o(vided)f(in)f(the)h(full)f(AD)h(path,)f(in)h(addition)e(to)i(the)g
(distance)h(metric.)j(F)m(or)12 b(example,)g Fm(AD)1400 115
y Fl(A)1440 109 y Fs(can)h(reject)h(all)e(routes)i(through)e
Fm(AD)2029 115 y Fl(B)2058 109 y Fs(.)-90 158 y(On)k(the)h(other)g(hand,)f
(eac)o(h)h(AD)e(m)o(ust)h(apply)f(the)i(same)e(route)i(selection)f(decision)h
(to)f(all)e(pac)o(k)o(et)j(sources,)h(including)d(itself.)24
b(F)m(or)-90 208 y(example,)11 b Fm(AD)148 214 y Fl(A)187 208
y Fs(can)h(not)g(reject)h(all)e(routes)i(through)f Fm(AD)844
214 y Fl(B)885 208 y Fs(for)g(itself)f(without)h(a\013ecting)g(its)g(neigh)o
(b)q(ors,)g(and)g(vice)g(v)o(ersa.)18 b(Similarly)l(,)-90 258
y(an)13 b(AD)g(can)g(not)g(apply)f(one)i(p)q(olicy)e(to)h(one)g(neigh)o(b)q
(or)g(and)g(a)g(second)h(p)q(olicy)e(to)h(another)h(neigh)o(b)q(or.)j(Since)d
(BGP)f Fp(was)h(not)f Fs(in)o(tended)-90 308 y(to)h(implemen)o(t)d(p)q
(olicies)j(that)g(discriminate)f(b)q(et)o(w)o(een)i(tra\016c)f(end-p)q(oin)o
(ts)g(with)g(arbitrary)g(gran)o(ularit)o(y)m(,)e(the)i(approac)o(h)g(ac)o
(hiev)o(es)h(its)-90 358 y(goals)e([53)o(].)-28 425 y(Eac)o(h)i(BGP)h(router)
f(can)g(b)q(e)h(con\014gured)g(according)f(to)f(its)h(AD's)g(lo)q(cal)f(p)q
(olicy)m(.)20 b(Ev)o(en)15 b(though)g(lo)q(cal)f(p)q(olicy)g(is)h(not)f
(distributed)-90 475 y(among)e(ADs,)h(it)h(is)g(represen)o(ted)i(in)e(a)f
(univ)o(ersal)h Fp(p)n(olicy)h(language)p Fs(.)k(A)14 b(p)q(olicy)f(in)g
(this)h(language)f(is)h(an)g(expression:)679 525 y Fp([Network-list,AD-p)n
(ath]=pr)n(efer)m(enc)n(e)-28 593 y Fs(The)i(seman)o(tics)f(of)g(a)g(p)q
(olicy)g(are)g(as)h(follo)o(ws:)j(if)c(a)g(routing)g(up)q(date)h(for)f(a)g
(net)o(w)o(ork)h(in)f Fp(Network-list)e Fs(is)i(receiv)o(ed)i(via)e
Fp(AD-p)n(ath)-90 643 y Fs(and)f(its)h Fp(pr)n(efer)n(enc)n(e)f
Fs(metric)g(is)g(b)q(etter)i(than)f(that)f(of)g(a)g(path)h(curren)o(tly)g(in)
f(use,)h(then,)g(this)g(up)q(date)g(m)o(ust)e(b)q(e)j(used)f(for)f(subsequen)
o(t)-90 692 y(routing.)-90 823 y Fn(2.1.3.3)48 b(In)o(ter-Domain)12
b(Routing)i(Proto)q(col)-90 917 y Fs(In)o(ter-Domain)f(Routing)i(Proto)q(col)
g(\(IDRP\))g(is)g(an)h(extension)g(of)f(BGP)g(that)h(has)f(b)q(een)i(prop)q
(osed)f(as)g(an)f(in)o(ternational)f(standard.)-90 967 y(IDRP)g(augmen)o(ts)g
(the)h(BGP)g(proto)q(col)f(b)o(y)h(including)e(\(among)g(other)i(features\))h
(distribution)e(lists)h(along)e(with)i(route)g(information)-90
1017 y([2)o(].)20 b(The)15 b(list)f(ma)o(y)e(b)q(e)k(inclusiv)o(e)e(or)g
(exclusiv)o(e)h(and)g(is)f(propagated)h(along)e(with)h(next)h(hop)g(and)f
(full-AD)f(path)i(information.)i(Eac)o(h)-90 1067 y(b)q(order)f(router)f
(along)f(a)h(path)f(ma)o(y)f(further)j(restrict)g(a)f(distribution)f(list)g
(b)q(efore)i(adv)o(ertising)e(a)h(route,)g(i.e.,)f(ADs)h(ma)o(y)d(b)q(e)k
(deleted)-90 1116 y(from)10 b(the)j(inclusiv)o(e)f(list)f(or)h(added)h(to)f
(the)g(exclusiv)o(e)h(list)f(but)g(no)g(router)h(can)f(relax)g(or)g(ignore)g
(the)g(list.)1576 1101 y Fj(6)1612 1116 y Fs(This)g(feature)h(allo)o(ws)d
(IDRP)-90 1166 y(to)j(supp)q(ort)h(some)e(source-sp)q(eci\014c)k(p)q
(olicies.)h(Ho)o(w)o(ev)o(er,)c(IDRP)g(has)g(no)g(built-in)f(supp)q(ort)i
(for)e(enforcing)i(source-sp)q(eci\014c)h(p)q(olicies)e(at)-90
1216 y(pac)o(k)o(et)h(forw)o(arding)e(time.)17 b(Another)d(departure)h(from)c
(BGP)j(is)f(the)h(IDRP's)f(abilit)o(y)e(to)j(include)f(p)q(olicy-related)g
(\(e.g.,)g(T)m(oS)f(or)i(User)-90 1266 y(Class\))g(information)d(in)i
(routing)h(up)q(dates.)-28 1333 y(IDRP)k(is)h(th)o(us)g(able)f(to)g(supp)q
(ort)h(a)g(wider)f(range)h(of)f(p)q(olicies)g(than)h(BGP)m(.)e(Nev)o
(ertheless,)22 b(b)q(ecause)e(IDRP)e(is)h(a)f(hop-b)o(y-hop)-90
1383 y(proto)q(col,)11 b(it)h(only)e(allo)o(ws)h(a)g(single)g(route)h(p)q(er)
h(ev)o(ery)f([)p Fm(destination;)7 b(T)f(oS)r Fs(])12 b(to)g(b)q(e)g(adv)o
(ertized.)18 b(Ho)o(w)o(ev)o(er,)12 b(m)o(ultiple)d(routes)k(for)e(a)g(giv)o
(en)-90 1433 y([)p Fm(destination;)c(T)f(oS)r Fs(])14 b(com)o(bination)c(ma)o
(y)h(b)q(e)j(necessary)i(in)c(order)i(to)f(allo)o(w)f(tra\016c)h(sources)i
(to)e(apply)g(route)g(selection)h(p)q(olicies.)k(\(See)-90
1483 y([7)o(])c(for)f(an)h(in-depth)g(discussion)g(of)g(this)g(and)f(other)i
(related)f(issues\).)-90 1613 y Fn(2.1.3.4)48 b(Routing)13
b(with)i(Multiple)e(Hierarc)o(hical)g(Addresses)-90 1708 y
Fs(A)19 b(no)o(v)o(el)f(approac)o(h)h(to)g(p)q(olicy)f(routing)g(is)h(the)g
(use)h(of)e(m)o(ultiple)f(hierarc)o(hical)h(addresses)j(\(MHA\).)e(In)g([87)o
(],)g(Tsuc)o(hiy)o(a)g(suggests)-90 1757 y(that)j(m)o(ultiple)e(addresses)k
(b)q(e)f(assigned)g(to)f(end-systems)g(\(stub)h(ADs,)h(in)e(our)g
(parlance\).)43 b(A)23 b(single)e(address)j(is)e(formed)f(as)-90
1807 y([)p Fm(stub:r)q(eg)q(ional)q(:back)q(bone)p Fs(])12
b(indicating)g(that)h(the)g(corresp)q(onding)h(route:)k([)p
Fm(back)q(bone)11 b Fs(=)-7 b Ff(\))11 b Fm(r)q(eg)q(ional)j
Fs(=)-7 b Ff(\))11 b Fm(stub)p Fs(])i(satis\014es)h(the)f(p)q(olicies)-90
1857 y(of)d(its)h(comp)q(onen)o(t)f(ADs.)18 b(A)11 b(giv)o(en)f(end-p)q(oin)o
(t)h(ma)o(y)e(ha)o(v)o(e)h(a)h(n)o(um)o(b)q(er)f(of)h(suc)o(h)g(addresses)i
(di\013ering)e(in)f(the)i Fm(r)q(eg)q(ional)h Fs(and/or)d Fm(back)q(bone)-90
1907 y Fs(\014elds.)-28 1975 y(Routing)j(in)h(this)g(approac)o(h)g(can)g(b)q
(e)h(view)o(ed)f(as)g(a)g(v)n(arian)o(t)f(of)g(source)j(routing.)i(More)c(sp)
q(eci\014cally)m(,)g(a)f(route)i(b)q(et)o(w)o(een)h Fm(AD)1969
1981 y Fl(a)2003 1975 y Fs(and)-90 2024 y Fm(AD)-25 2030 y
Fl(b)6 2024 y Fs(is)e(the)g(com)o(bination)d(of)i Fm(AD)467
2030 y Fl(a)488 2024 y Fs('s)h(address)h(and)e(the)i Fp(inverse)e
Fs(of)g Fm(AD)1083 2030 y Fl(b)1101 2024 y Fs('s)g(address,)i(e.g.,)d
Fm(AD)1454 2030 y Fl(a)1475 2024 y Fm(:r)q(eg)q(ional)1640
2030 y Fj(1)1659 2024 y Fm(:back)q(bone)1834 2030 y Fj(1)1866
2024 y Fs(follo)o(w)o(ed)g(b)o(y)-90 2074 y Fm(back)q(bone)73
2080 y Fj(2)91 2074 y Fm(:r)q(eg)q(ional)256 2080 y Fj(2)276
2074 y Fm(:AD)353 2080 y Fl(b)369 2074 y Fs(.)18 b(T)m(o)12
b(route)h(a)g(pac)o(k)o(et,)g(a)f(stub)i(AD)e(simply)f(selects)j(\(according)
f(to)g(its)g(p)q(olicy\))f(one)h(of)f(the)h(addresses)i(for)-90
2124 y(the)f(in)o(tended)h(destination.)-28 2192 y(The)j(main)d(b)q(ene\014t)
j(of)e(MHA)h(is)g(its)g(simplicit)o(y)e(and)h(lo)o(w)g(o)o(v)o(erhead)i(with)
e(regard)i(to)f(route)g(computation.)26 b(There)18 b(are)f(a)g(few)-90
2241 y(imp)q(ortan)o(t)10 b(dra)o(wbac)o(ks,)i(though.)17 b(First,)11
b(a)h Fp(shal)r(low)f Fs(\(three-lev)o(el\))h(hierarc)o(h)o(y)g(is)g
(assumed.)17 b(As)12 b(p)q(oin)o(ted)f(out)h(ab)q(o)o(v)o(e,)f(suc)o(h)h
(restriction)-90 2291 y(is)h(undesirable)h(for)f(t)o(w)o(o)g(reasons:)19
b(i\))12 b(lateral)h(and)g(b)o(ypass)h(links)f(m)o(ust)f(b)q(e)i(supp)q
(orted)h(as)e(the)h(In)o(ternet)g(is)g(not)f(exp)q(ected)i(to)e(conform)-90
2341 y(to)j(a)g(strict)h(hierarc)o(h)o(y)m(,)f(and)g(ii\))f(ev)o(en)h(if)g(a)
f(strict)i(hierarc)o(h)o(y)g(is)f(p)q(ossible,)g(limiting)d(it)i(to)h(three)i
(lev)o(els)e(ma)o(y)e(b)q(e)j(inadequate)f(in)f(the)-90 2391
y(con)o(text)f(of)f(a)h(global)e(In)o(ternet.)19 b(A)14 b(related)g(problem)e
(is)i(the)g(assumption)e(regarding)i(bac)o(kb)q(ones.)19 b(If)13
b(the)h(bac)o(kb)q(one)g(comp)q(onen)o(ts)g(of)-90 2441 y(a)h(route)g(are)h
(not)f(iden)o(tical,)f(m)o(ultiple)f(transit)i(bac)o(kb)q(ones)h(ha)o(v)o(e)f
(to)g(b)q(e)g(tra)o(v)o(ersed.)23 b(Suc)o(h)15 b(bac)o(kb)q(ones,)h(ho)o(w)o
(ev)o(er,)f(are)h(not)f(included)-90 2491 y(in)h(either)i(of)e(the)h(t)o(w)o
(o)f(addresses.)29 b(Consequen)o(tly)m(,)17 b(p)q(olicy)f(enforcemen)o(t)h
(is)g(sev)o(erely)g(limited)e(from)g(the)i(p)q(ersp)q(ectiv)o(e)i(of)d(the)i
(end-)-90 2540 y(p)q(oin)o(ts)13 b(\(since)g(transit)g(bac)o(kb)q(ones)h(are)
f Fp(hidden)p Fs(\))h(from)d(them.)16 b(Con)o(v)o(ersely)m(,)d(transit)g(bac)
o(kb)q(ones,)g(not)g(included)g(in)f(the)h("route")g(m)o(ust)p
-90 2623 864 2 v -44 2650 a Fi(6)-26 2662 y Fh(The)e(prop)q(osed)e(standard)g
(includes)h(sev)o(eral)g(other)g(extensions)f(whic)o(h)i(are)g(not)f
(directly)g(relev)n(an)o(t)f(to)i(our)g(discussion.)2028 2770
y Fs(17)p eop
%%Page: 18 28
bop -90 -108 a Fs(enforce)14 b(their)f(p)q(olicy)f(on)g(a)g(p)q(er-pac)o(k)o
(et)i(basis,)f(i.e.,)e(they)i(are)g(denied)h(an)o(y)e(opp)q(ortunit)o(y)g(of)
g(restricting)i(tra\016c)e(in)h(adv)n(ance)f(of)g(actual)-90
-59 y(comm)o(unication.)-90 72 y Fn(2.1.3.5)48 b(IDPR)-90 166
y Fs(Routing)14 b(proto)q(cols)h(discussed)i(th)o(us)e(far)g(ha)o(v)o(e)g(b)q
(een)h(dev)o(elop)q(ed)f(with)g(limited)e(concern)j(for)f(p)q(olicy)f
(enforcemen)o(t.)22 b(Designed)15 b(with)-90 216 y(more)h(con)o(v)o(en)o
(tional)g(routing)g(in)h(mind,)e(these)k(proto)q(cols)e(either)h(imp)q(ose)e
(top)q(ological)f(restrictions)j(and)f(do)f(not)h(scale)h(w)o(ell)e(\(e.g.,)
-90 266 y(EGP\),)e(or)f(can)i(not)e(supp)q(ort)i(large)f(n)o(um)o(b)q(ers)f
(of)g(div)o(erse)i(and)f(dynamic)e(p)q(olicies)i(\(e.g.,)f(BGP)m(,)g(IDRP)g
(and)h(MHA\).)-28 333 y(In)k(his)g(landmark)d(pap)q(er,)k(Clark)e([13)o(])g
(\014rst)i(motiv)n(ated)c(the)k(need)f(for)f(the)i(in)o(tegration)e(of)g(p)q
(olicy)g(supp)q(ort)h(in)o(to)f(the)h(routing)-90 383 y(function)11
b(and)f(presen)o(ted)k(a)c Fp(blueprint)h Fs(for)f(p)q(olicy)h(routing)f(in)h
(the)g(In)o(ternet.)19 b(The)11 b(In)o(ternet)i(In)o(ter-Domain)c(P)o(olicy)h
(Routing)g(W)m(orking)-90 433 y(Group)j(\(IDPR-W)o(G\))f(has)h(since)h(dev)o
(elop)q(ed)g(an)f(arc)o(hitecture)i(for)e(In)o(ter-Domain)e(P)o(olicy)i
(Routing)f(\(IDPR\))1672 418 y Fj(7)1704 433 y Fs(that)h(is)g(largely)f
(based)-90 483 y(on)i(Clark's)f(p)q(olicy)g(routing)g(prop)q(osal.)-28
550 y(IDPR)e(represen)o(ts)k(a)c(signi\014can)o(t)g(departure)i(from)d(the)i
(more)f(traditional)f(routing)h(proto)q(cols.)18 b(In)11 b(brief,)h(the)g
(distinctiv)o(e)g(features)-90 600 y(of)h(IDPR)h(are)g(\(w)o(e)g(discuss)h
(IDPR)f(in)f(greater)i(detail)e(in)h(Chapter)g(4.1\):)-28 701
y Ff(\017)21 b Fn(P)o(olicy)14 b(T)l(erms)h(\(PTs\))e Fs(are)h(units)g(of)g
(p)q(olicy)f(expressed)j(in)e(a)f(univ)o(ersal)h(p)q(olicy)f(syn)o(tax.)19
b(Ev)o(ery)14 b(AD)g(includes)g(its)g(PTs)h(in)e(a)14 751 y(link)g(state)h
(up)q(date)h(whic)o(h)f(it)f(distributes)i(to)f Fp(al)r(l)f
Fs(other)i(ADs)f(via)f(a)g(\015o)q(o)q(ding)g(mec)o(hanism.)-28
834 y Ff(\017)21 b Fn(P)o(olicy)d(Routes)h(\(PRs\))e Fs(are)h(source)h
(routes)g(at)f(the)g(gran)o(ularit)o(y)f(of)g(ADs.)30 b(A)18
b(PR)g(is)g(computed)f(b)o(y)h(a)f(source)i(AD)f(and)14 884
y(then)c(installed)e(at)h(all)f(in)o(terv)o(ening)h(ADs)h(in)e(adv)n(ance)i
(of)e(the)i(actual)f(comm)o(unicatio)o(n.)i(Subsequen)o(t)g(data)e(tra\016c)g
(\015o)o(ws)g(along)14 934 y(established)h(PRs.)313 919 y Fj(8)-90
1035 y Fs(IDPR)i(w)o(as)h(designed)h(to)f(supp)q(ort)h(a)f(wide)g(range)g(of)
f(p)q(olicies)h(while)g(alleviating)e(global)g(consistency)k(requiremen)o
(ts.)27 b(Stub)18 b(ADs)-90 1084 y(enforce)f(their)f(p)q(olicy)f(at)g(the)i
(time)d(of)h(route)h(computation.)22 b(T)m(ransit)16 b(ADs)f(adv)o(ertize)i
(their)f(p)q(olicies)f(to)h(their)g(stub)g(coun)o(terparts)-90
1134 y(that,)e(in)f(turn,)i(use)f(these)i(p)q(olicies)e(to)g(comp)q(ose)g
(PRs.)k(T)m(ransit)c(p)q(olicy)f(enforcemen)o(t)i(tak)o(es)f(place)h(when)f
(PRs)g(are)h(installed)e(at)h(the)-90 1184 y(transit)g(AD)g(hops.)-28
1252 y(IDPR)g(supp)q(orts)h(the)f(follo)o(wing)d(p)q(olicy)i(attributes:)19
b(source)c(and)f(destination)f(ADs,)h(previous)g(and)g(next)g(AD)g(hop,)f
(Qualit)o(y-of-)-90 1302 y(Service,)18 b(Time-of-Da)o(y)l(,)c(User)k
(Classes,)f(authen)o(tication)g(and)f(securit)o(y)i(requiremen)o(ts,)f(and)f
(c)o(harging)g(conditions.)26 b(In)17 b(return)g(for)-90 1351
y(this)d(functionalit)o(y)m(,)d(IDPR)j(presen)o(ts)i(a)d(n)o(um)o(b)q(er)g
(of)h(c)o(hallenging)e(problems)h(relating)g(to)h(complexit)o(y)e(and)i
(scale)g([7].)-28 1419 y(In)h(Chapter)g(4,)f(w)o(e)g(discuss)i(IDPR)e(in)g
(greater)h(detail)f(concen)o(trating)h(on)f(securit)o(y)h(asp)q(ects)i(of)c
(its)i(p)q(olicy)e(enforcemen)o(t)i(mec)o(ha-)-90 1469 y(nisms.)-90
1599 y Fn(2.1.3.6)48 b(Secure)15 b(and)g(Robust)f(Routing)-90
1694 y Fs(A)o(t)e(an)g Fp(extr)n(eme)f Fs(of)h(robustness)i(and)e(securit)o
(y)h(is)e Fp(Network-layer)h(Pr)n(oto)n(c)n(ol)h(with)f(Byzantine)i(R)n
(obustness)f Fs(\(NPBR\))f(b)o(y)g(P)o(erlman)f([71)o(].)-90
1743 y(NPBR)j(concepts)g(are)g(suitable)f(for)g(use)h(as)f(either)i(IGP)e(or)
g(EGP)m(,)f(mainly)f(b)q(ecause)k(it)d(mak)o(es)h(no)g(assumptions)f(ab)q
(out)h(trust)h(among)-90 1793 y(its)g(comp)q(onen)o(ts.)-28
1861 y(NPBR)k(comes)e(in)h(t)o(w)o(o)g(\015a)o(v)o(ors:)24
b(\015o)q(o)q(ding)17 b(and)g(link)f(state.)29 b(Flo)q(o)q(ding)16
b(NPBR)h(is)g(a)g(highly-robust)g(proto)q(col)g(where)h(comm)o(u-)-90
1911 y(nication)f(b)q(et)o(w)o(een)j(t)o(w)o(o)d(no)q(des)i(is)f(guaran)o
(teed)h(as)f(long)f(as)h(there)i(exists)e(a)g(non-fault)o(y)f(path)h(b)q(et)o
(w)o(een)h(them.)30 b(This)18 b(robustness)-90 1960 y(is)f(ac)o(hiev)o(ed)g
(at)f(the)h(exp)q(ense)i(of:)k(\(1\))17 b(\015o)q(o)q(ding)f(data)g(pac)o(k)o
(ets,)i(\(2\))e(p)q(er-pac)o(k)o(et)i(public)e(k)o(ey)h(encryption)g(at)g(ev)
o(ery)g(hop,)g(and,)g(\(3\))-90 2010 y(signi\014can)o(t)h(state)h(in)e
(routers.)33 b(The)18 b(v)n(alue)g(of)f(this)i(proto)q(col)f(is)g(largely)f
(theoretical)i(as)f(it)g(illustrates)g(the)h(limits)d(of)i(ac)o(hiev)n(able)
-90 2060 y(net)o(w)o(ork-la)o(y)o(er)c(robustness)h(and)f(securit)o(y)m(.)-28
2128 y(Link)i(state)g(NPBR)g(is)g(sligh)o(tly)f(less)h(robust.)25
b(It)16 b(guaran)o(tees)g(comm)o(unication)d(b)q(et)o(w)o(een)k(t)o(w)o(o)e
(no)q(des)i(as)f(long)f(as)h(there)h(exist)f Fm(n)-90 2178
y Fs(no)q(de-disjoin)o(t)d(paths)h(b)q(et)o(w)o(een)h(a)e(giv)o(en)g(pair)g
(of)g(no)q(des,)h(and)f(at)g(most)g Fp(\(n-1\))h Fs(no)q(de)g(failures)f
(exist)h(sim)o(ultaneously)d(in)i(the)h(net)o(w)o(ork.)-90
2227 y(Reduced)19 b(robustness)h(in)e(link)f(state)i(NPBR)f(is)g(coun)o
(ter-balanced)h(b)o(y)f(the)h(use)f(of)g(a)g(link)f(state)i(proto)q(col)f(in)
f(conjunction)h(with)-90 2277 y(source)13 b(routing.)k(Link)12
b(state)h(up)q(date)f(dissemination)e(is)i(p)q(erformed)g(using)g
(highly-robust)f(\015o)q(o)q(ding)h(NPBR)g(metho)q(d,)f(whereas)i(data)-90
2327 y(pac)o(k)o(ets)i(are)f(source-routed.)20 b(This)14 b(design,)f(while)h
(still)f(quite)h(costly)m(,)f(demonstrates)h(some)f(useful)h(tec)o(hniques:)
-28 2428 y Ff(\017)21 b Fs(Public)13 b(k)o(ey)h(signatures)h(for)f(link)e
(state)j(up)q(dates)g(to)f(defend)g(against)g(tamp)q(ering)e(and)i
(repudiation)f(of)h(origin.)-28 2511 y Ff(\017)21 b Fs(P)o(er-no)q(de)15
b(non)o(wrapping)e(sequence)j(n)o(um)o(b)q(ers)d(to)h(ac)o(hiev)o(e)g(repla)o
(y)g(detection)h(and)e(pac)o(k)o(et)i(reordering.)p -90 2591
864 2 v -44 2618 a Fi(7)-26 2630 y Fh(Not)c(to)g(b)q(e)g(confused)e(with)j
(IDRP)m(.)f(F)m(or)g(the)g(record,)f(IDPR)h(w)o(as)h(named)e(\014rst!)-44
2658 y Fi(8)-26 2669 y Fh(This)h(b)q(ears)f(some)h(resem)o(blance)d(to)j(a)h
(traditional)c(virtual)i(circuit)g(mo)q(del.)j(Ho)o(w)o(ev)o(er,)e(without)f
(pac)o(k)o(et)g(sequencing)f(or)i(reliable)e(deliv)o(ery)m(.)2028
2770 y Fs(18)p eop
%%Page: 19 29
bop -28 -108 a Ff(\017)21 b Fs(End-to-end)16 b(and)f(hop-b)o(y-hop)g(pac)o(k)
o(et)h(deliv)o(ery)g(ac)o(kno)o(wledgemen)o(ts)f(to)g(determine)h
(dynamically)c(the)17 b(status)f(of)f(links)g(and)14 -59 y(no)q(des)f(tra)o
(v)o(ersed)i(b)o(y)d(a)h(pac)o(k)o(et.)-90 41 y(In)g(Chapter)g(4,)g(w)o(e)g
(tak)o(e)g(adv)n(an)o(tage)f(of)g(these)i(tec)o(hniques)g(in)f(our)g(design)g
(of)f(secure)j(transit)e(p)q(olicy)f(enforcemen)o(t.)-90 195
y Fq(2.2)70 b(Supp)r(ort)24 b(Mec)n(hanisms)-90 304 y Fs(This)18
b(section)g(brie\015y)g(addresses)i(a)d(n)o(um)o(b)q(er)g(of)g(common)e(supp)
q(ort)k(mec)o(hanisms)c(used)k(as)f(basic)g(building)e(blo)q(c)o(ks)i(in)f
(our)h(p)q(olicy)-90 354 y(enforcemen)o(t)c(proto)q(cols.)-90
492 y Fk(2.2.1)55 b(Encryption)18 b(and)h(Signature)f(Supp)r(ort)-90
587 y Fs(Proto)q(cols)j(that)g(implem)o(en)o(t)d(securit)o(y)k(services)g
(for)e(p)q(olicy)g(enforcemen)o(t)h(will)e(ha)o(v)o(e)i(to)f(mak)o(e)f(use)j
(of)d(encryption)j(to)e(supp)q(ort)-90 637 y(authen)o(tication,)13
b(data)h(in)o(tegrit)o(y)m(,)e(and)i(con\014den)o(tialit)o(y)f(\(if)g
(applicable\).)-28 704 y(Tw)o(o)k(dominan)o(t)f(t)o(yp)q(es)i(of)f
(encryption)h(are:)26 b(con)o(v)o(en)o(tional)17 b(\(or)g(symmetric\))f(and)i
(public)f(k)o(ey)m(.)29 b(Con)o(v)o(en)o(tional)16 b(cryptograph)o(y)-90
754 y(has)h(b)q(een)i(in)d(use)i(for)f(quite)g(a)g(long)f(time)g([49)o(].)28
b(T)o(ypically)m(,)15 b(it)i(in)o(v)o(olv)o(es)f(a)h(function)g(and)g(a)g
(single)g(k)o(ey)g(used)h(for)f(encryption,)h(as)-90 804 y(w)o(ell)c(as)h
(decryption,)h(of)e(data.)21 b(The)16 b(k)o(ey)f(m)o(ust)f(b)q(e)i(shared)g
(among)d(ev)o(ery)i(group)g(\(usually)m(,)f(of)g(size)i(t)o(w)o(o\))f(of)f
(principals)h(wishing)f(to)-90 854 y(comm)o(unicate)e(in)h(secret.)-28
921 y(The)g(b)q(est-kno)o(wn)g(\(if)f(not)h(the)g(most)e(notorious\))h(of)g
(the)h(con)o(temp)q(orary)f(con)o(v)o(en)o(tional)g(cryptosystems)h(is)g(the)
g(Data)f(Encryption)-90 971 y(Standard)i(\(DES\)[66)o(].)k(It)c(is,)f(at)g
(presen)o(t,)i(a)f(United)g(States)h(standard)f(whic)o(h)f(mak)o(es)g(it)g
(\(and)h(a)g(n)o(um)o(b)q(er)f(of)g(deriv)n(ativ)o(es\))h(the)g(most)-90
1021 y(widely)f(used)i(cryptosystem.)-28 1089 y(Some)d(con)o(v)o(en)o(tional)
g(cryptosystems)h(are)h(also)e(suitable)g(for)h(generating)g(digital)e
(signatures,)i(e.g.,)f(FEAL-8)h([82)o(])f(and)h(DES)g([66)o(].)-90
1139 y(A)g(digital)f(signature)h(is)g(a)g(v)n(alue)g(that,)g(when)h(attac)o
(hed)f(to)h(a)e(message,)h(pro)o(v)o(es)h(that)f(the)h(message)f(has)g(b)q
(een)i(generated)f(b)o(y)f(a)g(part)o(y)-90 1188 y(in)g(p)q(ossession)j(of)d
(the)h(k)o(ey)g(used)h(in)e(the)i(signature)f(computation.)-28
1256 y(F)m(or)i(the)h(most)f(part,)g(con)o(v)o(en)o(tional)g(cryptosystems)h
(lend)f(themselv)o(es)h(to)f(e\016cien)o(t)h(implemen)o(tations)d(and)i(are)h
(able)f(to)g(reac)o(h)-90 1306 y(encryption)11 b(rates)h(of)e(sev)o(eral)h
(megab)o(ytes)f(p)q(er)i(second)f(\(thereb)o(y)h(matc)o(hing)d(some)h(LAN)h
(sp)q(eeds\).)19 b(On)11 b(the)g(other)g(hand,)g(con)o(v)o(en)o(tional)-90
1356 y(cryptograph)o(y)j(has)g(sev)o(eral)g(dra)o(wbac)o(ks:)-28
1455 y Ff(\017)21 b Fs(Sharing)11 b(a)h(distinct)g(k)o(ey)g(for)f(ev)o(ery)i
(pair)e(of)h(principals)f(mak)o(es)g(k)o(ey)h(managemen)o(t)d(extremely)j
(di\016cult)f(\()p Fm(N)1734 1440 y Fj(2)1764 1455 y Fs(k)o(eys)i(are)f
(required)14 1505 y(for)h Fm(N)19 b Fs(principals\).)-28 1587
y Ff(\017)i Fs(An)13 b(unfortunate)g(consequence)i(of)d(k)o(ey)h(sharing)f
(is)h(the)g(inabilit)o(y)e(of)h(attributing)g(encrypted)j(messages)e(to)f(a)h
(single)f(principal.)14 1637 y(In)i(other)h(w)o(ords,)f(a)h(message)f
(encrypted)i(\(or)e(signed\))h(with)f(a)g(shared)i(k)o(ey)e(can)h(b)q(e)g
(generated)g(b)o(y)g(an)o(y)e(of)h(the)h(\(at)g(least)f(t)o(w)o(o\))14
1687 y(principals)f(in)h(p)q(ossession)h(of)e(this)h(k)o(ey)m(.)-28
1769 y Ff(\017)21 b Fs(Finally)m(,)11 b(authen)o(ticated)16
b(m)o(ulticast)c(and)i(broadcast)h(comm)o(unicatio)o(n)d(is)i(rather)h(lab)q
(orious.)j(In)c(order)h(to)f(send)h(a)f(message)g(to)14 1819
y(a)f(group)h(of)f Fm(N)19 b Fs(principals,)13 b(the)i(sender)g(m)o(ust)e
(pro)q(duce)i Fm(N)k Fs(distinct)14 b(message)f(signatures,)i(one)f(for)f
(eac)o(h)i(in)o(tended)f(recipien)o(t.)-28 1918 y(Public)h(k)o(ey)f
(encryption)370 1903 y Fj(9)404 1918 y Fs(addresses)j(some)d(of)g(the)h(dra)o
(wbac)o(ks)g(of)f(con)o(v)o(en)o(tional)f(encryption.)21 b(In)15
b(a)f(public)g(k)o(ey)h(cryptosystem,)-90 1968 y(eac)o(h)c(principal)e(is)h
(asso)q(ciated)h(with)f(a)g(unique)g(k)o(ey-pair.)17 b(A)10
b(k)o(ey-pair)g(consists)h(of)f(a)g Fp(public)g Fs(\(encryption\))h(and)f(a)g
Fp(private)g Fs(\(decryption\))-90 2018 y(k)o(ey)m(.)17 b(The)11
b(former)f(is)h(made)f(a)o(v)n(ailable)f(to)i(an)o(y)o(one)g(who)g(w)o(an)o
(ts)g(to)g(comm)o(unicate)d(with)j(the)h(principal)e(in)h(question,)g(while)g
(the)h(latter)f(is)-90 2067 y(k)o(ept)i(secret.)20 b(Encryption)13
b(is)g(p)q(erformed)f(with)h(the)g(public)f(k)o(ey)m(,)h(and)f(decryption)i
(with)e(the)h(corresp)q(onding)h(priv)n(ate)f(k)o(ey)m(.)k(The)c(most)-90
2117 y(imp)q(ortan)o(t)h(feature)j(is)f(that,)h(giv)o(en)e(a)h(principal's)g
(public)f(k)o(ey)m(,)h(computing)f(the)i(corresp)q(onding)g(priv)n(ate)f(k)o
(ey)g(is)g(computationally)-90 2167 y(infeasible.)90 2152 y
Fj(10)-28 2235 y Fs(The)k(b)q(est-kno)o(wn)f(example)e(of)i(a)f(public-k)o
(ey)h(cryptosystem)g(is)f(the)i(RSA)e([76)o(].)33 b(In)19 b(RSA,)f(the)h
(di\016cult)o(y)f(of)g(attac)o(king)g(the)-90 2285 y(system)h(is)h(equiv)n
(alen)o(t)e(to)i(factoring)f(large)g(n)o(um)o(b)q(ers.)34 b(RSA)19
b(has)h(b)q(een)h(extensiv)o(ely)f(researc)o(hed)h(and)f(scrutinized)h(in)e
(the)h(past)-90 2334 y(and)d(is)f(considered)i(one)f(of)f(the)i(most)d
(secure)k(cryptosystems)f(a)o(v)n(ailable.)24 b(Another)18
b(example)d(of)h(a)h(hereto)g(un)o(brok)o(en)g(public)g(k)o(ey)-90
2384 y(cryptosystem)d(is)g(the)h Fp(El)f(Gamal)g Fs(sc)o(heme[23)o(])g(whic)o
(h)g(is)f(v)o(ery)h(slo)o(w)g(\(ev)o(en)h(b)o(y)e(public)h(k)o(ey)g
(standards\),)g(but)g(w)o(ell-suited)g(for)f(certain)-90 2434
y(sp)q(ecialized)i(tasks,)f(e.g.,)e(k)o(ey)i(distribution.)621
2419 y Fj(11)p -90 2513 864 2 v -44 2540 a Fi(9)-26 2551 y
Fh(First)c(prop)q(osed)g(b)o(y)h(W.)g(Di\016e)h(and)f(M.)h(Hellman)e(in)h
(1976)f([20)o(].)-59 2579 y Fi(10)-26 2591 y Fh(Deriv)n(ation)d(of)k(a)f
(priv)n(ate)e(k)o(ey)i(from)f(its)i(public)d(coun)o(terpart)f(is)k(usually)e
(equiv)n(alen)o(t)e(to)j(solving)f(a)h(hard,)g(e.g.,)f(NP-complete,)f
(computation)o(al)g(problem)-90 2630 y([20)o(].)-59 2658 y
Fi(11)-26 2670 y Fh(El)j(Gamal's)f(slo)o(wness)g(is)i(due)f(to)g(exp)q(onen)o
(tia)o(tio)o(n)e(complexit)o(y)f(and)j(expansion)e(in)i(ciphertext)e(size.)
2028 2770 y Fs(19)p eop
%%Page: 20 30
bop -28 -108 a Fs(Public)14 b(k)o(ey)g(encryption)g(addresses)i(man)o(y)c(of)
i(the)g(con)o(v)o(en)o(tional)f(encryption's)h(dra)o(wbac)o(ks.)-28
-8 y Ff(\017)21 b Fs(Since)14 b(a)g(principal)f(only)g(needs)i(a)f(single)f
(k)o(ey-pair,)g(k)o(ey)h(managemen)o(t)d(is)j(no)g(longer)g(a)f(problem.)-28
75 y Ff(\017)21 b Fs(A)14 b(principal)g(generates)i(signatures)f(with)f(a)g
(priv)n(ate)g(k)o(ey)g(kno)o(wn)g(only)g(to)g(it.)19 b(Therefore,)c(there)h
(is)e(no)g(am)o(biguit)o(y)d(in)j(tracing)14 125 y(a)f(signed)h(message)g(to)
g(its)g(origin.)-28 208 y Ff(\017)21 b Fs(Authen)o(ticated)12
b(m)o(ulticast)e(or)i(broadcast)g(are)f(easily)g(ac)o(hiev)o(ed)h(b)o(y)f(a)g
(single)g(message)h(signature)f(computed)g(with)g(the)h(sender's)14
258 y(priv)n(ate)f(k)o(ey)m(.)16 b(An)o(y)11 b(of)g(the)h(in)o(tended)g
(recipien)o(ts)g(can)f(authen)o(ticate)h(the)g(origin)e(and)h(the)h(con)o
(ten)o(ts)g(of)f(the)g(message)g(b)o(y)g(v)o(erifying)14 308
y(the)j(signature)g(with)g(the)h(help)e(of)h(the)g(sender's)i(public)d(k)o
(ey)m(.)-90 409 y(In)g(return)g(for)g(all)e(the)i(b)q(ene\014ts)i(it)d(pro)o
(vides,)h(public)f(k)o(ey)h(encryption)g(tak)o(es)g(a)f(hea)o(vy)h(toll)e(in)
i(terms)f(of)g(p)q(erformance.)18 b(As)13 b(compared)-90 459
y(to)h(its)g(con)o(v)o(en)o(tional)e(coun)o(terpart,)j(public)f(k)o(ey)g
(encryption)g(is)g(extremely)f(slo)o(w.)-28 526 y(Metho)q(ds)k(for)e
(reducing)h(the)g(high)f(cost)h(of)f(public)g(k)o(ey)g(encryption)h(ha)o(v)o
(e)g(b)q(een)g(prop)q(osed.)24 b(Sp)q(eci\014cally)m(,)15 b(in)g(RSA,)f(the)i
(cost)h(of)-90 576 y(signature)11 b(computation)d(\(with)j(priv)n(ate)f(k)o
(ey\))g(is)h(roughly)e(the)i(same)f(as)g(the)h(cost)g(of)f(signature)h(v)o
(eri\014cation)f(\(with)g(public)g(k)o(ey\).)1957 561 y Fj(12)2009
576 y Fs(F)m(or)-90 626 y(example,)i(Priv)n(acy-Enhanced)i(Mail[51)n(])f
(uses)i(a)f Fp(sc)n(ale)n(d-down)g Fs(v)o(ersion)f(of)g(RSA)h(where)h
(signature)f(v)o(eri\014cation)f(is)h(signi\014can)o(tly)e(less)-90
676 y(exp)q(ensiv)o(e)k(than)e(signature)h(computation.)k(This)c(is)f
(accomplished)g(b)o(y)g(using)h(large)f(priv)n(ate)g(k)o(eys)i(in)e
(conjunction)g(with)h(relativ)o(ely)-90 726 y(small)d(public)h(k)o(eys.)-28
793 y(In)f(order)g(to)g(a)o(v)o(oid)e(the)i(resp)q(ectiv)o(e)i(dra)o(wbac)o
(ks)e(and)g(com)o(bine)e(the)i(resp)q(ectiv)o(e)i(b)q(ene\014ts,)f(con)o(v)o
(en)o(tional)e(encryption)h(is)g(frequen)o(tly)-90 843 y(used)e(for)g(data)f
(in)o(tegrit)o(y)g(and)g(con\014den)o(tialit)o(y)g(\(encryption\),)i(while)e
(public)g(k)o(ey)h(encryption)g(is)g(reserv)o(ed)h(for)e(session)i(k)o(ey)e
(distribution)-90 893 y(and)14 b(authen)o(tication.)j(The)e(end-result)g(is)f
(a)f Fp(hybrid)h Fs(cryptosystem.)-28 961 y(In)k(the)g(con)o(text)g(of)e(p)q
(olicy)h(enforcemen)o(t,)h(public)f(k)o(ey)g(encryption)h(is)g(particularly)e
(useful)h(for)g(disseminating)f(routing)h(infor-)-90 1010 y(mation,)h(esp)q
(ecially)h(in)f(the)i(form)d(of)i(link)f(state)i(up)q(dates)g([71)o(].)33
b(A)19 b(link)f(state)i(pac)o(k)o(et)f(can)h(b)q(e)f(signed)h(once)f(b)o(y)g
(its)g(originator)-90 1060 y(and)c(the)h(signature)f(can)g(b)q(e)h(easily)e
(v)o(eri\014ed)i(b)o(y)f(all)f(p)q(oten)o(tial)g(recipien)o(ts,)i(assuming)d
(that)i(the)h(originator's)e(public)h(k)o(ey)g(is)g(readily)-90
1110 y(a)o(v)n(ailable.)i(Also,)d(as)g(describ)q(ed)i(in)e(the)h(next)g
(section,)g(in)o(ter-AD)f(asso)q(ciations)g(can)h(b)q(e)g(established)g
(using)f(public)g(k)o(ey)g(certi\014cates.)-90 1160 y(Con)o(v)o(en)o(tional)e
(signatures)j(are)f(esp)q(ecially)g(w)o(ell-suited)g(for)f(data)h(in)o
(tegrit)o(y)f(once)i(the)f(relev)n(an)o(t)g(principals)g(are)g(authen)o
(ticated.)-28 1227 y(As)k(discussed)i(in)d(Chapter)h(1,)g(con\014den)o
(tialit)o(y)e(is)i(not)f(a)h(relev)n(an)o(t)f(securit)o(y)i(service)g(in)e
(the)h(con)o(text)g(of)f(p)q(olicy)g(enforcemen)o(t,)-90 1277
y(hence,)f(applicable)e(securit)o(y)i(services)h(do)d(not)h(require)h(bulk)e
(encryption.)22 b(Message)16 b(signatures)f(su\016ce)h(for)f(origin)e(authen)
o(tication)-90 1327 y(and)h(data)f(in)o(tegrit)o(y)h(services.)-28
1395 y(It)i(is)g(not)g(necessary)i(to)d(sign)h(the)g(en)o(tire)h(message)e
([17)o(].)24 b(Instead,)16 b(a)g(short)g(\(e.g.,)g(128-bit\))e(digest)j(of)e
(a)g(message)h(is)g(pro)q(duced)-90 1445 y(and)f(then)h(signed,)g(thereb)o(y)
g(greatly)f(reducing)h(the)g(costs.)24 b(The)15 b(securit)o(y)i(of)e(this)g
(t)o(yp)q(e)h(of)f(signature)g(is)g(dep)q(enden)o(t)j(on)d(the)h(digest)-90
1494 y(computation)i(function,)i(usually)f(referred)i(to)f(as)f(a)g
Fp(hash)i(function)p Fs(.)36 b(A)19 b Fp(str)n(ong)h Fs(\(or)f
Fp(one-way)p Fs(\))h(hash)g(function)f(m)o(ust)g(ha)o(v)o(e)g(the)-90
1544 y(follo)o(wing)11 b(prop)q(erties:)-28 1645 y Ff(\017)21
b Fs(It)14 b(m)o(ust)f(b)q(e)h(computationally)d(di\016cult)i(to)h(\014nd)g
(t)o(w)o(o)f(messages)h(that)g(hash)g(to)g(the)h(same)e(digest.)-28
1728 y Ff(\017)21 b Fs(It)14 b(m)o(ust)f(b)q(e)h(computationally)d
(di\016cult)i(to)h(\014nd)g(a)g(message)f(that)h(hashes)h(in)o(to)e(a)h(giv)o
(en)f(digest.)-90 1829 y(In)d(practical)g(terms,)h(it)e(is)h(imp)q(ortan)o(t)
f(for)h(a)g(hash)g(function)g(to)g(lend)g(itself)g(to)g(fast)g(implemen)o
(tations,)e(at)i(least)g(an)g(order)h(of)f(magnitude)-90 1879
y(faster)k(than)f(the)g(signature)h(function.)j(In)c(recen)o(t)i(y)o(ears,)e
(some)f(hash)i(functions)f(conjectured)i(to)d(b)q(e)i(one-w)o(a)o(y)e(ha)o(v)
o(e)h(b)q(een)i(prop)q(osed.)-90 1929 y(Some)h(ha)o(v)o(e)h(b)q(een)h
(successfully)g(attac)o(k)o(ed,)g(e.g.,)e(Merkle's)i(SNEFR)o(U)f([57)o(,)g(3)
o(].)27 b(Others,)19 b(suc)o(h)f(as)f(Riv)o(est's)g(MD4)f(and)h(MD2)g([75)o
(],)-90 1978 y(app)q(ear)d(to)g(b)q(e)h(more)d(resilien)o(t.)19
b(\(MD4)13 b(is)h(discussed)h(in)f(detail)f(in)h(App)q(endix)g(A\).)-28
2046 y(The)23 b(use)g(of)e(hash)h(functions)g(for)g(message)g(authen)o
(tication)f(en)o(tails)h(signing)f(only)g(a)h(short)h(\014xed-length)f
(message)g(digest)-90 2096 y(v)n(alue.)29 b(Nonetheless,)19
b(encryption-based)g(signatures)f(are)h(still)d(quite)i(exp)q(ensiv)o(e.)30
b(In)18 b(App)q(endix)g(A,)f(w)o(e)h(describ)q(e)h(t)o(w)o(o)e(metho)q(ds)-90
2146 y(of)d(encryption-free)j(message)d(authen)o(tication)h(based)h(en)o
(tirely)f(on)f(the)i(use)g(of)e(one-w)o(a)o(y)h(hash)g(functions.)21
b(\(A)15 b(similar)e(sc)o(heme)i(w)o(as)-90 2196 y(dev)o(elop)q(ed)g(indep)q
(enden)o(tly)f(b)o(y)g(the)g(In)o(ternet)i(Securit)o(y)e(and)g(Priv)n(acy)f
(W)m(orking)g(Group)g([36)o(]\).)-90 2334 y Fk(2.2.2)55 b(Certi\014cation)-90
2429 y Fs(Our)18 b(in)o(ternet)o(w)o(ork)f(mo)q(del)f(assumes)h(a)g(v)o(ery)h
(large)f(n)o(um)o(b)q(er)f(of)h(in)o(terconnected)i(ADs.)28
b(Assuming)16 b(that)i(all)e(ADs)h(participate)g(in)-90 2478
y(a)f(global)e(public)i(k)o(ey)g(encryption)h(sc)o(heme,)f(eac)o(h)h(AD)f(w)o
(ould)f(need)i(to)f(ha)o(v)o(e)g(reliable)f(kno)o(wledge)h(of)g
Fp(al)r(l)f Fs(other)i(ADs')f(public)g(k)o(eys)-90 2528 y(in)g(order)h(to)f
(supp)q(ort)h(arbitrary)f(comm)o(unicatio)o(n)e(patterns.)26
b(Moreo)o(v)o(er,)17 b(a)f(global,)e(secure)19 b(k)o(ey)d(managemen)o(t)e(sc)
o(heme)i(w)o(ould)f(b)q(e)p -90 2609 864 2 v -59 2635 a Fi(12)-26
2647 y Fh(Usually)m(,)10 b(b)q(oth)g(k)o(eys)h(are)g(of)g(equal)f(\(or)h
(near-equal\))d(length.)2028 2770 y Fs(20)p eop
%%Page: 21 31
bop -90 -108 a Fs(necessary)19 b(to)e(distribute,)g(gran)o(t)g(and)g(rev)o
(ok)o(e,)g(k)o(eys.)28 b(Ov)o(erhead)18 b(due)f(to)g(b)q(oth)g(storage)g(and)
g(main)o(tenance)f(mak)o(es)f(this)i(scenario)-90 -59 y(rather)g
(undesirable.)24 b(Nonetheless,)18 b(since)f(p)q(olicies)e(are)i(most)d
(often)i(based)h(on)f(AD)f(allegiance,)g(principals)h(m)o(ust)f(ha)o(v)o(e)g
(means)h(of)-90 -9 y(pro)o(ving)e(their)h(iden)o(tit)o(y)m(.)k(Principals)14
b(include)g(the)i(v)n(arious)d(AD-lev)o(el)h(serv)o(ers:)21
b(Access)c(Con)o(trol,)d(Route,)g(P)o(olicy)m(,)f(Name)g(and)h(Time)-90
41 y(to)g(name)e(just)j(a)e(few.)-28 109 y(T)m(o)i(allo)o(w)f(for)h(more)f
(dynamic,)g(y)o(et)i(secure,)h(on-demand)d(binding)h(b)q(et)o(w)o(een)h
(names)f(and)g(public)h(k)o(eys,)f(a)g(tec)o(hnique)i(kno)o(wn)e(as)-90
158 y Fp(c)n(erti\014c)n(ation)g Fs(is)g(used.[37])g(Certi\014cation)g(is)g
(p)q(erformed)g(b)o(y)g(w)o(ell-kno)o(wn)f(trusted)j(Certi\014cation)f
(Authorities)f(\(CAs\).)23 b(Included)16 b(in)-90 208 y(a)e(certi\014cate)i
(is)e(a)g(name)f(\(e.g.,)h(a)g(DNS)g(name)f([60)o(])h(or)g(an)g(X.500)f
(distinguished)i(name)e([10)o(]\))h(and)g(a)g(corresp)q(onding)h(public)f(k)o
(ey)m(.)19 b(A)-90 258 y(certi\014cate)14 b(also)d(con)o(tains)h(the)h(name)e
(of)h(the)g(issuing)g(CA,)g(and)g(the)h(expiration)e(date)i(and)f(time.)k
(Most)c(imp)q(ortan)o(tly)m(,)d(a)j(certi\014cate)i(is)-90
308 y(signed)g(with)f(the)i(priv)n(ate)e(\(secret\))j(k)o(ey)e(of)f(the)h
(issuing)g(CA.)f(All)g(in)o(terested)i(parties)g(are)f(th)o(us)g(only)f
(required)h(to)g(p)q(ossess)i(the)e(CA's)-90 358 y(public)g(k)o(ey)f(as)h
(opp)q(osed)h(to)f(a)f(m)o(ultitude)g(of)g(principals')g(public)g(k)o(eys.)
-28 425 y(In)f(the)g(simplest)f(case,)i(there)g(is)f(a)f(single)h(univ)o
(ersally)f(trusted)i(CA.)e(Ho)o(w)o(ev)o(er,)i(in)e(a)g(heterogeneous)j(in)o
(ternet)o(w)o(ork)f(en)o(vironmen)o(t,)-90 475 y(it)h(is)g(unlik)o(ely)f
(that)i(a)f(single)g(CA)h(will)d(su\016ce)k(for)e(reasons)h(of)f(scale)h(and)
f(p)q(olicy)m(.)19 b(A)14 b(more)f(realistic)i(scenario)g(is)f(the)h(CA)g
(hierarc)o(h)o(y)-90 525 y(as)e(describ)q(ed)i(b)o(y)e(Gasser)h(et)g(al.)j
(in)c([37)o(].)k(F)m(or)c(example,)e(a)i(w)o(orldwide)g(in)o(ternet)o(w)o
(ork)g(ma)o(y)f(require)i(at)f(least)g(a)g(four-lev)o(el)f(hierarc)o(h)o(y)m
(.)-90 575 y(The)17 b(top)g(lev)o(el)g(CA)g(is)f(resp)q(onsible)i(for)f
(certifying)f(individual)f(coun)o(tries')i(CAs)h(whic)o(h,)f(in)f(turn,)i
(certify)f(ADs)g(in)f(their)i(domain.)-90 625 y(Bottommost,)11
b(AD-lev)o(el)i(CAs)i(ma)o(y)d(b)q(e)i(emplo)o(y)o(ed)e(to)i(certify)g
(constituen)o(t)h(users)h(and)d(end-systems.)-28 692 y(In)i(this)g(mo)q(del,)
e(an)h(asso)q(ciation)g(b)q(et)o(w)o(een)i(t)o(w)o(o)f(principals)f(\(A)h
(and)f(B\))h(is)g(established)g(as)g(follo)o(ws.)k(If)14 b(A)h(and)g(B)g(are)
g(under)g(the)-90 742 y(jurisdiction)f(of)g(the)h(same)e(CA,)i(A)f(forw)o
(ards)g(its)h(certi\014cate)h(to)e(B)h(and)g(B)f(v)o(eri\014es)i(the)f
(signature)g(and)f(the)h(expiration)f(time.)k(\(The)-90 792
y(pro)q(cedure)d(is)d(then)i(rep)q(eated)g(with)f(B)g(sending)g(its)g
(certi\014cate)h(to)f(A\).)g(Otherwise,)h(the)f(least)g(common)d(ancestor)k
(\(LCA\))f(in)f(the)i(CA)-90 842 y(hierarc)o(h)o(y)j(is)f(established.)26
b(Then,)17 b(A)g(supplies)f(B)h(with)f(not)g(one,)h(but)g(a)f(list)f(of,)h
(certi\014cates)j(starting)d(with)g(A's)g(o)o(wn)g(certi\014cate)-90
892 y(and)g(ending)h(with)f(the)h(certi\014cate)h(of)e(the)i(LCA.)e(Since)h
(B)g(is)f(able)g(to)h(v)o(erify)f(LCA's)g(certi\014cate,)j(it)d(iterates)i
(through)e(the)h(list)g(of)-90 941 y(certi\014cates)f(culminating)11
b(with)j(the)g(v)o(eri\014cation)g(of)f(A's)h(certi\014cate.)-28
1009 y(Certi\014cates)k(are)f(curren)o(tly)g(b)q(eing)f(used)i(in)e(Priv)n
(acy-Enhanced)h(Electronic)g(Mail)e(\(PEM\))i([51)o(].)25 b(PEM)17
b(certi\014cates)h(are)f(used)-90 1059 y(for)c(pro)o(ving)g(iden)o(tit)o(y)g
(of)g(mail)e(message)i(originators.)k(Certi\014cates)e(can)f(b)q(e)g
(obtained)f(from)f(either)j(a)e(priv)n(ate)g(compan)o(y)f(\(RSADSI\))-90
1109 y(that)h(manages)e(the)i(PEM's)g(authen)o(tication)g(hierarc)o(h)o(y)g
(for)f(a)h(fee,)f(or)h(an)g(organizational)d(notary)j(\(ON\))g(who)f(will)g
(v)o(ouc)o(h)g(for)h(p)q(eople)-90 1159 y(in)g(an)h(organization.)j(\(ONs)e
(are)f(under)h(con)o(tract)f(to)g(only)f(issue)i(Certi\014cates)g
(legitimately\).)-28 1226 y(This)i(approac)o(h)g(is)g(w)o(ell)f(suited)i(for)
f(the)g(distribution)g(of)f(signed)i(routing)e(up)q(dates)i(and)f(for)g
(route)g(setup.)29 b(Key)17 b(distribution)-90 1276 y(will)c(in)o(v)o(olv)o
(e)f(route)j(serv)o(ers)h(and)e(b)q(order)h(routers)g(and)f(will)e(b)q(e)j
(at)f(a)g(coarse)h(gran)o(ularit)o(y)d(of)i(ADs.)19 b(Public)13
b(Key)i(certi\014cates)h(can)e(b)q(e)-90 1326 y(used)h(to)e(iden)o(tify)g
(ADs)h(that)g(ha)o(v)o(e)f(no)h(previous)g(history)g(of)f(asso)q(ciation.)18
b(F)m(or)13 b(example,)f(a)h(source)i(AD)f(can)g(include)g(its)f(public)h(k)o
(ey)-90 1376 y(certi\014cate)i(as)f(a)g(part)g(of)f(route)h(setup)h(when)f
(one)g(\(or)g(more\))f(ADs)h(in)f(the)h(route)g(are)h(b)q(eing)e(used)i(for)e
(the)i(\014rst)f(time.)k(Certi\014cates)-90 1425 y(can)14 b(also)e(b)q(e)i(v)
o(ery)g(useful)g(in)f(stub)h(p)q(olicy)e(enforcemen)o(t)i(\(see)h(Chapter)f
(2\))f(where)i(a)e(new)h(asso)q(ciation)f(b)q(et)o(w)o(een)h(t)o(w)o(o)f
(stub)h(ADs)g(ma)o(y)-90 1475 y(b)q(egin)g(with)f(an)h(exc)o(hange)h(of)e
(the)h(certi\014cates)i(as)e(a)g(form)e(of)h Fp(se)n(cur)n(e)i(intr)n(o)n
(duction)p Fs(.)-28 1543 y(Throughout)e(the)h(remainder)e(of)g(this)h
(thesis,)h(w)o(e)f(assume)g(the)g(existence)i(of)d(a)h(certi\014cation)g
(hierarc)o(h)o(y)h(as)f(describ)q(ed)h(ab)q(o)o(v)o(e.)k(A)o(t)-90
1593 y(the)c(v)o(ery)h(least,)e(ev)o(ery)i(relev)n(an)o(t)f(principal)f
(\(serv)o(ers)j(and)e(some)f(b)q(order)h(routers\))i(is)d(assumed)h(to)g(p)q
(ossess)h(a)f(certi\014cate.)1873 1578 y Fj(13)-90 1731 y Fk(2.2.3)55
b(Time)18 b(Sync)n(hronization)-90 1825 y Fs(The)h(purp)q(ose)h(of)e(a)h
(time)e(service)j(is)f(to)g(pro)o(vide)f(its)h(clien)o(ts)g(with)f(con)o(tin)
o(uous,)i(accurate)g(time)d(sync)o(hronized)j(with)f(global)e(\(or)-90
1875 y(national\))f(standards)j([58)o(].)28 b(Time)16 b(service)j(is)e(a)h
(ma)r(jor)d(con)o(tributor)j(to)g(the)g(prop)q(er)g(function)g(of)e(a)i(net)o
(w)o(ork)f(as)h(man)o(y)e(net)o(w)o(ork)-90 1925 y(proto)q(cols)e(assume)g
(the)g(presence)i(of)e(a)f(reliable)h(time)e(service)j(to)f(ac)o(hiev)o(e)g
(clo)q(c)o(k)g(sync)o(hronization.)-28 1993 y(One)k(example)e(of)g(a)h(w)o
(orking)f(time)f(service)k(is)e(the)g(Net)o(w)o(ork)g(Time)f(Proto)q(col)h
(\(NTP\))g([59)o(])g(curren)o(tly)h(used)g(in)e(the)i(Researc)o(h)-90
2043 y(In)o(ternet.)30 b(NTP)18 b(time)e(serv)o(ers)j(are)f(arranged)f(in)g
(a)g(three-lev)o(el)i(hierarc)o(h)o(y)m(.)28 b(The)18 b(hierarc)o(h)o(y)f(is)
h(\015exible,)1648 2028 y Fj(14)1701 2043 y Fs(i.e.,)e(it)h(is)h(resilien)o
(t)f(to)-90 2092 y(certain)g(t)o(yp)q(es)f(of)g(no)q(de)g(failures.)24
b(The)16 b(actual)g(source)h(of)f(precise)h(time)e(is)g(usually)h(an)f
(external)i(system)f(\(e.g.,)f(an)h(atomic)e(clo)q(c)o(k\))-90
2142 y(with)g(whic)o(h)f(top-lev)o(el)h(time)e(serv)o(ers)k(are)e(sync)o
(hronized.)-28 2210 y(In)g(an)g(en)o(vironmen)o(t)f(of)g(in)o(terconnected)j
(ADs,)d(there)j(are)e(sev)o(eral)g(securit)o(y)h(threats)g(facing)e(a)h(time)
e(service)k([4)o(]:)-39 2309 y(1.)k(imp)q(ersonation)12 b(of)h(a)h(time)f
(serv)o(er)-39 2391 y(2.)20 b(mo)q(di\014cation)11 b(of)j(time)e(serv)o(er)k
(messages)-39 2474 y(3.)k(repla)o(y)13 b(of)h(previously)f(recorded)j(time)d
(serv)o(er)i(messages)p -90 2552 864 2 v -59 2579 a Fi(13)-26
2591 y Fh(The)10 b(gran)o(ularit)o(y)e(of)j(certi\014cates)d(can)i(v)n(ary)g
(b)q(et)o(w)o(een)f(ADs.)16 b(Some)9 b(ADs)j(ma)o(y)e(issue)g(distinct)f
(certi\014cates)f(to)i(di\013eren)o(t)f(serv)o(ers)g(and/or)g(routers,)h
(while)-90 2630 y(others)g(ma)o(y)h(ha)o(v)o(e)f(a)h(single)f(certi\014cate)f
(shared)h(among)g(all)h(serv)o(ers)f(and)h(routers.)-59 2658
y Fi(14)-26 2670 y Fh(Except)f(for)h(the)f(top-lev)o(el)f(serv)o(ers.)2028
2770 y Fs(21)p eop
%%Page: 22 32
bop -39 -108 a Fs(4.)20 b(prev)o(en)o(tion)14 b(of)f(time)g(serv)o(er)i
(messages)f(from)e(reac)o(hing)i(their)h(in)o(tended)f(destination)-39
-25 y(5.)20 b(dela)o(y)13 b(of)g(time)g(serv)o(er)i(messages)f(\(e.g.,)f(b)o
(y)h(\015o)q(o)q(ding)f(the)h(net)o(w)o(ork\))-90 75 y(In)e([4)o(],)f(NTP)h
(is)g(analyzed)g(for)f(susceptibilit)o(y)h(to)g(these)h(threats.)18
b(The)13 b(conclusions)f(and)f(recommendations)f(made)h(are)h(applicable)f
(to)-90 125 y(an)o(y)j(time)f(service.)20 b(In)15 b(particular,)e(threats)j
(\(1\))e(and)g(\(2\))g(can)h(b)q(e)g(coun)o(tered)h(b)o(y)e(using)g(message)g
(authen)o(tication)g(while)f(protection)-90 175 y(from)h(\(3\))h(requires)i
(main)o(taining)12 b(state)17 b(with)e(resp)q(ect)j(to)d(all)f(p)q(ossible)i
(p)q(eers.)25 b(Threats)16 b(\(4\))g(and)f(\(5\))h(are)g(not)f(addressable)i
(within)-90 225 y(the)d(time)f(service)i(itself.)-28 293 y(In)g(the)g(con)o
(text)h(of)e(this)g(thesis,)i(secure)g(and)f(a)o(v)n(ailable)d(time)i
(service)i(is)e(utilized)h(in)f(stub)h(and)g(transit)f(p)q(olicy)g
(enforcemen)o(t)h(for)-90 342 y(insuring)g(the)g(timeliness)f(and)h
(uniqueness)i(of)d(the)i(v)n(arious)e(resource)j(access)g(requests.)24
b(In)15 b(other)g(w)o(ords,)g(a)g(timestamp)e(is)i(treated)-90
392 y(as)f(as)g(a)g(unique)f(sequence)j(n)o(um)o(b)q(er)e(\(i.e.,)e(a)i
(nonce)g([67)o(]\))g(as)g(w)o(ell)f(as)h(a)g(freshness)i(indicator.)-28
460 y(W)m(e)g(assume)g(that)g(the)g(principals')g(clo)q(c)o(ks)g(are)h(lo)q
(osely)e(sync)o(hronized)i(with)f(a)g(maxim)n(um)c(clo)q(c)o(k)k(sk)o(ew)h
(of)e(\001)1766 466 y Fl(T)1792 445 y Fj(15)1843 460 y Fs(b)q(et)o(w)o(een)i
(an)o(y)-90 510 y(pair)d(of)g(principals.)20 b(F)m(urthermore,)14
b(clo)q(c)o(ks)h(are)g(assumed)f(nev)o(er)i(to)e(run)h(bac)o(kw)o(ards.)20
b(In)15 b(general,)f(when)h(a)g(principal)e(A)i(receiv)o(es)h(a)-90
559 y(pac)o(k)o(et)e(from)e(its)i(p)q(eer)i(B,)d(the)i(pac)o(k)o(et)f
(timestamp,)d Fm(T)6 b Fs(,)13 b(is)h(v)n(alidated)f(as)h(follo)o(ws:)1224
544 y Fj(16)-28 627 y Fs(If)i(A)g(and)f(B)i(ha)o(v)o(e)e(comm)o(unicated)f
(recen)o(tly)j(\(within)e(last)g(\001)987 633 y Fl(T)1029 627
y Fs(in)o(terv)n(al\))g(A)h(is)g(required)g(to)g(k)o(eep)h(the)f(timestamp)e
(of)h(the)h(last)-90 677 y(pac)o(k)o(et)j(\()p Fm(T)6 b(O)q(LP)179
683 y Fl(B)208 677 y Fs(\))19 b(receiv)o(ed)h(from)d(B.)i Fm(T)25
b Fs(is)19 b(considered)h(v)n(alid)e(if:)27 b(\(1\))19 b Fm(T)25
b Fs(is)19 b(greater)h(than)e Fm(T)6 b(O)q(LP)1577 683 y Fl(B)1625
677 y Fs(and)18 b(\(2\))h Fm(T)25 b Fs(is)19 b(within)f(the)-90
727 y(maxim)n(um)8 b(clo)q(c)o(k)j(sk)o(ew.)18 b(This)12 b(insures)h(that)e
Fm(T)18 b Fs(is)12 b(timely)e(\(within)h(the)h(limits)d(of)j(the)g(clo)q(c)o
(k)g(sk)o(ew\))g(and)g(has)f(nev)o(er)i(b)q(een)g(used)g(b)q(efore.)-28
794 y(If)i(A)h(and)f(B)h(ha)o(v)o(e)g(not)f(comm)o(unicated)e(recen)o(tly)m
(,)j(i.e.,)f Fm(T)6 b(O)q(LP)1005 800 y Fl(B)1049 794 y Fs(do)q(es)16
b(not)f(exist,)h(A)g(can)f(establish)h Fm(T)6 b Fs('s)16 b(freshness)h(b)o(y)
e(making)-90 844 y(sure)h(that)e(it)h(is)f(within)g(the)i(maxim)n(um)10
b(allo)o(w)o(ed)j(clo)q(c)o(k)i(sk)o(ew,)g(i.e.)20 b(it)14
b(di\013ers)i(from)d(the)i(curren)o(t)h(clo)q(c)o(k)f(reading)f(b)o(y)h(at)f
(most)g(\001)1996 850 y Fl(t)2010 844 y Fs(.)20 b(If)-90 894
y(this)14 b(condition)f(is)h(satis\014ed,)g(A)g(is)g(implicitly)d(assured)k
(of)f Fm(T)6 b Fs('s)13 b(uniqueness)j(\(if)d Fm(T)20 b Fs(had)14
b(b)q(een)h(used)g(in)e(the)i(past,)f(A)g(w)o(ould)f(ha)o(v)o(e)h(k)o(ept)-90
944 y(a)g(record)h(of)e(it\).)p -90 2592 864 2 v -59 2619 a
Fi(15)-26 2630 y Fh(The)e(v)n(alue)f(of)h(\001)206 2636 y Fd(T)243
2630 y Fh(dep)q(ends)e(on)i(the)g(particular)e(proto)q(col.)-59
2658 y Fi(16)-26 2670 y Fh(Origin)h(authen)o(ticatio)o(n)f(and)h(data)h(in)o
(tegrit)o(y)e(services)h(are)g(assumed.)2028 2770 y Fs(22)p
eop
%%Page: 23 33
bop -90 192 a Fq(Chapter)23 b(3)-90 367 y(Stub)g(P)n(olicy)f(Enforcemen)n(t:)
29 b Fa(Visa)24 b Fq(Proto)r(col)-90 601 y Fs(In)15 b(this)h(c)o(hapter)g(w)o
(e)g(address)h(p)q(olicy)e(enforcemen)o(t)g(for)g(stub)h(AD)g(comm)o(unicati)
o(on.)k(The)c(k)o(ey)f(design)h(goals)f(and)g(guidelines)g(ha)o(v)o(e)-90
651 y(b)q(een)i(outlined)e(in)g(Chapter)h(1.)23 b(As)16 b(discussed)h(in)e
(Chapter)h(2,)f(there)i(are)f(sev)o(eral)g(existing)f(approac)o(hes)i(for)e
(con)o(trolling)f(in)o(ter-AD)-90 701 y(comm)o(unication)f(at)j(stub)h(AD)f
(b)q(oundaries.)26 b Fp(Visa)16 b Fs(proto)q(col,)g(the)h(mec)o(hanism)d
(describ)q(ed)k(b)q(elo)o(w,)e(has)h(b)q(een)g(selected)h(for)e(sev)o(eral)
-90 750 y(reasons:)-28 851 y Ff(\017)21 b Fs(Flexibilit)o(y)14
b(-)i(proto)q(col)f(op)q(eration)h(is)g(almost)e(en)o(tirely)i(dep)q(enden)o
(t)i(on)e(the)g(particular)g(access)i(con)o(trol)d(and)h(authen)o(tication)14
901 y(p)q(olicies)d(of)h(the)g(participating)f(AD.)-28 984
y Ff(\017)21 b Fs(F)m(unctionalit)o(y)11 b(-)h(protection)i(against:)i(i\))d
(unauthorized)g(AD)f(en)o(try/exit,)h(and)g(ii\))f(mo)q(di\014cation,)e
(substitution)j(and)f(repla)o(y)h(of)14 1034 y(legitimate)e(in)o(ter-AD)j
(tra\016c.)-28 1117 y Ff(\017)21 b Fs(La)o(y)o(ering)13 b(-)h(the)g(en)o
(tire)h(proto)q(col)e(is)h(situated)h(at)e(the)i(net)o(w)o(ork-la)o(y)o(er.)
-90 1272 y Fq(3.1)70 b(Ov)n(erview)-90 1381 y Fp(Visa)16 b
Fs(proto)q(col)g(is)g(a)g(mec)o(hanism)d(for)j(con)o(trolling)f(the)i(\015o)o
(w)e(of)h(pac)o(k)o(et)g(tra\016c)g(to)g(and)g(from)f(end-systems)h(in)g(a)g
(stub)h(AD.)e(Before)-90 1431 y(an)i(end-system)h(can)g(comm)o(unicate)e
(across)i(its)g(AD)g(b)q(oundary)m(,)f(the)i(comm)o(unicatio)o(n)c(has)j(to)f
(b)q(e)i(authorized)f(according)g(to)f(the)-90 1481 y(p)q(olicies)e(of)f(b)q
(oth)h(lo)q(cal)f(and)h(destination)g(ADs.)21 b(Authorization)15
b(can)g(b)q(e)g(obtained)g(via)f(a)h(dialog)e(with)i(an)f(Access)k(Con)o
(trol)c(Serv)o(er)-90 1530 y(\(A)o(CS\))h(on)f(lo)q(cal)g(and)h(destination)f
(ADs.)21 b(The)15 b(need)g(for)g(and)f(particulars)h(of)f(this)h(dialog)e
(are)i(determined)f(indep)q(enden)o(tly)i(b)o(y)e(the)-90 1580
y(administration)9 b(of)j(eac)o(h)g(AD)g(in)o(v)o(olv)o(ed.)k(When)c(the)h
(comm)o(unicatio)o(n)c(is)j(appro)o(v)o(ed)g(b)o(y)g(b)q(oth)g(end-p)q(oin)o
(t)g(ADs,)g(the)h(resp)q(ectiv)o(e)h(A)o(CSs)-90 1630 y(issue)h
Fp(visas)e Fs(to)h(the)h(requesting)g(end-system.)-28 1698
y(A)g(visa)f(is)g(a)g(cryptographically)g(sealed)h(certi\014cate)h(issued)f
(b)o(y)g(an)f(Access)j(Con)o(trol)c(Serv)o(er)j(\(A)o(CS\).)e(It)h(con)o
(tains,)f(among)e(other)-90 1748 y(things,)j(a)g(secret)j(quan)o(tit)o(y)m(,)
13 b(kno)o(wn)i(as)h(the)g Fp(visa-key)p Fs(.)22 b(Eac)o(h)16
b(pac)o(k)o(et)g(b)q(elonging)e(to)h(an)g(authorized)h(stream)f(carries)h(a)f
Fp(visa-stamp)p Fs(,)-90 1797 y(whic)o(h)c(indicates)h(that)g(the)g(pac)o(k)o
(et)g(is)f(allo)o(w)o(ed)f(to)i(lea)o(v)o(e)f(\(or)h(en)o(ter\))g(an)g(AD's)f
(net)o(w)o(ork.)17 b(A)12 b(visa-stamp)e(is)h(a)g(function)g(of)g(the)h
(visa-k)o(ey)-90 1847 y(and)i(the)h(pac)o(k)o(et's)f(data.)19
b(It)14 b(is)g(attac)o(hed)h(to)f(the)h(pac)o(k)o(et)f(b)o(y)g(the)h
(originating)d(end-system)i(and)g(is)g(then)h(re-computed)f(and)g(v)o
(eri\014ed)-90 1897 y(b)o(y)g(the)g(b)q(order)h(routers)g(of)e(the)i(end-p)q
(oin)o(t)f(ADs.)-28 1965 y(In)e Fp(Visa)f Fs(proto)q(col,)h(b)q(order)g
(routers)h(do)e(not)h(b)q(ear)g(sole)g(resp)q(onsibilit)o(y)f(for)g(making)e
(access)k(con)o(trol)f(decisions.)18 b(By)11 b(issuing)h(a)f(visa,)-90
2014 y(an)16 b(A)o(CS)h(has)f(pre-computed)h(a)f(decision)h(suc)o(h)g(as)f
Fp("end-systems)i Fm(H)1048 2020 y Fl(a)1085 2014 y Fp(and)g
Fm(H)1203 2020 y Fl(b)1236 2014 y Fp(ar)n(e)f(al)r(lowe)n(d)g(to)g(c)n
(ommunic)n(ate")p Fs(,)h(or)e Fp("end-system)-90 2064 y Fm(H)-55
2070 y Fl(a)-19 2064 y Fp(c)n(an)i(b)n(e)f(truste)n(d)f(to)h(p)n(ay)g(its)g
(bil)r(ls")p Fs(.)24 b(The)16 b(task)h(of)e(a)h(router)h(is)f(reduced)i(to)e
(ensuring)g(that)g(a)g(visa)g(is)g(v)n(alid)e(and)i(is)g(b)q(eing)g(used)-90
2114 y(correctly;)e(the)g(exp)q(ensiv)o(e)g(part)g(of)e(the)i(p)q(olicy)f
(enforcemen)o(t)g(is)g(done)h(once)g(p)q(er)g(connection,)f(b)o(y)g(the)h(A)o
(CSs)g(of)e(the)i(end-p)q(oin)o(t)f(ADs,)-90 2164 y(rather)i(than)f(once)g(p)
q(er)h(pac)o(k)o(et,)f(b)o(y)f(the)i(b)q(order)g(routers.)-90
2319 y Fq(3.2)70 b(History)-90 2428 y Fs(The)17 b(term)g Fp(visa)g
Fs(w)o(as)g(\014rst)g(suggested)i(b)o(y)e(D.)f(Reed,)i(and)e(do)q(cumen)o
(ted)h(b)o(y)g(J.)g(Mracek)h([63)o(].)27 b(A)17 b(detailed)g(analysis)f(of)g
(the)i(issues)-90 2478 y(asso)q(ciated)e(with)f(m)o(ulti-AD)e(in)o(ternet)o
(w)o(orks,)j(as)g(w)o(ell)e(as)i(the)g(original)d(motiv)n(ating)f(factors)k
(leading)f(to)g(the)h(dev)o(elopmen)o(t)e(of)h Fp(Visa)-90
2527 y Fs(proto)q(col,)e(can)h(b)q(e)g(found)f(in)g([24)o(].)18
b(The)c(\014rst)g(detailed)g(description)g(and)g(the)g(informal)d(analysis)h
(of)h(the)i(proto)q(col)e(app)q(eared)i(in)e([32)o(].)-28 2595
y(Subsequen)o(t)18 b(researc)o(h)h([27)o(])d(resulted)i(in)e(the)i(dev)o
(elopmen)o(t)d(of)h(t)o(w)o(o)h(proto)q(col)f(mo)q(dels)g(based)h(on)f
(di\013eren)o(t)i(philosophies)e(with)-90 2645 y(regard)e(to)f(state)h(in)f
(visa-routers.)18 b(The)c(original)d Fp(stateful)i Fs(mo)q(del)f(requires)i
(that)g(participating)e(b)q(order)i(routers)h(main)o(tain)10
b Fn(reliable)2028 2770 y Fs(23)p eop
%%Page: 24 34
bop -90 -108 a Fs(tables)15 b(of)f(activ)o(e)g(visas.)20 b(In)14
b(it,)g(A)o(CSs)h(explicitly)e(distribute)j(visas)e(to)g(visa-routers.)21
b(Although)14 b(the)h(loss)f(of)g(state)h(in)f(a)h(visa-router)-90
-59 y(is)h(not)g(fatal)g(to)g(comm)o(unicati)o(on,)e(o)o(v)o(erhead)i(is)h
(incurred)g(in)f(the)h(pro)q(cess)h(of)e(re-establishing)g(the)h(necessary)h
(state.)26 b(In)17 b(con)o(trast,)-90 -9 y(the)g Fp(stateless)e
Fs(mo)q(del)g(a)o(v)o(oids)g(the)i(necessit)o(y)g(for)f(the)h(distributed)g
(state,)g(but)f(requires)h(some)e(additional)g(encryption)h(steps.)27
b(The)-90 41 y(stateless)18 b(mo)q(del)d(has)h(sev)o(eral)h(adv)n(an)o
(tages:)23 b(higher)16 b(fault)g(tolerance)h(\(insofar)f(as)g(routers\),)i
(lo)o(w)o(er)e(router)h(storage)g(requiremen)o(ts,)-90 91 y(and)12
b(the)g(abilit)o(y)f(to)h(accommo)q(date)e(m)o(ultiple)f(visa-routers)k
(without)f(additional)e(o)o(v)o(erhead.)17 b(All)12 b(this)g(is)g(gained)f
(at)h(a)g(price)g(of)g(higher)-90 141 y(p)q(er-pac)o(k)o(et)j(pro)q(cessing)g
(costs)g(and)f(increased)h(pac)o(k)o(et)f(size.)-28 208 y(In)19
b(the)h(remainder)e(of)h(this)g(c)o(hapter,)i(w)o(e)e(use)h(the)g(exp)q
(erience)h(from)c(previous)j(w)o(ork)f(to)g(design)g(the)h(next-generation)f
Fp(Visa)-90 258 y Fs(proto)q(col.)k(In)16 b(the)g(next)h(section,)f(the)g
(goals)f(of)g Fp(Visa)h Fs(proto)q(col)f(are)h(formalized.)22
b(Net)o(w)o(ork)16 b(en)o(vironmen)o(t)e(is)i(discussed)h(in)f(Section)-90
308 y(3.4.)h Fp(Visa)d Fs(proto)q(col)g(participan)o(ts)g(and)g(their)g(resp)
q(ectiv)o(e)i(requiremen)o(ts)e(are)h(addressed)h(in)d(Section)i(3.5.)i
(Section)d(3.6)f(presen)o(ts)j(the)-90 358 y(new)i Fp(Visa)e
Fs(proto)q(col,)i(and)f(Section)g(3.7)f(addresses)k(the)d(k)o(ey)h(design)f
(issues)h(and)f(c)o(hoices.)29 b(Section)17 b(3.8)f(analyzes)i(the)f(securit)
o(y)i(of)-90 408 y Fp(Visa)12 b Fs(proto)q(col)h(and)f(Section)h(3.9)e(ev)n
(aluates)i(the)g(storage)g(requiremen)o(ts.)18 b(Proto)q(col)12
b(implemen)o(tation)d(and)k(p)q(erformance)f(results)i(are)-90
457 y(presen)o(ted)i(in)d(Chapter)i(5.)-90 612 y Fq(3.3)70
b(Goals)-90 721 y Fs(The)13 b(primary)e(goal)g(of)h Fp(Visa)g
Fs(proto)q(col)h(is)f(to)h(allo)o(w)d(an)j(AD)f(to)h(con)o(trol)f(comm)o
(unicatio)o(n)e(b)q(et)o(w)o(een)k(its)e(constituen)o(t)i(end-systems)f(and)
-90 771 y(end-systems)h(in)f(other)h(ADs.)k(If)13 b(the)h(end-systems)g(in)o
(v)o(olv)o(ed)f(can)g(b)q(e)h(trusted,)h(then)f(a)f(stronger)i(goal)d(can)i
(b)q(e)g(met:)j(w)o(e)c(can)h(con)o(trol)-90 821 y(the)j(transmission)e(of)h
(pac)o(k)o(ets)i(to)e(and)g(from)f Fp(a)j(sp)n(e)n(ci\014c)e
Fs(end-system)h(in)f(another)h(AD.)f(In)h(a)f(datagram)e(net)o(w)o(ork,)j(as)
g(opp)q(osed)g(to)-90 871 y(a)e(circuit-switc)o(hed)i(net)o(w)o(ork,)e(the)h
(only)f(information)d(a)o(v)n(ailable)h(ab)q(out)i(a)h(pac)o(k)o(et)f(m)o
(ust)g(b)q(e)h(attac)o(hed)g(to)f(the)h(pac)o(k)o(et)g(rather)g(than)-90
921 y(inferred)f(from)d(the)i(route)h(the)f(pac)o(k)o(et)h(follo)o(ws.)h
(Therefore,)f(w)o(e)f(can)g(state)h(these)g(goals)e(more)g(directly)h(as)g
(follo)o(ws.)-39 1021 y(1.)20 b(A)c(pac)o(k)o(et)h(can)g(lea)o(v)o(e)f(the)h
(source)g(AD,)f Fm(AD)737 1027 y Fl(sr)q(c)803 1021 y Fs(if)f(and)h(only)g
(if)f Fm(AC)s(S)1149 1027 y Fl(sr)q(c)1215 1021 y Fs(has)h(authorized)h(the)g
(source)h(end-system,)e Fm(H)1968 1027 y Fl(sr)q(c)2033 1021
y Fs(to)14 1071 y(comm)o(unicate)11 b(with)j(the)g(destination)g(end-system,)
g Fm(H)910 1077 y Fl(dst)957 1071 y Fs(.)-39 1154 y(2.)20 b(A)e(pac)o(k)o(et)
g(can)h(lea)o(v)o(e)f Fm(AD)450 1160 y Fl(sr)q(c)517 1154 y
Fs(if)f(and)h(only)g(if)f(it)h(originated)f(at)h Fm(H)1118
1160 y Fl(sr)q(c)1184 1154 y Fs(within)g(a)f(reasonable)i(time)e(in)o(terv)n
(al,)h(has)g(not)g(b)q(een)14 1204 y(mo)q(di\014ed)12 b(in)i(transit)g(and)g
(is)f(addressed)j(for)d Fm(H)776 1210 y Fl(dst)824 1204 y Fs(.)-39
1287 y(3.)20 b(A)c(pac)o(k)o(et)g(can)h(en)o(ter)g(the)g(destination)f(AD,)f
Fm(AD)825 1293 y Fl(dst)889 1287 y Fs(if)g(and)h(only)f(if)h
Fm(AC)s(S)1235 1293 y Fl(dst)1298 1287 y Fs(has)h(authorized)f
Fm(H)1617 1293 y Fl(sr)q(c)1682 1287 y Fs(to)g(comm)o(uni)o(cate)e(with)14
1337 y Fm(H)49 1343 y Fl(dst)96 1337 y Fs(.)-39 1420 y(4.)20
b(A)e(pac)o(k)o(et)g(can)h(en)o(ter)g Fm(AD)452 1426 y Fl(dst)518
1420 y Fs(if)e(and)h(only)f(if)g(it)h(originated)f(at)h Fm(H)1118
1426 y Fl(sr)q(c)1185 1420 y Fs(within)f(a)h(reasonable)g(time)f(in)o(terv)n
(al,)h(has)g(not)g(b)q(een)14 1470 y(mo)q(di\014ed)12 b(in)i(transit)g(and)g
(is)f(addressed)j(for)d Fm(H)776 1476 y Fl(dst)824 1470 y Fs(.)-90
1571 y(Another)i(fundamen)o(tal)d(goal)h(is)h(not)g(to)f(impact)g(in)o
(tra-AD)g(comm)o(unication,)d(nor)15 b(to)e(imp)q(ose)g(additional)g(securit)
o(y)i(measures)f(up)q(on)-90 1620 y(unequipp)q(ed)g(end-systems,)g(i.e.,)f
(those)h(that)g(do)f(not)h(participate)g(in)f(in)o(ter-AD)g(comm)o
(unication.)i(Similarly)l(,)10 b(w)o(e)k(wish)g(to)f(limit)e(the)-90
1670 y(o)o(v)o(erhead)j(imp)q(osed)f(up)q(on)h(ADs)g(that)g(are)g(not)g
(concerned)i(with)d(con)o(trolling)g(external)h(access.)-28
1738 y(Finally)m(,)e(w)o(e)i(w)o(ould)f(lik)o(e)g(to)h(minim)o(i)o(ze)e(the)j
(costs)g(imp)q(osed)d(b)o(y)i Fp(Visa)g Fs(proto)q(col,)f(including:)-28
1839 y Ff(\017)21 b Fs(Additional)12 b(p)q(er-pac)o(k)o(et)j(pro)q(cessing)g
(in)f(b)q(order)h(routers)g(and)e(end-systems)-28 1922 y Ff(\017)21
b Fs(Storage)14 b(requiremen)o(ts)g(for)g(routers)h(and)e(end-systems)-28
2005 y Ff(\017)21 b Fs(Extra)14 b(comm)o(unicatio)o(n)d(during)j(connection)g
(setup)-28 2088 y Ff(\017)21 b Fs(Additional)12 b(pac)o(k)o(et)i(length)g
(\(additional)e(length)i(increases)i(latency)e(and)g(decreases)i
(throughput\))-28 2171 y Ff(\017)21 b Fs(Cost)14 b(of)f(reco)o(v)o(ery)i
(from)d(router)j(crashes)-90 2326 y Fq(3.4)70 b(Net)n(w)n(ork)22
b(En)n(vironmen)n(t)-90 2435 y Fs(W)m(e)15 b(assume)f(that)h(the)h(in)o
(ternet)o(w)o(ork)f(closely)g(follo)o(ws)f(the)h(mo)q(del)f(of)g(the)i(D)o
(ARP)m(A)e(In)o(ternet)i([70)o(],)f(whic)o(h)g(is)f(substan)o(tially)g
(similar)-90 2485 y(to)g(the)g(Op)q(en)h(Systems)f(In)o(terconnection)h
(\(OSI\))g(mo)q(del)d([43)o(].)18 b(The)c(essen)o(tial)g(features)h(of)e
(this)h(en)o(vironmen)o(t)f(are:)-28 2586 y Ff(\017)21 b Fs(End-systems)14
b(are)g(autonomous)e(and)i(cannot)g(necessarily)h(b)q(e)g(trusted.)2028
2770 y(24)p eop
%%Page: 25 35
bop -28 -108 a Ff(\017)21 b Fs(ADs)d(are)g(in)o(terconnected)i(with)e
(routers;)j(b)q(et)o(w)o(een)e(an)o(y)f(pair)f(of)h(end-systems)g(in)g
(di\013eren)o(t)h(ADs)f(there)h(are)f(at)g(least)g(t)o(w)o(o)14
-59 y(routers,)13 b(one)g(b)q(elonging)f(to)g(eac)o(h)h(of)f(the)h(ADs.)18
b(Conceptually)m(,)12 b(the)h(connection)g(b)q(et)o(w)o(een)h(t)o(w)o(o)e
(ADs)h(is)f(a)h(pair)f(of)g(half-routers)14 -9 y(connected)i(via)e(a)h
(trusted)h(link.)j(Eac)o(h)c(half-router)f(can)h(b)q(e)h(trusted)g(b)o(y)e
(its)h(o)o(wn)f(AD)h(but)g(not)g(necessarily)g(b)o(y)g(an)o(y)f(other)i(AD.)
14 41 y(The)g(terms)g Fp(b)n(or)n(der)g(r)n(outer)f Fs(and)h
Fp(inter-AD)g(r)n(outer)f Fs(are)i(equiv)n(alen)o(t.)-28 124
y Ff(\017)21 b Fs(All)c(information)e(\015o)o(ws)j(via)f(datagram)f(pac)o(k)o
(ets.)31 b(A)18 b(pac)o(k)o(et)g(consists)h(of)f(a)f Fp(he)n(ader)i
Fs(that)f(includes)g(addressing)h(and)e(other)14 174 y(con)o(trol)c
(information,)e(and)j(a)f(data)h(segmen)o(t)f(that)h(is)g(not)g(in)o
(telligible)e(to)h(routers.)-28 257 y Ff(\017)21 b Fs(A)14
b(pac)o(k)o(et)g(ma)o(y)e(\015o)o(w)h(through)h(sev)o(eral)h
Fp(untruste)n(d)f Fs(ADs)g(on)f(its)h(w)o(a)o(y)g(to)f(the)i(destination.)-28
340 y Ff(\017)21 b Fs(End-system)13 b(addresses,)i(b)q(oth)e(source)h(and)f
(destination,)f(can)h(b)q(e)h(forged.)j(It)c(is)g(not)g(p)q(ossible)g
(\(using)g(hardw)o(are)g(metho)q(ds\))g(to)14 390 y(determine)e(reliably)g
(whic)o(h)g(end-system)h(actually)e(sen)o(t)i(a)f(pac)o(k)o(et)h(or)g(to)f
(prev)o(en)o(t)h(a)g(pac)o(k)o(et)f(from)f(b)q(eing)h(seen)i(b)o(y)e
(unauthorized)14 439 y(end-system.)-28 522 y Ff(\017)21 b Fs(P)o(ac)o(k)o
(ets)14 b(tra)o(v)o(eling)f(across)i(an)f(in)o(ternet)o(w)o(ork)g(ma)o(y)e(b)
q(e:)19 b(i\))13 b(lost,)h(ii\))f(duplicated,)g(and)h(iii\))e(re-ordered.)-28
606 y Ff(\017)21 b Fs(Successiv)o(e)16 b(pac)o(k)o(ets)e(b)q(et)o(w)o(een)i
(a)d(giv)o(en)h(end-system)g(pair)f(ma)o(y)f(tra)o(v)o(el)i(along)e
(di\013eren)o(t)j(routes.)-90 706 y(Lastly)m(,)h(there)i(m)o(ust)d(exist)i(a)
f(global)f(name)g(service)j(whic)o(h,)f(in)f(a)g(secure)i(and)f(reliable)f
(fashion,)g(pro)o(vides)g(a)h(mapping)d(from)h(end-)-90 756
y(system)d(net)o(w)o(ork)h(addresses)i(to)d(AD)g(iden)o(ti\014ers)i(in)e
(addition)f(to)i(the)g(more)e(traditional)g(mapping)g(b)q(et)o(w)o(een)j
(end-system)e(names)g(and)-90 806 y(addresses.)20 b(Along)13
b(with)h(AD)f(iden)o(ti\014ers,)i(the)f(name)f(service)i(has)f(to)g(pro)o
(vide:)-28 907 y Ff(\017)21 b Fs(Addresses)16 b(of)d(A)o(CS-s)h(within)g(an)f
(AD.)-28 990 y Ff(\017)21 b Fs(Public)13 b(k)o(ey)h(certi\014cates)i(for)e(a)
f(giv)o(en)h(AD)g(\(or)g(an)f(A)o(CS)h(assuming)e(eac)o(h)j(A)o(CS)f(is)f
(assigned)i(a)e(distinct)h(certi\014cate\))-90 1145 y Fq(3.5)70
b(P)n(articipan)n(ts)-90 1254 y Fp(Visa)13 b Fs(proto)q(col)f(in)o(v)o(olv)o
(es)g(the)i(follo)o(wing)c(participan)o(ts:)17 b(access)e(con)o(trol)e(serv)o
(ers,)h(b)q(order)g(routers,)g(and)f(end-systems.)18 b(These)c(partic-)-90
1304 y(ipan)o(ts)g(and)f(their)i(resp)q(onsibilities)f(are)g(describ)q(ed)i
(in)d(this)h(section.)-90 1442 y Fk(3.5.1)55 b(A)n(CSs)-90
1537 y Fs(An)14 b(A)o(CS)f(is)h(an)f(end-system,)g(usually)g(dedicated)h(for)
f(securit)o(y)i(reasons,)f(that)g(is)f(primarily)e(concerned)k(with)f(access)
h(con)o(trol.)j(Eac)o(h)-90 1587 y(AD)f(that)h(implem)o(en)o(ts)e
Fp(Visa)h Fs(proto)q(col)g(has)g(at)h(least)f(one)h(A)o(CS,)f(resp)q(onsible)
h(for)f(authorizing)g(its)g(constituen)o(t)h(end-systems)g(for)-90
1636 y(comm)o(unication)d(with)i(end-systems)i(in)f(other)h(ADs.)796
1621 y Fj(1)845 1636 y Fs(Multiple)e(A)o(CSs)i(ma)o(y)d(b)q(e)j(necessary)h
(for)e(a)o(v)n(ailabili)o(t)o(y)d(and)j(p)q(erformance)-90
1686 y(reasons.)-28 1754 y(Eac)o(h)h(A)o(CS)f(kno)o(ws)h(of)e(a)h(n)o(um)o(b)
q(er)g(of)g(lo)q(cal)f(b)q(order)j(routers)f(that)g(implemen)o(t)c
Fp(Visa)k Fs(proto)q(col.)31 b(A)o(CSs)19 b(are)f(trusted)i(and)f(are)-90
1804 y(su\016cien)o(tly)c(secure)j(to)d(defend)h(against)f(hostile)g(attac)o
(ks.)23 b(The)16 b(securit)o(y)g(of)f(the)h(o)o(v)o(erall)e(proto)q(col)h
(requires)i(that)e(A)o(CSs)h(b)q(e)g(secure)-90 1853 y(and)j(that)g(they)h
(emplo)o(y)d(an)i(authen)o(ticated)h(and)f(secure)i(c)o(hannel)f(for)f(comm)o
(uni)o(cation)d(with)j(lo)q(cal)f(end-systems)i(and)f(routers.)-90
1903 y(F)m(urthermore,)12 b(eac)o(h)g(A)o(CS)g(m)o(ust)f(b)q(e)i
Fp(identi\014able)f Fs(b)o(y)g(a)f(unique)h(public)g(k)o(ey)g(pair)f([)g
Fm(E)r(K)1302 1909 y Fl(AC)r(S)1377 1903 y Fm(;)c(D)q(K)1466
1909 y Fl(AC)r(S)1553 1903 y Fs(])12 b(where)h Fm(E)r(K)1763
1909 y Fl(AC)r(S)1850 1903 y Fs(is)f(the)g(A)o(CS's)-90 1953
y(public)j(\(encryption\))i(k)o(ey)m(,)e(and)h Fm(D)q(K)515
1959 y Fl(AC)r(S)606 1953 y Fs(is)g(the)g(corresp)q(onding)h(secret)g
(\(decryption\))g(k)o(ey)m(.)23 b(Also,)16 b(eac)o(h)g(AD)f(is)h(assumed)f
(to)h(b)q(e)g(a)-90 2003 y(participan)o(t)h(in)f(a)h(global,)f(in)o
(ternet-wide)i(certi\014cation)f(sc)o(heme,)h(whereb)o(y)g(eac)o(h)f(AD)g
(\(or)h(eac)o(h)f(A)o(CS)g(therein\))h(has)g(a)e(public-k)o(ey)-90
2053 y(certi\014cate,)e Fm(C)s(E)r(RT)234 2059 y Fl(AC)r(S)309
2053 y Fs(,)f(issued)h(b)o(y)e(a)h(w)o(ell-kno)o(wn)f(certi\014cation)h
(authorit)o(y)g(\(as)g(describ)q(ed)i(in)e(Chapter)g(2\).)18
b(Eac)o(h)13 b(A)o(CS)g(certi\014cate)-90 2103 y(con)o(tains)h(\(among)e
(other)j(\014elds\):)k(A)o(CS's)c(address,)g Fm(E)r(K)825 2109
y Fl(AC)r(S)900 2103 y Fs(,)f(the)g(name)f(of)h(the)h(issuing)f(authorit)o(y)
f(and)h(the)h(certi\014cate)h(signature.)-90 2152 y(This)g(signature)g(is)g
(computed)f(with)g(the)i(issuing)e(authorit)o(y's)g(priv)n(ate)h(k)o(ey)m(,)f
(hence,)j(an)o(y)o(one)d(in)g(p)q(ossession)i(of)f(the)g(corresp)q(onding)-90
2202 y(public)e(k)o(ey)f(can)i(v)o(erify)e(the)i(certi\014cate's)g(v)n
(alidit)o(y)d(and)h(th)o(us)i(authen)o(ticate)f(the)h(certi\014cate)g
(holder.)-90 2341 y Fk(3.5.2)55 b(Border)18 b(Routers)-90 2435
y Fs(A)f(b)q(order)g(router)g(is)g(an)f(end-system)g(dedicated)i(\(for)e
(reasons)i(of)d(p)q(erformance)i(and)f(securit)o(y\))i(to)e(pac)o(k)o(et)h
(forw)o(arding.)24 b(Routers)-90 2485 y(that)13 b(use)g Fp(Visa)g
Fs(proto)q(col)f(to)h(enforce)h(access)g(con)o(trols)f(are)g(called)g
(visa-routers.)18 b(All)12 b(in)o(ter-AD)g(connections)i(m)o(ust)e(b)q(e)h
(implemen)o(ted)p -90 2565 864 2 v -44 2592 a Fi(1)-26 2604
y Fh(If)c(a)h(participan)o(t)d(AD)j(do)q(es)f(not)g(ha)o(v)o(e)g(an)g(A)o
(CS,)h(its)g(end-systems)d(will)j(still)f(b)q(e)g(able)g(to)h(comm)o(unic)o
(ate)d(with)i(the)g(end-systems)e(in)j(other)e(ADs,)j(although)-90
2643 y(the)g(AD)h(in)f(question)e(will)j(b)q(e)f(sub)r(ject)f(to)h(risks)g
(asso)q(ciated)e(with)i(the)g(uncon)o(trolle)o(d)e(access.)2028
2770 y Fs(25)p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF