DataMuseum.dk

top - metrics - download

    Length: 447242 (0x6d30a)
    Types: TextFile
    Names: »part2.ps«

└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦d09ed6d6e⟧ »./papers/Routing_security/gene-thesis.tar.Z« 
        └─⟦ffa606ded⟧ 
            └─⟦this⟧ »part2.ps« 

TextFile

%!PS-Adobe-2.0
%%Creator: dvips, version 5.4 (C) 1986-90 Radical Eye Software
%%Title: part2.dvi
%%Pages: 35 1
%%BoundingBox: 0 0 612 792
%%EndComments
%%BeginProcSet: tex.pro
/TeXDict 200 dict def TeXDict begin /N /def load def /B{bind def}N /S /exch
load def /X{S N}B /TR /translate load N /isls false N /vsize 10 N /@rigin{
isls{[0 1 -1 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
Resolution VResolution vsize neg mul TR}B /@letter{/vsize 10 N}B /@landscape{
/isls true N /vsize -1 N}B /@a4{/vsize 10.6929133858 N}B /@a3{/vsize 15.5531 N
}B /@ledger{/vsize 16 N}B /@legal{/vsize 13 N}B /@manualfeed{statusdict
/manualfeed true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0
]N /df{/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0
]N df-tail}B /df-tail{/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N
/FontBBox FBB N string /base X array /BitMaps X /BuildChar{CharBuilder}N
/Encoding IE N end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[
}B /E{pop nn dup definefont setfont}B /ch-image{ch-data dup type /stringtype
ne{ctr get /ctr ctr 1 add N}if}B /ch-width{ch-data dup length 5 sub get}B
/ch-height{ch-data dup length 4 sub get}B /ch-xoff{128 ch-data dup length 3
sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127 sub}B /ch-dx{ch-data
dup length 1 sub get}B /ctr 0 N /CharBuilder{save 3 1 roll S dup /base get 2
index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff ch-yoff
ch-height sub ch-xoff ch-width add ch-yoff setcachedevice ch-width ch-height
true[1 0 0 -1 -.1 ch-xoff sub ch-yoff .1 add]{ch-image}imagemask restore}B /D{
/cc X dup type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S
ctr S sf 1 ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr
ctr 1 add N}B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI
save N @rigin 0 0 moveto}B /eop{clear SI restore showpage userdict /eop-hook
known{eop-hook}if}B /@start{userdict /start-hook known{start-hook}if
/VResolution X /Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE S 1
string dup 0 3 index put cvn put}for}B /p /show load N /RMat[1 0 0 -1 0 0]N
/BDot 8 string N /v{/ruley X /rulex X V}B /V{gsave TR -.1 -.1 TR rulex ruley
scale 1 1 false RMat{BDot}imagemask grestore}B /a{moveto}B /delta 0 N /tail{
dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}B /d{
-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{4 M}B /l{p
-4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{p 1 w}B /r{p 2 w}B /s{p 3 w}B /t
{p 4 w}B /w{0 rmoveto}B /x{0 S rmoveto}B /y{3 2 roll p a}B /bos{/SS save N}B
/eos{clear SS restore}B end
%%EndProcSet
%%BeginProcSet: special.pro
TeXDict begin /SDict 200 dict N SDict begin /@SpecialDefaults{/hs 612 N /vs
792 N /ho 0 N /vo 0 N /hsc 1 N /vsc 1 N /ang 0 N /CLIP false N /BBcalc false N
/p 3 def}B /@scaleunit 100 N /@hscale{@scaleunit div /hsc X}B /@vscale{
@scaleunit div /vsc X}B /@hsize{/hs X /CLIP true N}B /@vsize{/vs X /CLIP true
N}B /@hoffset{/ho X}B /@voffset{/vo X}B /@angle{/ang X}B /@rwi{10 div /rwi X}
B /@llx{/llx X}B /@lly{/lly X}B /@urx{/urx X}B /@ury{/ury X /BBcalc true N}B
/magscale true def end /@MacSetUp{userdict /md known{userdict /md get type
/dicttype eq{md begin /letter{}N /note{}N /legal{}N /od{txpose 1 0 mtx
defaultmatrix dtransform S atan/pa X newpath clippath mark{transform{
itransform moveto}}{transform{itransform lineto}}{6 -2 roll transform 6 -2
roll transform 6 -2 roll transform{itransform 6 2 roll itransform 6 2 roll
itransform 6 2 roll curveto}}{{closepath}}pathforall newpath counttomark array
astore /gc xdf pop ct 39 0 put 10 fz 0 fs 2 F/|______Courier fnt invertflag{
PaintBlack}if}N /txpose{pxs pys scale ppr aload pop por{noflips{pop S neg S TR
pop 1 -1 scale}if xflip yflip and{pop S neg S TR 180 rotate 1 -1 scale ppr 3
get ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip
not and{pop S neg S TR pop 180 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if
yflip xflip not and{ppr 1 get neg ppr 0 get neg TR}if}{noflips{TR pop pop 270
rotate 1 -1 scale}if xflip yflip and{TR pop pop 90 rotate 1 -1 scale ppr 3 get
ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip not
and{TR pop pop 90 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if yflip xflip
not and{TR pop pop 270 rotate ppr 2 get ppr 0 get neg sub neg 0 S TR}if}
ifelse scaleby96{ppr aload pop 4 -1 roll add 2 div 3 1 roll add 2 div 2 copy
TR .96 dup scale neg S neg S TR}if}N /cp{pop pop showpage pm restore}N end}if}
if}N /normalscale{Resolution 72 div VResolution 72 div neg scale magscale{
DVImag dup scale}if}N /psfts{S 65536 div N}N /startTexFig{/psf$SavedState save
N userdict maxlength dict begin /magscale false def normalscale currentpoint
TR /psf$ury psfts /psf$urx psfts /psf$lly psfts /psf$llx psfts /psf$y psfts
/psf$x psfts currentpoint /psf$cy X /psf$cx X /psf$sx psf$x psf$urx psf$llx
sub div N /psf$sy psf$y psf$ury psf$lly sub div N psf$sx psf$sy scale psf$cx
psf$sx div psf$llx sub psf$cy psf$sy div psf$ury sub TR /showpage{}N
/erasepage{}N /copypage{}N @MacSetUp}N /doclip{psf$llx psf$lly psf$urx psf$ury
currentpoint 6 2 roll newpath 4 copy 4 2 roll moveto 6 -1 roll S lineto S
lineto S lineto closepath clip newpath moveto}N /endTexFig{end psf$SavedState
restore}N /@beginspecial{SDict begin /SpecialSave save N gsave normalscale
currentpoint TR @SpecialDefaults}B /@setspecial{CLIP{newpath 0 0 moveto hs 0
rlineto 0 vs rlineto hs neg 0 rlineto closepath clip}{initclip}ifelse ho vo TR
hsc vsc scale ang rotate BBcalc{rwi urx llx sub div dup scale llx neg lly neg
TR}if /showpage{}N /erasepage{}N /copypage{}N newpath}B /@endspecial{grestore
clear SpecialSave restore end}B /@defspecial{SDict begin}B /@fedspecial{end}B
/li{lineto}B /rl{rlineto}B /rc{rcurveto}B /np{/SaveX currentpoint /SaveY X N 1
setlinecap newpath}B /st{stroke SaveX SaveY moveto}B /fil{fill SaveX SaveY
moveto}B /ellipse{/endangle X /startangle X /yrad X /xrad X /savematrix matrix
currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc savematrix
setmatrix}B end
%%EndProcSet
TeXDict begin 1000 300 300 @start /Fa 1 1 df<FFFFC0FFFFC012027D871A>0
D E /Fb 1 2 df<78FCFCFCFC7806067B9111>1 D E /Fc 2 51 df<18F8181818181818181818
18FF080D7D8C0E>49 D<3E00418080C0C0C000C000C0018003000400084030407F80FF800A0D7E
8C0E>I E /Fd 1 4 df<0C000C00EDC07F801E007F80EDC00C000C000A097E890F>3
D E /Fe 11 118 df<FFE0FFE0FFE00B0380880E>45 D<0FE0003838003C1C003C1E00181E0000
1E0000FE000F9E003C1E00781E00F01E00F01E00F01E00786FC01F87C0120F7F8E14>97
D<001F80001F8000078000078000078000078000078000078003F7801E1F803807807807807007
80F00780F00780F00780F00780F00780700780780780380F801C1FE007E7E013177F9617>100
D<07F01C18380C78067007F007F007FFFFF000F0007000780038031E0603FC100F7F8E13>I<38
7C7C7C3800000000FCFC3C3C3C3C3C3C3C3C3C3C3CFFFF08187F970B>105
D<FC7C00FD8E003E0F003E0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F
00FF3FC0FF3FC0120F7E8E17>110 D<07F0001C1C00380E00700700700700F00780F00780F007
80F00780F00780700700700700380E001C1C0007F000110F7F8E14>I<FDFC00FF0F003C03803C
03C03C01C03C01E03C01E03C01E03C01E03C01E03C01C03C03C03C07803F0F003DF8003C00003C
00003C00003C0000FF0000FF000013157E8E17>I<F8E0F9383A783A783C303C003C003C003C00
3C003C003C003C00FF80FF800D0F7E8E11>114 D<0600060006000E000E001E003FE0FFE01E00
1E001E001E001E001E001E001E301E301E301E300E2007C00C157F9410>116
D<FC3F00FC3F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C1F
001C2FC00FCFC0120F7E8E17>I E /Ff 16 118 df<387078F078F03870081010201020204040
8081000C0A7A9612>34 D<000180000180000380000380000780000780000B8000138000138000
23C00021C00041C000C1C00081C00101C001FFC00201C00201C00401C00801C00801C01801C0FE
0FF815177E961A>65 D<03FFF000E03800E01C00E00C00E00C01C00C01C01C01C01C01C0380380
7003FFC003FFE00380700700300700380700380700380E00700E00700E00E00E01C01C0380FFFE
0016177E9619>I<003F0400E0880380580600380C00381C0010380010300010700010600000E0
0000E00000E00000C00000C00040C00040C00080E00080E0010060020030040018180007E00016
177A961A>I<03FFFE00E00E00E00400E00400E00401C00401C00401C10001C100038200038200
03FE000386000704000704080704080700100E00100E00300E00200E00601C01C0FFFFC017177E
9618>69 D<03FE0FC000E0070000E0040000E0080000E0100001C0200001C0800001C1000001C2
000003860000038E000003A7000003C700000783800007038000070380000701C0000E01C0000E
00E0000E00E0000E00E0001C00F000FF83FC001A177E961B>75 D<03FFE000E03800E01C00E00C
00E00C01C01C01C01C01C01C01C0380380700380E003FF80038000070000070000070000070000
0E00000E00000E00000E00001C0000FF800016177E9618>80 D<1FFFFC38381C20380860380840
380840700880700800700000700000E00000E00000E00000E00001C00001C00001C00001C00003
80000380000380000380000780007FF80016177A961A>84 D<007C001800180018001800300030
00300030076008E018E0306030C060C060C060C0C180C188C1884388659038E00E177C9612>
100 D<07001880304060404080FF00C000C000C0008000C040C08043003C000A0E7B8D10>I<38
7044984708460C8C180C180C180C18183018311861186230263038100E7D8D14>110
D<078018C0304060606060C060C060C06080C080C08180C10046003C000B0E7B8D12>I<38F045
18463846308C000C000C000C001800180018001800300030000D0E7D8D0F>114
D<07800C4018E018E038001E001F8007C000C060C0E0C0C180C3003E000B0E7D8D0F>I<030003
000600060006000600FF800C000C000C001800180018001800300031003100310032001C000914
7D930C>I<1C0826184618461886300C300C300C30186018621862186208E407380F0E7D8D13>I
E /Fg 2 42 df<FFFFF0FFFFF014027D881B>0 D<000060000000600000003000000018000000
1800FFFFFE00FFFFFF0000000180000000F00000003C00000070000001C000000380FFFFFE00FF
FFFC0000001800000030000000300000006000000060001E147E9123>41
D E /Fh 31 122 df<60F0F070101020204040040A7D830A>59 D<0000C00000C00001C00001C0
0003C00005C00005E00008E00008E00010E00020E00020E00040E000C0E00080E001FFF0010070
020070040070040070080070180070FE03FE17177F961A>65 D<07FFF800E00E00E00700E00300
E00301C00301C00701C00701C00E03803C03FFF003FFF003803C07001C07000E07000E07000E0E
001C0E001C0E00380E00701C01E0FFFF0018177F961B>I<001F8200E04403802C07001C0C001C
1C0008380008300008700008600000E00000E00000E00000C00000C00020C00020C00040E00040
6000806001003002001C1C0007E00017177E9619>I<07FFF80000E00E0000E0030000E0038000
E0018001C001C001C001C001C000C001C000C0038001C0038001C0038001C0038001C007000380
0700038007000300070007000E000E000E000C000E0018000E0070001C01C000FFFF00001A177F
961D>I<07FFFF8000E0038000E0010000E0010000E0010001C0010001C0010001C0400001C040
00038080000381800003FF800003818000070100000701020007010200070004000E0004000E00
0C000E0008000E0018001C007000FFFFF00019177F961A>I<001F8100F06201801607000E0E00
0E1C0004380004300004700004600000E00000E00000E00000C007FEC00070C00070E00070E000
E06000E07000E03001E00C06C003F84018177E961B>71 D<07FE1FF800E0038000E0038000E003
8000E0038001C0070001C0070001C0070001C0070003800E0003800E0003FFFE0003800E000700
1C0007001C0007001C0007001C000E0038000E0038000E0038000E0038001C007000FF83FE001D
177F961D>I<07FE00E000E000E000E001C001C001C001C0038003800380038007000700070007
000E000E000E000E001C00FFC00F177E960F>I<07FE03F800E001C000E0010000E0020000E008
0001C0100001C0200001C0800001C1000003830000038F00000393800003A380000781C0000701
C0000700E0000700E0000E0070000E0070000E0038000E0038001C003C00FF80FF001D177F961E
>75 D<07F007F800F000C000B8008000B80080009C0080011C0100011E0100010E0100010E0100
020702000207020002038200020382000401C4000401C4000400E4000400E40008007800080078
00080038000800380018001000FE0010001D177F961C>78 D<07FFF800E00E00E00700E00700E0
0701C00701C00701C00701C00E03801C03807003FFC00380000700000700000700000700000E00
000E00000E00000E00001C0000FF800018177F9616>80 D<07FFF00000E01C0000E0060000E007
0000E0070001C0070001C0070001C0070001C00E0003801C000380700003FF80000380E0000700
70000700380007003800070038000E0070000E0070000E0070800E0070801C003100FF801E0019
177F961B>82 D<003E1000C1A00100E00200600600600C00400C00400E00000F000007E00007FC
0001FE00003F00000780000380000380200180400300400300600600600400D8180087E0001417
7E9615>I<1FFFFE381C0E201C04601C04401C0440380480380400380000380000700000700000
700000700000E00000E00000E00000E00001C00001C00001C00001C00003C0007FFC0017177F96
15>I<FF807F1C00181C00101C00301C00200E00400E00400E00800E01000E01000E02000E0400
0F040007080007100007100007200007600007400007800003800003000002000018177E9615>
86 D<FF83FC1FC01C00E007001C00E006001C00E004001C01E008001C02E008001C02E010001C
04E010001C047020001C087040001C087040001E107080000E207080000E207100000E40710000
0E407200000E807400000F807400000F007800000E007800000E007000000C007000000C002000
0022177E9621>I<071018F0307060706060C060C060C06080C080C480C4C1C446C838700E0E7E
8D13>97 D<003E000C000C000C000C0018001800180018073018F0307060706060C060C060C060
80C080C480C4C1C446C838700F177E9612>100 D<07C01C20301060106020FFC0C000C000C000
C000C010402060C01F000C0E7E8D10>I<1F0006000600060006000C000C000C000C0018F01B18
1C08180838183018301830306030603160616062C022C03C10177E9614>104
D<0300038003000000000000000000000000001C002400460046008C000C001800180018003100
3100320032001C0009177F960C>I<383C0044C6004702004602008E06000C06000C06000C0C00
180C00180C40181840181880300880300F00120E7F8D15>110 D<07C00C20101020186018C018
C018C01880308030C060C0C061803E000D0E7E8D11>I<1C3C2246238223034603060306030603
0C060C060C0C0C081A3019E018001800300030003000FC001014808D12>I<38F0451846384630
8C000C000C000C001800180018001800300030000D0E7F8D10>114 D<07C00C20187018703800
1E000FC003E000606060E060C0C0C1803F000C0E7E8D10>I<030003000600060006000600FFC0
0C000C000C001800180018001800300030803080310031001E000A147F930D>I<1C0200260600
460600460600860C000C0C000C0C000C0C001818001818801818801838800C5900078E00110E7F
8D14>I<0F1F0011A18020C38020C300418000018000018000018000030000030200C30200E704
00C5080078F000110E7F8D14>120 D<1C02260646064606860C0C0C0C0C0C0C18181818181818
380C7007B000300060706070C021801E000F147F8D11>I E /Fi 67 122
df<001800001800003C00003C00004E00004E000087000087000103800303C00201C00601E004
00E00C00F008007010007810003820003C20001C40001E7FFFFEFFFFFFFFFFFF18177E961D>1
D<00FCF807839C0E079C1C07081C07001C07001C07001C07001C0700FFFFE01C07001C07001C07
001C07001C07001C07001C07001C07001C07001C07001C07001C0700FF1FE01617809615>11
D<00FC000782000E07001C07001C02001C00001C00001C00001C0000FFFF001C07001C07001C07
001C07001C07001C07001C07001C07001C07001C07001C07001C0700FF1FE01317809614>I<00
FC7E000703C1000E0783801C0703801C0701001C0700001C0700001C0700001C070000FFFFFF80
1C0703801C0703801C0703801C0703801C0703801C0703801C0703801C0703801C0703801C0703
801C0703801C070380FF1FCFF01C1780961D>14 D<60F0F0F0F0F0606060606060606060000000
0060F0F06004177D960A>33 D<60F0F070101020204040040A7D960A>39
D<0102040C1818303070606060E0E0E0E0E0E0E0E0E0E060606070303018180C04020108227D98
0E>I<8040203018180C0C0E060606070707070707070707070606060E0C0C1818302040800822
7E980E>I<60F0F070101020204040040A7D830A>44 D<FF80FF80090280870C>I<60F0F0600404
7D830A>I<0008001800300030003000600060006000C000C000C0018001800180030003000600
060006000C000C000C00180018001800300030003000600060006000C000C0000D217E9812>I<
07C018303018701C600C600CE00EE00EE00EE00EE00EE00EE00EE00EE00E600C600C701C30181C
7007C00F157F9412>I<03000700FF000700070007000700070007000700070007000700070007
00070007000700070007007FF00C157E9412>I<0F8030E040708030C038E03840380038007000
70006000C00180030006000C08080810183FF07FF0FFF00D157E9412>I<0FE030306018701C70
1C001C00180038006007E000300018000C000E000EE00EE00EC00C401830300FE00F157F9412>
I<00300030007000F001F001700270047008701870107020704070C070FFFE0070007000700070
007003FE0F157F9412>I<20303FE03FC0240020002000200020002F8030E02070003000380038
4038E038E0388030406020C01F000D157E9412>I<40007FFE7FFC7FF8C0088010802000400080
00800100010003000200060006000E000E000E000E000E0004000F167E9512>55
D<07E018302018600C600C700C78183E101F600FC00FF018F8607C601EC00EC006C006C004600C
38300FE00F157F9412>I<60F0F06000000000000060F0F060040E7D8D0A>58
D<FFFFFCFFFFFC000000000000000000000000000000000000FFFFFCFFFFFC160A7E8C1B>61
D<001000003800003800003800005C00005C00005C00008E00008E00008E000107000107000307
8002038002038007FFC00401C00401C00800E00800E01800E03800F0FE03FE17177F961A>65
D<00FC100383300E00B01C0070380030300030700010600010E00010E00000E00000E00000E000
00E00000E000106000107000103000203800201C00400E008003830000FC0014177E9619>67
D<FFFF001C01C01C00E01C00301C00381C00181C001C1C000C1C000E1C000E1C000E1C000E1C00
0E1C000E1C000E1C000C1C001C1C001C1C00381C00301C00601C01C0FFFF0017177F961B>I<FF
FFE01C00E01C00601C00201C00101C00101C00101C04001C04001C04001C0C001FFC001C0C001C
04001C04081C04081C00081C00181C00101C00101C00301C00F0FFFFF015177F9618>I<FFFFE0
1C00E01C00601C00201C00101C00101C00101C04001C04001C04001C0C001FFC001C0C001C0400
1C04001C04001C00001C00001C00001C00001C00001C0000FFC00014177F9617>I<007E080381
980600580C0038180018300018700008700008E00008E00000E00000E00000E00000E003FEE000
387000387000383000381800380C00380600380380D8007F0817177E961C>I<FF83FE1C00701C
00701C00701C00701C00701C00701C00701C00701C00701C00701FFFF01C00701C00701C00701C
00701C00701C00701C00701C00701C00701C0070FF83FE17177F961A>I<FFE00E000E000E000E
000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFE00B17
7F960D>I<FFC0001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C
00001C00001C00001C00201C00201C00201C00601C00601C00401C00C01C03C0FFFFC013177F96
16>76 D<FE0003F81E0003C0170005C0170005C0170005C0138009C0138009C011C011C011C011
C011C011C010E021C010E021C0107041C0107041C0107041C0103881C0103881C0101D01C0101D
01C0100E01C0100E01C0380E01C0FE040FF81D177F9620>I<FC00FE1E00381F00101700101380
1011C01011C01010E010107010103810103810101C10100E10100F101007101003901001D01001
D01000F0100070100030380030FE001017177F961A>I<00FC000303000E01C01C00E038007030
0030700038600018E0001CE0001CE0001CE0001CE0001CE0001CE0001C70003870003830003038
00701C00E00E01C003030000FC0016177E961B>I<FFFE001C03801C00C01C00601C00701C0070
1C00701C00701C00601C00C01C03801FFE001C00001C00001C00001C00001C00001C00001C0000
1C00001C00001C0000FF800014177F9618>I<FFFC001C03801C00C01C00E01C00701C00701C00
701C00701C00E01C00C01C03801FFE001C07801C01C01C00E01C00E01C00E01C00E01C00E01C00
E11C00E11C0072FF803C18177F961A>82 D<0FC4302C601C400CC004C004C004E00070007F003F
E00FF801FC001C000E0006800680068006C004E008D81087E00F177E9614>I<7FFFF860381840
380840380880380480380480380400380000380000380000380000380000380000380000380000
380000380000380000380000380000380000380007FFC016177F9619>I<FF80FE1C00381C0010
1C00101C00101C00101C00101C00101C00101C00101C00101C00101C00101C00101C00101C0010
1C00101C00100E0020060020030040018180007E0017177F961A>I<FF80FE3C00381C00101C00
100E00200E002007004007004007004003808003808003C18001C10001C10000E20000E20000F6
0000740000740000380000380000380000100017177F961A>I<FF07FC3F803C01E00E001C00E0
04001C00E004001C017004000E017008000E017008000E02380800070238100007023810000704
1C100003841C200003841C200003880E200001C80E400001C80E400001D80F400000F007800000
F007800000F007800000600300000060030000006003000021177F9624>I<FCFCC0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FCFC06217D980A>91
D<FCFC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0CFCFC062180980A
>93 D<1FC0386038301038003803F81E3830387038E039E039E07970FF1F1E100E7F8D12>97
D<FC00001C00001C00001C00001C00001C00001C00001C00001C00001CF8001F06001C03001C03
801C01801C01C01C01C01C01C01C01C01C01801C03801C03001B0E0010F8001217809614>I<07
F01838303870106000E000E000E000E000600070083008183007C00D0E7F8D10>I<007E00000E
00000E00000E00000E00000E00000E00000E00000E0007CE001C3E00300E00700E00600E00E00E
00E00E00E00E00E00E00600E00700E00301E00182E0007CFC012177F9614>I<0FC01860303070
38E018FFF8E000E000E000600070083010183007C00D0E7F8D10>I<03E006700E701C201C001C
001C001C001C00FF801C001C001C001C001C001C001C001C001C001C001C001C00FF800C178096
0B>I<0F9E18E33060707070707070306018C02F80200060003FE03FF83FFC600EC006C006C006
600C38380FE010157F8D12>I<FC00001C00001C00001C00001C00001C00001C00001C00001C00
001C7C001D8E001E07001C07001C07001C07001C07001C07001C07001C07001C07001C07001C07
00FF9FE01317809614>I<183C3C1800000000007C1C1C1C1C1C1C1C1C1C1C1C1CFF081780960A>
I<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C3F801C1C001C18001C20
001C40001CC0001FE0001CF0001C70001C78001C3C001C1E001C1E00FF3FC01217809613>107
D<FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C00
1C001C001C00FF80091780960A>I<FC7C1F001D8E63801E0781C01C0701C01C0701C01C0701C0
1C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C0FF9FE7F81D0E808D1E>I<
FC7C001D8E001E07001C07001C07001C07001C07001C07001C07001C07001C07001C07001C0700
FF9FE0130E808D14>I<07C018303018600C600CE00EE00EE00EE00EE00E701C3018183007C00F
0E7F8D12>I<FCF8001F0E001C03001C03801C01801C01C01C01C01C01C01C01C01C01801C0380
1C07001F0E001CF8001C00001C00001C00001C00001C0000FF80001214808D14>I<07C2001C26
00381E00700E00600E00E00E00E00E00E00E00E00E00600E00700E00301E001C2E0007CE00000E
00000E00000E00000E00000E00007FC012147F8D13>I<FCF01D381E381C101C001C001C001C00
1C001C001C001C001C00FF800D0E808D0E>I<1F4060C0C040C040E000FF007F801FC001E08060
8060C060E0C09F000B0E7F8D0E>I<080008000800180018003800FF8038003800380038003800
3800380038403840384038401C800F000A147F930E>I<FC3F001C07001C07001C07001C07001C
07001C07001C07001C07001C07001C07001C0F000E170003E7E0130E808D14>I<FE1F3C0E3C0C
1C081C080E100E100720072003C003C003C001800180100E7F8D13>I<FCFE7C3838383838101C
3C201C3C201C4C200E4E400E4E400E8640078780078780070380030300030300160E7F8D19>I<
FE3F3C181C100E20074007C0038001C002E004F008701838383CFC7F100E7F8D13>I<FE1F3C0E
3C0C1C081C080E100E100720072003C003C003C00180018001000100E200E200A400780010147F
8D13>I E /Fj 10 58 df<1F00318060C04040C060C060C060C060C060C060C060C060404060C0
31801F000B107F8F0F>48 D<0C003C00CC000C000C000C000C000C000C000C000C000C000C000C
000C00FF8009107E8F0F>I<1F00618040C08060C0600060006000C00180030006000C00102020
207FC0FFC00B107F8F0F>I<1F00218060C060C000C0008001800F00008000400060C060C06080
4060801F000B107F8F0F>I<0300030007000F000B001300330023004300C300FFE00300030003
0003001FE00B107F8F0F>I<20803F002C002000200020002F0030802040006000600060C06080
C061801F000B107F8F0F>I<0780184030C060C06000C000CF00F080E040C060C060C060406060
C030801F000B107F8F0F>I<40007FE07FC08080808001000200040004000C0008000800180018
001800180018000B117E900F>I<1F00208040404040404070803F000F00338061C0C060C060C0
60404060801F000B107F8F0F>I<1F00318060C0C040C060C060C06040E021E01E600060004060
C0608043003E000B107F8F0F>I E /Fk 11 116 df<001800003800003800005800009800008C
00010C00020C00060C0007FE00080600100600300600F81F80110E7E8D16>65
D<01F880060780180180300180600100C00000C00000C00000C00000C00200C002006004003018
000FE000110E7E8D15>67 D<1FC3F80600C00600C00600C00C01800C01800FFF800C0180180300
180300180300180300300600FC1F80150E7E8D17>72 D<1E01F807004005804005804008C08008
6080086080083080101900101900100D00100700300600F80200150E7E8D16>78
D<03F40C0C1004100410001C000FC000F00018000840084010C020BF800E0E7E8D12>83
D<1D8033806180C300C300C300C32047403B800B097E8810>97 D<F00030003000300060006E00
71806180C180C180C180C30046003C00090E7E8D0D>I<0F8030C060804000C000C000C0406180
3E000A097E880D>I<0808000000007098B0303060646870060F7D8E0B>105
D<778098C098803000300030003000600060000A097D880E>114 D<3E4342703C06C284780809
7D880E>I E /Fl 2 42 df<FFFFFEFFFFFE17027D891E>0 D<0000100000000018000000000C00
0000000C000000000600000000030000FFFFFF8000FFFFFFE00000000070000000001E00000000
07800000001E0000000038000000006000FFFFFFC000FFFFFF8000000003000000000600000000
0C000000000C00000000180000000010000021167E9326>41 D E /Fm 17
117 df<000400000E00000E0000160000260000260000460000870000830001030003FF000203
00040300080300080180100180FC0FE013117E9017>65 D<00FC400302C00C01C0180080300080
600080600000C00000C00000C00000C00000C00200C002004004006008001830000FC00012117D
9016>67 D<0FFF800180C00180600300300300300300100300100600300600300600300600200C
00600C00C00C00800C0300180600FFF80014117E9019>I<0FFFE0018060018020030020030020
03042003040006080007F8000608000608200C10400C00400C00800C0180180380FFFF0013117E
9016>I<0FF1FE0180300180300300600300600300600300600600C007FFC00600C00600C00C01
800C01800C01800C0180180300FF1FE017117E9019>72 D<0FF03F018018018020030040030100
030200030800061800064C00068C000606000C06000C03000C03000C01801801C0FF03F018117E
901A>75 D<01F90607080310021002100018000F8003F0003800080008400840084010E0609F80
10117D9013>83 D<3FFFC03060C040604040C04080C04080C04000C00001800001800001800001
80000300000300000300000300000600007FE00012117E9012>I<072018E0306060606060C0C0
C0C0C0C841C862D03C700D0B7E8A11>97 D<780018001800300030003000370078C06040606060
60C0C0C0C0C0C0418063003C000B117E900E>I<0780184030C060006000C000C000C000402060
C01F000B0B7E8A0E>I<007800180018003000300030073018E0306060606060C0C0C0C0C0C841
C862D03C700D117E9010>I<03900C7018303030303060606060606020E031C01EC000C000C041
80C3007E000C107E8A0F>103 D<040C0000000000705898983030606464683006127E910B>105
D<73C09C209860980018003000300030003000600060000B0B7E8A0E>114
D<0F001080218020003E001F0001808080C00083007C00090B7D8A0F>I<08181818FF30303030
606062646438080F7E8E0C>I E /Fn 16 94 df<00800100020004000C00080018003000300030
006000600060006000E000E000E000E000E000E000E000E000E000E00060006000600060003000
30003000180008000C00040002000100008009267D9B0F>40 D<8000400020001000180008000C
000600060006000300030003000300038003800380038003800380038003800380038003000300
030003000600060006000C0008001800100020004000800009267E9B0F>I<60F0F06004047D83
0B>46 D<078018603030303060186018E01CE01CE01CE01CE01CE01CE01CE01CE01CE01CE01CE0
1C6018601870383030186007800E187E9713>48 D<03000700FF00070007000700070007000700
07000700070007000700070007000700070007000700070007000700FFF00C187D9713>I<0F80
106020304038803CC01CE01C401C003C003800380070006000C001800100020004040804100430
083FF87FF8FFF80E187E9713>I<0F8010E02070607870382038007800700070006000C00F8000
E000700038003C003CE03CE03CC03C4038407030E00F800E187E9713>I<30183FF03FE03FC020
00200020002000200027C03860203000380018001C001C401CE01CE01C80184038403030E00F80
0E187E9713>53 D<01E006100C1818383038300070006000E000E7C0E860F030F018E018E01CE0
1CE01C601C601C701830183030186007C00E187E9713>I<40007FFE7FFC7FFC40088010801080
20004000400080018001800100030003000300030007000700070007000700070002000F197E98
13>I<078018603030201860186018601870103C303E600F8007C019F030F86038401CC00CC00C
C00CC00C6008201018600FC00E187E9713>I<07801860303070306018E018E018E01CE01CE01C
601C603C303C185C0F9C001C00180018003870307060604021801F000E187E9713>I<60F0F060
000000000000000060F0F06004107D8F0B>I<FFFFFF80FFFFFF80000000000000000000000000
000000000000000000000000FFFFFF80FFFFFF80190A7E8D1E>61 D<FEFEC0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07257D9B0B>91
D<FEFE060606060606060606060606060606060606060606060606060606060606060606FEFE07
25809B0B>93 D E /Fo 25 116 df<60F0F07010101020204080040B7D830B>59
D<000010000000300000007000000070000000F8000000B8000001380000023800000238000004
380000043800000838000010380000103C0000201C0000201C00007FFC0000801C0000801C0001
001C0003001C0002001C0004001E0004000E001C001E00FF00FFC01A1A7F991D>65
D<0007E040003C18C000E005C001C003C003800180070001800E0001801C0001803C0001003800
01007800000078000000F0000000F0000000F0000000F0000000F0000400F0000400F0000400F0
0008007000100030001000380060001C0080000703000001FC00001A1A7E991B>67
D<01FFFC000038070000380380003801C0007000E0007000E0007000E0007000F000E000F000E0
00F000E000F000E000F001C001E001C001E001C001E001C001C0038003C0038003C00380038003
80070007000E0007001E0007003800070070000E01E000FFFF00001C1A7E9920>I<01FFFFC000
3801C0003800C0003800400070004000700040007000400070004000E0400000E0400000E04000
00E0C00001FF800001C0800001C0800001C0800003810000038001000380010003800200070002
000700040007000C00070018000E007800FFFFF0001A1A7E991C>I<01FFFF8000380380003801
80003800800070008000700080007000800070008000E0400000E0400000E0400000E0C00001FF
800001C0800001C0800001C0800003810000038000000380000003800000070000000700000007
000000070000000F000000FFF00000191A7E9919>I<0007E040003C18C000E005C001C003C003
800180070001800E0001801C0001803C000100380001007800000078000000F0000000F0000000
F0000000F001FF80F0001C00F0001C00F0001C00F0001C007000380030003800380038001C0078
000703900001FC10001A1A7E991E>I<01FF8FFC003801C0003801C0003801C000700380007003
80007003800070038000E0070000E0070000E0070000E0070001FFFE0001C00E0001C00E0001C0
0E0003801C0003801C0003801C0003801C00070038000700380007003800070038000E007000FF
E7FF001E1A7E9920>I<03FF8000380000380000380000700000700000700000700000E00000E0
0000E00000E00001C00001C00001C00001C0000380000380000380000380000700000700000700
000700000F0000FFE000111A7F9911>I<01FF80FF003800380038006000380040007001000070
0200007004000070080000E0200000E0400000E0800000E1C00001C5C00001C9C00001D0E00001
C0E000038070000380700003807000038038000700380007001C0007001C0007001C000E001E00
FFE0FF80201A7E9921>75 D<01FC0007F0003C000F00003C000F00003C001700005C002E00004E
002E00004E004E00004E004E00008E009C00008E011C00008E011C00008E021C00010E02380001
0E043800010E083800010E0838000207107000020710700002072070000207407000040740E000
040780E000040780E0000C0700E0001C0601C000FF861FFC00241A7E9925>77
D<01F803FC003C00E0003C0040003C0040004E0080004E0080004E008000470080008701000083
010000838100008381000101C2000101C2000101C2000100E2000200E4000200E4000200740002
0074000400780004003800040038000C0038001C001000FF8010001E1A7E991F>I<000FE00000
38380000E00E0001C00700070007000F0003800E0003801C0003803C0003C0380003C0780003C0
780003C0F0000780F0000780F0000780F0000F00F0000F00F0000E00F0001E00F0003C00700038
00700070003800E0001C03C0000E0F000003F800001A1A7E991D>I<01FFFC0000380F00003803
8000380380007003C0007003C0007003C0007003C000E0078000E0078000E00F0000E01E0001C0
380001FFE00001C0000001C0000003800000038000000380000003800000070000000700000007
000000070000000E000000FFE000001A1A7E9919>I<000FE0000038380000E00E0001C0070007
8007000F0007800E0003801C0003803C0003C0380003C0780003C0780003C0F0000780F0000780
F0000780F0000700F0000F00F0000E00F0001E00F0001C0070703800708070003904E0001D07C0
000F0F000003FC04000006040000060C00000618000007F8000007F0000007E0000003C0001A21
7E991E>I<01FFF80000381E0000380700003807800070078000700780007007800070078000E0
0F0000E00E0000E01C0000E0700001FFC00001C0C00001C0600001C07000038070000380700003
807000038070000700F0000700F0000700F0400700F0800E007980FFE01E001A1A7E991D>I<00
1F080060D800803801003803001006001006001006001006000007000007C00003FC0001FF0000
7F800007C00001C00001C00000C02000C02000C0600180600180600300700600CC0C0083F00015
1A7E9917>I<3FFFFF80380E0180200E0080400E0080401C0080801C0080801C0080801C008000
3800000038000000380000003800000070000000700000007000000070000000E0000000E00000
00E0000000E0000001C0000001C0000001C0000001C0000003C000007FFE0000191A7F9916>I<
7FE0FF0E00380E00100E00101C00201C00201C00201C0020380040380040380040380040700080
700080700080700080E00100E00100E00100E00200E00200E004006008006010003860000F8000
181A7D991A>I<FFC01FE01E0007001C0006001C0004000E0008000E0008000E0010000E002000
0E0020000E0040000E0080000F0080000701000007030000070200000704000007040000070800
00079000000390000003A0000003C0000003C000000380000003000000030000001B1A7E9916>
I<03980C5C1838383830387038E070E070E070E070C0E2C0E2C0E2E1E262643C380F107E8F14>
97 D<03E00E101810381070107020FFC0E000E000E000E000E008E010602030C01F000D107E8F
12>101 D<383C004CC6008F07008E07008E07008E07001C0E001C0E001C0E001C1C00381C4038
1C40383840383880701900300E0012107E8F17>110 D<03E006101C18381C300C701C601CE01C
E01CE018E038C030E07060E021801F000E107E8F13>I<03E006180818183818301C001FC00FE0
07F000700030E030E030806040C03F000D107E8F12>115 D E /Fp 35 121
df<40E06020202040408003097D820A>59 D<000100000300000700000780000B80001B800013
800023800023800043800083800083C00101C003FFC00201C00401C00401C00801C01801E0FE07
F815147F9319>65 D<003F0800C0980300700600300C0030180030380020700000700000700000
E00000E00000E00000E000406000806000803001003002000C1C0007E00015147E9318>67
D<07FFE000E07001C01801C00C01C00C01C00E03800E03800E03800E03800E07001C07001C0700
1C0700380E00300E00700E00E00E01C01C0700FFFC0017147F931B>I<07FFFC00E01C01C00C01
C00C01C00C01C00803810803810003830003FF000702000702000702080700100E00100E00100E
00200E00601C01E0FFFFC016147F9318>I<003F0800C0980300700600300C0030180030380020
700000700000700000E00000E01FF0E001C0E001C06003806003803003803007800C0B0007F100
15147E931A>71 D<07FC7FC000E00E0001C01C0001C01C0001C01C0001C01C0003803800038038
000380380003FFF800070070000700700007007000070070000E00E0000E00E0000E00E0000E00
E0001C01C000FF8FF8001A147F931B>I<07FC1FC000E0060001C0080001C0100001C0600001C0
80000381000003860000038E0000039E0000076700000787000007038000070380000E01C0000E
01C0000E00E0000E00E0001C00F000FF83FC001A147F931C>75 D<07F000FE00F000F0017001E0
017002E0017002E0017004E0027009C0023809C0023811C0023821C00438238004384380043883
80041C8380081D0700081E0700081E0700081C070018180E00FE187FC01F147F9320>77
D<07E01FC000E0060001700400017004000138040001380400021C0800021C0800020E0800020E
0800040710000407100004039000040390000801E0000801E0000800E0000800E00018004000FE
0040001A147F931A>I<07FFE000E07001C01801C01C01C01C01C01C0380380380380380700381
C007FF000700000700000700000E00000E00000E00000E00001C0000FF800016147F9315>80
D<00F8800305800603000401000C01000C01000C00000E00000FE00007F80001FC00001C00000E
00000E00400C00400C00400800601800D020008FC00011147E9314>83 D<1FFFF8381C18203818
20380840380840381080701000700000700000700000E00000E00000E00000E00001C00001C000
01C00001C0000380003FF8001514809314>I<FF1FE0FC38038030380380203807804038078040
380B8080380B818038138100383382003C2382001C43C4001C41CC001C81C8001D81D0001D01D0
001E01E0001E01E0001C01C0001C018000180180001E147E931F>87 D<07B00C70107030606060
60606060C0C0C0C8C0C841C862D03C700D0D7E8C12>97 D<7C000C001800180018001800300037
00388030C060C060C060C060C0C180C180C1004300660038000A147E930F>I<07800C4010E031
C0600060006000C000C0004020404021801E000B0D7E8C0F>I<007C000C001800180018001800
3007B00C7010703060606060606060C0C0C0C8C0C841C862D03C700E147E9311>I<07800C4010
20304060407F8060004000C0004020604021801E000B0D7E8C10>I<01D8023804380C30183018
30183030603060306010E019C00EC000C000C06180E180C3007C000D137F8C10>103
D<3E0006000C000C000C000C00180019E01E30183038303030303030306060606460C460C4C0C8
C0700E147E9313>I<06070600000000384C4C8C98181830326262643808147F930C>I<00600070
00600000000000000000038004C0046008C008C000C000C0018001800180018003000300030003
006600E600CC0078000C1A81930E>I<3E0006000C000C000C000C001800187018B81938323034
0038003E006300631063106310C320C1C00D147E9312>I<7C0C181818183030303060606060C0
D0D0D0D06006147E930A>I<30F87C00590C86004E0D06009C0E0600980C0600180C0600180C06
0030180C0030180C8030181880301818806030190060300E00190D7F8C1D>I<30F8590C4E0C9C
0C980C180C180C30183019303130316032601C100D7F8C15>I<03800C60182030306030603060
30C060C06040C0608023001E000C0D7E8C10>I<0C78168C130426062606060606060C0C0C0C0C
080C101A2019C018001800300030003000FC000F13818C11>I<31E05A704C709C609800180018
003000300030003000600060000C0D7F8C0F>114 D<0700188019C0318038001E000F00038041
80E180C10082007C000A0D7E8C10>I<02000600060006000C00FF800C000C0018001800180018
00300031003100320032001C0009127F910D>I<380C4C0C4C0C8C189818181818183030303230
32307218B40F1C0F0D7F8C14>I<3818204C18604C18208C302098302018302018302030604030
604030608030608018B1000F1E00130D7F8C18>119 D<0E3C13CE238E430C4300030003000600
0608C608E610CA2071C00F0D7F8C13>I E /Fq 39 117 df<60F0F06004047C830C>58
D<60F0F0701010101020204080040C7C830C>I<0000038000000F0000003C000000F0000003C0
00000F0000003C000000F0000003C000000F0000003C000000F0000000F00000003C0000000F00
000003C0000000F00000003C0000000F00000003C0000000F00000003C0000000F000000038019
187D9520>I<00010003000600060006000C000C000C0018001800180030003000300060006000
C000C000C0018001800180030003000300060006000C000C000C00180018001800300030003000
600060006000C000C00010297E9E15>I<E0000000780000001E0000000780000001E000000078
0000001E0000000780000001E0000000780000001E00000007800000078000001E000000780000
01E00000078000001E00000078000001E00000078000001E00000078000000E000000019187D95
20>I<00000C0000000C0000001C0000001C0000003C0000007C0000005C0000009C0000008E00
00010E0000010E0000020E0000040E0000040E0000080E0000080E0000100E0000200E00003FFE
0000400700004007000080070001000700010007000200070002000700060007001E000700FF80
7FF01C1D7F9C1F>65 D<0001F808000E061800380138006000F001C0007003800070070000300F
0000200E0000201C0000203C0000203C000000780000007800000078000000F0000000F0000000
F0000000F0000000F0000100F0000100F0000100700002007000020030000400380008001C0010
000E0060000701800000FE00001D1E7E9C1E>67 D<01FFFF80003C01E000380070003800380038
001C0038001C0070001C0070001E0070001E0070001E00E0001E00E0001E00E0001E00E0001E01
C0003C01C0003C01C0003C01C000380380007803800070038000F0038000E0070001C007000380
0700070007001C000E007800FFFFC0001F1C7E9B22>I<01FFFFF8003C00780038001800380010
00380010003800100070001000700010007010100070100000E0200000E0200000E0600000FFE0
0001C0400001C0400001C0400001C0400003808040038000400380008003800080070001000700
010007000300070006000E003E00FFFFFC001D1C7E9B1F>I<01FFFFF0003C00F0003800300038
002000380020003800200070002000700020007010200070100000E0200000E0200000E0600000
FFE00001C0400001C0400001C0400001C040000380800003800000038000000380000007000000
0700000007000000070000000F000000FFF000001C1C7E9B1B>I<0001F808000E061800380138
006000F001C0007003800070070000300F0000200E0000201C0000203C0000203C000000780000
007800000078000000F0000000F0000000F0007FF0F0000780F0000700F0000700F00007007000
070070000E0030000E0038000E001C001E000E0064000701840000FE00001D1E7E9C21>I<01FF
C3FF80003C0078000038007000003800700000380070000038007000007000E000007000E00000
7000E000007000E00000E001C00000E001C00000E001C00000FFFFC00001C003800001C0038000
01C003800001C0038000038007000003800700000380070000038007000007000E000007000E00
0007000E000007000E00000F001E0000FFE1FFC000211C7E9B23>I<03FFC0003C000038000038
0000380000380000700000700000700000700000E00000E00000E00000E00001C00001C00001C0
0001C0000380000380000380000380000700000700000700000700000F0000FFF000121C7E9B12
>I<01FFC07F80003C001E00003800180000380020000038004000003800800000700200000070
0400000070080000007010000000E040000000E0C0000000E1E0000000E2E0000001C470000001
D070000001E038000001C0380000038038000003801C000003801C000003800E000007000E0000
07000E0000070007000007000700000F00078000FFE03FF000211C7E9B23>75
D<01FFE0003C0000380000380000380000380000700000700000700000700000E00000E00000E0
0000E00001C00001C00001C00001C00003800203800203800203800407000407000C0700180700
380E00F0FFFFF0171C7E9B1C>I<01FE0000FF003E0000F0002E0001E0002E0002E0002E0002E0
002E0004E0004E0009C0004E0009C000470011C000470011C00087002380008700438000870043
80008700838001070107000107010700010382070001038207000203840E000203880E00020388
0E000203900E000403A01C000403A01C000401C01C000C01C01C001C01803C00FF8103FF80281C
7E9B28>I<01FC00FF80001C001C00002E001800002E001000002E001000002700100000470020
000043002000004380200000438020000081C040000081C040000081C040000080E040000100E0
800001007080000100708000010070800002003900000200390000020039000002001D00000400
1E000004000E000004000E00000C000E00001C00040000FF80040000211C7E9B21>I<0003F800
000E0E000038038000E001C001C001C0038000E0070000E00F0000F01E0000F01C0000F03C0000
F03C0000F0780000F0780000F0780000F0F00001E0F00001E0F00001E0F00003C0F00003C0F000
0780F0000780F0000F0070000E0070001C00380038003C0070001C01C0000707800001FC00001C
1E7E9C20>I<01FFFF00003C03C0003800E0003800F00038007000380070007000F0007000F000
7000F0007000E000E001E000E003C000E0078000E01E0001FFF00001C0000001C0000001C00000
03800000038000000380000003800000070000000700000007000000070000000F000000FFE000
001C1C7E9B1B>I<0003F800000E0E000038038000E001C001C001C0038000E0070000E00F0000
F01E0000F01C0000F03C0000F03C0000F0780000F0780000F0780000F0F00001E0F00001E0F000
01E0F00003C0F00003C0F0000380F0000780F0000F00703C0E0070421C0038823800388270001C
83C0000787810001FF0100000303000003020000038E000003FC000003F8000001F8000001E000
1C257E9C21>I<01FFFE00003C03C0003800E0003800F00038007000380070007000F0007000F0
007000F0007001E000E001C000E0078000E01E0000FFF00001C0300001C0180001C01C0001C01C
0003801C0003801C0003801C0003801C0007003C0007003C0807003C0807003C100F001E10FFE0
0E20000007C01D1D7E9B20>I<000FC100303300400F0080060180060300060300060600040600
0407000007000007800003F00001FF0000FFC0003FE00003E00000F00000700000300000302000
302000306000606000606000C0600080F00300CC060083F800181E7E9C19>I<1FFFFFF01C0380
7030070030200700206007002040070020400E0020800E0020800E0020000E0000001C0000001C
0000001C0000001C00000038000000380000003800000038000000700000007000000070000000
70000000E0000000E0000000E0000000E0000001E000007FFF00001C1C7F9B18>I<7FF03FE00F
0007000E0006000E0004000E0004000E0004001C0008001C0008001C0008001C00080038001000
38001000380010003800100070002000700020007000200070002000E0004000E0004000E00040
00E0008000E0008000E00100006002000060040000300800001830000007C000001B1D7D9B1C>
I<FFC00FF01E0003801C0003001C0002001C0004001E0004000E0008000E0008000E0010000E00
20000E0020000E0040000E0080000E0080000F0100000701000007020000070400000704000007
080000071800000710000007A0000003A0000003C0000003800000038000000300000003000000
1C1D7D9B18>I<FFC1FFC1FF1C003C003C1C001C00101C001C00201C003C00201C007C00401C00
5C00401C009C00801C009C00801C011C01001C011C01001C021C02001C021C04001C041C04001C
081C08001E081C08000E101C10000E101C10000E200E20000E200E60000E400E40000E400E8000
0E800E80000F000F00000F000F00000E000E00000E000E00000C000C00000C00080000281D7D9B
27>I<01FFC0FF80001E003C00001E003000000E002000000F0040000007008000000701000000
0782000000038400000003C800000001D000000001F000000000E000000000E000000000F00000
000170000000027000000004380000000838000000103C000000201C000000401E000000800E00
0001800E000003000F000006000700001E000F8000FF803FF000211C7F9B22>I<FFE007F80F00
01E00F0001800700010007000200078004000380080003C0100001C0300001C0200001E0400000
E0800000F100000072000000760000007C00000038000000380000007000000070000000700000
0070000000E0000000E0000000E0000000E0000001C000001FFC00001D1C7F9B18>I<01E30007
17000C0F00180F00380E00300E00700E00700E00E01C00E01C00E01C00E01C00E03880E03880E0
38806078803199001E0E0011127E9116>97 D<0007E00000E00000E00001C00001C00001C00001
C000038000038000038000038001E7000717000C0F00180F00380E00300E00700E00700E00E01C
00E01C00E01C00E01C00E03880E03880E038806078803199001E0E00131D7E9C16>100
D<01F007080C0818043808300870307FC0E000E000E000E000E000E0046008601030600F800E12
7E9113>I<01C003C003C001800000000000000000000000001C00270047004700870087000E00
0E001C001C001C003800388038807080710032001C000A1C7E9B0E>105
D<1F800380038007000700070007000E000E000E000E001C001C001C001C003800380038003800
7000700070007000E400E400E400E40064003800091D7E9C0C>108 D<381F81F04E20C6184640
E81C4680F01C8F00F01C8E00E01C0E00E01C0E00E01C1C01C0381C01C0381C01C0381C01C07038
03807138038071380380E1380380E2700700643003003820127E9124>I<381F004E61804681C0
4701C08F01C08E01C00E01C00E01C01C03801C03801C03801C0700380710380710380E10380E20
70064030038014127E9119>I<00F800030C000E06001C0300180300300300700380700380E007
00E00700E00700E00E00E00E00E01C0060180060300030E0000F800011127E9114>I<07078009
C86008D03008E03011C03011C03801C03801C0380380700380700380700380600700E00700C007
01800783000E86000E78000E00000E00001C00001C00001C00001C00003C0000FF8000151A8191
15>I<01F0060C04040C0E180C1C001F000FE00FF003F80038201C7018F018F010803060601F80
0F127E9113>115 D<00C001C001C001C00380038003800380FFF00700070007000E000E000E00
0E001C001C001C001C00382038203840384018800F000C1A80990F>I E
/Fr 46 123 df<003FC00001F0300003C0380007C07C000F807C000F807C000F8038000F800000
0F8000000F8000000F800000FFFFFC00FFFFFC000F807C000F807C000F807C000F807C000F807C
000F807C000F807C000F807C000F807C000F807C000F807C000F807C000F807C000F807C007FE1
FF807FE1FF80191D809C1B>12 D<003FC1FE0001F03F818003C03E01C007C07E03E00F807C03E0
0F807C03E00F807C01C00F807C00000F807C00000F807C00000F807C0000FFFFFFFFE0FFFFFFFF
E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C
03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E00F807C03E07FE1FF0FFC7FE1
FF0FFC261D809C28>14 D<78FCFCFCFC7806067D850D>46 D<00600001E0000FE000FFE000F3E0
0003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E0
0003E00003E00003E00003E00003E00003E00003E0007FFF807FFF80111B7D9A18>49
D<07F8001FFE00383F80780FC0FC07C0FC07E0FC03E0FC03E07803E00007E00007C00007C0000F
80001F00001E0000380000700000E0000180600300600600600800E01FFFC03FFFC07FFFC0FFFF
C0FFFFC0131B7E9A18>I<03F8001FFE003C1F003C0F807C07C07E07C07C07C03807C0000F8000
0F80001E00003C0003F800001E00000F800007C00007C00007E03007E07807E0FC07E0FC07E0FC
07C0780F80781F001FFE0007F800131B7E9A18>I<000180000380000780000F80001F80003F80
006F8000CF80008F80018F80030F80060F800C0F80180F80300F80600F80C00F80FFFFF8FFFFF8
000F80000F80000F80000F80000F80000F8001FFF801FFF8151B7F9A18>I<1801801FFF001FFE
001FFC001FF8001FC00018000018000018000018000019F8001E0E00180F801007800007C00007
E00007E00007E07807E0F807E0F807E0F807C0F007C0600F80381F001FFE0007F000131B7E9A18
>I<007E0003FF000781800F03C01E07C03C07C03C0380780000780000F80000F8F800FB0E00FA
0780FC0380FC03C0F803E0F803E0F803E0F803E07803E07803E07803C03C03C03C07801E0F0007
FE0003F800131B7E9A18>I<00038000000380000007C0000007C0000007C000000FE000000FE0
00001FF000001BF000001BF0000031F8000031F8000061FC000060FC0000E0FE0000C07E0000C0
7E0001803F0001FFFF0003FFFF8003001F8003001F8006000FC006000FC00E000FE00C0007E0FF
C07FFEFFC07FFE1F1C7E9B24>65 D<001FE02000FFF8E003F80FE007C003E00F8001E01F0000E0
3E0000E03E0000607E0000607C000060FC000000FC000000FC000000FC000000FC000000FC0000
00FC000000FC0000007C0000607E0000603E0000603E0000C01F0000C00F80018007C0030003F8
0E0000FFFC00001FE0001B1C7D9B22>67 D<FFFFF800FFFFFF000FC01FC00FC007E00FC001F00F
C001F80FC000F80FC000FC0FC0007C0FC0007C0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E
0FC0007E0FC0007E0FC0007E0FC0007C0FC0007C0FC0007C0FC000F80FC000F80FC001F00FC007
E00FC01FC0FFFFFF00FFFFF8001F1C7E9B25>I<FFFFFF00FFFFFF000FC01F000FC007000FC003
000FC003800FC003800FC181800FC181800FC181800FC180000FC380000FFF80000FFF80000FC3
80000FC180000FC180000FC180600FC180600FC000E00FC000C00FC000C00FC001C00FC001C00F
C003C00FC00F80FFFFFF80FFFFFF801B1C7E9B1F>I<FFFFFF00FFFFFF000FC01F000FC007000F
C003000FC003800FC003800FC001800FC181800FC181800FC180000FC180000FC380000FFF8000
0FFF80000FC380000FC180000FC180000FC180000FC180000FC000000FC000000FC000000FC000
000FC000000FC00000FFFF0000FFFF0000191C7E9B1E>I<FFFFFFFF07E007E007E007E007E007
E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E0FFFF
FFFF101C7F9B12>73 D<003FE00001F07C0003C01E000F800F801F0007C01E0003C03E0003E07E
0003F07C0001F07C0001F0FC0001F8FC0001F8FC0001F8FC0001F8FC0001F8FC0001F8FC0001F8
FC0001F87C0001F07E0003F07E0003F03E0003E03F0007E01F0007C00F800F8003C01E0001F07C
00003FE0001D1C7D9B24>79 D<FFFFF800FFFFFE000FC03F800FC00F800FC007C00FC007E00FC0
07E00FC007E00FC007E00FC007E00FC007C00FC007C00FC00F800FC03F000FFFFC000FC000000F
C000000FC000000FC000000FC000000FC000000FC000000FC000000FC000000FC000000FC00000
FFFC0000FFFC00001B1C7E9B21>I<FFFFF00000FFFFFE00000FC03F00000FC00F80000FC007C0
000FC007E0000FC007E0000FC007E0000FC007E0000FC007E0000FC007C0000FC00F80000FC03E
00000FFFF000000FC07C00000FC03E00000FC03F00000FC01F80000FC01F80000FC01F80000FC0
1F80000FC01F80000FC01F80000FC01F81800FC01F81800FC00FC180FFFC07C300FFFC01FE0021
1C7E9B24>82 D<07F8201FFEE03C07E07801E07000E0F000E0F00060F00060F80000FE0000FFE0
007FFE003FFF003FFF800FFFC007FFE0007FE00003F00001F00000F0C000F0C000F0C000E0E000
E0F001C0FC03C0EFFF0083FC00141C7D9B1B>I<7FFFFFE07FFFFFE0781F81E0701F80E0601F80
60E01F8070C01F8030C01F8030C01F8030C01F8030001F8000001F8000001F8000001F8000001F
8000001F8000001F8000001F8000001F8000001F8000001F8000001F8000001F8000001F800000
1F8000001F800007FFFE0007FFFE001C1C7E9B21>I<FFFC03FFFFFC03FF0FC000300FC000300F
C000300FC000300FC000300FC000300FC000300FC000300FC000300FC000300FC000300FC00030
0FC000300FC000300FC000300FC000300FC000300FC000300FC0003007C0003007C0006003E000
E001F001C000FC0780007FFE00000FF800201C7E9B25>I<FFFC01FF80FFFC01FF800FC0001800
07E000300007E000300007F000700003F000600003F800E00001F800C00001FC00C00000FC0180
0000FC018000007E030000007E030000007F070000003F060000003F8E0000001F8C0000001FCC
0000000FD80000000FD800000007F000000007F000000007F000000003E000000003E000000001
C000000001C00000211C7F9B24>I<0FF8001C1E003E0F803E07803E07C01C07C00007C0007FC0
07E7C01F07C03C07C07C07C0F807C0F807C0F807C0780BC03E13F80FE1F815127F9117>97
D<FF0000FF00001F00001F00001F00001F00001F00001F00001F00001F00001F00001F3F801FE1
E01F80701F00781F003C1F003C1F003E1F003E1F003E1F003E1F003E1F003E1F003C1F003C1F00
781F80701EC1E01C3F00171D7F9C1B>I<03FC000E0E001C1F003C1F00781F00780E00F80000F8
0000F80000F80000F80000F800007800007801803C01801C03000E0E0003F80011127E9115>I<
000FF0000FF00001F00001F00001F00001F00001F00001F00001F00001F00001F001F9F00F07F0
1C03F03C01F07801F07801F0F801F0F801F0F801F0F801F0F801F0F801F07801F07801F03C01F0
1C03F00F0FFE03F9FE171D7E9C1B>I<01FC000F07001C03803C01C07801C07801E0F801E0F801
E0FFFFE0F80000F80000F800007800007C00603C00601E00C00F038001FC0013127F9116>I<00
7F0001E38003C7C00787C00F87C00F83800F80000F80000F80000F80000F8000FFF800FFF8000F
80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F
80007FF8007FF800121D809C0F>I<03F8F00E0F381E0F381C07303C07803C07803C07803C0780
1C07001E0F000E0E001BF8001000001800001800001FFF001FFFC00FFFE01FFFF07801F8F00078
F00078F000787000707800F01E03C007FF00151B7F9118>I<FF0000FF00001F00001F00001F00
001F00001F00001F00001F00001F00001F00001F0FC01F31E01F40F01F80F81F80F81F00F81F00
F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F8FFE7FFFFE7FF181D7F9C1B
>I<1E003F003F003F003F001E00000000000000000000000000FF00FF001F001F001F001F001F
001F001F001F001F001F001F001F001F001F00FFE0FFE00B1E7F9D0E>I<FF0000FF00001F0000
1F00001F00001F00001F00001F00001F00001F00001F00001F0FF81F0FF81F03801F07001F0C00
1F18001F70001FF8001FFC001FBC001F3E001F1F001F0F001F0F801F07C01F03E0FFC7FCFFC7FC
161D7F9C19>107 D<FF00FF001F001F001F001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F001F001F001F001F001F001F00FFE0FFE00B1D7F9C0E>I<FF0FC07E
00FF31E18F001F40F207801F80FC07C01F80FC07C01F00F807C01F00F807C01F00F807C01F00F8
07C01F00F807C01F00F807C01F00F807C01F00F807C01F00F807C01F00F807C01F00F807C0FFE7
FF3FF8FFE7FF3FF825127F9128>I<FF0FC0FF31E01F40F01F80F81F80F81F00F81F00F81F00F8
1F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F8FFE7FFFFE7FF18127F911B>I<01FC
000F07801C01C03C01E07800F07800F0F800F8F800F8F800F8F800F8F800F8F800F87800F07800
F03C01E01E03C00F078001FC0015127F9118>I<FF3F80FFE1E01F80F01F00781F007C1F003C1F
003E1F003E1F003E1F003E1F003E1F003E1F003C1F007C1F00781F80F01FC1E01F3F001F00001F
00001F00001F00001F00001F0000FFE000FFE000171A7F911B>I<FE3E00FE47001E8F801E8F80
1E8F801F07001F00001F00001F00001F00001F00001F00001F00001F00001F00001F0000FFF000
FFF00011127F9114>114 D<1FD830786018E018E018F000FF807FE07FF01FF807FC007CC01CC0
1CE01CE018F830CFC00E127E9113>I<0300030003000300070007000F000F003FFCFFFC1F001F
001F001F001F001F001F001F001F001F0C1F0C1F0C1F0C0F08079803F00E1A7F9913>I<FF07F8
FF07F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F8
1F01F80F01F80786FF01F8FF18127F911B>I<FFC1FCFFC1FC1F00601F80E00F80C00FC0C007C1
8007C18003E30003E30001F60001F60001FE0000FC0000FC0000780000780000300016127F9119
>I<FF8FF8FEFF8FF8FE1F03E0301F03E0301F83E0700F83F0600F86F06007C6F0C007CEF8C007
EC79C003EC7D8003F83D8001F83F0001F83F0001F01F0000F01E0000E00E0000E00E001F127F91
22>I<FFC7FCFFC7FC1F81800F838007C70003EE0001FC0001F80000F800007C0000FE0001DF00
039F00070F800607C00C03E0FF07FCFF07FC16127F9119>I<FFC1FCFFC1FC1F00601F80E00F80
C00FC0C007C18007C18003E30003E30001F70001F60000FE0000FC0000FC000078000078000030
00003000007000706000F86000F8C000F980007300003E0000161A7F9119>I<3FFF803C1F0030
3F00303E00607C0060FC0060F80001F00003F00007E00007C1800F81801F81801F03803E03007E
07007C0F00FFFF0011127F9115>I E /Fs 44 122 df<0001FF803FE000001FFFE3FFF800007F
80FFF01E0000FE007F801F0001F800FF003F0003F801FF007F8007F001FE007F8007F001FE007F
8007F001FE007F8007F000FE003F0007F000FE001E0007F000FE00000007F000FE00000007F000
FE00000007F000FE000000FFFFFFFFFFFF80FFFFFFFFFFFF80FFFFFFFFFFFF8007F000FE003F80
07F000FE003F8007F000FE003F8007F000FE003F8007F000FE003F8007F000FE003F8007F000FE
003F8007F000FE003F8007F000FE003F8007F000FE003F8007F000FE003F8007F000FE003F8007
F000FE003F8007F000FE003F8007F000FE003F8007F000FE003F8007F000FE003F8007F000FE00
3F8007F000FE003F8007F000FE003F8007F000FE003F807FFF0FFFE3FFF87FFF0FFFE3FFF87FFF
0FFFE3FFF8352A7FA939>14 D<1C003E007F00FF80FF80FF807F003E001C0009097B8813>46
D<003F800001FFF00007E0FC000FC07E001F803F001F803F003F001F803F001F807F001FC07F00
1FC07F001FC07F001FC0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF
001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE0FF001FE07F001FC07F001FC0
7F001FC07F001FC03F001F803F001F801F803F001F803F000FC07E0007E0FC0001FFF000003F80
001B277DA622>48 D<000E00001E00007E0007FE00FFFE00FFFE00F8FE0000FE0000FE0000FE00
00FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE00
00FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE00
7FFFFE7FFFFE7FFFFE17277BA622>I<00FF800003FFF0000FFFFC001F03FE003800FF007C007F
80FE003FC0FF003FC0FF003FE0FF001FE0FF001FE07E001FE03C003FE000003FE000003FC00000
3FC000007F8000007F000000FE000000FC000001F8000003F0000003E00000078000000F000000
1E0000003C00E0007000E000E000E001C001C0038001C0070001C00FFFFFC01FFFFFC03FFFFFC0
7FFFFFC0FFFFFF80FFFFFF80FFFFFF801B277DA622>I<007F800003FFF00007FFFC000F81FE00
1F00FF003F80FF003F807F803F807F803F807F801F807F800F007F800000FF000000FF000000FE
000001FC000001F8000007F00000FFC00000FFF0000001FC0000007E0000007F0000007F800000
3FC000003FC000003FE000003FE03C003FE07E003FE0FF003FE0FF003FE0FF003FC0FF007FC07E
007F807C007F003F01FE001FFFFC0007FFF00000FF80001B277DA622>I<00000E0000001E0000
003E0000007E000000FE000000FE000001FE000003FE0000077E00000E7E00000E7E00001C7E00
00387E0000707E0000E07E0000E07E0001C07E0003807E0007007E000E007E000E007E001C007E
0038007E0070007E00E0007E00FFFFFFF8FFFFFFF8FFFFFFF80000FE000000FE000000FE000000
FE000000FE000000FE000000FE000000FE00007FFFF8007FFFF8007FFFF81D277EA622>I<0C00
03000F803F000FFFFE000FFFFC000FFFF8000FFFF0000FFFE0000FFFC0000FFE00000E0000000E
0000000E0000000E0000000E0000000E0000000E7FC0000FFFF8000F80FC000E003E000C003F00
00001F8000001FC000001FC000001FE000001FE018001FE07C001FE0FE001FE0FE001FE0FE001F
E0FE001FC0FC001FC078003F8078003F803C007F001F01FE000FFFF80003FFF00000FF80001B27
7DA622>I<0007F000003FFC0000FFFE0001FC0F0003F01F8007E03F800FC03F801FC03F801F80
3F803F801F003F8000007F0000007F0000007F000000FF000000FF0FC000FF3FF800FF707C00FF
C03E00FFC03F00FF801F80FF801FC0FF001FC0FF001FE0FF001FE0FF001FE07F001FE07F001FE0
7F001FE07F001FE03F001FE03F001FC01F801FC01F803F800FC03F0007E07E0003FFFC0000FFF0
00003FC0001B277DA622>I<380000003E0000003FFFFFF03FFFFFF03FFFFFF07FFFFFE07FFFFF
C07FFFFF807FFFFF0070000E0070000E0070001C00E0003800E0007000E000E0000000E0000001
C000000380000007800000078000000F0000000F0000001F0000001F0000003F0000003E000000
3E0000007E0000007E0000007E0000007E000000FE000000FE000000FE000000FE000000FE0000
00FE000000FE000000FE0000007C0000003800001C297CA822>I<003FC00001FFF00003FFFC00
07C07E000F003F001E001F001E000F803E000F803E000F803F000F803F000F803FC00F003FF01F
001FFC1E001FFE3C000FFFF80007FFE00003FFF80001FFFC0001FFFE0007FFFF000F0FFF801E03
FFC03C01FFC07C007FE078001FE0F80007E0F80007E0F80003E0F80003E0F80003E0F80003C07C
0003C07C0007803F000F001FC03E000FFFFC0003FFF800007FC0001B277DA622>I<007F800001
FFF00007FFF8000FE0FC001F807E003F803F007F003F007F001F80FF001F80FF001FC0FF001FC0
FF001FC0FF001FE0FF001FE0FF001FE0FF001FE07F001FE07F003FE03F003FE01F807FE00F807F
E007C1DFE003FF9FE0007E1FE000001FE000001FC000001FC000001FC000003F801F003F803F80
3F003F803F003F807E003F807C001F01F8001E03F0000FFFE00007FF800001FE00001B277DA622
>I<1C003E007F00FF80FF80FF807F003E001C000000000000000000000000000000000000001C
003E007F00FF80FF80FF807F003E001C00091B7B9A13>I<000003800000000007C00000000007
C0000000000FE0000000000FE0000000000FE0000000001FF0000000001FF0000000003FF80000
00003FF8000000003FF80000000073FC0000000073FC00000000F3FE00000000E1FE00000000E1
FE00000001C0FF00000001C0FF00000003C0FF80000003807F80000007807FC0000007003FC000
0007003FC000000E003FE000000E001FE000001E001FF000001C000FF000001FFFFFF000003FFF
FFF800003FFFFFF80000780007FC0000700003FC0000700003FC0000E00001FE0000E00001FE00
01E00001FF0001C00000FF0001C00000FF00FFFE001FFFFEFFFE001FFFFEFFFE001FFFFE2F297E
A834>65 D<00003FF001800003FFFE0380000FFFFF8780003FF007DF8000FF8001FF8001FE0000
7F8003FC00003F8007F000001F800FF000000F801FE0000007801FE0000007803FC0000007803F
C0000003807FC0000003807F80000003807F8000000000FF8000000000FF8000000000FF800000
0000FF8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF80000000007F
80000000007F80000000007FC0000003803FC0000003803FC0000003801FE0000003801FE00000
07000FF00000070007F000000E0003FC00001E0001FE00003C0000FF8000F800003FF007E00000
0FFFFFC0000003FFFF000000003FF8000029297CA832>67 D<FFFFFFF80000FFFFFFFF8000FFFF
FFFFE00003FC001FF80003FC0007FC0003FC0001FE0003FC0000FF0003FC00007F8003FC00003F
C003FC00001FC003FC00001FE003FC00001FE003FC00000FF003FC00000FF003FC00000FF003FC
00000FF003FC00000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF803FC00000F
F803FC00000FF803FC00000FF803FC00000FF803FC00000FF803FC00000FF003FC00000FF003FC
00000FF003FC00001FE003FC00001FE003FC00001FC003FC00003FC003FC00007F8003FC00007F
0003FC0001FE0003FC0003FC0003FC001FF800FFFFFFFFE000FFFFFFFF8000FFFFFFFC00002D29
7DA835>I<FFFFFFFFE0FFFFFFFFE0FFFFFFFFE003FC001FE003FC0007F003FC0001F003FC0001
F003FC0000F003FC00007003FC00007003FC00007003FC01C07803FC01C03803FC01C03803FC01
C03803FC03C00003FC03C00003FC0FC00003FFFFC00003FFFFC00003FFFFC00003FC0FC00003FC
03C00003FC03C00003FC01C00E03FC01C00E03FC01C00E03FC01C01C03FC00001C03FC00001C03
FC00001C03FC00003C03FC00003803FC00007803FC0000F803FC0001F803FC0003F803FC001FF8
FFFFFFFFF0FFFFFFFFF0FFFFFFFFF027297DA82D>I<FFFFFCFFFFFCFFFFFC01FE0001FE0001FE
0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE
0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE
0001FE0001FE0001FE0001FE0001FE0001FE00FFFFFCFFFFFCFFFFFC16297EA81A>73
D<FFFFFFF800FFFFFFFF00FFFFFFFFC003FC003FE003FC000FF003FC0007F803FC0007FC03FC00
03FC03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC0003FE03FC
0003FC03FC0007FC03FC0007F803FC000FF003FC003FE003FFFFFF8003FFFFFE0003FC00000003
FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC000000
03FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC000000FFFFF000
00FFFFF00000FFFFF0000027297DA82F>80 D<FFFFFFE00000FFFFFFFE0000FFFFFFFF800003FC
007FE00003FC000FF00003FC0007F80003FC0007FC0003FC0003FC0003FC0003FE0003FC0003FE
0003FC0003FE0003FC0003FE0003FC0003FE0003FC0003FE0003FC0003FC0003FC0007F80003FC
0007F80003FC001FE00003FC007FC00003FFFFFE000003FFFFF0000003FC00FC000003FC007F00
0003FC003F800003FC003F800003FC001FC00003FC001FE00003FC001FE00003FC001FE00003FC
001FE00003FC001FE00003FC001FF00003FC001FF00003FC001FF00003FC001FF00703FC001FF8
0703FC000FF80703FC0007F80EFFFFF003FE1CFFFFF001FFF8FFFFF0003FF030297DA834>82
D<007F806003FFF0E007FFF9E00F807FE01F001FE03E0007E07C0003E07C0001E0FC0001E0FC00
01E0FC0000E0FE0000E0FE0000E0FF000000FFC000007FFE00007FFFE0003FFFFC001FFFFE000F
FFFF8007FFFFC003FFFFE000FFFFE00007FFF000007FF000000FF8000007F8000003F8600001F8
E00001F8E00001F8E00001F8F00001F0F00001F0F80003F0FC0003E0FF0007C0FFE01F80F3FFFF
00E0FFFE00C01FF0001D297CA826>I<7FFFFFFFFFC07FFFFFFFFFC07FFFFFFFFFC07F803FC03F
C07E003FC007C078003FC003C078003FC003C070003FC001C0F0003FC001E0F0003FC001E0E000
3FC000E0E0003FC000E0E0003FC000E0E0003FC000E0E0003FC000E000003FC0000000003FC000
0000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000000000
3FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000
0000003FC0000000003FC0000000003FC0000000003FC0000000003FC0000000003FC000000000
3FC00000007FFFFFE000007FFFFFE000007FFFFFE0002B287EA730>I<FFFFF0003FFF80FFFFF0
003FFF80FFFFF0003FFF8003FE000001E00001FE000001C00001FF000003C00000FF0000038000
00FF0000038000007F8000070000007F8000070000007FC0000F0000003FC0000E0000003FE000
1E0000001FE0001C0000001FF0001C0000000FF000380000000FF0003800000007F80070000000
07F8007000000007FC00F000000003FC00E000000003FE01E000000001FE01C000000001FF01C0
00000000FF038000000000FF038000000000FF8780000000007F8700000000007FCF0000000000
3FCE00000000003FFE00000000001FFC00000000001FFC00000000000FF800000000000FF80000
0000000FF8000000000007F0000000000007F0000000000003E0000000000003E0000000000001
C000000031297FA834>86 D<01FF800007FFF0000F81F8001FC07E001FC07E001FC03F000F803F
8007003F8000003F8000003F8000003F80000FFF8000FFFF8007FC3F800FE03F803F803F803F00
3F807F003F80FE003F80FE003F80FE003F80FE003F807E007F807F00DF803F839FFC0FFF0FFC01
FC03FC1E1B7E9A21>97 D<001FF80000FFFE0003F01F0007E03F800FC03F801F803F803F801F00
7F800E007F0000007F000000FF000000FF000000FF000000FF000000FF000000FF000000FF0000
007F0000007F0000007F8000003F8001C01F8001C00FC0038007E0070003F01E0000FFFC00001F
E0001A1B7E9A1F>99 D<00003FF80000003FF80000003FF800000003F800000003F800000003F8
00000003F800000003F800000003F800000003F800000003F800000003F800000003F800000003
F800000003F800001FE3F80000FFFBF80003F03FF80007E00FF8000FC007F8001F8003F8003F80
03F8007F0003F8007F0003F8007F0003F800FF0003F800FF0003F800FF0003F800FF0003F800FF
0003F800FF0003F800FF0003F8007F0003F8007F0003F8007F0003F8003F8003F8001F8003F800
0F8007F80007C00FF80003F03BFF8000FFF3FF80003FC3FF80212A7EA926>I<003FE00001FFF8
0003F07E0007C01F000F801F801F800F803F800FC07F000FC07F0007C07F0007E0FF0007E0FF00
07E0FFFFFFE0FFFFFFE0FF000000FF000000FF0000007F0000007F0000007F0000003F8000E01F
8000E00FC001C007E0038003F81F0000FFFE00001FF0001B1B7E9A20>I<0007F0003FFC00FE3E
01F87F03F87F03F07F07F07F07F03E07F00007F00007F00007F00007F00007F00007F000FFFFC0
FFFFC0FFFFC007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F000
07F00007F00007F00007F00007F00007F00007F00007F00007F00007F0007FFF807FFF807FFF80
182A7EA915>I<00FF81F003FFE7F80FC1FE7C1F80FC7C1F007C383F007E107F007F007F007F00
7F007F007F007F007F007F007F007F003F007E001F007C001F80FC000FC1F8001FFFE00018FF80
0038000000380000003C0000003E0000003FFFF8001FFFFF001FFFFF800FFFFFC007FFFFE01FFF
FFF03E0007F07C0001F8F80000F8F80000F8F80000F8F80000F87C0001F03C0001E01F0007C00F
C01F8003FFFE00007FF0001E287E9A22>I<FFE0000000FFE0000000FFE00000000FE00000000F
E00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE0000000
0FE00000000FE00000000FE00000000FE07F00000FE1FFC0000FE787E0000FEE03F0000FF803F0
000FF803F8000FF003F8000FF003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003
F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE0
03F8000FE003F8000FE003F8000FE003F800FFFE3FFF80FFFE3FFF80FFFE3FFF80212A7DA926>
I<07000FC01FE03FE03FE03FE01FE00FC007000000000000000000000000000000FFE0FFE0FFE0
0FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00F
E00FE0FFFEFFFEFFFE0F2B7DAA14>I<FFE00000FFE00000FFE000000FE000000FE000000FE000
000FE000000FE000000FE000000FE000000FE000000FE000000FE000000FE000000FE000000FE0
1FFC0FE01FFC0FE01FFC0FE007800FE00F000FE01E000FE03C000FE078000FE0E0000FE3C0000F
E7C0000FEFE0000FFFE0000FFFF0000FF3F8000FE3F8000FC1FC000FC0FE000FC07F000FC07F00
0FC03F800FC01FC00FC00FC00FC00FE0FFFC3FFEFFFC3FFEFFFC3FFE1F2A7EA924>107
D<FFE0FFE0FFE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE0
0FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00F
E0FFFEFFFEFFFE0F2A7DA914>I<FFC07F800FF000FFC1FFE03FFC00FFC383F0707E000FC603F8
C07F000FCC01F9803F000FD801FF003F800FF001FE003F800FF001FE003F800FE001FC003F800F
E001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC00
3F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE001FC003F800FE0
01FC003F800FE001FC003F800FE001FC003F800FE001FC003F80FFFE1FFFC3FFF8FFFE1FFFC3FF
F8FFFE1FFFC3FFF8351B7D9A3A>I<FFC07F0000FFC1FFC000FFC787E0000FCE03F0000FD803F0
000FD803F8000FF003F8000FF003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003
F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE0
03F8000FE003F8000FE003F8000FE003F800FFFE3FFF80FFFE3FFF80FFFE3FFF80211B7D9A26>
I<003FE00001FFFC0003F07E000FC01F801F800FC03F800FE03F0007E07F0007F07F0007F07F00
07F0FF0007F8FF0007F8FF0007F8FF0007F8FF0007F8FF0007F8FF0007F8FF0007F87F0007F07F
0007F03F800FE03F800FE01F800FC00FC01F8007F07F0001FFFC00003FE0001D1B7E9A22>I<FF
E1FE0000FFE7FF8000FFFE07E0000FF803F0000FF001F8000FE000FC000FE000FE000FE000FF00
0FE0007F000FE0007F000FE0007F800FE0007F800FE0007F800FE0007F800FE0007F800FE0007F
800FE0007F800FE0007F000FE000FF000FE000FF000FE000FE000FE001FC000FF001F8000FF803
F0000FFE0FE0000FE7FF80000FE1FC00000FE00000000FE00000000FE00000000FE00000000FE0
0000000FE00000000FE00000000FE00000000FE0000000FFFE000000FFFE000000FFFE00000021
277E9A26>I<FFC1F0FFC7FCFFCE3E0FD87F0FD87F0FF07F0FF03E0FF01C0FE0000FE0000FE000
0FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE000
FFFF00FFFF00FFFF00181B7E9A1C>114 D<03FE300FFFF01E03F03800F0700070F00070F00070
F80070FC0000FFE0007FFE007FFF803FFFE01FFFF007FFF800FFF80003FC0000FC60007CE0003C
F0003CF00038F80038FC0070FF01E0F7FFC0C1FF00161B7E9A1B>I<0070000070000070000070
0000F00000F00000F00001F00003F00003F00007F0001FFFF0FFFFF0FFFFF007F00007F00007F0
0007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F03807F03807F0
3807F03807F03807F03803F03803F87001F86000FFC0001F8015267FA51B>I<FFE03FF800FFE0
3FF800FFE03FF8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000F
E003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F8000FE003F800
0FE003F8000FE003F8000FE003F8000FE003F8000FE007F80007E007F80007E00FF80003F03BFF
8001FFF3FF80003FC3FF80211B7D9A26>I<FFFE7FFC0FFEFFFE7FFC0FFEFFFE7FFC0FFE0FE007
E000E007F003F001C007F003F001C007F807F803C003F807F8038003F807F8038001FC0EFC0700
01FC0EFC070001FE1EFC0F0000FE1C7E0E0000FE1C7E0E0000FF383F1E00007F383F1C00007F78
3F3C00003FF01FB800003FF01FB800003FF01FF800001FE00FF000001FE00FF000000FC007E000
000FC007E000000FC007E00000078003C00000078003C0002F1B7F9A32>119
D<FFFC0FFF00FFFC0FFF00FFFC0FFF0007F003C00003F807800001FC07800000FE0F000000FF1E
0000007F3C0000003FF80000001FF00000000FF00000000FF000000007F000000007F80000000F
FC0000001FFE0000001EFE0000003C7F000000783F800000F01FC00001E01FE00001C00FE00003
C007F000FFF01FFF80FFF01FFF80FFF01FFF80211B7F9A24>I<FFFE03FF80FFFE03FF80FFFE03
FF8007F000700007F000700007F800F00003F800E00003FC01E00001FC01C00001FC01C00000FE
03800000FE038000007F070000007F070000007F8F0000003F8E0000003FDE0000001FDC000000
1FDC0000000FF80000000FF80000000FF800000007F000000007F000000003E000000003E00000
0001C000000001C000000003800000000380000038078000007C07000000FE0F000000FE0E0000
00FE1E000000FE3C0000007C780000003FE00000000FC000000021277F9A24>I
E /Ft 42 122 df<01F8000604000C0E00180E00180000180000180000FFFE0018060018060018
06001806001806001806001806001806001806001806001806007E1F801114809313>12
D<01020408103020606040C0C0C0C0C0C0C0C0C0C040606020301008040201081E7E950D>40
D<80402010080C0406060203030303030303030303020606040C0810204080081E7E950D>I<00
6000006000006000006000006000006000006000006000006000006000FFFFF0FFFFF000600000
600000600000600000600000600000600000600000600000600014167E9119>43
D<0F0030C0606060604020C030C030C030C030C030C030C030C030C03040206060606030C00F00
0C137E9211>48 D<0C001C00EC000C000C000C000C000C000C000C000C000C000C000C000C000C
000C000C00FFC00A137D9211>I<1F0060C06060F070F030603000700070006000C001C0018002
0004000810101020207FE0FFE00C137E9211>I<0FC030707038703870380038003000E00FC000
7000380018001C601CF01CF018E03860701FC00E137F9211>I<006000E000E00160026006600C
600860106020606060C060FFFC0060006000600060006003FC0E137F9211>I<60607FC07F8044
004000400040004F0070C040E0006000700070E070E070E06040E021C01F000C137E9211>I<07
C00C201070207060006000C000CF00D0C0E060C020C030C030C03040306020206010C00F000C13
7E9211>I<40007FFC7FF8401080108020004000800100010003000200060006000E000E000E00
0E000E0004000E147E9311>I<0FC0003000084008600870083C103F600F800FE031F06078C01C
C00CC00CC00C601830300FC00E137F9211>I<0F00308060404060C020C030C030C03040306070
30B00F30003000200060E040E08041003E000C137E9211>I<0030000030000078000078000078
00009C00009C00011E00010E00010E0002070002070004038007FF800403800801C00801C01000
E03800E0FE07FC16147F9319>65 D<FFFC001C07001C01C01C00E01C00601C00701C00301C0038
1C00381C00381C00381C00381C00381C00301C00701C00601C00E01C01C01C0380FFFC0015147F
9319>68 D<FFFF801C03801C00801C00801C00401C00401C08401C08001C18001FF8001C18001C
08001C08201C00201C00201C00601C00401C00C01C01C0FFFFC013147F9316>I<FC01FC1E0070
17002017802013802011C02010E020107020107020103820101C20100E20100F201007201003A0
1001E01000E01000E0380060FE002016147F9319>78 D<FFFC001C07001C03801C01C01C01C01C
01C01C01C01C01C01C03801C07001FFC001C00001C00001C00001C00001C00001C00001C00001C
0000FF800012147F9316>80 D<FFF8001C07001C03801C01C01C01C01C01C01C01C01C03801C07
001FF8001C0E001C07001C03801C03801C03801C03801C03841C03841C01CCFF80F816147F9318
>82 D<1F1030F06030C030C010C010E00070007F003FC00FF000F000380018801880188018C030
F0608FC00D147E9312>I<FF00FC3C00301E00200E004007004007808003C10001C10001E20000
F60000740000380000380000380000380000380000380000380000380001FF0016147F9319>89
D<FCFCC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FCFC061D7E9509>91
D<FCFC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0CFCFC061D809509>93
D<7F00E1C0E0404060006007E038606060C060C064C06461E43E380E0D7E8C11>97
D<0FE0187020706020C000C000C000C000C0006000201018200FC00C0D7F8C0F>99
D<00780018001800180018001800180F98187820386018C018C018C018C018C018601820381058
0F9E0F147F9312>I<0F80104020206030C010FFF0C000C000C0006000201018200FC00C0D7F8C
0F>I<0F3C30E62040606060606060204030C02F00600060003FE03FF06018C00CC00CC00C6018
30300FC00F147F8C11>103 D<F00030003000300030003000300033E034303818301830183018
301830183018301830183018FC7E0F147F9312>I<2070200000000000F0303030303030303030
3030FC06157F9409>I<F00030003000300030003000300030F8306030403080330037003B8031
8030C0306030703030FC7C0E147F9311>107 D<F0303030303030303030303030303030303030
FC06147F9309>I<F3E1F0343218381C0C30180C30180C30180C30180C30180C30180C30180C30
180C30180CFC7E3F180D7F8C1B>I<F3E034303818301830183018301830183018301830183018
FC7E0F0D7F8C12>I<0FC0186020106018C00CC00CC00CC00CC00C6018601838700FC00E0D7F8C
11>I<F3E034303808300C30063006300630063006300C3808343033E030003000300030003000
FC000F137F8C12>I<F3C034E038E0304030003000300030003000300030003000FE000B0D7F8C
0D>114 D<3E806180C080C080E0007E003F8003C080C080C0C0C0E1809F000A0D7F8C0D>I<1000
1000100030007000FF80300030003000300030003000300030803080308011000E0009127F910D
>I<F87CF8707030305820305820188840188C40188C400D04800D06800D068006030006030006
0300150D7F8C18>119 D<F87C301830101820182018200C400C40068006800780030003000200
0200E600E400E80070000E137F8C11>121 D E /Fu 6 107 df<FFFFFF80FFFFFF8019027D8A20
>0 D<60F0F06004047C8B0C>I<03C00FF01FF83FFC7FFE7FFEFFFFFFFFFFFFFFFF7FFE7FFE3FFC
1FF80FF003C010107E9115>15 D<00000004000000000200000000020000000001000000000080
0000000040FFFFFFFFF8FFFFFFFFF8000000004000000000800000000100000000020000000002
000000000400250E7E902A>33 D<0000030000000003000000000180000000018000000000C000
00000060007FFFFFF000FFFFFFF8000000000E00000000070000000001E0000000007800000001
E0000000038000000006000000001C00FFFFFFF8007FFFFFF0000000006000000000C000000001
800000000180000000030000000003000025187E952A>41 D<C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C002297B9E0C>106
D E /Fv 54 122 df<000FF000007FFC0001F80E0003E01F0007C03F000F803F000F803F000F80
1E000F800C000F8000000F8000000F8000000F800000FFFFFF00FFFFFF000F801F000F801F000F
801F000F801F000F801F000F801F000F801F000F801F000F801F000F801F000F801F000F801F00
0F801F000F801F000F801F000F801F000F801F000F801F007FF0FFE07FF0FFE01B237FA21F>12
D<FFFCFFFCFFFCFFFC0E047F8C13>45 D<387CFEFEFE7C3807077C8610>I<00180000780001F8
00FFF800FFF80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F8
0001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F8
0001F8007FFFE07FFFE013207C9F1C>49 D<03FC000FFF003C1FC07007E07C07F0FE03F0FE03F8
FE03F8FE01F87C01F83803F80003F80003F00003F00007E00007C0000F80001F00003E00003800
00700000E01801C0180380180700180E00380FFFF01FFFF03FFFF07FFFF0FFFFF0FFFFF015207D
9F1C>I<00FE0007FFC00F07E01E03F03F03F03F81F83F81F83F81F81F03F81F03F00003F00003
E00007C0001F8001FE0001FF000007C00001F00001F80000FC0000FC3C00FE7E00FEFF00FEFF00
FEFF00FEFF00FC7E01FC7801F81E07F00FFFC001FE0017207E9F1C>I<0000E00001E00003E000
03E00007E0000FE0001FE0001FE00037E00077E000E7E001C7E00187E00307E00707E00E07E00C
07E01807E03807E07007E0E007E0FFFFFEFFFFFE0007E00007E00007E00007E00007E00007E000
07E000FFFE00FFFE17207E9F1C>I<1000201E01E01FFFC01FFF801FFF001FFE001FF8001BC000
18000018000018000018000019FC001FFF001E0FC01807E01803E00003F00003F00003F80003F8
3803F87C03F8FE03F8FE03F8FC03F0FC03F07007E03007C01C1F800FFF0003F80015207D9F1C>
I<001F8000FFE003F07007C0F00F01F81F01F83E01F83E01F87E00F07C00007C0000FC0800FC7F
C0FCFFE0FD80F0FF00F8FE007CFE007CFC007EFC007EFC007EFC007E7C007E7C007E7C007E3C00
7C3E007C1E00F80F00F00783E003FFC000FF0017207E9F1C>I<6000007800007FFFFE7FFFFE7F
FFFC7FFFF87FFFF87FFFF0E00060E000C0C00180C00300C00300000600000C00001C0000180000
380000780000780000F00000F00000F00001F00001F00001F00003F00003F00003F00003F00003
F00003F00003F00001E00017227DA11C>I<00FE0003FFC00601E00C0070180070180038380038
3C00383F00383F80783FE0701FF8E01FFFC00FFF8007FFC003FFE007FFF01E7FF83C1FFC7807FC
7801FEF000FEF0003EF0001EF0001EF0001CF8001C7800383C00381F01F00FFFC001FF0017207E
9F1C>I<01FE0007FF800F83E01E01F03E00F07C00F87C0078FC007CFC007CFC007CFC007EFC00
7EFC007EFC007E7C00FE7C00FE3E01FE1E037E0FFE7E07FC7E00207E00007C00007C1E007C3F00
F83F00F83F00F03F01E01E03C01C0F800FFE0003F80017207E9F1C>I<00007000000000700000
0000F800000000F800000000F800000001FC00000001FC00000003FE00000003FE00000003FE00
000006FF000000067F0000000E7F8000000C3F8000000C3F800000183FC00000181FC00000381F
E00000300FE00000300FE00000600FF000006007F00000E007F80000FFFFF80000FFFFF8000180
01FC00018001FC00038001FE00030000FE00030000FE000600007F000600007F00FFE00FFFF8FF
E00FFFF825227EA12A>65 D<0003FE0080001FFF818000FF01E38001F8003F8003E0001F8007C0
000F800F800007801F800007803F000003803F000003807F000001807E000001807E00000180FE
00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000
7E000000007E000001807F000001803F000001803F000003801F800003000F8000030007C00006
0003F0000C0001F800380000FF00F000001FFFC0000003FE000021227DA128>67
D<FFFFFF8000FFFFFFF00007F003FC0007F0007E0007F0003F0007F0001F8007F0000FC007F000
07E007F00007E007F00007F007F00003F007F00003F007F00003F007F00003F807F00003F807F0
0003F807F00003F807F00003F807F00003F807F00003F807F00003F807F00003F807F00003F007
F00003F007F00003F007F00007E007F00007E007F0000FC007F0001F8007F0003F0007F0007E00
07F003FC00FFFFFFF000FFFFFF800025227EA12B>I<FFFFFFFCFFFFFFFC07F000FC07F0003C07
F0001C07F0000C07F0000E07F0000E07F0000607F0180607F0180607F0180607F0180007F03800
07F0780007FFF80007FFF80007F0780007F0380007F0180007F0180007F0180307F0180307F000
0307F0000607F0000607F0000607F0000E07F0000E07F0001E07F0003E07F001FCFFFFFFFCFFFF
FFFC20227EA125>I<FFFFFFF8FFFFFFF807F001F807F0007807F0003807F0001807F0001C07F0
001C07F0000C07F0000C07F0180C07F0180C07F0180007F0180007F0380007F0780007FFF80007
FFF80007F0780007F0380007F0180007F0180007F0180007F0180007F0000007F0000007F00000
07F0000007F0000007F0000007F0000007F00000FFFFE000FFFFE0001E227EA123>I<0003FE00
40001FFFC0C0007F00F1C001F8003FC003F0000FC007C00007C00FC00003C01F800003C03F0000
01C03F000001C07F000000C07E000000C07E000000C0FE00000000FE00000000FE00000000FE00
000000FE00000000FE00000000FE00000000FE000FFFFC7E000FFFFC7F00001FC07F00001FC03F
00001FC03F00001FC01F80001FC00FC0001FC007E0001FC003F0001FC001FC003FC0007F80E7C0
001FFFC3C00003FF00C026227DA12C>I<FFFF83FFFEFFFF83FFFE07F0001FC007F0001FC007F0
001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007
F0001FC007F0001FC007F0001FC007FFFFFFC007FFFFFFC007F0001FC007F0001FC007F0001FC0
07F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001FC007F0001F
C007F0001FC007F0001FC007F0001FC007F0001FC0FFFF83FFFEFFFF83FFFE27227EA12C>I<FF
FFE0FFFFE003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003
F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003
F80003F80003F80003F80003F80003F800FFFFE0FFFFE013227FA115>I<FFFFE000FFFFE00007
F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F00000
07F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F000
1807F0001807F0001807F0001807F0003807F0003807F0007007F0007007F000F007F001F007F0
07F0FFFFFFF0FFFFFFF01D227EA122>76 D<FFF000000FFFFFF800001FFF07F800001FE006FC00
0037E006FC000037E006FC000037E0067E000067E0067E000067E0063F0000C7E0063F0000C7E0
061F800187E0061F800187E0060FC00307E0060FC00307E0060FC00307E00607E00607E00607E0
0607E00603F00C07E00603F00C07E00601F81807E00601F81807E00601F81807E00600FC3007E0
0600FC3007E006007E6007E006007E6007E006003FC007E006003FC007E006001F8007E006001F
8007E006001F8007E006000F0007E0FFF00F00FFFFFFF00600FFFF30227EA135>I<FFF8001FFE
FFFC001FFE07FC0000C007FE0000C006FF0000C0067F8000C0063FC000C0061FE000C0060FE000
C0060FF000C00607F800C00603FC00C00601FE00C00600FE00C00600FF00C006007F80C006003F
C0C006001FE0C006000FF0C0060007F0C0060007F8C0060003FCC0060001FEC0060000FFC00600
007FC00600007FC00600003FC00600001FC00600000FC006000007C006000003C006000003C0FF
F00001C0FFF00000C027227EA12C>I<0007FC0000003FFF800000FC07E00003F001F80007E000
FC000FC0007E001F80003F001F80003F003F00001F803F00001F807F00001FC07E00000FC07E00
000FC0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE
00000FE0FE00000FE07E00000FC07F00001FC07F00001FC03F00001F803F80003F801F80003F00
0FC0007E0007E000FC0003F001F80000FC07E000003FFF80000007FC000023227DA12A>I<FFFF
FF00FFFFFFE007F007F007F001FC07F000FC07F0007E07F0007E07F0007F07F0007F07F0007F07
F0007F07F0007F07F0007E07F0007E07F000FC07F001FC07F007F007FFFFE007FFFF0007F00000
07F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F000
0007F0000007F00000FFFF8000FFFF800020227EA126>I<0007FC0000003FFF800000FC07E000
03F001F80007E000FC000FC0007E001F80003F001F80003F003F00001F803F00001F807F00001F
C07E00000FC07E00000FC0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE00000FE0FE0000
0FE0FE00000FE0FE00000FE0FE00000FE07E00000FC07F00001FC07F00001FC03F00001F803F81
F03F801F83F83F000FC70C7E0007E606FC0003F607F80000FF07E000003FFF80000007FF802000
00038020000001C020000001E0E0000001FFE0000001FFC0000000FFC0000000FFC00000007F80
0000007F000000001E00232C7DA12A>I<FFFFFE0000FFFFFFC00007F007F00007F001F80007F0
00FC0007F0007E0007F0007F0007F0007F0007F0007F0007F0007F0007F0007F0007F0007F0007
F0007E0007F000FC0007F001F80007F007F00007FFFFC00007FFFF800007F00FE00007F007F000
07F003F80007F001FC0007F001FC0007F001FC0007F001FC0007F001FC0007F001FC0007F001FC
0007F001FC0007F001FC0607F000FE0607F000FF0CFFFF803FF8FFFF800FF027227EA12A>I<01
FC0407FF8C1F03FC3C007C7C003C78001C78001CF8000CF8000CFC000CFC0000FF0000FFE0007F
FF007FFFC03FFFF01FFFF80FFFFC03FFFE003FFE0003FF00007F00003F00003FC0001FC0001FC0
001FE0001EE0001EF0003CFC003CFF00F8C7FFE080FF8018227DA11F>I<7FFFFFFF807FFFFFFF
807E03F80F807803F807807003F803806003F80180E003F801C0E003F801C0C003F800C0C003F8
00C0C003F800C0C003F800C00003F800000003F800000003F800000003F800000003F800000003
F800000003F800000003F800000003F800000003F800000003F800000003F800000003F8000000
03F800000003F800000003F800000003F800000003F800000003F800000003F8000003FFFFF800
03FFFFF80022227EA127>I<FFFF803FFCFFFF803FFC07F000018007F000018007F000018007F0
00018007F000018007F000018007F000018007F000018007F000018007F000018007F000018007
F000018007F000018007F000018007F000018007F000018007F000018007F000018007F0000180
07F000018007F000018007F000018007F000018007F000018003F000030003F800030001F80006
0000FC000E00007E001C00003F80F800000FFFE0000001FF000026227EA12B>I<FFFF800FFEFF
FF800FFE07F00000C007F80000C003F800018003F800018001FC00030001FC00030001FE000700
00FE00060000FF000600007F000C00007F800C00003F801800003F801800003FC03800001FC030
00001FE03000000FE06000000FF060000007F0C0000007F0C0000007F9C0000003F980000003FD
80000001FF00000001FF00000000FE00000000FE00000000FE000000007C000000007C00000000
380000000038000027227FA12A>I<07FC001FFF803F07C03F03E03F01E03F01F01E01F00001F0
0001F0003FF003FDF01FC1F03F01F07E01F0FC01F0FC01F0FC01F0FC01F07E02F07E0CF81FF87F
07E03F18167E951B>97 D<FF000000FF0000001F0000001F0000001F0000001F0000001F000000
1F0000001F0000001F0000001F0000001F0000001F0000001F0FE0001F3FF8001FF07C001F801E
001F001F001F000F801F000F801F000FC01F000FC01F000FC01F000FC01F000FC01F000FC01F00
0FC01F000FC01F000F801F001F801F801F001FC03E001EE07C001C3FF800180FC0001A237EA21F
>I<00FF8007FFE00F83F01F03F03E03F07E03F07C01E07C0000FC0000FC0000FC0000FC0000FC
0000FC00007C00007E00007E00003E00301F00600FC0E007FF8000FE0014167E9519>I<0001FE
000001FE0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E000000
3E0000003E0000003E0001FC3E0007FFBE000F81FE001F007E003E003E007E003E007C003E00FC
003E00FC003E00FC003E00FC003E00FC003E00FC003E00FC003E00FC003E007C003E007C003E00
3E007E001E00FE000F83BE0007FF3FC001FC3FC01A237EA21F>I<00FE0007FF800F87C01E01E0
3E01F07C00F07C00F8FC00F8FC00F8FFFFF8FFFFF8FC0000FC0000FC00007C00007C00007E0000
3E00181F00300FC07003FFC000FF0015167E951A>I<003F8000FFC001E3E003C7E007C7E00F87
E00F83C00F80000F80000F80000F80000F80000F8000FFFC00FFFC000F80000F80000F80000F80
000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80
000F80007FF8007FF80013237FA211>I<03FC1E0FFF7F1F0F8F3E07CF3C03C07C03E07C03E07C
03E07C03E07C03E03C03C03E07C01F0F801FFF0013FC003000003000003800003FFF801FFFF00F
FFF81FFFFC3800FC70003EF0001EF0001EF0001EF0001E78003C7C007C3F01F80FFFE001FF0018
217E951C>I<FF000000FF0000001F0000001F0000001F0000001F0000001F0000001F0000001F
0000001F0000001F0000001F0000001F0000001F07E0001F1FF8001F307C001F403C001F803E00
1F803E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E
001F003E001F003E001F003E001F003E001F003E00FFE1FFC0FFE1FFC01A237EA21F>I<1C003F
007F007F007F003F001C000000000000000000000000000000FF00FF001F001F001F001F001F00
1F001F001F001F001F001F001F001F001F001F001F001F001F00FFE0FFE00B247EA310>I<FF00
0000FF0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F
0000001F0000001F0000001F00FF801F00FF801F0038001F0060001F01C0001F0380001F070000
1F0E00001F1C00001F7E00001FFF00001FCF00001F0F80001F07C0001F03E0001F01E0001F01F0
001F00F8001F007C001F003C00FFE0FFC0FFE0FFC01A237EA21E>107 D<FF00FF001F001F001F
001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F001F001F001F00FFE0FFE00B237EA210>I<FF07F007F000FF1FFC1F
FC001F303E303E001F403E403E001F801F801F001F801F801F001F001F001F001F001F001F001F
001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F00FFE0FFE0FFE0FF
E0FFE0FFE02B167E952F>I<FF07E000FF1FF8001F307C001F403C001F803E001F803E001F003E
001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F00
3E001F003E001F003E001F003E00FFE1FFC0FFE1FFC01A167E951F>I<00FE0007FFC00F83E01E
00F03E00F87C007C7C007C7C007CFC007EFC007EFC007EFC007EFC007EFC007EFC007E7C007C7C
007C3E00F81F01F00F83E007FFC000FE0017167E951C>I<FF0FE000FF3FF8001FF07C001F803E
001F001F001F001F801F001F801F000FC01F000FC01F000FC01F000FC01F000FC01F000FC01F00
0FC01F000FC01F001F801F001F801F803F001FC03E001FE0FC001F3FF8001F0FC0001F0000001F
0000001F0000001F0000001F0000001F0000001F0000001F000000FFE00000FFE000001A207E95
1F>I<FE1F00FE3FC01E67E01EC7E01E87E01E87E01F83C01F00001F00001F00001F00001F0000
1F00001F00001F00001F00001F00001F00001F00001F0000FFF000FFF00013167E9517>114
D<0FF3003FFF00781F00600700E00300E00300F00300FC00007FE0007FF8003FFE000FFF0001FF
00000F80C00780C00380E00380E00380F00700FC0E00EFFC00C7F00011167E9516>I<01800001
80000180000180000380000380000780000780000F80003F8000FFFF00FFFF000F80000F80000F
80000F80000F80000F80000F80000F80000F80000F80000F80000F81800F81800F81800F81800F
81800F830007C30003FE0000F80011207F9F16>I<FF01FE00FF01FE001F003E001F003E001F00
3E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F
003E001F003E001F003E001F007E001F00FE000F81BE0007FF3FC001FC3FC01A167E951F>I<FF
E01FE0FFE01FE00F8006000F8006000FC00E0007C00C0007E01C0003E0180003E0180001F03000
01F0300000F8600000F86000007CC000007CC000007FC000003F8000003F8000001F0000001F00
00000E0000000E00001B167F951E>I<FFE7FF07F8FFE7FF07F81F007800C00F807801800F807C
01800F807C018007C07E030007C0DE030007E0DE070003E0DF060003E18F060001F18F0C0001F3
8F8C0001FB079C0000FB07D80000FE03D800007E03F000007E03F000007C01F000003C01E00000
3800E000001800C00025167F9528>I<FFE07FC0FFE07FC00F801C0007C0380003E0700003F060
0001F8C00000F98000007F8000003F0000001F0000001F8000003FC0000037C0000063E00000C1
F00001C0F8000380FC0007007E000E003E00FF80FFE0FF80FFE01B167F951E>I<FFE01FE0FFE0
1FE00F8006000F8006000FC00E0007C00C0007E01C0003E0180003E0180001F0300001F0300000
F8600000F86000007CC000007CC000007FC000003F8000003F8000001F0000001F0000000E0000
000E0000000C0000000C00000018000078180000FC380000FC300000FC60000069C000007F8000
001F0000001B207F951E>I E /Fw 55 123 df<0001FC3C00060E67000C0EC7001C0DC6001C01
C0003801C0003803800038038000380380003803800070038007FFFFF800700700007007000070
070000E0070000E00E0000E00E0000E00E0000E00E0001C00E0001C01C0001C01C0001C01C0001
C01C0003801C0003803800038038000380380003003800070030000700700006006000C6606000
E470C000C8618000703E00002025819C19>11 D<0001FC000703000C03001C07001C0300180000
380000380000380000380000700007FFFC00701C00701C00701C00E03800E03800E03800E03800
E07001C07001C07001C07001C0E201C0E201C0E20380E403806403803803800003000007000006
0000C60000E40000CC00007000001825819C17>I<0001FDC000070FC0000C0FC0001C0F80001C
038000380380003803800038070000380700003807000070070007FFFE0000700E0000700E0000
700E0000E01C0000E01C0000E01C0000E01C0000E0380001C0380001C0380001C0380001C07100
01C0710003807100038072000380320003801C0003800000030000000700000006000000C60000
00E4000000CC000000700000001A25819C18>I<18303C783C783C780408040808100810102020
40408081000D0C799C15>34 D<183C3C3C0404080810204080060C779C0D>39
D<00030006000800180030006000C000C0018003000300060006000C000C001C00180018003800
30003000700070006000600060006000E000E000E000E000E00060006000600060006000200030
00100008000800102A7B9E11>I<001000100008000C0004000600060006000600060007000700
07000700070006000600060006000E000E000C000C001C001800180038003000300060006000C0
00C001800300030006000C00180010006000C000102A809E11>I<000100000300000300000300
000300000600000600000600000600000C00000C00000C00FFFFFFFFFFFF001800001800001800
003000003000003000003000006000006000006000006000004000181A7A9620>43
D<183878380808101020404080050C7D830D>I<FFC0FFC0FFC00A037D890F>I<3078F06005047C
830D>I<00000200000600000600000C00000C0000180000300000300000600000600000C00000
C0000180000180000300000600000600000C00000C0000180000180000300000300000600000C0
0000C0000180000180000300000300000600000C00000C00001800001800003000003000006000
00600000C0000080000017297F9E15>I<00020006000C001C007C039C00380038003800380070
00700070007000E000E000E000E001C001C001C001C003800380038003800780FFF00F1C7C9B15
>49 D<0000180000001800000038000000380000007800000078000000B8000001B80000013800
0002380000023C0000041C0000041C0000081C0000181C0000101C0000201C0000201C00007FFC
0000401C0000801C0001801C0001001C0002001C0002001C0004000E000C000E001C001E00FF00
FFC01A1D7E9C1F>65 D<0003F020001E0C60003002E000E003C001C001C0038001C0070000C00E
0000801E0000801C0000803C0000803C000000780000007800000078000000F0000000F0000000
F0000000F0000000F0000400F0000400F0000400F0000800700008007000100038002000180040
000C0180000706000001F800001B1E7A9C1E>67 D<01FFFE00003C0780003801C0003801C00038
00E0003800E0007000F00070007000700070007000F000E000F000E000F000E000F000E000F001
C001E001C001E001C001E001C001C0038003C003800380038007800380070007000E0007001C00
07003800070070000E01C000FFFF00001C1C7D9B1F>I<01FFFFE0003C00E00038006000380040
00380040003800400070004000700040007020400070200000E0400000E0400000E0C00000FFC0
0001C0800001C0800001C0800001C0800003810100038001000380020003800200070004000700
040007000C00070018000E007800FFFFF0001B1C7D9B1C>I<01FFFFC0003C01C0003800C00038
008000380080003800800070008000700080007020800070200000E0400000E0400000E0C00000
FFC00001C0800001C0800001C0800001C080000381000003800000038000000380000007000000
0700000007000000070000000F000000FFF000001A1C7D9B1B>I<0003F020001E0C60003002E0
00E003C001C001C0038001C0070000C00E0000801E0000801C0000803C0000803C000000780000
007800000078000000F0000000F0000000F001FFC0F0001E00F0001C00F0001C00F0001C00F000
1C00700038007000380038003800180078000C0090000707100001F800001B1E7A9C20>I<01FF
C0003C0000380000380000380000380000700000700000700000700000E00000E00000E00000E0
0001C00001C00001C00001C0000380000380000380000380000700000700000700000700000F00
00FFE000121C7E9B10>73 D<01FFE0003C00003800003800003800003800007000007000007000
00700000E00000E00000E00000E00001C00001C00001C00001C000038008038008038008038010
0700100700300700600700E00E03C0FFFFC0151C7D9B1A>76 D<01FC03FE001C0070003C006000
2E0040002E0040002E004000470080004700800047008000438080008381000083810000818100
0081C1000101C2000101C2000100E2000100E2000200E400020074000200740002007400040038
0004003800040038000C0018001C001000FF8010001F1C7D9B1F>78 D<01FFFC00003C07000038
0380003801C0003801C0003801C0007003C0007003C0007003C00070038000E0078000E0070000
E00E0000E0380001FFE00001C0000001C0000001C0000003800000038000000380000003800000
070000000700000007000000070000000F000000FFE000001A1C7D9B1C>80
D<01FFF800003C0E00003807000038038000380380003803800070078000700780007007800070
0F0000E00E0000E01C0000E0700000FFC00001C0C00001C0600001C0700001C070000380700003
80700003807000038070000700F0000700F0400700F0400700F0800F007880FFE0790000001E00
1A1D7D9B1E>82 D<000F8400304C00403C00801801001803001803001806001006001006000007
000007000003E00003FC0001FF00007F800007C00001C00001C00000C00000C02000C02000C060
0180600180600300600200F00400CC180083E000161E7D9C17>I<1FFFFFC01C0701C0300E00C0
200E0080600E0080400E0080401C0080801C0080801C0080001C00000038000000380000003800
00003800000070000000700000007000000070000000E0000000E0000000E0000000E0000001C0
000001C0000001C0000001C0000003C000007FFE00001A1C799B1E>I<7FF0FF800F001C000E00
18000E0010000E0010000E0010001C0020001C0020001C0020001C002000380040003800400038
0040003800400070008000700080007000800070008000E0010000E0010000E0010000E0020000
E0020000E0040000E00400006008000030300000104000000F800000191D779B1F>I<FF803FC0
1C000F001C0004001C0008001C0008001C0010001C0010001C0020001C0040001C0040001E0080
000E0080000E0100000E0200000E0200000E0400000E0400000E0800000E1800000E1000000E20
0000072000000740000007C0000007800000070000000700000006000000060000001A1D779B1F
>I<01FF81FE001E00F0001C0060001E0080000E0180000E0100000F0200000704000007080000
0790000003A0000003C0000001C0000001C0000001E0000002E0000004E0000008F00000107000
00207000006038000040380000803C0001001C0002001C0006001E001E001E00FF80FFC01F1C7E
9B1F>88 D<03CC063C0C3C181C3838303870387038E070E070E070E070E0E2C0E2C0E261E46264
3C380F127B9115>97 D<3F00070007000E000E000E000E001C001C001C001C0039C03E60383038
307038703870387038E070E070E070E060E0E0C0C0C1C0618063003C000D1D7B9C13>I<01F007
080C08181C3838300070007000E000E000E000E000E000E008E010602030C01F000E127B9113>
I<001F80000380000380000700000700000700000700000E00000E00000E00000E0003DC00063C
000C3C00181C00383800303800703800703800E07000E07000E07000E07000E0E200C0E200C0E2
0061E4006264003C3800111D7B9C15>I<01E007100C1018083810701070607F80E000E000E000
E000E000E0086010602030C01F000D127B9113>I<0003C0000670000C70001C60001C00001C00
00380000380000380000380000380003FF8000700000700000700000700000700000E00000E000
00E00000E00000E00001C00001C00001C00001C00001C000038000038000038000030000030000
070000C60000E60000CC00007800001425819C0D>I<00F3018F030F06070E0E0C0E1C0E1C0E38
1C381C381C381C383830383038187818F00F700070007000E000E0C0C0E1C0C3007E00101A7D91
13>I<0FC00001C00001C0000380000380000380000380000700000700000700000700000E7800
0E8C000F0E000E0E001C0E001C0E001C0E001C0E00381C00381C00381C00383800703880703880
707080707100E03200601C00111D7D9C15>I<0180038001000000000000000000000000000000
1C002600470047008E008E000E001C001C001C0038003800710071007100720072003C00091C7C
9B0D>I<0006000E0006000000000000000000000000000000F001180218021804380438003800
38007000700070007000E000E000E000E001C001C001C001C003800380C300E700CE0078000F24
819B0D>I<0FC00001C00001C0000380000380000380000380000700000700000700000700000E
0F000E11000E23800E43801C83001C80001D00001E00003F800039C00038E00038E00070E20070
E20070E20070E400E06400603800111D7D9C13>I<1F800380038007000700070007000E000E00
0E000E001C001C001C001C0038003800380038007000700070007000E400E400E400E400680038
00091D7C9C0B>I<3C1E0780266318C04683A0E04703C0E08E0380E08E0380E00E0380E00E0380
E01C0701C01C0701C01C0701C01C070380380E0388380E0388380E0708380E0710701C0320300C
01C01D127C9122>I<3C3C002646004687004707008E07008E07000E07000E07001C0E001C0E00
1C0E001C1C00381C40381C40383840383880701900300E0012127C9117>I<01E007180C0C180C
380C300E700E700EE01CE01CE01CE018E038E030E06060C031801E000F127B9115>I<07870004
D98008E0C008E0C011C0E011C0E001C0E001C0E00381C00381C00381C003818007038007030007
07000706000E8C000E70000E00000E00001C00001C00001C00001C00003C0000FF8000131A7F91
15>I<03C4062C0C3C181C3838303870387038E070E070E070E070E0E0C0E0C0E061E063C03DC0
01C001C0038003800380038007803FF00E1A7B9113>I<3C3C26C2468747078E068E000E000E00
1C001C001C001C0038003800380038007000300010127C9112>I<01F006080C080C1C18181C00
1F001FC00FF007F0007800386030E030C030806060C01F000E127D9111>I<00C001C001C001C0
0380038003800380FFE00700070007000E000E000E000E001C001C001C001C0038403840384038
8019000E000B1A7D990E>I<1E0300270700470700470700870E00870E000E0E000E0E001C1C00
1C1C001C1C001C1C003838803838801838801839001C5900078E0011127C9116>I<1E06270E47
0E4706870287020E020E021C041C041C041C0818083808181018200C4007800F127C9113>I<1E
01832703874703874703838707018707010E07010E07011C0E021C0E021C0E021C0E04180C0418
1C04181C081C1C100C263007C3C018127C911C>I<070E0019910010E38020E38041C30041C000
01C00001C000038000038000038000038000070200670200E70400CB04008B080070F00011127D
9113>I<1E03270747074707870E870E0E0E0E0E1C1C1C1C1C1C1C1C38383838183818381C7007
F00070007000E0E0C0E1C0818047003C00101A7C9114>I<038207C20FEC083810080010002000
40008001000200040008081008383067F043E081C00F127D9111>I E /Fx
82 124 df<00030000000300000007800000078000000FC000000BC0000013E0000011E0000021
F0000020F0000040F8000040780000807C0000803C0001003E0001001E0002001F0002000F0004
000F8004000780080007C0080003C0100003E0100001E0200000F0200000F07FFFFFF8FFFFFFFC
FFFFFFFC1E1D7E9C23>1 D<007E1F0001C1B1800303E3C00703C3C00E03C1800E01C0000E01C0
000E01C0000E01C0000E01C0000E01C000FFFFFC000E01C0000E01C0000E01C0000E01C0000E01
C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E
01C0000E01C0007F87FC001A1D809C18>11 D<007E0001C1800301800703C00E03C00E01800E00
000E00000E00000E00000E0000FFFFC00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01
C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C07F87F8151D809C17>I<007FC001
C1C00303C00703C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0FFFFC00E01C00E01C00E
01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E
01C07FCFF8151D809C17>I<003F07E00001C09C18000380F018000701F03C000E01E03C000E00
E018000E00E000000E00E000000E00E000000E00E000000E00E00000FFFFFFFC000E00E01C000E
00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C00
0E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C007FC7FCFF
80211D809C23>I<003F07FC0001C0DC1C000381F03C000701F03C000E01E01C000E00E01C000E
00E01C000E00E01C000E00E01C000E00E01C000E00E01C00FFFFFFFC000E00E01C000E00E01C00
0E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C
000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C000E00E01C007FC7FCFF80211D80
9C23>I<60F0F0F0F0F0F0F060606060606060606060606060000000000060F0F060041E7C9D0C>
33 D<6060F0F0F8F86868080808080808101010102020404080800D0C7F9C15>I<0F0000C01880
00C030600380703807006027FB00E0100600E0100C00E0100C00E0101800E0101800E0103000E0
106000602060007020C00030418000188180000F0303C00006062000060C10000C1C0800181808
0018380400303804006038040060380400C0380400C03804018038040300180803001C0806000C
100C000620040003C01E217E9E23>37 D<60F0F8680808081010204080050C7C9C0C>39
D<004000800100020006000C000C0018001800300030007000600060006000E000E000E000E000
E000E000E000E000E000E000E000E000600060006000700030003000180018000C000C00060002
000100008000400A2A7D9E10>I<800040002000100018000C000C000600060003000300038001
800180018001C001C001C001C001C001C001C001C001C001C001C001C001800180018003800300
0300060006000C000C00180010002000400080000A2A7E9E10>I<60F0F0701010101020204080
040C7C830C>44 D<FFE0FFE00B0280890E>I<60F0F06004047C830C>I<00010003000600060006
000C000C000C0018001800180030003000300060006000C000C000C00180018001800300030003
00060006000C000C000C00180018001800300030003000600060006000C000C00010297E9E15>
I<03C00C301818300C300C700E60066006E007E007E007E007E007E007E007E007E007E007E007
E007E00760066006700E300C300C18180C3007E0101D7E9B15>I<030007003F00C70007000700
070007000700070007000700070007000700070007000700070007000700070007000700070007
000F80FFF80D1C7C9B15>I<07C01830201C400C400EF00FF80FF807F8077007000F000E000E00
1C001C00380070006000C00180030006010C01180110023FFE7FFEFFFE101C7E9B15>I<07E018
30201C201C781E780E781E381E001C001C00180030006007E00030001C001C000E000F000F700F
F80FF80FF80FF00E401C201C183007E0101D7E9B15>I<000C00000C00001C00003C00003C0000
5C0000DC00009C00011C00031C00021C00041C000C1C00081C00101C00301C00201C00401C00C0
1C00FFFFC0001C00001C00001C00001C00001C00001C00001C0001FFC0121C7F9B15>I<300C3F
F83FF03FC020002000200020002000200023E024302818301C200E000E000F000F000F600FF00F
F00FF00F800E401E401C2038187007C0101D7E9B15>I<00F0030C06040C0E181E301E300C7000
70006000E3E0E430E818F00CF00EE006E007E007E007E007E007600760077006300E300C18180C
3003E0101D7E9B15>I<4000007FFF807FFF007FFF004002008004008004008008000010000010
0000200000600000400000C00000C00001C0000180000180000380000380000380000380000780
00078000078000078000078000078000030000111D7E9B15>I<03E00C301008200C2006600660
0660067006780C3E083FB01FE007F007F818FC307E601E600FC007C003C003C003C00360026004
300C1C1007E0101D7E9B15>I<03C00C301818300C700C600EE006E006E007E007E007E007E007
6007700F300F18170C2707C700060006000E300C780C78187010203030C00F80101D7E9B15>I<
60F0F0600000000000000000000060F0F06004127C910C>I<60F0F06000000000000000000000
60F0F0701010101020204080041A7C910C>I<7FFFFFC0FFFFFFE0000000000000000000000000
0000000000000000000000000000000000000000FFFFFFE07FFFFFC01B0C7E8F20>61
D<000600000006000000060000000F0000000F0000000F00000017800000178000001780000023
C0000023C0000023C0000041E0000041E0000041E0000080F0000080F0000180F8000100780001
FFF80003007C0002003C0002003C0006003E0004001E0004001E000C001F001E001F00FF80FFF0
1C1D7F9C1F>65 D<FFFFC00F00F00F00380F003C0F001C0F001E0F001E0F001E0F001E0F001C0F
003C0F00780F01F00FFFE00F00780F003C0F001E0F000E0F000F0F000F0F000F0F000F0F000F0F
001E0F001E0F003C0F0078FFFFE0181C7E9B1D>I<001F808000E0618001801980070007800E00
03801C0003801C00018038000180780000807800008070000080F0000000F0000000F0000000F0
000000F0000000F0000000F0000000F0000000700000807800008078000080380000801C000100
1C0001000E000200070004000180080000E03000001FC000191E7E9C1E>I<FFFFC0000F00F000
0F003C000F000E000F0007000F0007000F0003800F0003C00F0001C00F0001C00F0001E00F0001
E00F0001E00F0001E00F0001E00F0001E00F0001E00F0001E00F0001C00F0001C00F0003C00F00
03800F0007800F0007000F000E000F001C000F007000FFFFC0001B1C7E9B20>I<FFFFFC0F003C
0F000C0F00040F00040F00060F00020F00020F02020F02000F02000F02000F06000FFE000F0600
0F02000F02000F02000F02010F00010F00020F00020F00020F00060F00060F000C0F003CFFFFFC
181C7E9B1C>I<FFFFF80F00780F00180F00080F00080F000C0F00040F00040F02040F02000F02
000F02000F06000FFE000F06000F02000F02000F02000F02000F00000F00000F00000F00000F00
000F00000F00000F8000FFF800161C7E9B1B>I<001F808000E0618001801980070007800E0003
801C0003801C00018038000180780000807800008070000080F0000000F0000000F0000000F000
0000F0000000F0000000F000FFF0F0000F80700007807800078078000780380007801C0007801C
0007800E00078007000B800180118000E06080001F80001C1E7E9C21>I<FFF3FFC00F003C000F
003C000F003C000F003C000F003C000F003C000F003C000F003C000F003C000F003C000F003C00
0F003C000FFFFC000F003C000F003C000F003C000F003C000F003C000F003C000F003C000F003C
000F003C000F003C000F003C000F003C000F003C00FFF3FFC01A1C7E9B1F>I<FFF00F000F000F
000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F00
0F000F000F000F00FFF00C1C7F9B0F>I<FFF03FE00F000F000F000C000F0008000F0010000F00
20000F0040000F0080000F0100000F0200000F0400000F0E00000F1F00000F2F00000F2780000F
4780000F83C0000F01E0000F01E0000F00F0000F00F8000F0078000F003C000F003C000F001E00
0F001F000F001F80FFF07FF01C1C7E9B20>75 D<FFF8000F80000F00000F00000F00000F00000F
00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00080F
00080F00080F00180F00180F00100F00300F00700F01F0FFFFF0151C7E9B1A>I<FF8000FF800F
8000F8000F8000F8000BC00178000BC00178000BC001780009E002780009E002780008F0047800
08F004780008F0047800087808780008780878000878087800083C107800083C107800083C1078
00081E207800081E207800081E207800080F407800080F40780008078078000807807800080780
780008030078001C03007800FF8307FF80211C7E9B26>I<FF007FC00F800E000F8004000BC004
0009E0040009E0040008F0040008F8040008780400083C0400083C0400081E0400080F0400080F
0400080784000807C4000803C4000801E4000801E4000800F40008007C0008007C0008003C0008
003C0008001C0008000C001C000C00FF8004001A1C7E9B1F>I<003F800000E0E0000380380007
001C000E000E001C0007003C00078038000380780003C0780003C0700001C0F00001E0F00001E0
F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0700001C0780003C0780003C0380003
803C0007801C0007000E000E0007001C000380380000E0E000003F80001B1E7E9C20>I<FFFF80
0F00E00F00780F003C0F001C0F001E0F001E0F001E0F001E0F001E0F001C0F003C0F00780F00E0
0FFF800F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F0000
FFF000171C7E9B1C>I<003F800000E0E0000380380007001C000E000E001C0007003C00078038
000380780003C0780003C0700001C0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0
F00001E0F00001E0700001C0780003C0780003C0380003803C0E07801C1107000E208E0007205C
0003A0780000F0E020003FE0200000602000003060000038E000003FC000003FC000001F800000
0F001B257E9C20>I<FFFF00000F01E0000F0078000F003C000F001C000F001E000F001E000F00
1E000F001E000F001C000F003C000F0078000F01E0000FFF00000F03C0000F00E0000F00F0000F
0078000F0078000F0078000F0078000F0078000F0078000F0078100F0078100F0038100F003C20
FFF01C20000007C01C1D7E9B1F>I<07E0801C1980300580700380600180E00180E00080E00080
E00080F00000F800007C00007FC0003FF8001FFE0007FF0000FF80000F800007C00003C00001C0
8001C08001C08001C0C00180C00180E00300D00200CC0C0083F800121E7E9C17>I<7FFFFFC070
0F01C0600F00C0400F0040400F0040C00F0020800F0020800F0020800F0020000F0000000F0000
000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00
00000F0000000F0000000F0000000F0000000F0000001F800003FFFC001B1C7F9B1E>I<FFF07F
C00F000E000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F00
04000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F
0004000F0004000700080007800800038010000180100000C020000070C000001F00001A1D7E9B
1F>I<FFE00FF01F0003C00F0001800F0001000F800300078002000780020003C0040003C00400
03C0040001E0080001E0080001F0080000F0100000F0100000F830000078200000782000003C40
00003C4000003C4000001E8000001E8000001F8000000F0000000F000000060000000600000006
00001C1D7F9B1F>I<FFE0FFE0FF1F001F003C1E001E00180F001F00100F001F00100F001F0010
07801F00200780278020078027802003C027804003C043C04003C043C04003E043C04001E081E0
8001E081E08001E081E08000F100F10000F100F10000F100F100007900FA00007A007A00007A00
7A00003E007C00003C003C00003C003C00003C003C00001800180000180018000018001800281D
7F9B2B>I<7FF0FFC00FC03E000780180003C0180003E0100001E0200001F0600000F040000078
8000007D8000003D0000001E0000001F0000000F0000000F8000000F80000013C0000023E00000
21E0000041F00000C0F8000080780001007C0003003C0002001E0006001F001F003F80FFC0FFF0
1C1C7F9B1F>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0FEFE07297C9E0C>91 D<FEFE0606060606060606060606060606060606060606
0606060606060606060606060606060606FEFE0729809E0C>93 D<0810204040808080B0F87830
050C7D9C0C>96 D<1FC000307000783800781C00301C00001C00001C0001FC000F1C00381C0070
1C00601C00E01C40E01C40E01C40603C40304E801F870012127E9115>I<FC00001C00001C0000
1C00001C00001C00001C00001C00001C00001C00001C00001C7C001D86001E03001C01801C01C0
1C00C01C00E01C00E01C00E01C00E01C00E01C00E01C00C01C01C01C01801E030019060010F800
131D7F9C17>I<07E00C301878307870306000E000E000E000E000E000E0006000700430041808
0C3007C00E127E9112>I<003F0000070000070000070000070000070000070000070000070000
070000070003E7000C1700180F00300700700700600700E00700E00700E00700E00700E00700E0
0700600700700700300700180F000C370007C7E0131D7E9C17>I<03E00C301818300C700E6006
E006FFFEE000E000E000E00060007002300218040C1803E00F127F9112>I<00F8018C071E061E
0E0C0E000E000E000E000E000E00FFE00E000E000E000E000E000E000E000E000E000E000E000E
000E000E000E000E007FE00F1D809C0D>I<00038003C4C00C38C01C3880181800381C00381C00
381C00381C001818001C38000C300013C0001000003000001800001FF8001FFF001FFF80300380
6001C0C000C0C000C0C000C06001803003001C0E0007F800121C7F9215>I<FC00001C00001C00
001C00001C00001C00001C00001C00001C00001C00001C00001C7C001C87001D03001E03801C03
801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C0380FF9F
F0141D7F9C17>I<18003C003C0018000000000000000000000000000000FC001C001C001C001C
001C001C001C001C001C001C001C001C001C001C001C001C00FF80091D7F9C0C>I<00C001E001
E000C000000000000000000000000000000FE000E000E000E000E000E000E000E000E000E000E0
00E000E000E000E000E000E000E000E000E000E060E0F0C0F1C061803E000B25839C0D>I<FC00
001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C3FC01C0F001C0C
001C08001C10001C20001C40001CE0001DE0001E70001C78001C38001C3C001C1C001C0E001C0F
001C0F80FF9FE0131D7F9C16>I<FC001C001C001C001C001C001C001C001C001C001C001C001C
001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C00FF80091D7F9C0C>
I<FC7E07E0001C838838001D019018001E01E01C001C01C01C001C01C01C001C01C01C001C01C0
1C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01
C01C001C01C01C00FF8FF8FF8021127F9124>I<FC7C001C87001D03001E03801C03801C03801C
03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C0380FF9FF014127F91
17>I<03F0000E1C00180600300300700380600180E001C0E001C0E001C0E001C0E001C0E001C0
6001807003803003001806000E1C0003F00012127F9115>I<FC7C001D86001E03001C01801C01
C01C00C01C00E01C00E01C00E01C00E01C00E01C00E01C01C01C01C01C01801E03001D06001CF8
001C00001C00001C00001C00001C00001C00001C0000FF8000131A7F9117>I<03C1000C330018
0B00300F00700700700700E00700E00700E00700E00700E00700E00700600700700700300F0018
0F000C370007C700000700000700000700000700000700000700000700003FE0131A7E9116>I<
FCE01D301E781E781C301C001C001C001C001C001C001C001C001C001C001C001C00FFC00D127F
9110>I<1F9030704030C010C010E010F8007F803FE00FF000F880388018C018C018E010D0608F
C00D127F9110>I<04000400040004000C000C001C003C00FFE01C001C001C001C001C001C001C
001C001C001C101C101C101C101C100C100E2003C00C1A7F9910>I<FC1F801C03801C03801C03
801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C07800C07800E1B
8003E3F014127F9117>I<FF07E03C03801C01001C01000E02000E020007040007040007040003
880003880003D80001D00001D00000E00000E00000E00000400013127F9116>I<FF3FCFE03C0F
03801C0701801C0701001C0B01000E0B82000E0B82000E1182000711C4000711C4000720C40003
A0E80003A0E80003C0680001C0700001C0700001803000008020001B127F911E>I<7F8FF00F03
800F030007020003840001C80001D80000F00000700000780000F800009C00010E00020E000607
000403801E07C0FF0FF81512809116>I<FF07E03C03801C01001C01000E02000E020007040007
040007040003880003880003D80001D00001D00000E00000E00000E00000400000400000800000
8000F08000F10000F300006600003C0000131A7F9116>I<7FFC70386038407040F040E041C003
C0038007000F040E041C043C0C380870087038FFF80E127F9112>I<FFFFF01401808B15>I
E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 300
TeXDict begin @letter /letter where {pop letter} if
%%EndSetup
%%Page: 26 1
bop -90 -108 a Fx(via)15 b(visa-routers.)25 b(Eac)o(h)16 b(visa-router)g(kno)
o(ws)g(the)g(A)o(CSs)g(in)g(its)f(AD,)h(is)f(willing)f(to)i(accept)h(visas)f
(issued)g(b)o(y)g(some)f(or)h(all)e(of)i(these)-90 -59 y(A)o(CSs,)e(and)f
(trusts)j(their)e(decisions)g(ab)q(out)g(authorizing)f(and)h(terminating)e
(connections.)-28 9 y(A)17 b(visa-router)f(allo)o(ws)f(an)o(y)h(external)h
(part)o(y)f(to)g(comm)o(unicate)e(with)i(an)o(y)g(registered,)i(in)o(ternal)e
(A)o(CS.)g(Similarl)o(y)m(,)d(visa-routers)-90 59 y(allo)o(w)i(all)g
(registered,)k(lo)q(cal)d(A)o(CSs)h(to)f(comm)o(unicate)f(with)h(an)o(y)g
(external)h(part)o(y)m(.)26 b(Suc)o(h)17 b(trust)h(is)e(reasonable)h(b)q
(ecause)i(A)o(CSs)e(are)-90 109 y(assumed)d(to)f(implemen)o(t)e(su\016cien)o
(t)k(defense)g(mec)o(hanisms)d(and)i(to)f(enforce)i(AD's)f(p)q(olicy)m(.)-28
176 y(Ho)o(w)o(ev)o(er,)19 b(this)f(do)q(es)g(not)g(imply)d(that)j
(visa-routers)g(should)g(let)g(the)g(A)o(CS-originated)f(outb)q(ound)h
(tra\016c)g(go)f(unc)o(hec)o(k)o(ed.)31 b(In)-90 226 y(order)16
b(to)g(detect)h Fw(b)n(o)n(gus)f Fx(A)o(CS)g(pac)o(k)o(ets)g(and)g(prev)o(en)
o(t)h(repla)o(y)e(of)g(pre-recorded)j(A)o(CS-sourced)f(pac)o(k)o(ets,)f(a)g
(visa-router)g(m)o(ust)e(v)o(erify)-90 276 y(pac)o(k)o(et)g(signatures)h(and)
f(v)n(alidate)e(pac)o(k)o(et)j(timestamps)c(of)j(all)e(pac)o(k)o(ets)j(purp)q
(ortedly)g(originating)d(at)h(a)h(lo)q(cal)f(A)o(CS.)-28 344
y(It)j(is)g(more)e(di\016cult)h(to)h(con)o(trol)g(tra\016c)f(coming)f(in)i
(from)e(the)i(outside)g(destined)h(for)e(a)h(lo)q(cal)e(A)o(CS.)i(Because)h
(suc)o(h)g(tra\016c)f(can)-90 393 y(originate)d(an)o(ywhere)h(in)f(the)h(in)o
(ternet)o(w)o(ork)g(its)g(v)n(alidation)d(w)o(ould)i(require)h(a)f
(visa-router)h(to)g(ha)o(v)o(e)f(means)g(for)g(v)o(erifying)f(signatures)-90
443 y(and)j(timestamps)e(generated)k(b)o(y)e(a)g(p)q(ossibly)g(large)g(n)o
(um)o(b)q(er)f(of)h(sources.)24 b(This)15 b(w)o(ould)f(necessitate)k(a)d(lot)
f(of)h(state)h(information)c(in)-90 493 y(visa-routers)h(whic)o(h)g(is)f
(clearly)h(undesirable)g(and)f(impractical)f(for)h(reasons)i(of)e(p)q
(erformance.)18 b(The)13 b(alternativ)o(e)f(is)h(not)f(to)h(scrutinize)-90
543 y(in-b)q(ound)j(A)o(CS)h(tra\016c)f(and)h(let)f(the)i(A)o(CSs)f(\014lter)
g(out)f(fraudulen)o(t)h(pac)o(k)o(ets.)26 b(Visa-routers)18
b(can)f(still)e(main)o(tain)f(some)i(con)o(trol)g(b)o(y)-90
593 y(making)d(sure)j(that)f(lo)q(cal)g(A)o(CSs)g(do)g(not)g(get)h
Fw(\015o)n(o)n(de)n(d)g Fx(b)o(y)f(in-b)q(ound)g(tra\016c.)22
b(The)15 b(disadv)n(an)o(tage)g(of)f(this)i(approac)o(h)f(is)g(that)g(it)g
(ma)o(y)-90 643 y(violate)g(one)h(of)f(our)g(fundamen)o(tal)f(goals)h(of)g
(not)h(allo)o(wing)d Fw(unauthorize)n(d)j Fx(externally-sourced)h(tra\016c)f
(consume)f(in)o(ternal)h(net)o(w)o(ork)-90 692 y(resources.)k(This)14
b(sub)r(ject)i(is)d(addressed)j(further)f(in)e(Section)h(3.7.)-28
760 y(Assuming)i(that)h(eac)o(h)g(AD)g(emplo)o(ys)e(visa-routers,)j(eac)o(h)f
(in)o(ter-AD)g(pac)o(k)o(et)g(tra)o(v)o(els)g(through)g(at)g(least)g(t)o(w)o
(o)f(suc)o(h)i(routers.)28 b(A)-90 810 y(visa-router)15 b(m)o(ust)f
(scrutinize)j(ev)o(ery)f(pac)o(k)o(et)f(it)g(receiv)o(es;)h(pac)o(k)o(ets)g
(without)f(visas)g(cannot)g(b)q(e)h(forw)o(arded)f(\(except)i(for)d(those)i
(to)f(or)-90 860 y(from)e(trusted)j(en)o(tities)f(of)g(the)g(router's)h(o)o
(wn)e(AD\).)g(In)h(section)g(3.6.1)f(w)o(e)h(describ)q(e)h(a)f(mec)o(hanism)d
(for)i(a)h(visa-router)g(to)g(inform)d(an)-90 909 y(end-system)i(that)g(a)g
(visa)f(is)h(required)h(for)e(in)o(ter-AD)h(comm)o(unicatio)o(n.)-28
977 y(P)o(ac)o(k)o(ets)19 b(originating)c(at)j(or)g(destined)g(for)g
(unequipp)q(ed)g(end-systems)g(are)g(discarded)h(b)o(y)e(the)i(visa-routers)f
(since)h(these)g(end-)-90 1027 y(systems)14 b(are)g(\(b)o(y)g(de\014nition\))
g(not)g(allo)o(w)o(ed)e(an)o(y)i(external)g(access.)-28 1095
y(If)c(the)i(t)o(w)o(o)e(stub)h(ADs)g(are)g(not)f(directly)h(connected,)i
(pac)o(k)o(ets)e(will)e(pass)i(through)g(the)g(routers)h(of)e(transit)h(net)o
(w)o(orks.)17 b(Visa-routers)-90 1144 y(within)c(a)h(single)g(transit)h(AD)f
(are)g(assumed)g(to)g(trust)i(eac)o(h)e(other,)h(and)f(transfer)h(transit)f
(pac)o(k)o(ets)h(via)f(secure)i(c)o(hannels)f(to)f(prev)o(en)o(t)-90
1194 y(unauthorized)g(en)o(trance)i(or)e(exit.)k(Non-visa)13
b(routers)i(in)e(transit)i(ADs)f(treat)g(visa-stamp)q(ed)f(pac)o(k)o(ets)i
(as)f(regular)g(in)o(ternet)g(pac)o(k)o(ets.)-90 1333 y Fv(3.5.3)55
b(P)n(articipating)18 b(End-systems)-90 1427 y Fx(An)f(end-system)g
(attempting)f(comm)o(unicatio)o(n)f(outside)i(of)f(its)h(AD)g(m)o(ust)f(b)q
(e)i(able)e(to)h(obtain)g(a)f(visa)h(allo)o(wing)d(it)j(exit)g(from)e(the)-90
1477 y(lo)q(cal)h(AD)h(and)f(en)o(try)i(to)e(the)i(destination)e(AD.)h(In)f
(order)i(to)f(obtain)f(exit)g(authorization)g(it)h(needs)h(to)f(con)o(tact)g
(one)g(of)f(the)i(lo)q(cal)-90 1527 y(A)o(CSs)13 b(whic)o(h)f(\(up)q(on)h
(authen)o(ticating)f(the)h(requesting)g(end-system)f(and)h(c)o(hec)o(king)f
(its)h(access)h(con)o(trol)e(lists\))g(then)i(con)o(tacts)f(an)f(A)o(CS)-90
1577 y(in)j(the)h(destination)g(AD)f(and)g(requests)j(en)o(try)e
(authorization)f(on)g(b)q(ehalf)g(of)g(the)h(original)e(end-system.)23
b(After)16 b(establishing)f(en)o(try)-90 1627 y(authorization,)f(the)h
(remote)f(A)o(CS)g(issues)i(a)f(visa)f(whic)o(h)g(is)h(subsequen)o(tly)g
(deliv)o(ered)g(to)g(the)g(requesting)h(end-system.)k(Thereafter,)-90
1676 y(a)c(visa-stamp)f(\(computed)h(with)f(the)i(corresp)q(onding)h(visa-k)o
(ey\))e(m)o(ust)f(b)q(e)i(attac)o(hed)g(to)f(ev)o(ery)h(pac)o(k)o(et)f(sen)o
(t)i(from)c(the)j(requesting)-90 1726 y(end-system)d(to)g(the)g(apparen)o(t)h
(destination.)-28 1794 y(An)g(end-system,)f(unlik)o(e)g(a)g(visa-router,)h
(do)q(es)g(not)f(ha)o(v)o(e)g(to)h(ha)o(v)o(e)f(reliable)g(kno)o(wledge)g(of)
g(the)h(lo)q(cal)f(A)o(CS's)g(address;)h(this)g(ma)o(y)-90
1844 y(instead)g(b)q(e)h(supplied)f(b)o(y)g(a)g(visa-router)h(when)f(an)g
(end-system)g(\014rst)h(attempts)f(to)g(comm)o(unicate)e(across)j(the)g(AD)e
(b)q(oundary)i(\(see)-90 1893 y(section)g(3.6.1\).)k(An)c(end-system)f(ma)o
(y)e(still)i(need)h(to)f(use)h(an)f(authen)o(tication)g(proto)q(col)g
(\(e.g.,)f(Kerb)q(eros)j([85)o(]\))e(to)g(mak)o(e)f(sure)i(it)f(is)-90
1943 y(really)e(talking)g(to)h(the)g(A)o(CS.)-28 2011 y(Since)h(pac)o(k)o(et)
g(reception)g(is)g(a)f(passiv)o(e)g(op)q(eration,)g(the)h(destination)f
(end-system)h(is)f(not)h(required)g(to)f(initiate)g(an)o(y)f(actions.)20
b(Of)-90 2061 y(course,)f(in)e(most)f(t)o(yp)q(es)i(of)f(comm)o(unication,)e
(pac)o(k)o(ets)j(\015o)o(w)f(in)g(b)q(oth)g(directions,)i(so)e(eac)o(h)h
(end-system)f(is)h(b)q(oth)f(a)g(source)i(and)e(a)-90 2111
y(destination.)k(Therefore,)16 b(to)f(a)o(v)o(oid)e(additional)g(o)o(v)o
(erhead)i(w)o(e)h(assume)e(that)h(an)g(AD)f(ma)o(y)f(allo)o(w)h(its)h(A)o(CS)
f(to)h(issue)h Fw(two-way)e Fx(visas)-90 2160 y(automatically)d(if)i(no)g
(authen)o(tication)h(of)f(the)i(remote)e(destination)h(is)g(required.)-28
2228 y(In)g(summary)m(,)d(the)j(requiremen)o(ts)g(for)g(a)f(participating)g
(end-system)h(are)h(as)f(follo)o(ws:)-28 2329 y Fu(\017)21
b Fx(an)13 b(authen)o(tication)h(mec)o(hanism)e(to)h(allo)o(w)g(for)g(a)h
(dialog)e(with)h(a)h(lo)q(cal)f(A)o(CS)-28 2412 y Fu(\017)21
b Fx(secure)16 b(storage)e(for)g(activ)o(e)f(visas)-28 2495
y Fu(\017)21 b Fx(a)13 b(means)g(for)h(generating)g(visa-stamps)-90
2596 y(Lastly)m(,)i(a)g(participating)f(end-system)h(m)o(ust)g(b)q(e)h(iden)o
(ti\014able,)e(i.e.,)h(it)g(m)o(ust)f(b)q(e)i(assigned)f(a)g(unique)h(k)o(ey)
f(or)g(k)o(ey-pair)g(\(dep)q(ending)-90 2646 y(up)q(on)e(the)g(encryption)h
(metho)q(d\).)2028 2770 y(26)p eop
%%Page: 27 2
bop -28 -108 a Fx(It)17 b(should)g(b)q(e)h(noted)g(that)f Fw(Visa)g
Fx(proto)q(col,)g(b)o(y)g(itself,)g(do)q(es)h(not)f(pro)o(vide)g(for)g(m)o
(ulti-lev)o(el)d(securit)o(y)m(,)k(nor)f(do)q(es)h(it)f(eliminate)e(a)-90
-59 y(v)n(ariet)o(y)e(of)g(co)o(v)o(ert)i(c)o(hannels.)j(In)c(the)g(absence)i
(of)d(additional)f(non-discretionary)i(con)o(trols,)f(a)g(participating)g
(end-system)h(ma)o(y)e(still)-90 -9 y(compromise)g(access)j(con)o(trols)f(b)o
(y)g(serving)g(as)g(a)g(conduit)g(for)f(comm)o(unications)e(b)q(et)o(w)o(een)
k(unauthorized)g(end-systems.)1864 -24 y Ft(2)-90 146 y Fs(3.6)70
b(Proto)r(col)-90 255 y Fw(Visa)14 b Fx(proto)q(col)g(consists)h(of)e(three)i
(phases.)20 b(In)14 b(the)g(setup)h(phase,)g(an)e(end-system)i(obtains)e
(authorization)h(for)f(exiting)h(its)g(o)o(wn)f(AD)-90 305
y(and)g(en)o(tering)h(the)f(destination)g(AD.)g(If)f(successful,)j(it)e
(culminates)f(with)h(the)g(issuance)h(and)f(distribution)g(of)g(visas)g(to)f
(all)g(principals)-90 355 y(in)o(v)o(olv)o(ed.)20 b(In)15 b(the)g(pac)o(k)o
(et)h(forw)o(arding)e(phase,)h(the)h(visa-k)o(ey)e(is)h(used)h(to)e(generate)
j(pac)o(k)o(et)e(data)g(signatures)g(that)g(are)h(attac)o(hed)f(to)-90
405 y(all)d(pac)o(k)o(ets)i(b)q(elonging)e(to)h(an)g(authorized)h
(connection.)k(Finally)m(,)11 b(the)j(teardo)o(wn)g(phase)f(in)o(v)o(olv)o
(es)g(the)g(termination)f(of)g(a)h(visa)g(either)-90 454 y(b)q(ecause)h(of)d
(normal)f(expiration)i(or)g(b)o(y)g(explicit)g(rev)o(o)q(cation.)17
b(In)12 b(the)h(remainder)e(of)h(this)g(section,)h(eac)o(h)g(proto)q(col)e
(phase)i(is)f(discussed)-90 504 y(separately)m(.)-90 643 y
Fv(3.6.1)55 b(Setup)19 b(Phase)-90 737 y Fx(The)12 b(purp)q(ose)h(of)e(the)h
(setup)g(phase)g(is)g(to)f(i\))g(authorize)h(comm)o(unication)c(b)q(et)o(w)o
(een)13 b(t)o(w)o(o)e(end-systems)h(b)o(y)g(the)g(A)o(CSs)g(in)f(the)h(resp)q
(ectiv)o(e)-90 787 y(ADs,)i(ii\))f(issue)i(a)f(visa)g(whic)o(h)g(em)o(b)q(o)q
(dies)g(this)g(authorization,)f(and,)h(iii\))f(distribute)i(it)f(to)g(all)f
(parties)i(in)o(v)o(olv)o(ed.)i(The)e(placemen)o(t)f(of)-90
837 y(the)g(proto)q(col)g(participan)o(ts)g(is)g(illustrated)f(in)h(Figure)g
(3.1.)-90 967 y Fr(3.6.1.1)48 b(Exit)15 b(Authorization)-90
1057 y Fx(The)h(proto)q(col)f(is)h(put)f(in)g(motion)f(when)i(an)f
(end-system,)h Fq(H)909 1063 y Fp(a)928 1057 y Fx(,)g(in)f
Fq(AD)1071 1063 y Fp(a)1107 1057 y Fx(b)q(egins)g(comm)o(unication)e(with)i
(another)h(end-system,)f Fq(H)2042 1063 y Fp(b)2058 1057 y
Fx(,)-90 1103 y(in)j(a)f(di\013eren)o(t)i(AD,)f Fq(AD)327 1109
y Fp(b)344 1103 y Fx(.)30 b Fq(H)421 1109 y Fp(a)459 1103 y
Fx(ma)o(y)16 b(already)i(kno)o(w)f(that)h(its)g(in)o(tended)h(destination)f
(is)g(in)g(a)f(di\013eren)o(t)i(AD,)f(either)h(b)q(ecause)g(it)-90
1149 y(has)c(previously)g(comm)o(unicated)e(with)i Fq(H)593
1155 y Fp(b)625 1149 y Fx(or)g(it)g(ma)o(y)e(ha)o(v)o(e)i(disco)o(v)o(ered)h
(this)f(through)h(some)e(external)i(mec)o(hanism)d(\(e.g.,)h(a)h(name)-90
1194 y(serv)o(er\).)23 b(If)15 b(so,)g Fq(H)208 1200 y Fp(a)242
1194 y Fx(ma)o(y)e(comm)o(unicate)g(directly)i(with)g(an)g(A)o(CS)g(in)g(its)
g(AD,)f Fq(AC)s(S)1279 1200 y Fp(a)1299 1194 y Fx(.)22 b(Otherwise,)16
b(it)f(ma)o(y)e(disco)o(v)o(er)i(that)g Fq(H)1961 1200 y Fp(b)1993
1194 y Fx(is)f(in)-90 1240 y(a)f(di\013eren)o(t)i(AD)e(when)i(its)e(pac)o(k)o
(et)h(reac)o(hes)i(the)e(exit)f(visa-router.)19 b(Since)14
b(the)g(pac)o(k)o(et)g(carries)h(no)e(visa-stamp,)f(the)i(exit)g(visa-router)
-90 1286 y(replies)h(with)f(a)h(REDIRECT)e(pac)o(k)o(et.)21
b(REDIRECT)13 b(is)i(essen)o(tially)f(a)g(means)g(of)g(notifying)f
Fq(H)1460 1292 y Fp(a)1494 1286 y Fx(that)i(the)g(in)o(tended)g(destination)f
(is)-90 1331 y(non-lo)q(cal,)e(and)i(that)g(it)f(m)o(ust)g
Fw("apply")i Fx(for)f(a)f(visa)h(with)f(a)h(lo)q(cal)f(A)o(CS.)701
1412 y Fo(RE)r(D)q(I)s(RE)r(C)s(T)28 b Fn(=)21 b([)10 b Fo(H)1056
1416 y Fm(a)1075 1412 y Fo(;)c(H)1124 1416 y Fm(b)1140 1412
y Fo(;)g(AC)s(S)1239 1416 y Fm(a)1268 1412 y Fn(])-1369 b(\(3.1\))-28
1511 y Fx(The)15 b(proto)q(col)f(b)q(egins)h(b)o(y)f Fq(H)443
1517 y Fp(a)476 1511 y Fx(requesting)h(authorization)f(from)e
Fq(AC)s(S)1120 1517 y Fp(a)1141 1511 y Fx(.)19 b(It)14 b(do)q(es)h(so)f(b)o
(y)g(sending)h(a)f(HOST-REQUEST)h(pac)o(k)o(et)-90 1557 y(to)f
Fq(AC)s(S)50 1563 y Fp(a)70 1557 y Fx(.)593 1602 y Fo(H)s(O)q(S)r(T)h
Fl(\000)8 b Fo(RE)r(QU)t(E)r(S)r(T)29 b Fn(=)21 b([)11 b Fo(H)1088
1606 y Fm(a)1106 1602 y Fo(;)6 b(H)1155 1606 y Fm(b)1171 1602
y Fo(;)g(T)f(S)1238 1606 y Fm(H)1263 1610 y Fk(a)1295 1602
y Fn(])1316 1585 y Fm(K)1342 1591 y Fk(H)1365 1595 y(a)-90
1602 y Fn(\(3.2\))-90 1669 y Fx(T)m(o)15 b(main)o(tain)e(data)i(in)o(tegrit)o
(y)m(,)g(HOST-REQUEST)h(is)g(signed)f(with)h Fq(H)1076 1675
y Fp(a)1095 1669 y Fx('s)g(k)o(ey)m(,)f Fq(K)1259 1675 y Fp(H)1286
1679 y Fk(a)1307 1669 y Fx(.)23 b(If)15 b(con)o(v)o(en)o(tional)g(encryption)
h(is)g(used,)g Fq(K)2022 1675 y Fp(H)2049 1679 y Fk(a)-90 1719
y Fx(is)e(a)g(k)o(ey)g(kno)o(wn)g(only)g(to)g Fq(H)372 1725
y Fp(a)405 1719 y Fx(and)g Fq(AC)s(S)575 1725 y Fp(a)596 1719
y Fx(.)19 b(With)13 b(public)h(k)o(ey)g(encryption,)h Fq(K)1188
1725 y Fp(H)1215 1729 y Fk(a)1250 1719 y Fx(is)f(the)h(priv)n(ate)f
(\(secret\))i(k)o(ey)f(kno)o(wn)e(only)h(to)g Fq(H)2039 1725
y Fp(a)2058 1719 y Fx(.)-90 1768 y(A)h(timestamp,)d Fq(T)6
b(S)229 1774 y Fp(H)256 1778 y Fk(a)277 1768 y Fx(,)15 b(is)f(included)h(to)g
(demonstrate)g(the)g(timeliness)f(of)g(the)i(pac)o(k)o(et,)f(i.e.,)e(to)i
(indicate)g(its)g Fw(fr)n(eshness)f Fx(to)h Fq(AC)s(S)1998
1774 y Fp(a)2033 1768 y Fx(as)-90 1818 y(describ)q(ed)h(in)d(Section)h
(2.2.3.)j(\(F)m(resheness)f(is,)d(of)h(course,)g(dep)q(enden)o(t)i(up)q(on)e
(the)h(v)n(alue)e(of)g(\001)1429 1824 y Fp(T)1455 1818 y Fx(.\))-28
1886 y(Next,)j Fq(AC)s(S)176 1892 y Fp(a)211 1886 y Fx(has)f(to)g(authorize)g
(comm)o(unication)c(b)q(et)o(w)o(een)17 b Fq(H)1008 1892 y
Fp(a)1042 1886 y Fx(and)e Fq(H)1159 1892 y Fp(b)1175 1886 y
Fx(.)21 b(This)15 b(step)h(is)f(dep)q(enden)o(t)i(on)d(the)i(particular)f(p)q
(olicy)-90 1936 y(emplo)o(y)o(ed)d(b)o(y)i Fq(AD)216 1942 y
Fp(a)237 1936 y Fx(.)k(F)m(or)c(example,)e(it)h(ma)o(y)f(in)o(v)o(olv)o(e)h
(a)h(higher-lev)o(el)f(authen)o(tication)h(dialog)e(b)q(et)o(w)o(een)k
Fq(AD)1667 1942 y Fp(a)1701 1936 y Fx(and)e Fq(H)1817 1942
y Fp(a)1837 1936 y Fx(.)k(The)c(details)-90 1986 y(of)f(this)h(pro)q(cedure)i
(are)e(b)q(ey)o(ond)g(the)h(scop)q(e)g(of)e(this)h(discussion.)-28
2049 y(If)g(and)f(when)i(exit)f(authorization)f(is)h(established,)g
Fq(AC)s(S)896 2055 y Fp(a)930 2049 y Fx(comp)q(oses)g(a)f(VISA-REQUEST)i(pac)
o(k)o(et:)581 2130 y Fo(V)9 b(I)s(S)r(A)f Fl(\000)h Fo(RE)r(QU)t(E)r(S)r(T)29
b Fn(=)21 b([)10 b Fo(H)1062 2134 y Fm(a)1081 2130 y Fo(;)c(H)1130
2134 y Fm(b)1145 2130 y Fo(;)g(T)f(S)1212 2134 y Fm(a)1243
2130 y Fn(])1265 2112 y Fm(D)q(K)1317 2118 y Fk(AC)q(S)1379
2122 y(a)-90 2130 y Fn(\(3.3\))-90 2215 y Fx(The)16 b(pac)o(k)o(et)g(is)f
(signed)h(with)f Fq(AC)s(S)486 2221 y Fp(a)506 2215 y Fx('s)h(secret)h(k)o
(ey)f(and)f(timestamp)q(ed)f(to)h(help)h(v)o(erify)f(b)q(oth)g(data)g(in)o
(tegrit)o(y)g(and)h(timeliness.)22 b(The)-90 2265 y(timestamp,)17
b Fq(T)6 b(S)188 2271 y Fp(a)208 2265 y Fx(,)19 b(is)g(guaran)o(teed)f(to)h
(b)q(e)g(unique;)h(thereafter,)h(it)d(is)g(used)h(as)g(a)f(visa)g(iden)o
(ti\014er.)32 b(As)19 b(with)f(HOST-REQUEST,)-90 2315 y(the)f(signature)f(is)
g(not)f(needed)j(if)d(a)h(higher-lev)o(el)f(authen)o(tication)h(dialog)e(is)i
(used)h(b)q(et)o(w)o(een)g Fq(AC)s(S)1520 2321 y Fp(a)1556
2315 y Fx(and)f(its)g(coun)o(terpart)h(in)e Fq(AD)2041 2321
y Fp(b)2058 2315 y Fx(.)-90 2365 y(Nev)o(ertheless,)j(our)e(purp)q(ose)i(is)d
(to)h(allo)o(w)f(authen)o(tication)g(to)h(tak)o(e)g(place)g(at)g(the)h
(earliest)f(p)q(ossible)g(time)f(rather)i(than)f(relying)f(on)-90
2414 y(the)f(presence)j(of)c(a)h(higher-la)o(y)o(er)f(AD-dep)q(enden)o(t)i
(mec)o(hanism.)-28 2482 y(In)j(order)f(to)h(deliv)o(er)f(a)g(VISA-REQUEST,)g
Fq(AC)s(S)804 2488 y Fp(a)842 2482 y Fx(has)g(to)g(lo)q(cate)g(its)h(coun)o
(terpart)g(in)f(the)h(destination)f(AD,)f Fq(AD)1888 2488 y
Fp(b)1906 2482 y Fx(.)28 b(It)17 b(ma)o(y)-90 2532 y(kno)o(w)c(the)h(address)
h(of)e Fq(AC)s(S)373 2538 y Fp(b)403 2532 y Fx(b)q(ecause)j(of)d(previous)h
(comm)o(uni)o(cation)d(in)i(whic)o(h)g(case)i(VISA-REQUEST)f(ma)o(y)e(b)q(e)i
(sen)o(t)g(directly)m(.)k(It)p -90 2612 864 2 v -44 2639 a
Fj(2)-26 2651 y Fi(See)10 b(section)g(3.7.)2028 2770 y Fx(27)p
eop
%%Page: 28 3
bop 150 -150 a
 26049576 23681433 0 0 40258437 52099153 startTexFig
150 -150 a
%%BeginDocument: visa1.ps
/FMversion (2.0) def 
/FrameDict 170 dict def 
systemdict /errordict known not { /errordict 10 dict def
		errordict /rangecheck { stop } put } if
FrameDict /tmprangecheck errordict /rangecheck get put 
errordict /rangecheck {FrameDict /bug true put} put 
FrameDict /bug false put 
mark 
currentfile 5 string readline
00
0000000000
cleartomark 
errordict /rangecheck FrameDict /tmprangecheck get put 
FrameDict /bug get { 
	/readline {
		/gstring exch def
		/gfile exch def
		/gindex 0 def
		{
			gfile read pop 
			dup 10 eq {exit} if 
			dup 13 eq {exit} if 
			gstring exch gindex exch put 
			/gindex gindex 1 add def 
		} loop
		pop 
		gstring 0 gindex getinterval true 
		} def
	} if
/FMVERSION {
	FMversion ne {
		/Times-Roman findfont 18 scalefont setfont
		100 100 moveto
		(FrameMaker version does not match postscript_prolog!)
		dup =
		show showpage
		} if
	} def 
/FMLOCAL {
	FrameDict begin
	0 def 
	end 
	} def 
	/gstring FMLOCAL
	/gfile FMLOCAL
	/gindex FMLOCAL
	/orgxfer FMLOCAL
	/orgproc FMLOCAL
	/organgle FMLOCAL
	/orgfreq FMLOCAL
	FrameDict /graymode true put
	/yscale FMLOCAL
	/xscale FMLOCAL
	/PrintInColor systemdict /colorimage known def
PrintInColor 
	
	{
	/HUE 0 def
	/SAT 0 def
	/BRIGHT 0 def
	% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
	/Colors   
	[[0    0  ]    % black
	 [0    0  ]    % white
	 [0.00 1.0]    % red
	 [0.37 1.0]    % green
	 [0.60 1.0]    % blue
	 [0.50 1.0]    % cyan
	 [0.83 1.0]    % magenta
	 [0.16 1.0]    % comment
	 ] def
      
	/BEGINBITMAPCOLOR { 
		BITMAPCOLOR } def
	/BEGINBITMAPCOLORc { 
		BITMAPCOLORc } def
	/K { 
		Colors exch get dup
		0 get /HUE exch store 
		1 get /BRIGHT exch store
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} def
	/mysetgray { 
		/SAT exch 1.0 exch sub store 
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} bind def
	}
	
	{
	/BEGINBITMAPCOLOR { 
		BITMAPGRAY } def
	/BEGINBITMAPCOLORc { 
		BITMAPGRAYc } def
	/mysetgray { setgray } bind def
	/K { 
		pop
		} def
	}
ifelse
/max	{2 copy lt {exch} if pop} bind def
/min	{2 copy gt {exch} if pop} bind def
/mtx matrix defaultmatrix def
/setmanualfeed {
	 statusdict /manualfeed true put
	} def
/FMDOCUMENT { 
	array /FMfonts exch def
	/#copies exch def
	0 ne dup {setmanualfeed} if
	FrameDict begin
	/manualfeed exch def
	/paperheight exch def
	/paperwidth exch def
	setpapername
	manualfeed {true} {papersize} ifelse 
	{manualpapersize} {false} ifelse 
	{desperatepapersize} if
	/yscale exch def
	/xscale exch def
	currenttransfer cvlit /orgxfer exch def
	currentscreen cvlit /orgproc exch def
	/organgle exch def /orgfreq exch def
	end 
	} def 
	/pagesave FMLOCAL
	/orgmatrix FMLOCAL
	/landscape FMLOCAL
/FMBEGINPAGE {  
	FrameDict begin 
	/pagesave save def
	3.86 setmiterlimit
	/landscape exch 0 ne store
	landscape { 
		90 rotate 0 exch neg translate pop 
		}
		{ pop pop }
		ifelse
	xscale yscale scale
	/orgmatrix matrix def
	gsave 
	} def 
/FMENDPAGE {
	grestore 
	pagesave restore
	end 
	showpage
	} def 
	/fontname FMLOCAL
	/fontscale FMLOCAL
	/fontnum FMLOCAL
	/fontdict FMLOCAL
/FMDEFINEFONT {
	FrameDict begin
	/fontname exch def
	/fontscale exch def
	/fontnum exch def
	/fontdict fontname findfont fontscale scalefont def
	fontdict /Encoding get StandardEncoding eq
	{
		fontdict DiacriticEncode 
		/fontdict exch def
	} {
		fontdict NonDiacriticEncode
		/fontdict exch def
	} ifelse
	FMfonts fontnum
		fontnum fontdict definefont
	put
	end 
	} def 
/FMNORMALIZEGRAPHICS { 
	newpath
	0.0 0.0 moveto
	1 setlinewidth
	0 setlinecap
	0 mysetgray
	} bind def
/FMBEGINEPSF { 
	end 
	/FMEPSF save def
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall 
	fx fy translate 
	rotate
	fw urx llx sub div fh ury lly sub div scale 
	llx neg lly neg translate 
	} bind def
/FMENDEPSF {
	FMEPSF restore
	FrameDict begin 
	} bind def
FrameDict begin 
/pagedimen { 
	paperheight sub abs 16 lt exch 
	paperwidth sub abs 16 lt and
	{/papername exch def} {pop} ifelse
	} def
/inch {72 mul} def
/setpapername { 
	/papersizedict 14 dict def 
	papersizedict begin
	/papername /unknown def 
		/Letter 8.5 inch 11.0 inch pagedimen
		/LetterSmall 7.68 inch 10.16 inch pagedimen
		/Tabloid 11.0 inch 17.0 inch pagedimen
		/Ledger 17.0 inch 11.0 inch pagedimen
		/Legal 8.5 inch 14.0 inch pagedimen
		/Statement 5.5 inch 8.5 inch pagedimen
		/Executive 7.5 inch 10.0 inch pagedimen
		/A3 11.69 inch 16.5 inch pagedimen
		/A4 8.26 inch 11.69 inch pagedimen
		/A4Small 7.47 inch 10.85 inch pagedimen
		/B4 10.125 inch 14.33 inch pagedimen
		/B5 7.16 inch 10.125 inch pagedimen
	end
	} def
/papersize {
	papersizedict begin
		/Letter {lettertray} def
		/LetterSmall {lettertray lettersmall} def
		/Tabloid {11x17tray} def
		/Ledger {ledgertray} def
		/Legal {legaltray} def
		/Statement {statementtray} def
		/Executive {executivetray} def
		/A3 {a3tray} def
		/A4 {a4tray} def
		/A4Small {a4tray a4small} def
		/B4 {b4tray} def
		/B5 {b5tray} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	statusdict begin stopped end 
	} def
/manualpapersize {
	papersizedict begin
		/Letter {letter} def
		/LetterSmall {lettersmall} def
		/Tabloid {11x17} def
		/Ledger {ledger} def
		/Legal {legal} def
		/Statement {statement} def
		/Executive {executive} def
		/A3 {a3} def
		/A4 {a4} def
		/A4Small {a4small} def
		/B4 {b4} def
		/B5 {b5} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	stopped 
	} def
/desperatepapersize {
	statusdict /setpageparams known
		{
		paperwidth paperheight 0 1 
		statusdict begin
		{setpageparams} stopped pop 
		end
		} if
	} def
/savematrix {
	orgmatrix currentmatrix pop
	} bind def
/restorematrix {
	orgmatrix setmatrix
	} bind def
/dmatrix matrix def
/dpi    72 0 dmatrix defaultmatrix dtransform
    dup mul exch   dup mul add   sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq { pop 1 } if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/DiacriticEncoding [
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
] def
	/basefontdict FMLOCAL
	/newfontdict FMLOCAL
/DiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{dup /Encoding eq
			{exch pop DiacriticEncoding}
			{exch}
			ifelse
			newfontdict 3 1 roll put
			}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
/NonDiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{exch newfontdict 3 1 roll put}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
	/bwidth FMLOCAL
	/bpside FMLOCAL
	/bstring FMLOCAL
	/onbits FMLOCAL
	/offbits FMLOCAL
	/xindex FMLOCAL
	/yindex FMLOCAL
	/x FMLOCAL
	/y FMLOCAL
/setpattern {
	 /bwidth  exch def
	 /bpside  exch def
	 /bstring exch def
	 /onbits 0 def  /offbits 0 def
	 freq sangle landscape {90 add} if 
		{/y exch def
		 /x exch def
		 /xindex x 1 add 2 div bpside mul cvi def
		 /yindex y 1 add 2 div bpside mul cvi def
		 bstring yindex bwidth mul xindex 8 idiv add get
		 1 7 xindex 8 mod sub bitshift and 0 ne
		 {/onbits  onbits  1 add def 1}
		 {/offbits offbits 1 add def 0}
		 ifelse
		}
		setscreen
	 {} settransfer
	 offbits offbits onbits add div mysetgray
	/graymode false store
	} bind def
/grayness {
	mysetgray
	graymode not {
		/graymode true store
		orgxfer cvx settransfer
		orgfreq organgle orgproc cvx setscreen
		} if
	} bind def
/normalize {
	transform round exch round exch itransform
	} bind def
/dnormalize {
	dtransform round exch round exch idtransform
	} bind def
/lnormalize { 
	0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
	} bind def
/H { 
	lnormalize setlinewidth
	} bind def
/Z { 
	setlinecap
	} bind def
/X { 
	fillprocs exch get exec
	} bind def
/V { 
	gsave eofill grestore
	} bind def
/N { 
	stroke
	} bind def
/M {newpath moveto} bind def
/E {lineto} bind def
/D {curveto} bind def
/O {closepath} bind def
	/n FMLOCAL
/L { 
 	/n exch def
	newpath
	normalize
	moveto 
	2 1 n {pop normalize lineto} for
	} bind def
/Y { 
	L 
	closepath
	} bind def
	/x1 FMLOCAL
	/x2 FMLOCAL
	/y1 FMLOCAL
	/y2 FMLOCAL
	/rad FMLOCAL
/R { 
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	x1 y1
	x2 y1
	x2 y2
	x1 y2
	4 Y 
	} bind def
/RR { 
	/rad exch def
	normalize
	/y2 exch def
	/x2 exch def
	normalize
	/y1 exch def
	/x1 exch def
	newpath
	x1 y1 rad add moveto
	x1 y2 x2 y2 rad arcto
	x2 y2 x2 y1 rad arcto
	x2 y1 x1 y1 rad arcto
	x1 y1 x1 y2 rad arcto
	closepath
	16 {pop} repeat
	} bind def
/C { 
	grestore
	gsave
	R 
	clip
	} bind def
/U { 
	grestore
	gsave
	} bind def
/F { 
	FMfonts exch get
	setfont
	} bind def
/T { 
	moveto show
	} bind def
/RF { 
	rotate
	0 ne { -1 1 scale } if
	} bind def
/TF { 
	gsave
	moveto 
	RF
	show
	grestore
	} bind def
/P { 
	moveto
	0 32 3 2 roll widthshow
	} bind def
/PF { 
	gsave
	moveto 
	RF
	0 32 3 2 roll widthshow
	grestore
	} bind def
/S { 
	moveto
	0 exch ashow
	} bind def
/SF { 
	gsave
	moveto
	RF
	0 exch ashow
	grestore
	} bind def
/B { 
	moveto
	0 32 4 2 roll 0 exch awidthshow
	} bind def
/BF { 
	gsave
	moveto
	RF
	0 32 4 2 roll 0 exch awidthshow
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/dx FMLOCAL
	/dy FMLOCAL
	/dl FMLOCAL
	/t FMLOCAL
	/t2 FMLOCAL
	/Cos FMLOCAL
	/Sin FMLOCAL
	/r FMLOCAL
/W { 
	dnormalize
	/dy exch def
	/dx exch def
	normalize
	/y  exch def
	/x  exch def
	/dl dx dx mul dy dy mul add sqrt def
	dl 0.0 gt {
		/t currentlinewidth def
		savematrix
		/Cos dx dl div def
		/Sin dy dl div def
		/r [Cos Sin Sin neg Cos 0.0 0.0] def
		/t2 t 2.5 mul 3.5 max def
		newpath
		x y translate
		r concat
		0.0 0.0 moveto
		dl t 2.7 mul sub 0.0 rlineto
		stroke
		restorematrix
		x dx add y dy add translate
		r concat
		t 0.67 mul setlinewidth
		t 1.61 mul neg  0.0 translate
		0.0 0.0 moveto
		t2 1.7 mul neg  t2 2.0 div     moveto
		0.0 0.0 lineto
		t2 1.7 mul neg  t2 2.0 div neg lineto
		stroke
		t setlinewidth
		restorematrix
		} if
	} bind def
/G { 
	gsave
	newpath
	normalize translate 0.0 0.0 moveto 
	dnormalize scale 
	0.0 0.0 1.0 5 3 roll arc 
	closepath fill
	grestore
	} bind def
/A { 
	gsave
	savematrix
	newpath
	2 index 2 div add exch 3 index 2 div sub exch 
	normalize 2 index 2 div sub exch 3 index 2 div add exch 
	translate 
	scale 
	0.0 0.0 1.0 5 3 roll arc 
	restorematrix
	stroke
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/w FMLOCAL
	/h FMLOCAL
	/xx FMLOCAL
	/yy FMLOCAL
	/ww FMLOCAL
	/hh FMLOCAL
	/FMsaveobject FMLOCAL
	/FMoptop FMLOCAL
	/FMdicttop FMLOCAL
/BEGINPRINTCODE { 
	/FMdicttop countdictstack 1 add def 
	/FMoptop count 4 sub def 
	/FMsaveobject save def
	userdict begin 
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	3 index neg 3 index neg translate
	} bind def
/ENDPRINTCODE {
	count -1 FMoptop {pop pop} for 
	countdictstack -1 FMdicttop {pop end} for 
	FMsaveobject restore 
	} bind def
/gn { 
	0 
	{	46 mul 
		cf read pop 
		32 sub 
		dup 46 lt {exit} if 
		46 sub add 
		} loop
	add 
	} bind def
	/str FMLOCAL
/cfs { 
	/str sl string def 
	0 1 sl 1 sub {str exch val put} for 
	str def 
	} bind def
/ic [ 
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0
	{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
	{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
	{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
	{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
	{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
	{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
	{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
	{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
	{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
	] def
	/sl FMLOCAL
	/val FMLOCAL
	/ws FMLOCAL
	/im FMLOCAL
	/bs FMLOCAL
	/cs FMLOCAL
	/len FMLOCAL
	/pos FMLOCAL
/ms { 
	/sl exch def 
	/val 255 def 
	/ws cfs 
	/im cfs 
	/val 0 def 
	/bs cfs 
	/cs cfs 
	} bind def
400 ms 
/ip { 
	is 
	0 
	cf cs readline pop 
	{	ic exch get exec 
		add 
		} forall 
	pop 
	
	} bind def
/wh { 
	/len exch def 
	/pos exch def 
	ws 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/bl { 
	/len exch def 
	/pos exch def 
	bs 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/s1 1 string def
/fl { 
	/len exch def 
	/pos exch def 
	/val cf s1 readhexstring pop 0 get def
	pos 1 pos len add 1 sub {im exch val put} for
	pos len 
	} bind def
/hx { 
	3 copy getinterval 
	cf exch readhexstring pop pop 
	} bind def
	/h FMLOCAL
	/w FMLOCAL
	/d FMLOCAL
	/lb FMLOCAL
	/bitmapsave FMLOCAL
	/is FMLOCAL
	/cf FMLOCAL
/wbytes {  
	dup 
	8 eq { pop } { 1 eq { 7 add 8 idiv } { 3 add 4 idiv } ifelse } ifelse
	} bind def
/BEGINBITMAPBWc { 
	1 {} COMMONBITMAPc
	} bind def
/BEGINBITMAPGRAYc { 
	8 {} COMMONBITMAPc
	} bind def
/BEGINBITMAP2BITc { 
	2 {} COMMONBITMAPc
	} bind def
/COMMONBITMAPc { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	r                    
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} image 
	bitmapsave restore 
	grestore
	} bind def
/BEGINBITMAPBW { 
	1 {} COMMONBITMAP
	} bind def
/BEGINBITMAPGRAY { 
	8 {} COMMONBITMAP
	} bind def
/BEGINBITMAP2BIT { 
	2 {} COMMONBITMAP
	} bind def
/COMMONBITMAP { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	r                    
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } image
	bitmapsave restore 
	grestore
	} bind def
/Fmcc {
    /proc2 exch cvlit def
    /proc1 exch cvlit def
    /newproc proc1 length proc2 length add array def
    newproc 0 proc1 putinterval
    newproc proc1 length proc2 putinterval
    newproc cvx
} bind def
/colorsetup {
	currentcolortransfer
	/gryt exch def
	/blut exch def
	/grnt exch def
	/redt exch def
	/ngrayt 256 array def
	/nredt 256 array def
	/nbluet 256 array def
	/ngreent 256 array def
	0 1 255 {
		/indx exch def
		/cynu 1 red indx get 255 div sub def
		/magu 1 green indx get 255 div sub def
		/yelu 1 blue indx get 255 div sub def
		/k cynu magu min yelu min def
		/u k currentundercolorremoval exec def
		nredt indx 1 0 cynu u sub max sub redt exec put
		ngreent indx 1 0 magu u sub max sub grnt exec put
		nbluet indx 1 0 yelu u sub max sub blut exec put
		ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
	} for
	{255 mul cvi nredt exch get}
	{255 mul cvi ngreent exch get}
	{255 mul cvi nbluet exch get}
	{255 mul cvi ngrayt exch get}
	setcolortransfer
	{pop 0} setundercolorremoval
	{} setblackgeneration
	} bind def
/fakecolorsetup {
	/tran 256 string def
	0 1 255 { /ind exch def 
		tran ind
		red ind get 77 mul
		green ind get 151 mul
		blue ind get 28 mul
		add add 256 idiv put } for
	currenttransfer
	{ 255 mul cvi tran exch get 255.0 div }
	exch Fmcc settransfer
} bind def
/BITMAPCOLOR { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	colorsetup
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } {is} {is} true 3 colorimage 
	bitmapsave restore 
	grestore
	} bind def
/BITMAPCOLORc { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	colorsetup
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} {is} {is} true 3 colorimage
	bitmapsave restore 
	grestore
	} bind def
/BITMAPGRAY { 
	8 {fakecolorsetup} COMMONBITMAP
	} bind def
/BITMAPGRAYc { 
	8 {fakecolorsetup} COMMONBITMAPc
	} bind def
/ENDBITMAP {
	} bind def
end 
(2.0) FMVERSION
1 1  2 2  0 1 2 FMDOCUMENT
/fillprocs 32 array def
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 9 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<03060c183060c081> 8 1 setpattern } put
fillprocs 14 {<8040201008040201> 8 1 setpattern } put
fillprocs 15 {} put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 25 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
fillprocs 30 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 31 {} put
0 36 /Times-Roman FMDEFINEFONT
1 24 /Times-Roman FMDEFINEFONT
612 792 0 FMBEGINPAGE
0 0 612 792 C
0 0 612 792 R
7 X
0 K
V
41.89 42.3 571.11 740.71 R
V
4 H
2 Z
9 X
N
186.1 690.07 M
 302.17 703.69 302.17 703.69 422.01 671.01 D
 541.86 638.34 541.86 638.34 517.79 615.19 D
 493.73 592.05 493.73 592.05 442.3 587.97 D
 390.87 583.88 390.87 583.88 340.86 583.88 D
 290.85 583.88 290.85 583.88 254.04 596.82 D
 217.24 609.75 217.24 609.75 193.65 618.6 D
 170.06 627.45 170.06 627.45 174.78 658.76 D
 179.49 690.07 179.49 690.07 193.65 691.43 D
7 X
V
3 H
0 X
N
4 X
90 450 44.99 20.13 232.03 659.06 G
0.5 H
0 X
90 450 44.99 20.13 232.03 659.06 A
6 X
90 450 48.86 22.48 436.17 627.69 G
0 X
90 450 48.86 22.48 436.17 627.69 A
155.69 158.22 M
 159.61 168.1 159.61 168.1 190.96 194.43 D
 222.3 220.75 222.3 220.75 288.91 207.59 D
 355.52 194.43 355.52 194.43 406.46 184.55 D
 457.4 174.68 457.4 174.68 476.99 174.68 D
 496.58 174.68 496.58 174.68 476.99 151.64 D
 457.4 128.61 457.4 128.61 429.97 112.15 D
 402.55 95.7 402.55 95.7 355.52 102.28 D
 308.51 108.86 308.51 108.86 308.51 98.99 D
 308.51 89.11 308.51 89.11 226.22 85.82 D
 143.94 82.5 143.94 82.5 140.02 118.73 D
 136.1 154.93 136.1 154.93 143.94 151.64 D
 151.77 148.35 151.77 148.35 155.69 158.22 D
O
3 H
N
6 X
90 450 39.69 23.22 395.45 145.25 G
1 H
0 X
90 450 39.69 23.22 395.45 145.25 A
4 X
90 450 43.1 20.51 201.23 125.5 G
0 X
90 450 43.1 20.51 201.23 125.5 A
0 F
(AD) 272.44 147.18 T
(AD) 301.54 637.17 T
(b) 354.39 622.9 T
(a) 323.09 136.07 T
1 F
(b) 237.59 646.81 T
(H) 218.14 652.8 T
(a) 414.24 133.36 T
(H) 187.04 118.63 T
(b) 454.07 619.1 T
(ACS) 368.68 141.08 T
(a) 207.21 113.51 T
(ACS) 404.76 622.97 T
59.11 520.38 M
 63 515.92 63 515.92 58.63 478.27 D
 54.25 440.61 54.25 440.61 54.25 409.89 D
 54.25 379.16 54.25 379.16 77.1 375.7 D
 99.94 372.23 99.94 372.23 121.82 333.58 D
 143.69 294.92 143.69 294.92 211.26 320.69 D
 278.82 346.46 278.82 346.46 354.65 325.15 D
 430.48 303.85 430.48 303.85 477.14 313.76 D
 523.81 323.67 523.81 323.67 539.36 375.2 D
 554.93 426.73 554.93 426.73 554.93 463.4 D
 554.93 500.07 554.93 500.07 551.03 506.01 D
 547.14 511.96 547.14 511.96 516.03 510.47 D
 484.92 508.99 484.92 508.99 428.54 516.42 D
 372.15 523.85 372.15 523.85 309.93 508.99 D
 247.71 494.12 247.71 494.12 217.57 494.12 D
 187.44 494.12 187.44 494.12 174.8 519.89 D
 162.16 545.65 162.16 545.65 137.86 551.6 D
 113.55 557.55 113.55 557.55 84.39 541.2 D
 55.22 524.84 55.22 524.84 59.11 520.38 D
O
5 X
V
4 H
0 X
N
0 F
(Internet) 238.38 424.04 T
280.64 228.34 M
 363.36 256.99 363.36 256.99 298.06 274.27 D
 232.75 291.55 232.75 291.55 278.9 339.59 D
N
225.01 434.8 M
 225.01 463.15 225.01 463.15 291.62 463.15 D
 358.23 463.15 358.23 463.15 358.23 434.8 D
 358.23 406.45 358.23 406.45 291.62 406.45 D
 225.01 406.45 225.01 406.45 225.01 434.8 D
O
3 H
N
5 X
90 450 48.49 25.33 323.57 580.91 G
4 H
0 X
90 450 48.49 25.33 323.57 580.91 A
1 F
(GW) 299.42 573.9 T
(b) 335.74 565.77 T
5 X
90 450 45.05 24.79 282.15 213.17 G
0 X
90 450 45.05 24.79 282.15 213.17 A
(GW) 260.12 208.03 T
(a) 295.03 201.57 T
271.17 502.04 M
 201.56 513.62 201.56 513.62 237.88 522.3 D
 274.2 530.99 274.2 530.99 283.28 564.29 D
N
FMENDPAGE
%%EndDocument
 150 -150 a
 endTexFig
520 1471 a Fx(Figure)14 b(3.1:)j(Tw)o(o)c(ADs)h(participating)f(in)h
Fw(Visa)f Fx(proto)q(col)-90 1604 y(could)g(also)f(obtain)g
Fq(AC)s(S)319 1610 y Fp(b)336 1604 y Fx('s)g(address)i(via)e(a)g(name)g
(service)i(query)f([60)o(].)k(Alternativ)o(ely)m(,)12 b(VISA-REQUEST)h(ma)o
(y)e(b)q(e)j(sen)o(t)f(addressed)-90 1654 y(to)i Fq(H)-3 1660
y Fp(b)28 1654 y Fx(\(the)h(destination)f(end-system\).)22
b(This)14 b(is)h(p)q(ossible)h(b)q(ecause)g(visa-routers)g(are)g(required)g
(to)e(reroute)j Fw(al)r(l)d Fx(VISA-REQUEST)-90 1704 y(pac)o(k)o(ets)h(to)e
(one)i(of)e(the)h(lo)q(cal)f(A)o(CSs.)-28 1771 y(F)m(urthermore,)j(in)f(case)
h(of)f(no)g(previous)h(comm)o(unication)c(with)j Fq(AD)1093
1777 y Fp(b)1110 1771 y Fx(,)h Fq(AC)s(S)1227 1777 y Fp(a)1263
1771 y Fx(ma)o(y)d(c)o(ho)q(ose)j(to)g(sp)q(eed)h(up)e(the)h(setup)h(pro)q
(cess)g(a)-90 1821 y(little)g(b)o(y)g(including)f(its)h(certi\014cate,)i
Fq(C)s(E)r(RT)647 1827 y Fp(AC)r(S)718 1831 y Fk(a)756 1821
y Fx(with)e(the)h(VISA-REQUEST)f(pac)o(k)o(et.)29 b(This)17
b(w)o(ould)g(sa)o(v)o(e)g Fq(AC)s(S)1824 1827 y Fp(b)1858 1821
y Fx(the)h(need)g(to)-90 1871 y(request)d(this)f(certi\014cate)i(explicitly)d
(\(from)f(either)j Fq(AC)s(S)828 1877 y Fp(a)862 1871 y Fx(or)f(some)f(name)g
(serv)o(er\).)-90 2001 y Fr(3.6.1.2)48 b(En)o(try)15 b(Authorizatio)o(n)-90
2096 y Fx(When)f(a)g(VISA-REQUEST)g(reac)o(hes)i Fq(AD)607
2102 y Fp(b)624 2096 y Fx(,)d(the)i(in)o(terv)o(ening)e(visa-router,)h
Fq(GW)1229 2102 y Fp(b)1246 2096 y Fx(,)f(forw)o(ards)h(it)f(to)h(one)g(of)f
(the)i(lo)q(cal)e(A)o(CSs,)h Fq(AC)s(S)2039 2102 y Fp(b)2056
2096 y Fx(.)-28 2163 y(First,)i Fq(AC)s(S)176 2169 y Fp(b)208
2163 y Fx(v)o(eri\014es)g(that)f Fq(H)474 2169 y Fp(b)506 2163
y Fx(indicated)g(in)g(the)g(VISA-REQUEST)h(is)f(in)g(fact)g(an)g(end-system)h
(in)f Fq(AD)1710 2169 y Fp(b)1727 2163 y Fx(.)22 b(This)15
b(is)g(necessary)-90 2213 y(in)j(order)g(to)g(minim)o(ize)e(time)g(sp)q(en)o
(t)j(on)f(p)q(oten)o(tially)f(malform)o(ed)f(VISA-REQUESTs.)31
b(Next,)19 b(b)q(efore)g(pro)q(ceeding)g(to)f(authorize)-90
2263 y(the)e(connection)g Fq(AC)s(S)281 2269 y Fp(b)313 2263
y Fx(has)g(to)f(v)n(alidate)g(the)h(VISA-REQUEST.)f(In)h(order)g(to)f(authen)
o(ticate)h(its)g(con)o(ten)o(ts)g(\(i.e.,)f(re-compute)g(the)-90
2313 y(signature\),)g Fq(AC)s(S)208 2319 y Fp(b)240 2313 y
Fx(needs)h(the)f(public)g(k)o(ey)g(of)f Fq(AC)s(S)765 2319
y Fp(a)785 2313 y Fx(,)h Fq(E)r(K)880 2319 y Fp(AC)r(S)951
2323 y Fk(a)972 2313 y Fx(.)21 b(T)m(o)14 b(obtain)g(this)h(k)o(ey)g
Fq(AC)s(S)1444 2319 y Fp(b)1475 2313 y Fx(has)g(to)g(kno)o(w)f(the)i(AD)e
(iden)o(ti\014er)i(of)-90 2363 y Fq(AC)s(S)-1 2369 y Fp(a)34
2363 y Fx(\(i.e.,)d Fq(AD)194 2369 y Fp(a)214 2363 y Fx(\),)h(whic)o(h)h(is)f
(not)g(included)h(in)f(the)h(VISA-REQUEST.)f(Ho)o(w)o(ev)o(er,)g
Fq(AC)s(S)1391 2369 y Fp(b)1423 2363 y Fx(can)g(query)h(its)f(name)g(service)
h(with)f Fq(H)2050 2369 y Fp(a)-90 2412 y Fx(\(whic)o(h)g(is)g(part)g(of)f
(VISA-REQUEST\))i(and)e(obtain)h Fq(AD)847 2418 y Fp(b)864
2412 y Fx(,)f Fq(AC)s(S)978 2418 y Fp(b)1009 2412 y Fx(and)g
Fq(E)r(K)1157 2418 y Fp(AC)r(S)1228 2422 y Fk(a)1249 2412 y
Fx(.)-28 2480 y(With)j(the)g(help)h(of)e Fq(E)r(K)365 2486
y Fp(AC)r(S)436 2490 y Fk(a)473 2480 y Fq(AC)s(S)562 2486 y
Fp(b)595 2480 y Fx(can)h(re-compute)g(the)h(signature)f(of)g(the)h
(VISA-REQUEST)f(and)g(v)o(erify)g(b)q(oth)g(its)g(origin)-90
2530 y(and)d(data)g(in)o(tegrit)o(y)m(.)k(Timeliness)c(an)g(uniqueness)h(of)f
(the)h(VISA-REQUEST)g(is)g(inferred)g(from)e(the)i(enclosed)g(timestamp,)d
Fq(T)6 b(S)1983 2536 y Fp(a)2017 2530 y Fx(\(as)-90 2580 y(describ)q(ed)16
b(in)d(Section)h(2.2.3\).)2028 2770 y(28)p eop
%%Page: 29 4
bop -28 -108 a Fx(Next,)15 b Fq(AC)s(S)175 -102 y Fp(b)206
-108 y Fx(authorizes)g(comm)o(unicatio)o(n)d(b)q(et)o(w)o(een)j
Fq(H)890 -102 y Fp(a)924 -108 y Fx(and)f Fq(H)1040 -102 y Fp(b)1057
-108 y Fx(.)19 b(AS)14 b(b)q(efore,)h(this)f(step)h(is)f(dep)q(enden)o(t)i
(on)f Fq(AD)1829 -102 y Fp(b)1846 -108 y Fx('s)f(p)q(olicy)m(.)k(A)o(t)-90
-69 y(last,)13 b(when)i(comm)o(uni)o(cation)c(is)j(authorized,)g
Fq(AC)s(S)746 -63 y Fp(b)776 -69 y Fx(issues)h(a)f(fresh)h(visa)e(in)g(a)h
(form)e(of)h(a)h(VISA)g(pac)o(k)o(et.)258 2 y Fh(V)8 b(I)s(S)r(A)g
Fg(\000)h Fh(GRAN)t(T)14 b Fi(=)c([)p Fh(H)621 6 y Fm(a)640
2 y Fh(;)c(H)685 8 y Fm(b)700 2 y Fh(;)g(auth)i Fg(\000)g Fh(ty)q(pe;)f(T)e
(S)960 6 y Fm(a)978 2 y Fh(;)h(E)r(xpir)q(ation;)f(C)r(onditions;)i
Fi(\()p Fh(S)1414 -12 y Fm(a)1412 12 y(b)1433 2 y Fi(\))1447
-12 y Fm(E)q(K)1496 -6 y Fk(AC)q(S)1558 -2 y(a)1580 2 y Fi(])1590
-15 y Fm(D)q(K)1642 -9 y Fk(AC)q(S)1704 -2 y(b)-90 2 y Fi(\(3.4\))-90
76 y Fx(Since)14 b(the)h(structure)h(of)d(a)g Fw(VISA-GRANT)h
Fx(pac)o(k)o(et)g(is)g(crucial)g(to)f(the)i(securit)o(y)g(of)e(the)h(proto)q
(col,)f(w)o(e)h(no)o(w)g(consider)h(the)f(individual)-90 126
y(pac)o(k)o(et)g(\014elds)h(in)e(more)g(detail:)-28 227 y Fu(\017)21
b Fq(H)49 233 y Fp(a)68 227 y Fq(;)7 b(H)122 233 y Fp(b)150
227 y Fx(are)12 b(the)g(t)o(w)o(o)f(end-systems)h(that)g(are)g(authorized)g
(to)f(use)i(this)f(visa.)k(In)c(order)g(to)g(asso)q(ciate)g(pac)o(k)o(ets)h
(with)e(a)g(particular)14 277 y(connection,)j(visa-routers)g
Fq(GW)530 283 y Fp(a)564 277 y Fx(and)g Fq(GW)717 283 y Fp(b)733
277 y Fx(,)g(need)h(these)g(end-system)f(addresses)i(to)e(lo)q(cate)g(the)g
(appropriate)g(visa-k)o(ey)m(.)-28 360 y Fu(\017)21 b Fw(auth-typ)n(e)14
b Fx(denotes)h(the)g(signature)f(metho)q(d)f(to)h(b)q(e)g(used)h(for)f(pac)o
(k)o(et)g(signature)g(computation.)-28 443 y Fu(\017)21 b Fq(S)41
428 y Fp(a)39 455 y(b)77 443 y Fx(is)15 b(the)h(so-called)f
Fw(visa-key)p Fx(.)22 b(It)15 b(is)g(subsequen)o(tly)i(used)f(to)f(compute)g
(pac)o(k)o(et)g(signatures)h(for)f(tra\016c)h(\015o)o(wing)e(b)q(et)o(w)o
(een)i Fq(H)2050 449 y Fp(a)14 493 y Fx(and)f Fq(H)131 499
y Fp(b)147 493 y Fx(.)21 b(Dep)q(ending)15 b(on)f(the)i(signature)f(metho)q
(d,)f Fq(S)892 478 y Fp(a)890 504 y(b)928 493 y Fx(ma)o(y)f(b)q(e)i(an)g
(encryption)g(k)o(ey)g(\(as)h(in)e(DES-based)h(MA)o(C\))g(or)g(a)g(secret)14
542 y(pre\014x/su\016x)i(for)g(use)h(in)f(conjunction)g(with)g(MD4.)27
b(\(See)18 b(App)q(endix)g(A\).)f(Because)i(a)e(visa-k)o(ey)f(has)i(to)f(b)q
(e)g(k)o(ept)h(secret)h(to)14 592 y(prev)o(en)o(t)c(in)o(terception)f(b)o(y)g
(p)q(oten)o(tial)f(in)o(truders,)i(it)e(is)h(encrypted)h(with)f
Fq(AC)s(S)1273 598 y Fp(a)1307 592 y Fx(public)g(k)o(ey)m(.)-28
675 y Fu(\017)21 b Fq(T)6 b(S)69 681 y Fp(a)104 675 y Fx(is)14
b(the)h(timestamp)c(assigned)k(to)f(the)h(visa)f(b)o(y)g Fq(AC)s(S)943
681 y Fp(a)977 675 y Fx(and)g Fw(appr)n(ove)n(d)h Fx(b)o(y)f
Fq(AC)s(S)1377 681 y Fp(b)1394 675 y Fx(.)19 b(It)14 b(is)h(used)g(primarily)
c(as)k(a)f Fw(nonc)n(e)h Fx([67)o(],)14 725 y(i.e.,)d(a)i(unique,)f(hereto)i
(un)o(used,)f(visa)g(iden)o(ti\014er.)-28 808 y Fu(\017)21
b Fx(Expiration)13 b(indicates)h(the)h(condition\(s\))e(for)h(the)g
(termination)f(of)g(a)g(visa.)18 b(Ma)o(y)13 b(b)q(e)i(expressed)h(as)e(an)o
(y)f(com)o(bination)f(of:)97 875 y(maxim)n(um)e(lifetime)h(of)j(a)f(visa)h
(\(e.g.,)e(in)i(msec\))97 941 y(maxim)n(um)c(inactivit)o(y)i(p)q(erio)q(d)97
1007 y(maxim)n(um)e(n)o(um)o(b)q(er)j(of)g(pac)o(k)o(ets)97
1074 y(maxim)n(um)d(amoun)o(t)i(of)h(data)g(transferred)j(\(e.g.,)d(in)g(Kb)o
(ytes\))-28 1157 y Fu(\017)21 b Fx(The)14 b(Conditions)f(\014eld)h(can)g(b)q
(e)h(used)g(to)e(express)j(the)e(visa)g(usage)g(conditions,)f(e.g.:)97
1223 y(T)o(yp)q(e)h(of)f(Service)97 1290 y(User)i(Class)97
1356 y(Higher-lev)o(el)e(proto)q(col,)h(etc.)-90 1486 y Fr(3.6.1.3)48
b(Visa)15 b(Distribut)o(i)o(on)-90 1581 y Fx(After)20 b(en)o(try)g
(authorization)f(is)g(obtained)g(and)g(the)h(new)g(visa)f(is)g(issued,)i
Fq(AC)s(S)1244 1587 y Fp(b)1280 1581 y Fx(forw)o(ards)f(the)g(VISA-GRANT)e
(pac)o(k)o(et)i(to)f(the)-90 1631 y(requesting)13 b Fq(AC)s(S)197
1637 y Fp(a)217 1631 y Fx(.)18 b(A)12 b(VISA-GRANT)f(also)h(has)g(to)g(b)q(e)
h(sen)o(t)g(to)f Fq(GW)1035 1637 y Fp(b)1063 1631 y Fx(so)g(it)g(can)g(pro)q
(cess)i(en)o(tering)f(pac)o(k)o(ets)g(accordingly)m(.)j(Ho)o(w)o(ev)o(er,)-90
1680 y(in)h(the)i(original)d(VISA-GRANT)h(pac)o(k)o(et,)i Fq(S)653
1665 y Fp(a)651 1692 y(b)692 1680 y Fx(is)f(encrypted)h(with)f
Fq(E)r(K)1101 1686 y Fp(AC)r(S)1172 1690 y Fk(a)1210 1680 y
Fx(to)g(main)o(tain)d(its)j(secrecy)m(.)32 b(Since)18 b Fq(D)q(K)1854
1686 y Fp(AC)r(S)1925 1690 y Fk(a)1964 1680 y Fx(is)g(not)-90
1730 y(kno)o(wn)12 b(to)g Fq(GW)161 1736 y Fp(b)178 1730 y
Fx(,)g Fq(AC)s(S)291 1736 y Fp(b)320 1730 y Fx(has)g(to)g(create)i(a)e
(di\013eren)o(t)h(cop)o(y)g(of)e(a)h(VISA-GRANT)g(for)g(deliv)o(ery)g(to)h
Fq(GW)1551 1736 y Fp(b)1579 1730 y Fx(where)h Fq(S)1725 1715
y Fp(a)1723 1742 y(b)1758 1730 y Fx(is)e(encrypted)i(with)-90
1780 y Fq(E)r(K)-22 1786 y Fp(AC)r(S)49 1790 y Fk(b)67 1780
y Fx(.)k(Up)q(on)c(receipt)h(of)e(the)i(VISA-GRANT,)e Fq(GW)832
1786 y Fp(b)862 1780 y Fx(creates)j(a)d(new)i(en)o(try)f(in)g(its)f
(visa-table.)-28 1848 y(When)h Fq(AC)s(S)182 1854 y Fp(a)216
1848 y Fx(receiv)o(es)i(a)e(VISA-GRANT)f(pac)o(k)o(et,)h(it)f(has)h(to)g(c)o
(hec)o(k)h(sev)o(eral)f(conditions:)-28 1949 y Fu(\017)21 b
Fx(First,)d Fq(AC)s(S)220 1955 y Fp(a)257 1949 y Fx(v)o(eri\014es)g(that)f
Fq(H)527 1955 y Fp(a)546 1949 y Fx(,)h Fq(H)611 1955 y Fp(b)644
1949 y Fx(and)f Fq(T)6 b(S)783 1955 y Fp(a)820 1949 y Fx(are)18
b(indeed)f(the)h(same)e(v)n(alues)h(that)g(w)o(ere)h(used)g(in)f(the)g
(VISA-REQUEST)14 1998 y(pac)o(k)o(et.)-28 2081 y Fu(\017)k
Fx(Next,)15 b(the)h(in)o(tegrit)o(y)e(of)g(the)i(VISA-GRANT)e(pac)o(k)o(et)i
(has)f(to)g(b)q(e)g(v)o(eri\014ed.)22 b Fq(AC)s(S)1344 2087
y Fp(a)1379 2081 y Fx(can)16 b(do)e(so)h(b)o(y)g(re-computing)f(the)i(pac)o
(k)o(et)14 2131 y(signature)e(with)g Fq(E)r(K)357 2137 y Fp(AC)r(S)428
2141 y Fk(b)445 2131 y Fx(.)457 2116 y Ft(3)-28 2214 y Fu(\017)21
b Fx(Finally)m(,)11 b(the)k(authen)o(tication)e(t)o(yp)q(e)i(and)e(the)i
(expiration)e(conditions)h(are)g(c)o(hec)o(k)o(ed)h(for)f(recognizabilit)o(y)
f(and)g(consistency)m(.)-90 2315 y(When)j(the)h(VISA-GRANT)f(pac)o(k)o(et)h
(is)f(v)n(alidated,)f Fq(AC)s(S)852 2321 y Fp(a)888 2315 y
Fx(noti\014es)i(its)f(visa-router,)h Fq(GW)1390 2321 y Fp(a)1426
2315 y Fx(via)e(a)h(VISA-GRANT)g(pac)o(k)o(et,)h(where)-90
2365 y Fq(S)-63 2350 y Fp(a)-65 2377 y(b)-26 2365 y Fx(is)f(encrypted)i(with)
e Fq(E)r(K)378 2371 y Fp(AC)r(S)449 2375 y Fk(a)486 2365 y
Fx(and)g(the)h(en)o(tire)g(pac)o(k)o(et)f(is)g(signed)h(with)e
Fq(D)q(K)1234 2371 y Fp(AC)r(S)1305 2375 y Fk(a)1343 2365 y
Fx(instead)h(of)g Fq(D)q(K)1608 2371 y Fp(AC)r(S)1679 2375
y Fk(b)1697 2365 y Fx(.)1709 2350 y Ft(4)1753 2365 y Fx(On)g(receipt)i(of)d
(the)-90 2415 y(VISA-GRANT,)g Fq(GW)279 2421 y Fp(a)315 2415
y Fx(installs)g(the)i(new)f(en)o(try)h(in)e(its)h(visa-table)g(and)g(b)q
(ecomes)g(ready)g(to)g(pass)h(pac)o(k)o(ets)f(b)q(et)o(w)o(een)i
Fq(H)1889 2421 y Fp(a)1924 2415 y Fx(and)e Fq(H)2042 2421 y
Fp(b)2058 2415 y Fx(.)-90 2465 y(The)e(VISA-GRANT)g(pac)o(k)o(et)g(sen)o(t)h
(to)e Fq(H)581 2471 y Fp(a)615 2465 y Fx(is)h(similar)d(sa)o(v)o(e)j(for)g
Fq(S)973 2450 y Fp(a)971 2476 y(b)1007 2465 y Fx(whic)o(h)g(is)g(encrypted)i
(with)d Fq(K)1490 2471 y Fp(H)1517 2475 y Fk(a)1538 2465 y
Fx(.)p -90 2549 864 2 v -44 2575 a Fj(3)-26 2587 y Fi(F)m(reshness)c(and)i
(uniqueness)e(of)i(the)g(VISA-GRANT)h(pac)o(k)o(et)e(is)i(eviden)o(t)d(from)i
(the)f(presence)g(in)h(it)g(of)g Fh(T)5 b(S)1438 2591 y Fm(a)1457
2587 y Fi(.)-44 2615 y Fj(4)-26 2627 y Fi(The)11 b(assumption)e(is)i(that)g
Fh(GW)405 2631 y Fm(a)436 2627 y Fi(and)g Fh(AC)r(S)579 2631
y Fm(a)611 2627 y Fi(share)f(the)h(same)f(public/priv)n(a)o(te)f(k)o(ey)h
(pair.)2028 2770 y Fx(29)p eop
%%Page: 30 5
bop -90 -108 a Fr(3.6.1.4)48 b(Setup)14 b(Summary)-90 -14 y
Fx(In)g(summary)m(,)c(the)15 b(setup)g(phase)f(in)o(v)o(olv)o(es)f(the)i
(follo)o(wing)c(steps:)953 -29 y Ft(5)-39 82 y Fx(1.)20 b Fq(H)49
88 y Fp(a)80 82 y Fx(=)-7 b Fu(\))11 b Fq(AC)s(S)247 88 y Fp(a)279
82 y Fx(:)g Fq(H)s(O)q(S)r(T)16 b Fu(\000)10 b Fq(RE)r(QU)5
b(E)r(S)r(T)-39 163 y Fx(2.)20 b Fq(AC)s(S)103 169 y Fp(a)135
163 y Fx(=)-7 b Fu(\))11 b Fq(AC)s(S)302 169 y Fp(b)330 163
y Fx(:)h Fq(V)d(I)s(S)r(A)i Fu(\000)e Fq(RE)r(QU)c(E)r(S)r(T)-39
244 y Fx(3.)20 b Fq(AC)s(S)103 250 y Fp(b)131 244 y Fx(=)-7
b Fu(\))12 b Fq(GW)282 250 y Fp(b)310 244 y Fx(:)f Fq(V)e(I)s(S)r(A)i
Fu(\000)e Fq(GRAN)c(T)661 229 y Fp(GW)718 233 y Fk(b)-39 325
y Fx(4.)20 b Fq(AC)s(S)103 331 y Fp(b)131 325 y Fx(=)-7 b Fu(\))12
b Fq(AC)s(S)299 331 y Fp(a)330 325 y Fx(:)g Fq(V)d(I)s(S)r(A)i
Fu(\000)e Fq(GRAN)c(T)682 310 y Fp(AC)r(S)753 314 y Fk(a)-39
406 y Fx(5.)20 b Fq(AC)s(S)103 412 y Fp(a)135 406 y Fx(=)-7
b Fu(\))11 b Fq(GW)285 412 y Fp(a)316 406 y Fx(:)h Fq(V)d(I)s(S)r(A)i
Fu(\000)e Fq(GRAN)c(T)668 390 y Fp(GW)725 394 y Fk(a)-39 486
y Fx(6.)20 b Fq(AC)s(S)103 492 y Fp(a)135 486 y Fx(=)-7 b Fu(\))11
b Fq(H)248 492 y Fp(a)279 486 y Fx(:)g Fq(V)f(I)s(S)r(A)g Fu(\000)g
Fq(GRAN)5 b(T)631 471 y Fp(H)658 475 y Fk(a)-90 583 y Fx(In)15
b(the)g(description)h(ab)q(o)o(v)o(e,)e Fq(V)9 b(I)s(S)r(A)j
Fu(\000)e Fq(GRAN)5 b(T)709 568 y Fp(P)751 583 y Fx(denotes)16
b(the)f Fw(Visa)g Fx(pac)o(k)o(et)g(where)h Fq(S)1350 568 y
Fp(a)1348 594 y(b)1386 583 y Fx(is)e(encrypted)j(for)d(the)i(principal)e
Fq(P)20 b Fx(\(e.g.,)-90 632 y Fq(GW)-18 638 y Fp(a)2 632 y
Fx(\))13 b(with)h(a)f(k)o(ey)g(whic)o(h)h(is)f(either)h Fq(P)6
b Fx('s)13 b(public)g(k)o(ey)m(,)g(or)g(a)g(k)o(ey)h(shared)g(among)e(the)i
(sender)h(and)e Fq(P)6 b Fx(.)17 b(All)c(other)h(\014elds)g(are)g(the)g(same)
-90 682 y(for)g(all)e Fq(V)e(I)s(S)r(A)g Fu(\000)g Fq(GRAN)5
b(T)360 667 y Fp(P)387 682 y Fx(-s.)-28 750 y(Of)14 b(all)f(the)i(messages)f
(exc)o(hanged)g(during)g(the)h(setup)g(phase,)f(those)h(in)e(steps)j(\(2\))e
(and)f(\(4\))h(are)h(of)e(particular)h(imp)q(ortance)f(since)-90
800 y(they)h(cross)h(AD)f(b)q(oundaries)g(and)g(are,)g(therefore,)h(sub)r
(ject)g(to)f(m)o(uc)o(h)f(greater)i(exp)q(osure.)-90 937 y
Fv(3.6.2)55 b(P)n(ac)n(k)n(et)20 b(F)-5 b(orw)n(arding)-90
1032 y Fx(When)21 b(the)g(setup)g(phase)h(is)e(completed,)h
Fq(H)657 1038 y Fp(a)697 1032 y Fx(can)g(b)q(egin)f(comm)o(unication.)35
b(Eac)o(h)21 b(pac)o(k)o(et)g(that)f Fq(H)1602 1038 y Fp(a)1642
1032 y Fx(sends)i(to)f Fq(H)1853 1038 y Fp(b)1889 1032 y Fx(has)g(to)f(b)q(e)
-90 1082 y(accompanied)11 b(b)o(y)h(a)f(visa-stamp.)16 b(Ho)o(w)o(ev)o(er,)d
(it)e(is)h(not)g(enough)g(to)g(simply)e(sign)i(the)g(pac)o(k)o(et.)18
b(The)13 b(reason)f(for)g(this)g(is)g(t)o(w)o(ofold.)k(First,)-90
1132 y(the)d(proto)q(col)e(ma)o(y)f(need)j(to)f(supp)q(ort)h(m)o(ultiple)c
(visas)j(for)g(the)g(same)f(end-system)i(pair.)j(Therefore,)e(a)d
(visa-router)h(can)h(not)e(uniquely)-90 1181 y(iden)o(tify)i(an)h(en)o(try)g
(in)f(its)h(table)g(using)g(only)f(the)h(t)o(w)o(o)g(end-system)g(addresses.)
20 b(F)m(or)13 b(this)h(reason,)g Fq(T)6 b(S)1553 1187 y Fp(a)1587
1181 y Fx(and)14 b Fq(T)6 b(S)1723 1187 y Fp(b)1754 1181 y
Fx(are)14 b(included)g(with)-90 1231 y(eac)o(h)f(pac)o(k)o(et.)18
b(Second,)13 b(since)g(one)g(of)f(the)h(proto)q(col)f(goals)g(is)g(the)h
(detection)g(of)f Fw(stale)p Fx(,)g(\(or)h(p)q(oten)o(tially)e(repla)o(y)o
(ed\))i(pac)o(k)o(ets,)g Fq(H)1939 1237 y Fp(a)1971 1231 y
Fx(needs)-90 1281 y(to)g(attac)o(h)g(a)g(timestamp)e(to)i(eac)o(h)g(pac)o(k)o
(et.)19 b(In)13 b(this)g(con)o(text,)g(a)g(regular)g(\(non-visa\))g(pac)o(k)o
(et)h(is)f(comp)q(osed)f(of)h(a)g(data)g(segmen)o(t)f(and)h(a)-90
1331 y(net)o(w)o(ork-la)o(y)o(er)h(header.)-28 1394 y(A)g(visa-stamp)e(is)i
(computed)g(as:)523 1475 y Fo(V)9 b(I)s(S)r(A)g Fl(\000)f Fo(S)r(T)d(AM)t(P)
17 b Fn(=)10 b Fo(F)5 b Fn(\([)p Fo(H)s(E)r(AD)q(E)r(R;)h(D)q(AT)f(A;)h(T)f
(S)1323 1479 y Fm(H)1348 1483 y Fk(a)1370 1475 y Fn(])p Fo(;)g(S)1422
1457 y Fm(a)1420 1482 y(b)1442 1475 y Fn(\))-1547 b(\(3.5\))-90
1560 y Fx(where)20 b Fq(F)25 b Fx(is)19 b(the)h(signature)g(function)f
(determined)g(b)o(y)h(the)f Fw(auth-typ)n(e)h Fx(agreed)g(to)f(during)g(the)h
(setup)h(phase)f(and)f Fq(T)6 b(S)1898 1566 y Fp(H)1925 1570
y Fk(a)1965 1560 y Fx(is)19 b(the)-90 1610 y(timestamp)12 b(assigned)i(to)g
(the)h(pac)o(k)o(et)g(b)o(y)e Fq(H)626 1616 y Fp(a)646 1610
y Fx(.)19 b Fq(T)6 b(S)732 1616 y Fp(H)759 1620 y Fk(a)794
1610 y Fx(m)o(ust)13 b(b)q(e)i(unique,)e(i.e.,)g(no)h(t)o(w)o(o)g(pac)o(k)o
(ets)h(should)f(carry)g(the)h(same)e(timestamp)-90 1660 y(\(for)h(a)f(giv)o
(en)h(connection\).)-28 1723 y(The)h(resulting)f(data)f(pac)o(k)o(et)h(has)g
(the)h(follo)o(wing)c(form)h(\(see)k(also)d(Figure)h(3.2\):)417
1804 y Fo(D)q(AT)5 b(A)k Fl(\000)f Fo(P)d(AC)s(K)s(E)r(T)16
b Fn(=)10 b([)p Fo(H)s(E)r(AD)q(E)r(R;)c(D)q(AT)f(A;)h(V)j(I)s(S)r(A)g
Fl(\000)f Fo(S)r(T)d(AM)t(P)q(;)i(T)e(S)1532 1808 y Fm(a)1552
1804 y Fn(])-1653 b(\(3.6\))-90 2019 y Fr(3.6.2.1)48 b(Exiting)14
b Fq(AD)326 2025 y Fp(a)-90 2113 y Fx(As)i(describ)q(ed)h(in)e(Section)g
(3.3,)f(when)i(a)f(pac)o(k)o(et)h(with)f(an)g(attac)o(hed)g(visa-stamp)f
(arriv)o(es)i(at)f Fq(GW)1508 2119 y Fp(a)1543 2113 y Fx(it)g(has)g(to)g
(demonstrate)g(autho-)-90 2163 y(rization)e(to)h(lea)o(v)o(e)g
Fq(AD)281 2169 y Fp(a)315 2163 y Fx(as)g(w)o(ell)f(as)h(authen)o(ticit)o(y)g
(and)g(freshness)i(of)d(its)h(con)o(ten)o(ts.)-28 2231 y Fq(GW)44
2237 y Fp(a)78 2231 y Fx(c)o(hec)o(ks)i(the)f(\014rst)g(condition)e(b)o(y)h
(indexing)g(its)g(visa-table)f(with)h(the)h([)p Fq(T)6 b(S)1253
2237 y Fp(a)1273 2231 y Fq(;)h(H)1327 2237 y Fp(a)1346 2231
y Fq(;)g(H)1400 2237 y Fp(b)1416 2231 y Fx(])14 b(tuple.)19
b(Successful)c(lo)q(ok-up)f(indicates)-90 2281 y(the)19 b(existence)h(of)d
(exit)h(authorization)f(b)o(y)h Fq(AC)s(S)715 2287 y Fp(a)736
2281 y Fx(.)30 b(Next,)20 b(the)e(freshness)i(of)e(the)h(pac)o(k)o(et)f(is)g
(v)o(eri\014ed)h(b)o(y)f(comparing)e(the)j(pac)o(k)o(et)-90
2330 y(timestamp,)13 b Fq(T)6 b(S)184 2336 y Fp(H)211 2340
y Fk(a)248 2330 y Fx(with)15 b(the)h(stored)h(timestamp)c(of)i(the)h(last)g
(\(previous\))g(data)f(pac)o(k)o(et)h(that)g(used)g(the)g(same)f(visa)g
(\(this)h(v)n(alue)f(is)-90 2388 y(referred)f(to)e(as)h Fq(T)191
2367 y Ft(\()p Fp(a;b)p Ft(\))185 2401 y Fp(last)261 2388 y
Fx(\).)18 b(Finally)m(,)10 b Fq(GW)527 2394 y Fp(a)559 2388
y Fx(re-computes)j(the)g(pac)o(k)o(et)g(signature)f(and)g(compares)g(it)g(to)
h(the)g(visa-stamp)d(attac)o(hed)j(to)f(the)-90 2438 y(pac)o(k)o(et.)18
b(If)c(the)g(t)o(w)o(o)g(v)n(alues)f(matc)o(h,)g Fq(GW)581
2444 y Fp(a)614 2438 y Fx(can)i(safely)e(conclude)i(that)f(the)g(pac)o(k)o
(et)g(con)o(ten)o(ts)h(are)g(authen)o(tic.)-28 2506 y(The)d(order)f(in)f
(whic)o(h)h(these)h(c)o(hec)o(ks)h(are)e(p)q(erformed)f(is)h(not)g(arbitrary)
m(.)16 b(In)11 b(particular,)g(the)g(reason)h(for)e(v)o(erifying)g(pac)o(k)o
(et)h(freshness)-90 2556 y(b)q(efore)17 b(v)n(alidating)d(a)i(pac)o(k)o(et)g
(signature)h(has)f(to)g(do)g(with)g(the)h(cost)g(of)e(the)i(latter)f(op)q
(eration.)25 b(Naturally)m(,)15 b(for)h Fw(authentic)h Fx(pac)o(k)o(ets,)p
-90 2631 864 2 v -44 2658 a Fj(5)-26 2670 y Fi(The)11 b(notation)e
Fh(A)h Fi(=)-6 b Fg(\))11 b Fh(B)g Fi(:)f Fh(P)5 b(AC)r(K)r(E)r(T)17
b Fi(means)10 b Ff("A)j(sends)g(P)m(A)o(CKET)g(to)g(B)g(")p
Fi(.)2028 2770 y Fx(30)p eop
%%Page: 31 6
bop 225 -150 a
 23681433 18945146 0 0 40258437 52099153 startTexFig
225 -150 a
%%BeginDocument: vdata.ps
/FMversion (2.0) def 
/FrameDict 170 dict def 
systemdict /errordict known not { /errordict 10 dict def
		errordict /rangecheck { stop } put } if
FrameDict /tmprangecheck errordict /rangecheck get put 
errordict /rangecheck {FrameDict /bug true put} put 
FrameDict /bug false put 
mark 
currentfile 5 string readline
00
0000000000
cleartomark 
errordict /rangecheck FrameDict /tmprangecheck get put 
FrameDict /bug get { 
	/readline {
		/gstring exch def
		/gfile exch def
		/gindex 0 def
		{
			gfile read pop 
			dup 10 eq {exit} if 
			dup 13 eq {exit} if 
			gstring exch gindex exch put 
			/gindex gindex 1 add def 
		} loop
		pop 
		gstring 0 gindex getinterval true 
		} def
	} if
/FMVERSION {
	FMversion ne {
		/Times-Roman findfont 18 scalefont setfont
		100 100 moveto
		(FrameMaker version does not match postscript_prolog!)
		dup =
		show showpage
		} if
	} def 
/FMLOCAL {
	FrameDict begin
	0 def 
	end 
	} def 
	/gstring FMLOCAL
	/gfile FMLOCAL
	/gindex FMLOCAL
	/orgxfer FMLOCAL
	/orgproc FMLOCAL
	/organgle FMLOCAL
	/orgfreq FMLOCAL
	FrameDict /graymode true put
	/yscale FMLOCAL
	/xscale FMLOCAL
	/PrintInColor systemdict /colorimage known def
PrintInColor 
	
	{
	/HUE 0 def
	/SAT 0 def
	/BRIGHT 0 def
	% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
	/Colors   
	[[0    0  ]    % black
	 [0    0  ]    % white
	 [0.00 1.0]    % red
	 [0.37 1.0]    % green
	 [0.60 1.0]    % blue
	 [0.50 1.0]    % cyan
	 [0.83 1.0]    % magenta
	 [0.16 1.0]    % comment
	 ] def
      
	/BEGINBITMAPCOLOR { 
		BITMAPCOLOR } def
	/BEGINBITMAPCOLORc { 
		BITMAPCOLORc } def
	/K { 
		Colors exch get dup
		0 get /HUE exch store 
		1 get /BRIGHT exch store
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} def
	/mysetgray { 
		/SAT exch 1.0 exch sub store 
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} bind def
	}
	
	{
	/BEGINBITMAPCOLOR { 
		BITMAPGRAY } def
	/BEGINBITMAPCOLORc { 
		BITMAPGRAYc } def
	/mysetgray { setgray } bind def
	/K { 
		pop
		} def
	}
ifelse
/max	{2 copy lt {exch} if pop} bind def
/min	{2 copy gt {exch} if pop} bind def
/mtx matrix defaultmatrix def
/setmanualfeed {
	 statusdict /manualfeed true put
	} def
/FMDOCUMENT { 
	array /FMfonts exch def
	/#copies exch def
	0 ne dup {setmanualfeed} if
	FrameDict begin
	/manualfeed exch def
	/paperheight exch def
	/paperwidth exch def
	setpapername
	manualfeed {true} {papersize} ifelse 
	{manualpapersize} {false} ifelse 
	{desperatepapersize} if
	/yscale exch def
	/xscale exch def
	currenttransfer cvlit /orgxfer exch def
	currentscreen cvlit /orgproc exch def
	/organgle exch def /orgfreq exch def
	end 
	} def 
	/pagesave FMLOCAL
	/orgmatrix FMLOCAL
	/landscape FMLOCAL
/FMBEGINPAGE {  
	FrameDict begin 
	/pagesave save def
	3.86 setmiterlimit
	/landscape exch 0 ne store
	landscape { 
		90 rotate 0 exch neg translate pop 
		}
		{ pop pop }
		ifelse
	xscale yscale scale
	/orgmatrix matrix def
	gsave 
	} def 
/FMENDPAGE {
	grestore 
	pagesave restore
	end 
	showpage
	} def 
	/fontname FMLOCAL
	/fontscale FMLOCAL
	/fontnum FMLOCAL
	/fontdict FMLOCAL
/FMDEFINEFONT {
	FrameDict begin
	/fontname exch def
	/fontscale exch def
	/fontnum exch def
	/fontdict fontname findfont fontscale scalefont def
	fontdict /Encoding get StandardEncoding eq
	{
		fontdict DiacriticEncode 
		/fontdict exch def
	} {
		fontdict NonDiacriticEncode
		/fontdict exch def
	} ifelse
	FMfonts fontnum
		fontnum fontdict definefont
	put
	end 
	} def 
/FMNORMALIZEGRAPHICS { 
	newpath
	0.0 0.0 moveto
	1 setlinewidth
	0 setlinecap
	0 mysetgray
	} bind def
/FMBEGINEPSF { 
	end 
	/FMEPSF save def
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall 
	fx fy translate 
	rotate
	fw urx llx sub div fh ury lly sub div scale 
	llx neg lly neg translate 
	} bind def
/FMENDEPSF {
	FMEPSF restore
	FrameDict begin 
	} bind def
FrameDict begin 
/pagedimen { 
	paperheight sub abs 16 lt exch 
	paperwidth sub abs 16 lt and
	{/papername exch def} {pop} ifelse
	} def
/inch {72 mul} def
/setpapername { 
	/papersizedict 14 dict def 
	papersizedict begin
	/papername /unknown def 
		/Letter 8.5 inch 11.0 inch pagedimen
		/LetterSmall 7.68 inch 10.16 inch pagedimen
		/Tabloid 11.0 inch 17.0 inch pagedimen
		/Ledger 17.0 inch 11.0 inch pagedimen
		/Legal 8.5 inch 14.0 inch pagedimen
		/Statement 5.5 inch 8.5 inch pagedimen
		/Executive 7.5 inch 10.0 inch pagedimen
		/A3 11.69 inch 16.5 inch pagedimen
		/A4 8.26 inch 11.69 inch pagedimen
		/A4Small 7.47 inch 10.85 inch pagedimen
		/B4 10.125 inch 14.33 inch pagedimen
		/B5 7.16 inch 10.125 inch pagedimen
	end
	} def
/papersize {
	papersizedict begin
		/Letter {lettertray} def
		/LetterSmall {lettertray lettersmall} def
		/Tabloid {11x17tray} def
		/Ledger {ledgertray} def
		/Legal {legaltray} def
		/Statement {statementtray} def
		/Executive {executivetray} def
		/A3 {a3tray} def
		/A4 {a4tray} def
		/A4Small {a4tray a4small} def
		/B4 {b4tray} def
		/B5 {b5tray} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	statusdict begin stopped end 
	} def
/manualpapersize {
	papersizedict begin
		/Letter {letter} def
		/LetterSmall {lettersmall} def
		/Tabloid {11x17} def
		/Ledger {ledger} def
		/Legal {legal} def
		/Statement {statement} def
		/Executive {executive} def
		/A3 {a3} def
		/A4 {a4} def
		/A4Small {a4small} def
		/B4 {b4} def
		/B5 {b5} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	stopped 
	} def
/desperatepapersize {
	statusdict /setpageparams known
		{
		paperwidth paperheight 0 1 
		statusdict begin
		{setpageparams} stopped pop 
		end
		} if
	} def
/savematrix {
	orgmatrix currentmatrix pop
	} bind def
/restorematrix {
	orgmatrix setmatrix
	} bind def
/dmatrix matrix def
/dpi    72 0 dmatrix defaultmatrix dtransform
    dup mul exch   dup mul add   sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq { pop 1 } if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/DiacriticEncoding [
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
] def
	/basefontdict FMLOCAL
	/newfontdict FMLOCAL
/DiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{dup /Encoding eq
			{exch pop DiacriticEncoding}
			{exch}
			ifelse
			newfontdict 3 1 roll put
			}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
/NonDiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{exch newfontdict 3 1 roll put}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
	/bwidth FMLOCAL
	/bpside FMLOCAL
	/bstring FMLOCAL
	/onbits FMLOCAL
	/offbits FMLOCAL
	/xindex FMLOCAL
	/yindex FMLOCAL
	/x FMLOCAL
	/y FMLOCAL
/setpattern {
	 /bwidth  exch def
	 /bpside  exch def
	 /bstring exch def
	 /onbits 0 def  /offbits 0 def
	 freq sangle landscape {90 add} if 
		{/y exch def
		 /x exch def
		 /xindex x 1 add 2 div bpside mul cvi def
		 /yindex y 1 add 2 div bpside mul cvi def
		 bstring yindex bwidth mul xindex 8 idiv add get
		 1 7 xindex 8 mod sub bitshift and 0 ne
		 {/onbits  onbits  1 add def 1}
		 {/offbits offbits 1 add def 0}
		 ifelse
		}
		setscreen
	 {} settransfer
	 offbits offbits onbits add div mysetgray
	/graymode false store
	} bind def
/grayness {
	mysetgray
	graymode not {
		/graymode true store
		orgxfer cvx settransfer
		orgfreq organgle orgproc cvx setscreen
		} if
	} bind def
/normalize {
	transform round exch round exch itransform
	} bind def
/dnormalize {
	dtransform round exch round exch idtransform
	} bind def
/lnormalize { 
	0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
	} bind def
/H { 
	lnormalize setlinewidth
	} bind def
/Z { 
	setlinecap
	} bind def
/X { 
	fillprocs exch get exec
	} bind def
/V { 
	gsave eofill grestore
	} bind def
/N { 
	stroke
	} bind def
/M {newpath moveto} bind def
/E {lineto} bind def
/D {curveto} bind def
/O {closepath} bind def
	/n FMLOCAL
/L { 
 	/n exch def
	newpath
	normalize
	moveto 
	2 1 n {pop normalize lineto} for
	} bind def
/Y { 
	L 
	closepath
	} bind def
	/x1 FMLOCAL
	/x2 FMLOCAL
	/y1 FMLOCAL
	/y2 FMLOCAL
	/rad FMLOCAL
/R { 
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	x1 y1
	x2 y1
	x2 y2
	x1 y2
	4 Y 
	} bind def
/RR { 
	/rad exch def
	normalize
	/y2 exch def
	/x2 exch def
	normalize
	/y1 exch def
	/x1 exch def
	newpath
	x1 y1 rad add moveto
	x1 y2 x2 y2 rad arcto
	x2 y2 x2 y1 rad arcto
	x2 y1 x1 y1 rad arcto
	x1 y1 x1 y2 rad arcto
	closepath
	16 {pop} repeat
	} bind def
/C { 
	grestore
	gsave
	R 
	clip
	} bind def
/U { 
	grestore
	gsave
	} bind def
/F { 
	FMfonts exch get
	setfont
	} bind def
/T { 
	moveto show
	} bind def
/RF { 
	rotate
	0 ne { -1 1 scale } if
	} bind def
/TF { 
	gsave
	moveto 
	RF
	show
	grestore
	} bind def
/P { 
	moveto
	0 32 3 2 roll widthshow
	} bind def
/PF { 
	gsave
	moveto 
	RF
	0 32 3 2 roll widthshow
	grestore
	} bind def
/S { 
	moveto
	0 exch ashow
	} bind def
/SF { 
	gsave
	moveto
	RF
	0 exch ashow
	grestore
	} bind def
/B { 
	moveto
	0 32 4 2 roll 0 exch awidthshow
	} bind def
/BF { 
	gsave
	moveto
	RF
	0 32 4 2 roll 0 exch awidthshow
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/dx FMLOCAL
	/dy FMLOCAL
	/dl FMLOCAL
	/t FMLOCAL
	/t2 FMLOCAL
	/Cos FMLOCAL
	/Sin FMLOCAL
	/r FMLOCAL
/W { 
	dnormalize
	/dy exch def
	/dx exch def
	normalize
	/y  exch def
	/x  exch def
	/dl dx dx mul dy dy mul add sqrt def
	dl 0.0 gt {
		/t currentlinewidth def
		savematrix
		/Cos dx dl div def
		/Sin dy dl div def
		/r [Cos Sin Sin neg Cos 0.0 0.0] def
		/t2 t 2.5 mul 3.5 max def
		newpath
		x y translate
		r concat
		0.0 0.0 moveto
		dl t 2.7 mul sub 0.0 rlineto
		stroke
		restorematrix
		x dx add y dy add translate
		r concat
		t 0.67 mul setlinewidth
		t 1.61 mul neg  0.0 translate
		0.0 0.0 moveto
		t2 1.7 mul neg  t2 2.0 div     moveto
		0.0 0.0 lineto
		t2 1.7 mul neg  t2 2.0 div neg lineto
		stroke
		t setlinewidth
		restorematrix
		} if
	} bind def
/G { 
	gsave
	newpath
	normalize translate 0.0 0.0 moveto 
	dnormalize scale 
	0.0 0.0 1.0 5 3 roll arc 
	closepath fill
	grestore
	} bind def
/A { 
	gsave
	savematrix
	newpath
	2 index 2 div add exch 3 index 2 div sub exch 
	normalize 2 index 2 div sub exch 3 index 2 div add exch 
	translate 
	scale 
	0.0 0.0 1.0 5 3 roll arc 
	restorematrix
	stroke
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/w FMLOCAL
	/h FMLOCAL
	/xx FMLOCAL
	/yy FMLOCAL
	/ww FMLOCAL
	/hh FMLOCAL
	/FMsaveobject FMLOCAL
	/FMoptop FMLOCAL
	/FMdicttop FMLOCAL
/BEGINPRINTCODE { 
	/FMdicttop countdictstack 1 add def 
	/FMoptop count 4 sub def 
	/FMsaveobject save def
	userdict begin 
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	3 index neg 3 index neg translate
	} bind def
/ENDPRINTCODE {
	count -1 FMoptop {pop pop} for 
	countdictstack -1 FMdicttop {pop end} for 
	FMsaveobject restore 
	} bind def
/gn { 
	0 
	{	46 mul 
		cf read pop 
		32 sub 
		dup 46 lt {exit} if 
		46 sub add 
		} loop
	add 
	} bind def
	/str FMLOCAL
/cfs { 
	/str sl string def 
	0 1 sl 1 sub {str exch val put} for 
	str def 
	} bind def
/ic [ 
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0
	{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
	{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
	{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
	{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
	{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
	{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
	{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
	{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
	{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
	] def
	/sl FMLOCAL
	/val FMLOCAL
	/ws FMLOCAL
	/im FMLOCAL
	/bs FMLOCAL
	/cs FMLOCAL
	/len FMLOCAL
	/pos FMLOCAL
/ms { 
	/sl exch def 
	/val 255 def 
	/ws cfs 
	/im cfs 
	/val 0 def 
	/bs cfs 
	/cs cfs 
	} bind def
400 ms 
/ip { 
	is 
	0 
	cf cs readline pop 
	{	ic exch get exec 
		add 
		} forall 
	pop 
	
	} bind def
/wh { 
	/len exch def 
	/pos exch def 
	ws 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/bl { 
	/len exch def 
	/pos exch def 
	bs 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/s1 1 string def
/fl { 
	/len exch def 
	/pos exch def 
	/val cf s1 readhexstring pop 0 get def
	pos 1 pos len add 1 sub {im exch val put} for
	pos len 
	} bind def
/hx { 
	3 copy getinterval 
	cf exch readhexstring pop pop 
	} bind def
	/h FMLOCAL
	/w FMLOCAL
	/d FMLOCAL
	/lb FMLOCAL
	/bitmapsave FMLOCAL
	/is FMLOCAL
	/cf FMLOCAL
/wbytes {  
	dup 
	8 eq { pop } { 1 eq { 7 add 8 idiv } { 3 add 4 idiv } ifelse } ifelse
	} bind def
/BEGINBITMAPBWc { 
	1 {} COMMONBITMAPc
	} bind def
/BEGINBITMAPGRAYc { 
	8 {} COMMONBITMAPc
	} bind def
/BEGINBITMAP2BITc { 
	2 {} COMMONBITMAPc
	} bind def
/COMMONBITMAPc { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	r                    
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} image 
	bitmapsave restore 
	grestore
	} bind def
/BEGINBITMAPBW { 
	1 {} COMMONBITMAP
	} bind def
/BEGINBITMAPGRAY { 
	8 {} COMMONBITMAP
	} bind def
/BEGINBITMAP2BIT { 
	2 {} COMMONBITMAP
	} bind def
/COMMONBITMAP { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	r                    
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } image
	bitmapsave restore 
	grestore
	} bind def
/Fmcc {
    /proc2 exch cvlit def
    /proc1 exch cvlit def
    /newproc proc1 length proc2 length add array def
    newproc 0 proc1 putinterval
    newproc proc1 length proc2 putinterval
    newproc cvx
} bind def
/colorsetup {
	currentcolortransfer
	/gryt exch def
	/blut exch def
	/grnt exch def
	/redt exch def
	/ngrayt 256 array def
	/nredt 256 array def
	/nbluet 256 array def
	/ngreent 256 array def
	0 1 255 {
		/indx exch def
		/cynu 1 red indx get 255 div sub def
		/magu 1 green indx get 255 div sub def
		/yelu 1 blue indx get 255 div sub def
		/k cynu magu min yelu min def
		/u k currentundercolorremoval exec def
		nredt indx 1 0 cynu u sub max sub redt exec put
		ngreent indx 1 0 magu u sub max sub grnt exec put
		nbluet indx 1 0 yelu u sub max sub blut exec put
		ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
	} for
	{255 mul cvi nredt exch get}
	{255 mul cvi ngreent exch get}
	{255 mul cvi nbluet exch get}
	{255 mul cvi ngrayt exch get}
	setcolortransfer
	{pop 0} setundercolorremoval
	{} setblackgeneration
	} bind def
/fakecolorsetup {
	/tran 256 string def
	0 1 255 { /ind exch def 
		tran ind
		red ind get 77 mul
		green ind get 151 mul
		blue ind get 28 mul
		add add 256 idiv put } for
	currenttransfer
	{ 255 mul cvi tran exch get 255.0 div }
	exch Fmcc settransfer
} bind def
/BITMAPCOLOR { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	colorsetup
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } {is} {is} true 3 colorimage 
	bitmapsave restore 
	grestore
	} bind def
/BITMAPCOLORc { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	colorsetup
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} {is} {is} true 3 colorimage
	bitmapsave restore 
	grestore
	} bind def
/BITMAPGRAY { 
	8 {fakecolorsetup} COMMONBITMAP
	} bind def
/BITMAPGRAYc { 
	8 {fakecolorsetup} COMMONBITMAPc
	} bind def
/ENDBITMAP {
	} bind def
end 
(2.0) FMVERSION
1 1  2 2  0 1 3 FMDOCUMENT
/fillprocs 32 array def
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 9 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<03060c183060c081> 8 1 setpattern } put
fillprocs 14 {<8040201008040201> 8 1 setpattern } put
fillprocs 15 {} put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 25 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
fillprocs 30 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 31 {} put
0 36 /Helvetica FMDEFINEFONT
1 24 /Helvetica FMDEFINEFONT
2 18 /Helvetica FMDEFINEFONT
612 792 0 FMBEGINPAGE
0 0 612 792 C
0 0 612 792 R
7 X
0 K
V
72 746 540 756 R
V
72 32.67 540 42.67 R
V
37 27 579 279.97 R
14 X
V
3 H
2 Z
0 X
N
37 282.21 579 632.53 R
4 X
V
0 X
N
37 634.77 579 759 R
5 X
V
0 X
N
0 F
(network-layer ) 177.43 699.28 T
(header) 241.2 662.05 T
(TS) 257.81 509.39 T
1 F
(a) 314.49 504.16 T
0 F
(VISA-ST) 139.73 422.09 T
(AMP =) 277.09 422.09 T
(F \050 [header) 90.8 360.89 T
(,data,T) 264.87 360.89 T
(T) 260.17 585.49 T
1 F
(H) 280.25 575.06 T
2 F
(a) 302.68 570.4 T
1 F
(H) 372.06 347.33 T
2 F
(a) 390.96 342.67 T
0 F
(], S ) 406.31 358.89 T
1 F
(a) 470.07 379.79 T
(b) 470.07 343.97 T
0 F
(\051) 498.41 360.01 T
(data segment) 173.98 153.09 T
37 555.3 576.63 555.3 2 L
N
38.18 481.43 576.63 481.43 2 L
N
FMENDPAGE
%%EndDocument
 225 -150 a
 endTexFig
706 1171 a Fx(Figure)14 b(3.2:)j(Data)c(pac)o(k)o(et)h(format)-90
1302 y(the)h(order)g(of)f(these)h(t)o(w)o(o)f(op)q(erations)h(is)f(imm)o
(aterial.)i(Ho)o(w)o(ev)o(er,)e(b)q(ecause)i(w)o(e)f(w)o(ould)e(lik)o(e)h(to)
g(detect)i(repla)o(y)o(ed)e(\(i.e.,)f Fw(stale)p Fx(\))h(pac)o(k)o(ets)-90
1352 y(at)h(the)h(earliest)g(p)q(ossible)g(time,)e(and)h(b)q(ecause)j(it)d
(is)g(signi\014can)o(tly)g(c)o(heap)q(er)h(to)g(compare)f(t)o(w)o(o)g
(timestamps)e(than)i(to)h(re-compute)f(a)-90 1402 y(pac)o(k)o(et)f
(signature,)g(the)h(freshness)g(test)g(is)f(p)q(erformed)g(\014rst.)-90
1532 y Fr(3.6.2.2)48 b(En)o(tering)13 b Fq(AD)354 1538 y Fp(b)-90
1626 y Fx(The)h(goals)f(of)g Fq(GW)218 1632 y Fp(b)248 1626
y Fx(with)g(resp)q(ect)j(to)e(en)o(tering)g(pac)o(k)o(et)g(tra\016c)g(are)g
(similar.)h(Lik)o(e)e Fq(GW)1328 1632 y Fp(a)1348 1626 y Fx(,)g
Fq(GW)1445 1632 y Fp(b)1475 1626 y Fx(c)o(hec)o(ks)i(authorization)e(b)o(y)h
(indexing)-90 1682 y(its)i(visa-table)g(with)f(the)i([)p Fq(T)6
b(S)398 1688 y Fp(b)415 1682 y Fq(;)h(H)469 1688 y Fp(a)488
1682 y Fq(;)g(H)542 1688 y Fp(b)558 1682 y Fx(],)15 b(v)o(eri\014es)i(pac)o
(k)o(et)g(freshness)h(b)o(y)e(comparing)e(the)j(pac)o(k)o(et)g(timestamp)c
(with)j(the)h(its)f Fq(T)1988 1660 y Ft(\()p Fp(a;b)p Ft(\))1982
1694 y Fp(last)2058 1682 y Fx(,)-90 1732 y(and)e(re-computes)g(the)g
(signature)h(to)e(v)o(erify)h(the)g(authen)o(ticit)o(y)g(of)f(the)i(pac)o(k)o
(et)f(con)o(ten)o(ts.)-90 1870 y Fv(3.6.3)55 b(T)-5 b(eardo)n(wn)-90
1964 y Fx(As)14 b(men)o(tioned)f(previously)m(,)g(a)g(visa)h(ma)o(y)e(b)q(e)i
(terminated)g(for)f(one)h(of)g(t)o(w)o(o)f(reasons:)-28 2064
y Fu(\017)21 b Fx(Normal)12 b(expiration)h(\(time,)f(pac)o(k)o(et)i(or)g
(data)g(ceiling)f(reac)o(hed\))-28 2146 y Fu(\017)21 b Fx(Explicit)13
b(rev)o(o)q(cation)h(\(b)o(y)g(explicit)f(order)i(of)e(an)h(A)o(CS\))-90
2245 y(In)g(the)g(\014rst)h(case,)g(a)e(visa-router)h(simply)e(deletes)k(the)
e(corresp)q(onding)h(en)o(try)g(from)d(its)i(visa-table.)j(If)d(and)g(when)g
(a)g(pac)o(k)o(et)g(b)q(earing)-90 2295 y(a)f(visa-stamp)e(computed)i(using)g
(an)g(expired)h(visa)f(arriv)o(es)g(at)g(the)h(visa-router,)f(it)g(is)g
(promptly)f(discarded)i(since)g(the)g(table)f(lo)q(ok-up)-90
2345 y(fails.)-28 2408 y(In)h(case)g(of)f(explicit)g(rev)o(o)q(cation,)g(an)g
(A)o(CS)g(ma)o(y)f(decide)i(for)f(some)g(reason)h(that)f(a)g(certain)h(visa)f
(is)g(no)g(longer)h(trusted)g(and)g(sends)-90 2454 y(a)g(REV)o(OKE)g(pac)o(k)
o(et)g(to)g(the)h(appropriate)e(visa-router)i(and)e(a)h(p)q(eer)h(A)o(CS:)586
2535 y Fo(RE)r(V)10 b(O)q(K)s(E)i Fn(=)f([)p Fo(H)867 2539
y Fm(a)885 2535 y Fo(;)6 b(H)934 2539 y Fm(b)950 2535 y Fo(;)g(T)f(S)1017
2539 y Fm(a)1037 2535 y Fo(;)h(T)f(S)1104 2539 y Fm(b)1121
2535 y Fo(;)h(Reason)p Fn(])1276 2517 y Fm(D)q(K)1328 2523
y Fk(AC)q(S)-90 2535 y Fn(\(3.7\))-90 2620 y Fq(T)g(S)-35 2626
y Fp(a)-2 2620 y Fx(and)12 b Fq(T)6 b(S)132 2626 y Fp(b)162
2620 y Fx(in)12 b(the)h(REV)o(OKE)g(are)g(the)g(same)f(visa)g(iden)o
(ti\014ers)h(assigned)g(at)g(the)g(setup)g(time.)k(Since)c(a)f(visa)g(can)h
(only)e(b)q(e)j(rev)o(ok)o(ed)-90 2670 y(once,)g(there)h(is)f(no)g(need)h(to)
e(timestamp)f(a)h(REV)o(OKE)i(pac)o(k)o(et)f(as)g(its)g(repla)o(y)g(presen)o
(ts)h(no)f(danger.)2028 2770 y(31)p eop
%%Page: 32 7
bop -90 -108 a Fs(3.7)70 b(Design)21 b(Issues)-90 0 y Fx(In)12
b(this)f(section,)i(w)o(e)f(discuss)g(sev)o(eral)h(issues)f(leading)f(to)h
(the)g(design)g(of)f Fw(Visa)g Fx(proto)q(col)g(presen)o(ted)j(in)d(this)h(c)
o(hapter.)18 b(W)m(e)12 b(also)f(address)-90 50 y(sev)o(eral)j(imp)q(ortan)o
(t)f(features)i(where)g(the)f(curren)o(t)h(proto)q(col)f(di\013ers)h(from)d
(its)i(predecessors.)-90 188 y Fv(3.7.1)55 b(Visas)-90 283
y Fx(In)14 b(the)g(previous)g Fw(Visa)g Fx(proto)q(col)f(v)o(ersions,)h(eac)o
(h)g(end-p)q(oin)o(t)g(AD)f(issued)i(a)e(visa)h(for)f(authorized)h(comm)o
(unication.)h(Moreo)o(v)o(er,)e(eac)o(h)-90 332 y(visa)e(had)g(an)g(asso)q
(ciated)i(visa-k)o(ey)m(,)d(thereb)o(y)j(necessitating)f(the)g(computation)e
(and)h(subsequen)o(t)i(v)o(eri\014cation)e(of)g(t)o(w)o(o)g(distinct)h(pac)o
(k)o(et)-90 382 y(signatures.)18 b(In)13 b(other)h(w)o(ords,)f(the)h
(end-system)f(computed)f(t)o(w)o(o)h(pac)o(k)o(et)g(signatures,)h
Fq(D)q(S)r(I)s(G)1418 388 y Fp(exit)1493 382 y Fx(and)f Fq(D)q(S)r(I)s(G)1689
388 y Fp(entr)1758 382 y Fx(.)18 b(The)13 b(former)f(w)o(as)-90
432 y(v)o(eri\014ed)i(b)o(y)g(the)h(exit)e(visa-router)i(in)e(the)i(source)g
(AD,)e(and)h(the)g(latter,)g(b)o(y)f(the)i(en)o(try)f(visa-router)h(in)e(the)
i(destination)e(AD.)-28 500 y(The)i(setup)g(phase)f(of)f(the)i(proto)q(col)f
(consisted)h(of)e(the)h(follo)o(wing)e(steps:)-39 598 y(1.)20
b Fq(H)49 604 y Fp(a)80 598 y Fx(=)-7 b Fu(\))11 b Fq(AC)s(S)247
604 y Fp(a)279 598 y Fx(:)g Fq(H)s(O)q(S)r(T)16 b Fu(\000)10
b Fq(RE)r(QU)5 b(E)r(S)r(T)-39 680 y Fx(2.)20 b Fq(AC)s(S)103
686 y Fp(a)135 680 y Fx(=)-7 b Fu(\))11 b Fq(AC)s(S)302 686
y Fp(b)330 680 y Fx(:)h Fq(V)d(I)s(S)r(A)i Fu(\000)e Fq(RE)r(QU)c(E)r(S)r(T)
-39 762 y Fx(3.)20 b Fq(AC)s(S)103 768 y Fp(b)131 762 y Fx(=)-7
b Fu(\))12 b Fq(GW)282 768 y Fp(b)310 762 y Fx(:)f Fq(V)e(I)s(S)r(A)i
Fu(\000)e Fq(GRAN)c(T)655 768 y Fp(entr)-39 843 y Fx(4.)20
b Fq(AC)s(S)103 849 y Fp(b)131 843 y Fx(=)-7 b Fu(\))12 b Fq(AC)s(S)299
849 y Fp(a)330 843 y Fx(:)g Fq(V)d(I)s(S)r(A)i Fu(\000)e Fq(GRAN)c(T)676
849 y Fp(entr)-39 925 y Fx(5.)20 b Fq(AC)s(S)103 931 y Fp(a)135
925 y Fx(=)-7 b Fu(\))11 b Fq(GW)285 931 y Fp(a)316 925 y Fx(:)h
Fq(V)d(I)s(S)r(A)i Fu(\000)e Fq(GRAN)c(T)662 931 y Fp(exit)-39
1007 y Fx(6.)20 b Fq(AC)s(S)103 1013 y Fp(a)135 1007 y Fx(=)-7
b Fu(\))11 b Fq(H)248 1013 y Fp(a)279 1007 y Fx(:)g Fq(V)f(I)s(S)r(A)g
Fu(\000)g Fq(GRAN)5 b(T)625 1013 y Fp(entr)692 1007 y Fq(;)i(V)i(I)s(S)r(A)h
Fu(\000)g Fq(GRAN)5 b(T)1033 1013 y Fp(exit)-90 1105 y Fx(The)12
b(primary)d(reason)j(for)f(eac)o(h)h(A)o(CS)f(issuing)g(its)g(o)o(wn)g(visa)g
(\(one)g(en)o(try)h(and)f(one)h(exit\))f(w)o(as)g(the)h(assumed)f(lac)o(k)g
(of)g(trust)h(b)q(et)o(w)o(een)g(the)-90 1155 y(t)o(w)o(o)e(A)o(CSs)h(as)g
(far)f(as)h(the)g(issuance)h(of)e Fw(go)n(o)n(d)h Fx(k)o(eys)g(or)f(visas.)17
b(On)11 b(the)g(other)g(hand,)g Fq(AC)s(S)1303 1161 y Fp(a)1334
1155 y Fx(still)f Fw(trusts)g Fx(its)g(coun)o(terpart,)i Fq(AC)s(S)1901
1161 y Fp(b)1918 1155 y Fx(,)f(enough)-90 1205 y(not)k(to)f
Fw(misuse)h Fq(V)9 b(I)s(S)r(A)i Fu(\000)f Fq(GRAN)5 b(T)496
1211 y Fp(entr)578 1205 y Fx(\(and)15 b(the)g(included)g(k)o(ey\).)20
b(In)15 b(other)g(w)o(ords,)g Fq(AC)s(S)1407 1211 y Fp(b)1439
1205 y Fx(issues)g(a)g(visa)f(whic)o(h)g(it)h(subsequen)o(tly)-90
1255 y(releases)g(to)f Fq(AC)s(S)200 1261 y Fp(a)234 1255 y
Fx(for)g(distribution)f(to)h Fq(H)610 1261 y Fp(a)630 1255
y Fx(.)k(This)13 b(trust)i(in)f Fq(AC)s(S)994 1261 y Fp(a)1028
1255 y Fx(seems)g(to)g(con)o(tradict)g(the)g(reason)h(for)e(issuing)h(t)o(w)o
(o)f(visas.)-28 1322 y(In)g(the)h(proto)q(col)f(describ)q(ed)h(in)f(Section)g
(3.6.1,)e(only)h(one)h(visa-k)o(ey)g(and)g(a)f(single)h(visa)f(is)h(used)h
(for)f(b)q(oth)g(exit)g(of)f Fq(AD)1862 1328 y Fp(a)1896 1322
y Fx(and)g(en)o(try)-90 1372 y(of)h Fq(AD)22 1378 y Fp(b)39
1372 y Fx(.)-90 1510 y Fv(3.7.2)55 b(Repla)n(y)18 b(Prev)n(en)n(tion)-90
1605 y Fx(As)c(motiv)n(ated)d(b)o(y)i(our)h(argumen)o(ts)e(in)h(Chapter)h(1,)
f(one)g(of)g(the)h(goals)e(of)h(an)g(e\013ectiv)o(e)i(stub)f(p)q(olicy)f
(enforcemen)o(t)g(mec)o(hanism)e(is)i(the)-90 1655 y(protection)j(of)f(stub)h
(AD)f(net)o(w)o(ork)h(resources)i(from)13 b(unauthorized)j(tra\016c.)23
b(This)15 b(includes)h(tra\016c)g(\015o)o(wing)e(to)h(and)h(from)d
Fw(e)n(quipp)n(e)n(d)-90 1704 y Fx(end-systems.)21 b(Previous)16
b Fw(Visa)e Fx(proto)q(col)h(v)o(ersions)g([32)o(,)f(27])g(dealt)h(with)f
(this)h(issue)h(b)o(y)e(ensuring)i(data)e(in)o(tegrit)o(y)g(and)h(authen)o
(ticit)o(y)-90 1754 y(of)i(the)h(pac)o(k)o(ets)g(crossing)g(AD)f(b)q
(oundaries.)29 b(One)18 b(de\014ciency)h(in)e(the)h(previous)f(design)h(w)o
(as)f(the)h(absence)h(of)e(an)o(y)g(pro)o(visions)f(for)-90
1804 y(detecting)g(repla)o(y)o(ed)f(pac)o(k)o(ets)h(b)q(elonging)e(to)h
(authorized)h(connections.)22 b(This)15 b(has)g(b)q(een)h(remedied)f(\(as)g
(evidenced)i(in)d(Section)i(3.6\))-90 1854 y(b)o(y)d(requiring)h(that)f
(end-systems)i(attac)o(h)e(a)h(unique)f(timestamp)e(to)j(eac)o(h)g
(visa-stamp)q(ed)f(pac)o(k)o(et)h(and)f(visa-routers)h(k)o(eep)h(a)e(p)q(er)h
(visa)-90 1904 y(record)h(of)e(a)h(timestamp)d(for)j(the)g(last)g(pac)o(k)o
(et)g(pro)q(cessed.)-28 1971 y(One)g(imp)q(ortan)o(t)e(insigh)o(t)h(related)h
(to)f(this)h(requiremen)o(t)f(is)h(the)g(apparen)o(t)g(imp)q(ossibilit)o(y)c
(of)j(e\013ectiv)o(e)i(repla)o(y)e(detection)h(without)-90
2021 y(state)e(in)e(visa-routers.)18 b(With)11 b(some)f(degree)i(of)f(sync)o
(hronization,)g(a)f(stateless)j(visa-router)e(ma)o(y)e(b)q(e)j(able)f(to)g
(detect)i Fw(very)f(old)f Fx(pac)o(k)o(ets.)-90 2071 y(Ho)o(w)o(ev)o(er,)i
(if)f(an)h(in)o(truder)h(duplicates)f(eac)o(h)h(legitimate)d(pac)o(k)o(et)i
(and)g(injects)h(duplicates)f(in)o(to)f(the)i(pac)o(k)o(et)f(stream)g
(shortly)g(after)g(the)-90 2121 y(corresp)q(onding)i(original)d(pac)o(k)o
(ets,)i(duplicates)g(can)g(not)g(b)q(e)h(detected.)-90 2259
y Fv(3.7.3)55 b(Visa)19 b(Expiration)-90 2353 y Fx(The)13 b(only)f(metho)q(d)
f(for)i(visas)f(to)h(expire)g(in)f(the)h(previous)g(proto)q(col)f(v)o
(ersions)h(is)g(b)o(y)f(w)o(a)o(y)g(of)g(timeouts,)f(i.e.,)h(an)g(explicit)g
(time)f(limit)f(is)-90 2403 y(negotiated)i(at)g(setup)g(time)f(and)h(a)f
(visa)g(is)h(in)o(v)n(alidated)e(when)i(the)h(time)d(limit)f(is)j(exceeded.)
20 b(While)11 b(this)h(is)f(adequate)i(for)e(some)g(t)o(yp)q(es)-90
2453 y(of)17 b(connections,)i(pro)o(visions)d(for)h(other)h(metho)q(ds)f(of)g
(visa)g(expiration)g(ma)o(y)e(b)q(e)j(necessary)m(.)30 b(These)19
b(include)e(limits)e(on)i(inactivit)o(y)-90 2503 y(p)q(erio)q(ds,)d(n)o(um)o
(b)q(er)f(of)h(pac)o(k)o(ets)g(and)g(bulk)f(data)h(transferred.)-28
2570 y(Unfortunately)m(,)20 b(expiration)e(based)i(on)f(limits)e(other)j
(than)f(just)g(simple)f(timeouts)g(is)h(not)h(p)q(ossible)f(without)g(state)h
(in)f(visa-)-90 2620 y(routers.)g(In)12 b(order)h(to)f(expire)h(visas)f
(according)h(to)f(an)o(y)g(of)f(the)i(ab)q(o)o(v)o(e)f(criteria)h(requires)h
(that)e(a)g(visa-router)h(main)o(tain)c(running)j(tally)-90
2670 y(of)h(pac)o(k)o(ets,)h(data)g(b)o(ytes)h(or)f(the)g(time)f(of)g(last)g
(pac)o(k)o(et)i(arriv)n(al)d(on)i(a)g(p)q(er)g(visa)g(basis.)2028
2770 y(32)p eop
%%Page: 33 8
bop -90 -108 a Fv(3.7.4)55 b(Visa)19 b(Rev)n(o)r(cation)-90
-14 y Fx(Visa)d(termination)e(b)o(y)h(explicit)h(order)h(from)d(an)h(A)o(CS)h
(should)g(b)q(e)g(view)o(ed)h(as)e(more)g(of)h(exception)g(than)g(the)h(norm)
d(as,)i(ordinarily)m(,)-90 36 y(visas)f(are)h(terminated)e(b)o(y)h(exceeding)
i(some)d(limit)e(negotiated)k(at)f(the)h(time)d(of)i(issuance.)23
b(Nonetheless,)17 b(in)e(circumstances)h(where)-90 86 y(there)f(is)f
(suspicion)h(of)e(a)h(visa's)f(compromise)f(an)i(A)o(CS)g(ma)o(y)e(need)j(to)
f(rev)o(ok)o(e)h(a)e(visa)h(prematurely)m(,)f(i.e.,)f(b)q(efore)j(its)f
(resource)i(limits)-90 135 y(are)e(reac)o(hed.)-28 203 y(In)20
b(order)g(to)g(rev)o(ok)o(e)g(an)g(activ)o(e)f(visa,)i(an)e(A)o(CS)h(con)o
(tacts)h(the)f(appropriate)g(visa-router)g(and)f(iden)o(ti\014es)h(the)h
(visa)e(targeted)-90 253 y(for)e(termination.)27 b(Thereafter,)19
b(the)f(visa-router)g(has)g(to)f(ensure)i(that)f(no)f(more)f(pac)o(k)o(et)i
(tra\016c)g(b)q(elonging)e(to)h(the)i(rev)o(ok)o(ed)e(visa)-90
303 y(connection)d(passes)h(through.)i(In)d(a)f(stateful)g(mo)q(del,)f(a)h
(visa-router)g(can)h(simply)d(delete)j(the)g(en)o(try)g(from)d(its)j(table)f
(thereb)o(y)h(barring)-90 353 y(an)o(y)j(further)h(tra\016c.)28
b(In)17 b(a)g(completely)f(stateless)j(mo)q(del)c(where)k(eac)o(h)f(pac)o(k)o
(et)f(carries)h(the)g(en)o(tire)g(visa)f(along)f(with)h(the)g(deriv)o(ed)-90
402 y(visa-stamp,)10 b(a)i(visa-router)g(has)g(to)f(k)o(eep)i
Fr(state)d Fx(with)i(resp)q(ect)i(to)e(the)g(rev)o(ok)o(ed)g(visa.)17
b(\(Otherwise,)c(it)f(can)g(not)f(distinguish)h Fw(b)n(ona)h(\014de)-90
452 y Fx(visas)h(from)e(rev)o(ok)o(ed)i(ones\).)19 b(A)14 b(direct)h
(consequence)h(of)e(this)g(requiremen)o(t)f(is)h(the)h(inabilit)o(y)d(of)h(a)
g(completely)g(stateless)j(visa-router)-90 502 y(to)e(supp)q(ort)g(visa)g
(rev)o(o)q(cation.)-90 641 y Fv(3.7.5)55 b(Co)n(v)n(erage)19
b(of)g(P)n(ac)n(k)n(et)g(Signatures)-90 735 y Fx(In)d(the)h(con)o(text)g(of)e
(this)h(section,)h(a)f(pac)o(k)o(et)g(is)g(comp)q(osed)g(of)f(t)o(w)o(o)h(p)q
(ortions:)22 b(net)o(w)o(ork-la)o(y)o(er)16 b(header)h(and)f(data.)24
b(As)17 b(discussed)g(in)-90 785 y(Section)f(3.3,)f(data)h(authen)o(ticit)o
(y)g(is)g(one)g(of)f(our)h(primary)f(goals.)23 b(Hence,)18
b(there)f(is)f(no)f(question)i(as)f(to)g(whether)h(or)f(not)g(the)g(data)-90
835 y(p)q(ortion)11 b(needs)h(to)f(co)o(v)o(ered)h(b)o(y)f(the)g(pac)o(k)o
(et)h(signature.)17 b(Net)o(w)o(ork)12 b(header)g(is)e(a)h(di\013eren)o(t)h
(matter,)f(ho)o(w)o(ev)o(er.)17 b(A)11 b(t)o(ypical)f(net)o(w)o(ork-la)o(y)o
(er)-90 884 y(header)15 b(con)o(tains)g(addressing)g(information)c(suc)o(h)k
(as)f(source)i(and)e(destination)g(end-system)h(addresses,)h(pac)o(k)o(et)f
(sequence)h(n)o(um)o(b)q(er,)-90 934 y(pac)o(k)o(et)e(length)g(and)g(other)g
(\014elds.)19 b(\(Figure)14 b(3.3)f(depicts)i(the)f(IP)g([73)o(])g(datagram)e
(header,)i(for)g(example\).)-28 1002 y(An)o(y)19 b(header)h(\014eld)g(not)f
(co)o(v)o(ered)h(b)o(y)f(the)h(pac)o(k)o(et)f(signature)h(lea)o(v)o(es)f(a)g
(p)q(oten)o(tial)f(co)o(v)o(ert)i(c)o(hannel,)g(since)g(an)f(in)o(truder)h
(could)-90 1052 y(trap)d(a)g(v)n(alid)f(pac)o(k)o(et,)h(c)o(hange)h(the)g
(unc)o(hec)o(k)o(ed)g(\014eld,)g(and)e(forw)o(ard)h(the)h(mo)q(di\014ed)e
(cop)o(y)h(without)f(raising)h(suspicion.)27 b(W)m(e)17 b(could)-90
1102 y(protect)12 b(against)e(this)h(b)o(y)g(including)f(the)i(en)o(tire)f
(net)o(w)o(ork-la)o(y)o(er)g(header)h(under)f(the)h(pac)o(k)o(et)f
(signature,)h(but)f(in)f(most)g(in)o(ternet)o(w)o(orking)-90
1151 y(proto)q(cols)15 b(there)i(are)e(some)f(header)i(\014elds)f(that)h(are)
f(mo)q(di\014ed)f(b)o(y)g(the)i(in)o(termediate)e(routers,)i(and)f(hence)h
(cannot)g(b)q(e)f(included)g(in)-90 1201 y(the)g(signature.)20
b(\(All)14 b(routers)i(ma)o(y)d(ha)o(v)o(e)h(to)g(mo)q(dify)f(the)i(header,)g
(not)f(just)h(visa-routers,)g(and)f(w)o(e)h(assume)f(that)h(non-visa)f
(routers)-90 1251 y(do)g(no)f(regenerate)j(the)f(signature.)j(If)c(a)f
(public-k)o(ey)h(metho)q(d)f(is)g(used,)i(not)f(ev)o(en)g(visa-routers)h(can)
f(do)f(so.\))-28 1319 y(F)m(or)f(example,)f(there)i(are)g(t)o(w)o(o)e(suc)o
(h)i(v)n(ariable)e(\014elds)h(in)g(the)h(IP)f(proto)q(col.)17
b(One)c(is)f(the)h(header)g(c)o(hec)o(ksum;)f(this)g(cannot)g(b)q(e)h(forged)
-90 1369 y(b)q(ecause)i(it)e(is)g(a)h(function)f(of)f(the)j(other)f(\014elds)
f(in)g(the)h(header,)g(and)g(is)f(already)g(recomputed)h(b)o(y)f(eac)o(h)h
(IP)f(router.)19 b(The)14 b(other)g(is)f(the)-90 1418 y(8-bit)h
Fw(Time-T)m(o-Live)g Fx(\(TTL\))h(\014eld,)f(used)i(to)f(prev)o(en)o(t)h(pac)
o(k)o(et)f(from)e(lo)q(oping)g(forev)o(er.)22 b(The)15 b(TTL)g(m)o(ust)e(b)q
(e)j(decremen)o(ted)g(b)o(y)e(eac)o(h)-90 1468 y(IP)g(router,)g(and)f(m)o
(ust)g(nev)o(er)i(b)q(e)f(incremen)o(ted.)k(An)c(in)o(truder)g(could)g(comm)o
(uni)o(cate)e(appro)o(ximately)f(6)i(or)h(7)f(bits)h(p)q(er)h(datagram)c(b)o
(y)-90 1518 y(manipulating)g(the)j(initial)e(v)n(alue)h(of)h(the)g(TTL)g
(\014eld)g(in)f(copies)i(of)e(otherwise)i(v)n(alidly-signed)d(pac)o(k)o(ets.)
-28 1586 y(If)i(this)h(co)o(v)o(ert)g(c)o(hannel)g(is)f(a)g(reason)h(for)f
(concern,)i(there)g(are)f(a)f(n)o(um)o(b)q(er)g(of)g(steps)h(that)g(can)g(b)q
(e)g(tak)o(en.)20 b(The)15 b(en)o(try)g(visa-router)-90 1635
y(\()p Fq(GW)-2 1641 y Fp(b)15 1635 y Fx(\))f(can)g(use)g(the)h(kno)o(wledge)
e(of)g(its)h(AD)g(top)q(ology)e(to)i(reduce)h(the)g(TTL)e(v)n(alue)h(to)f
(the)i(minim)n(um)9 b(necessary)16 b(for)d(the)i(pac)o(k)o(et)f(to)-90
1685 y(safely)d(arriv)o(e)g(at)g Fq(H)221 1691 y Fp(b)237 1685
y Fx(,)h(thereb)o(y)g(reducing)g(the)g(bandwidth)f(of)f(this)i(co)o(v)o(ert)f
(c)o(hannel.)18 b(Alternativ)o(ely)m(,)10 b Fq(GW)1587 1691
y Fp(b)1615 1685 y Fx(could)h(alw)o(a)o(ys)f(set)i(the)g(TTL)-90
1735 y(to)k(its)h(maxim)n(um)12 b(v)n(alue.)26 b(\(Ho)o(w)o(ev)o(er,)17
b(this)g(w)o(ould)f(violate)f(the)i(letter)h(of)e(the)h(IP)g(sp)q
(eci\014cation,)g(and)g(migh)o(t)d(confound)j(proto)q(cols)-90
1785 y(that)d(use)h(the)f(TTL)g(\014eld)g(to)g(limit)d(the)j(lifetime)e(of)h
(a)h(pac)o(k)o(et\).)-28 1853 y(Another)h(issue)g(has)g(to)f(do)g(with)g(the)
g(addressing)h(information)d(in)h(the)i(net)o(w)o(ork)g(header.)20
b(Recall)13 b(that)i(visas)f(are)g(issued)h(on)f(the)-90 1902
y(basis)g(of)f(the)i(source)g(and)f(destination)f(end-system)h(addresses)i
(\(sometimes,)c(along)h(with)h(the)g(transp)q(ort-la)o(y)o(er)g(proto)q(col)g
(n)o(um)o(b)q(er\).)-90 1952 y(As)19 b(describ)q(ed)h(in)e(Section)g(3.6.2,)g
(eac)o(h)g(visa-related)h(data)f(pac)o(k)o(et)g(carries)i(a)e(visa)f(iden)o
(ti\014er)i(\()p Fq(T)6 b(S)1555 1958 y Fp(a)1576 1952 y Fx(\).)31
b(This)18 b(iden)o(ti\014er)h(is)f(stored)-90 2002 y(alongside)d(the)i(t)o(w)
o(o)e(end-system)h(addresses)i(in)e(visa-tables)f(of)h(b)q(oth)g
Fq(GW)1128 2008 y Fp(a)1163 2002 y Fx(and)g Fq(GW)1318 2008
y Fp(b)1335 2002 y Fx(.)24 b(Since)16 b(a)g(visa-router)g(still)f(has)h(to)g
(consult)-90 2052 y(its)g(visa-table)g(to)g(lo)q(ok)f(up)h(the)h(visa-k)o(ey)
m(,)f(it)f(can)i(\(inexp)q(ensiv)o(ely\))g(v)o(erify)e(the)i
Fq(H)1251 2058 y Fp(a)1271 2052 y Fq(;)7 b(H)1325 2058 y Fp(b)1356
2052 y Fx(addresses)19 b(as)d(w)o(ell.)24 b(Therefore,)18 b(it)e(can)g(b)q(e)
-90 2102 y(argued)g(that)g(end-system)f(addresses)j(and)e(other)g
(information)d(\(e.g.,)i(t)o(yp)q(e-of-service,)h(transp)q(ort)h(proto)q
(col,)e(etc.\))25 b(that)15 b(is)h(stored)-90 2151 y(in)d(the)i(visa-table)e
(en)o(try)i(do)q(es)f(not)g(need)h(to)f(b)q(e)g(protected)i(b)o(y)d(the)i
(pac)o(k)o(et)f(signature.)-90 2290 y Fv(3.7.6)55 b(F)-5 b(ragmen)n(tation)
-90 2385 y Fx(In)14 b(a)g(n)o(um)o(b)q(er)f(of)g(in)o(ternet)o(w)o(orking)h
(proto)q(cols)g(\(e.g.,)f(IP\))h(a)g(router)g(ma)o(y)e(ha)o(v)o(e)i(to)g
(fragmen)o(t)e(a)i(pac)o(k)o(et)g(if)f(it)h(cannot)g(b)q(e)g(transmitted)-90
2434 y(in)i(a)h(single)f(unit.)26 b(Data)16 b(signatures)i(complicate)d(the)i
(use)h(of)e(fragmen)o(tation)e(since)k(the)f(fragmen)o(ts)f(m)o(ust)g(app)q
(ear)h(to)f(ha)o(v)o(e)h(b)q(een)-90 2484 y(signed)i(b)o(y)g
Fq(H)140 2490 y Fp(sr)q(c)189 2484 y Fx(,)g(but)h(the)g(signatures)f(w)o
(ould)g(ha)o(v)o(e)g(to)g(b)q(e)g(computed)g(b)o(y)g(the)g(fragmen)o(ting)e
(router.)35 b(With)18 b(signatures)i(based)-90 2534 y(on)e(con)o(v)o(en)o
(tional)e(cryptograph)o(y)m(,)i(fragmen)o(tation)e(is)i(a)f(problem)g(b)q
(ecause)i(only)e(a)h(visa-router)g(can)g(do)g(it)f(while)g(preserving)i(the)
-90 2584 y(data)14 b(signatures.)20 b(With)14 b(public-k)o(ey)g(signatures,)h
(this)f(is)h(imp)q(ossible,)d(since)j(only)f(the)h(originating)d(end-system)j
(can)f(compute)g(the)-90 2634 y(signature.)2028 2770 y(33)p
eop
%%Page: 34 9
bop 150 -150 a
 26049576 21313290 0 0 40258437 52099153 startTexFig
150 -150 a
%%BeginDocument: iphdr.ps
/FMversion (2.0) def 
/FrameDict 170 dict def 
systemdict /errordict known not { /errordict 10 dict def
		errordict /rangecheck { stop } put } if
FrameDict /tmprangecheck errordict /rangecheck get put 
errordict /rangecheck {FrameDict /bug true put} put 
FrameDict /bug false put 
mark 
currentfile 5 string readline
00
0000000000
cleartomark 
errordict /rangecheck FrameDict /tmprangecheck get put 
FrameDict /bug get { 
	/readline {
		/gstring exch def
		/gfile exch def
		/gindex 0 def
		{
			gfile read pop 
			dup 10 eq {exit} if 
			dup 13 eq {exit} if 
			gstring exch gindex exch put 
			/gindex gindex 1 add def 
		} loop
		pop 
		gstring 0 gindex getinterval true 
		} def
	} if
/FMVERSION {
	FMversion ne {
		/Times-Roman findfont 18 scalefont setfont
		100 100 moveto
		(FrameMaker version does not match postscript_prolog!)
		dup =
		show showpage
		} if
	} def 
/FMLOCAL {
	FrameDict begin
	0 def 
	end 
	} def 
	/gstring FMLOCAL
	/gfile FMLOCAL
	/gindex FMLOCAL
	/orgxfer FMLOCAL
	/orgproc FMLOCAL
	/organgle FMLOCAL
	/orgfreq FMLOCAL
	FrameDict /graymode true put
	/yscale FMLOCAL
	/xscale FMLOCAL
	/PrintInColor systemdict /colorimage known def
PrintInColor 
	
	{
	/HUE 0 def
	/SAT 0 def
	/BRIGHT 0 def
	% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
	/Colors   
	[[0    0  ]    % black
	 [0    0  ]    % white
	 [0.00 1.0]    % red
	 [0.37 1.0]    % green
	 [0.60 1.0]    % blue
	 [0.50 1.0]    % cyan
	 [0.83 1.0]    % magenta
	 [0.16 1.0]    % comment
	 ] def
      
	/BEGINBITMAPCOLOR { 
		BITMAPCOLOR } def
	/BEGINBITMAPCOLORc { 
		BITMAPCOLORc } def
	/K { 
		Colors exch get dup
		0 get /HUE exch store 
		1 get /BRIGHT exch store
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} def
	/mysetgray { 
		/SAT exch 1.0 exch sub store 
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} bind def
	}
	
	{
	/BEGINBITMAPCOLOR { 
		BITMAPGRAY } def
	/BEGINBITMAPCOLORc { 
		BITMAPGRAYc } def
	/mysetgray { setgray } bind def
	/K { 
		pop
		} def
	}
ifelse
/max	{2 copy lt {exch} if pop} bind def
/min	{2 copy gt {exch} if pop} bind def
/mtx matrix defaultmatrix def
/setmanualfeed {
	 statusdict /manualfeed true put
	} def
/FMDOCUMENT { 
	array /FMfonts exch def
	/#copies exch def
	0 ne dup {setmanualfeed} if
	FrameDict begin
	/manualfeed exch def
	/paperheight exch def
	/paperwidth exch def
	setpapername
	manualfeed {true} {papersize} ifelse 
	{manualpapersize} {false} ifelse 
	{desperatepapersize} if
	/yscale exch def
	/xscale exch def
	currenttransfer cvlit /orgxfer exch def
	currentscreen cvlit /orgproc exch def
	/organgle exch def /orgfreq exch def
	end 
	} def 
	/pagesave FMLOCAL
	/orgmatrix FMLOCAL
	/landscape FMLOCAL
/FMBEGINPAGE {  
	FrameDict begin 
	/pagesave save def
	3.86 setmiterlimit
	/landscape exch 0 ne store
	landscape { 
		90 rotate 0 exch neg translate pop 
		}
		{ pop pop }
		ifelse
	xscale yscale scale
	/orgmatrix matrix def
	gsave 
	} def 
/FMENDPAGE {
	grestore 
	pagesave restore
	end 
	showpage
	} def 
	/fontname FMLOCAL
	/fontscale FMLOCAL
	/fontnum FMLOCAL
	/fontdict FMLOCAL
/FMDEFINEFONT {
	FrameDict begin
	/fontname exch def
	/fontscale exch def
	/fontnum exch def
	/fontdict fontname findfont fontscale scalefont def
	fontdict /Encoding get StandardEncoding eq
	{
		fontdict DiacriticEncode 
		/fontdict exch def
	} {
		fontdict NonDiacriticEncode
		/fontdict exch def
	} ifelse
	FMfonts fontnum
		fontnum fontdict definefont
	put
	end 
	} def 
/FMNORMALIZEGRAPHICS { 
	newpath
	0.0 0.0 moveto
	1 setlinewidth
	0 setlinecap
	0 mysetgray
	} bind def
/FMBEGINEPSF { 
	end 
	/FMEPSF save def
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall 
	fx fy translate 
	rotate
	fw urx llx sub div fh ury lly sub div scale 
	llx neg lly neg translate 
	} bind def
/FMENDEPSF {
	FMEPSF restore
	FrameDict begin 
	} bind def
FrameDict begin 
/pagedimen { 
	paperheight sub abs 16 lt exch 
	paperwidth sub abs 16 lt and
	{/papername exch def} {pop} ifelse
	} def
/inch {72 mul} def
/setpapername { 
	/papersizedict 14 dict def 
	papersizedict begin
	/papername /unknown def 
		/Letter 8.5 inch 11.0 inch pagedimen
		/LetterSmall 7.68 inch 10.16 inch pagedimen
		/Tabloid 11.0 inch 17.0 inch pagedimen
		/Ledger 17.0 inch 11.0 inch pagedimen
		/Legal 8.5 inch 14.0 inch pagedimen
		/Statement 5.5 inch 8.5 inch pagedimen
		/Executive 7.5 inch 10.0 inch pagedimen
		/A3 11.69 inch 16.5 inch pagedimen
		/A4 8.26 inch 11.69 inch pagedimen
		/A4Small 7.47 inch 10.85 inch pagedimen
		/B4 10.125 inch 14.33 inch pagedimen
		/B5 7.16 inch 10.125 inch pagedimen
	end
	} def
/papersize {
	papersizedict begin
		/Letter {lettertray} def
		/LetterSmall {lettertray lettersmall} def
		/Tabloid {11x17tray} def
		/Ledger {ledgertray} def
		/Legal {legaltray} def
		/Statement {statementtray} def
		/Executive {executivetray} def
		/A3 {a3tray} def
		/A4 {a4tray} def
		/A4Small {a4tray a4small} def
		/B4 {b4tray} def
		/B5 {b5tray} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	statusdict begin stopped end 
	} def
/manualpapersize {
	papersizedict begin
		/Letter {letter} def
		/LetterSmall {lettersmall} def
		/Tabloid {11x17} def
		/Ledger {ledger} def
		/Legal {legal} def
		/Statement {statement} def
		/Executive {executive} def
		/A3 {a3} def
		/A4 {a4} def
		/A4Small {a4small} def
		/B4 {b4} def
		/B5 {b5} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	stopped 
	} def
/desperatepapersize {
	statusdict /setpageparams known
		{
		paperwidth paperheight 0 1 
		statusdict begin
		{setpageparams} stopped pop 
		end
		} if
	} def
/savematrix {
	orgmatrix currentmatrix pop
	} bind def
/restorematrix {
	orgmatrix setmatrix
	} bind def
/dmatrix matrix def
/dpi    72 0 dmatrix defaultmatrix dtransform
    dup mul exch   dup mul add   sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq { pop 1 } if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/DiacriticEncoding [
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
] def
	/basefontdict FMLOCAL
	/newfontdict FMLOCAL
/DiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{dup /Encoding eq
			{exch pop DiacriticEncoding}
			{exch}
			ifelse
			newfontdict 3 1 roll put
			}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
/NonDiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{exch newfontdict 3 1 roll put}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
	/bwidth FMLOCAL
	/bpside FMLOCAL
	/bstring FMLOCAL
	/onbits FMLOCAL
	/offbits FMLOCAL
	/xindex FMLOCAL
	/yindex FMLOCAL
	/x FMLOCAL
	/y FMLOCAL
/setpattern {
	 /bwidth  exch def
	 /bpside  exch def
	 /bstring exch def
	 /onbits 0 def  /offbits 0 def
	 freq sangle landscape {90 add} if 
		{/y exch def
		 /x exch def
		 /xindex x 1 add 2 div bpside mul cvi def
		 /yindex y 1 add 2 div bpside mul cvi def
		 bstring yindex bwidth mul xindex 8 idiv add get
		 1 7 xindex 8 mod sub bitshift and 0 ne
		 {/onbits  onbits  1 add def 1}
		 {/offbits offbits 1 add def 0}
		 ifelse
		}
		setscreen
	 {} settransfer
	 offbits offbits onbits add div mysetgray
	/graymode false store
	} bind def
/grayness {
	mysetgray
	graymode not {
		/graymode true store
		orgxfer cvx settransfer
		orgfreq organgle orgproc cvx setscreen
		} if
	} bind def
/normalize {
	transform round exch round exch itransform
	} bind def
/dnormalize {
	dtransform round exch round exch idtransform
	} bind def
/lnormalize { 
	0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
	} bind def
/H { 
	lnormalize setlinewidth
	} bind def
/Z { 
	setlinecap
	} bind def
/X { 
	fillprocs exch get exec
	} bind def
/V { 
	gsave eofill grestore
	} bind def
/N { 
	stroke
	} bind def
/M {newpath moveto} bind def
/E {lineto} bind def
/D {curveto} bind def
/O {closepath} bind def
	/n FMLOCAL
/L { 
 	/n exch def
	newpath
	normalize
	moveto 
	2 1 n {pop normalize lineto} for
	} bind def
/Y { 
	L 
	closepath
	} bind def
	/x1 FMLOCAL
	/x2 FMLOCAL
	/y1 FMLOCAL
	/y2 FMLOCAL
	/rad FMLOCAL
/R { 
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	x1 y1
	x2 y1
	x2 y2
	x1 y2
	4 Y 
	} bind def
/RR { 
	/rad exch def
	normalize
	/y2 exch def
	/x2 exch def
	normalize
	/y1 exch def
	/x1 exch def
	newpath
	x1 y1 rad add moveto
	x1 y2 x2 y2 rad arcto
	x2 y2 x2 y1 rad arcto
	x2 y1 x1 y1 rad arcto
	x1 y1 x1 y2 rad arcto
	closepath
	16 {pop} repeat
	} bind def
/C { 
	grestore
	gsave
	R 
	clip
	} bind def
/U { 
	grestore
	gsave
	} bind def
/F { 
	FMfonts exch get
	setfont
	} bind def
/T { 
	moveto show
	} bind def
/RF { 
	rotate
	0 ne { -1 1 scale } if
	} bind def
/TF { 
	gsave
	moveto 
	RF
	show
	grestore
	} bind def
/P { 
	moveto
	0 32 3 2 roll widthshow
	} bind def
/PF { 
	gsave
	moveto 
	RF
	0 32 3 2 roll widthshow
	grestore
	} bind def
/S { 
	moveto
	0 exch ashow
	} bind def
/SF { 
	gsave
	moveto
	RF
	0 exch ashow
	grestore
	} bind def
/B { 
	moveto
	0 32 4 2 roll 0 exch awidthshow
	} bind def
/BF { 
	gsave
	moveto
	RF
	0 32 4 2 roll 0 exch awidthshow
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/dx FMLOCAL
	/dy FMLOCAL
	/dl FMLOCAL
	/t FMLOCAL
	/t2 FMLOCAL
	/Cos FMLOCAL
	/Sin FMLOCAL
	/r FMLOCAL
/W { 
	dnormalize
	/dy exch def
	/dx exch def
	normalize
	/y  exch def
	/x  exch def
	/dl dx dx mul dy dy mul add sqrt def
	dl 0.0 gt {
		/t currentlinewidth def
		savematrix
		/Cos dx dl div def
		/Sin dy dl div def
		/r [Cos Sin Sin neg Cos 0.0 0.0] def
		/t2 t 2.5 mul 3.5 max def
		newpath
		x y translate
		r concat
		0.0 0.0 moveto
		dl t 2.7 mul sub 0.0 rlineto
		stroke
		restorematrix
		x dx add y dy add translate
		r concat
		t 0.67 mul setlinewidth
		t 1.61 mul neg  0.0 translate
		0.0 0.0 moveto
		t2 1.7 mul neg  t2 2.0 div     moveto
		0.0 0.0 lineto
		t2 1.7 mul neg  t2 2.0 div neg lineto
		stroke
		t setlinewidth
		restorematrix
		} if
	} bind def
/G { 
	gsave
	newpath
	normalize translate 0.0 0.0 moveto 
	dnormalize scale 
	0.0 0.0 1.0 5 3 roll arc 
	closepath fill
	grestore
	} bind def
/A { 
	gsave
	savematrix
	newpath
	2 index 2 div add exch 3 index 2 div sub exch 
	normalize 2 index 2 div sub exch 3 index 2 div add exch 
	translate 
	scale 
	0.0 0.0 1.0 5 3 roll arc 
	restorematrix
	stroke
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/w FMLOCAL
	/h FMLOCAL
	/xx FMLOCAL
	/yy FMLOCAL
	/ww FMLOCAL
	/hh FMLOCAL
	/FMsaveobject FMLOCAL
	/FMoptop FMLOCAL
	/FMdicttop FMLOCAL
/BEGINPRINTCODE { 
	/FMdicttop countdictstack 1 add def 
	/FMoptop count 4 sub def 
	/FMsaveobject save def
	userdict begin 
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	3 index neg 3 index neg translate
	} bind def
/ENDPRINTCODE {
	count -1 FMoptop {pop pop} for 
	countdictstack -1 FMdicttop {pop end} for 
	FMsaveobject restore 
	} bind def
/gn { 
	0 
	{	46 mul 
		cf read pop 
		32 sub 
		dup 46 lt {exit} if 
		46 sub add 
		} loop
	add 
	} bind def
	/str FMLOCAL
/cfs { 
	/str sl string def 
	0 1 sl 1 sub {str exch val put} for 
	str def 
	} bind def
/ic [ 
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0
	{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
	{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
	{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
	{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
	{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
	{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
	{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
	{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
	{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
	] def
	/sl FMLOCAL
	/val FMLOCAL
	/ws FMLOCAL
	/im FMLOCAL
	/bs FMLOCAL
	/cs FMLOCAL
	/len FMLOCAL
	/pos FMLOCAL
/ms { 
	/sl exch def 
	/val 255 def 
	/ws cfs 
	/im cfs 
	/val 0 def 
	/bs cfs 
	/cs cfs 
	} bind def
400 ms 
/ip { 
	is 
	0 
	cf cs readline pop 
	{	ic exch get exec 
		add 
		} forall 
	pop 
	
	} bind def
/wh { 
	/len exch def 
	/pos exch def 
	ws 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/bl { 
	/len exch def 
	/pos exch def 
	bs 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/s1 1 string def
/fl { 
	/len exch def 
	/pos exch def 
	/val cf s1 readhexstring pop 0 get def
	pos 1 pos len add 1 sub {im exch val put} for
	pos len 
	} bind def
/hx { 
	3 copy getinterval 
	cf exch readhexstring pop pop 
	} bind def
	/h FMLOCAL
	/w FMLOCAL
	/d FMLOCAL
	/lb FMLOCAL
	/bitmapsave FMLOCAL
	/is FMLOCAL
	/cf FMLOCAL
/wbytes {  
	dup 
	8 eq { pop } { 1 eq { 7 add 8 idiv } { 3 add 4 idiv } ifelse } ifelse
	} bind def
/BEGINBITMAPBWc { 
	1 {} COMMONBITMAPc
	} bind def
/BEGINBITMAPGRAYc { 
	8 {} COMMONBITMAPc
	} bind def
/BEGINBITMAP2BITc { 
	2 {} COMMONBITMAPc
	} bind def
/COMMONBITMAPc { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	r                    
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} image 
	bitmapsave restore 
	grestore
	} bind def
/BEGINBITMAPBW { 
	1 {} COMMONBITMAP
	} bind def
/BEGINBITMAPGRAY { 
	8 {} COMMONBITMAP
	} bind def
/BEGINBITMAP2BIT { 
	2 {} COMMONBITMAP
	} bind def
/COMMONBITMAP { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	r                    
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } image
	bitmapsave restore 
	grestore
	} bind def
/Fmcc {
    /proc2 exch cvlit def
    /proc1 exch cvlit def
    /newproc proc1 length proc2 length add array def
    newproc 0 proc1 putinterval
    newproc proc1 length proc2 putinterval
    newproc cvx
} bind def
/colorsetup {
	currentcolortransfer
	/gryt exch def
	/blut exch def
	/grnt exch def
	/redt exch def
	/ngrayt 256 array def
	/nredt 256 array def
	/nbluet 256 array def
	/ngreent 256 array def
	0 1 255 {
		/indx exch def
		/cynu 1 red indx get 255 div sub def
		/magu 1 green indx get 255 div sub def
		/yelu 1 blue indx get 255 div sub def
		/k cynu magu min yelu min def
		/u k currentundercolorremoval exec def
		nredt indx 1 0 cynu u sub max sub redt exec put
		ngreent indx 1 0 magu u sub max sub grnt exec put
		nbluet indx 1 0 yelu u sub max sub blut exec put
		ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
	} for
	{255 mul cvi nredt exch get}
	{255 mul cvi ngreent exch get}
	{255 mul cvi nbluet exch get}
	{255 mul cvi ngrayt exch get}
	setcolortransfer
	{pop 0} setundercolorremoval
	{} setblackgeneration
	} bind def
/fakecolorsetup {
	/tran 256 string def
	0 1 255 { /ind exch def 
		tran ind
		red ind get 77 mul
		green ind get 151 mul
		blue ind get 28 mul
		add add 256 idiv put } for
	currenttransfer
	{ 255 mul cvi tran exch get 255.0 div }
	exch Fmcc settransfer
} bind def
/BITMAPCOLOR { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	colorsetup
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } {is} {is} true 3 colorimage 
	bitmapsave restore 
	grestore
	} bind def
/BITMAPCOLORc { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	colorsetup
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} {is} {is} true 3 colorimage
	bitmapsave restore 
	grestore
	} bind def
/BITMAPGRAY { 
	8 {fakecolorsetup} COMMONBITMAP
	} bind def
/BITMAPGRAYc { 
	8 {fakecolorsetup} COMMONBITMAPc
	} bind def
/ENDBITMAP {
	} bind def
end 
(2.0) FMVERSION
1 1  2 2  0 1 3 FMDOCUMENT
/fillprocs 32 array def
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 9 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<03060c183060c081> 8 1 setpattern } put
fillprocs 14 {<8040201008040201> 8 1 setpattern } put
fillprocs 15 {} put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 25 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
fillprocs 30 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 31 {} put
0 20 /Helvetica FMDEFINEFONT
1 24 /Helvetica FMDEFINEFONT
2 36 /Helvetica FMDEFINEFONT
612 792 0 FMBEGINPAGE
0 0 612 792 C
0 0 612 792 R
7 X
0 K
V
72 746 540 756 R
V
72 32.67 540 42.67 R
V
23 177.31 599 691.95 R
5 X
V
4 H
2 Z
0 X
N
23 606.18 599 606.18 2 L
1 H
N
23 520.4 599 520.4 2 L
N
23 434.63 599 434.63 2 L
N
23 348.86 599 348.86 2 L
N
23 263.08 599 263.08 2 L
N
95 691.95 95 606.18 2 L
N
167 691.95 167 606.18 2 L
N
311 691.95 311 434.63 2 L
N
167 520.4 167 434.63 2 L
N
0 F
(version) 28.89 643.11 T
(IP) 101 663.06 T
(header) 101 642.15 T
(length) 101 616.42 T
1 F
(type of) 203 657.35 T
(service) 203 636.28 T
(total length) 392 648.78 T
(identi\336cation) 86 571.58 T
(\050sequence #\051) 86 549.6 T
392 606.18 392 520.4 2 L
N
(\337ags) 327.01 567.66 T
(fragment of) 411 566.82 T
(fset) 531.89 566.82 T
(time-to-live) 41 477.23 T
(protocol) 184.01 455.25 T
(transport ) 185 477.23 T
(IP header checksum) 356 477.23 T
(source address) 229.02 381.87 T
(destination address) 210.01 304.62 T
268 163 351 181.12 R
7 X
V
N
2 F
0 X
(...) 294 175.92 T
1 F
(IP options) 262 220.86 T
0 F
(0) 17 698.38 T
(1) 162 699.34 T
(2) 307 698.38 T
(3) 449 698.38 T
(4) 591 697.43 T
FMENDPAGE
%%EndDocument
 150 -150 a
 endTexFig
701 1203 a Fx(Figure)14 b(3.3:)j(IP)d(datagram)e(header)-28
1336 y(F)m(ragmen)o(tation)j(is)h(at)h(b)q(est)h(a)e(necessary)j(evil)d([47)o
(];)h(it)f(is)h(almost)e(alw)o(a)o(ys)g(b)q(etter)k(to)d(set)i(pac)o(k)o(et)f
(sizes)h(at)e Fq(H)1770 1342 y Fp(sr)q(c)1819 1336 y Fx(,)h(to)f(mak)o(e)f
(the)-90 1386 y(b)q(est)j(p)q(ossible)f(use)h(of)e(the)h(a)o(v)n(ailable)e
(bandwidth)h(and)h(to)g(pro)o(vide)f(ac)o(kno)o(wledgemen)o(ts)g(for)h(eac)o
(h)g(transmission)f(unit.)26 b(Although)-90 1435 y(metho)q(ds)12
b(ha)o(v)o(e)h(b)q(een)h(prop)q(osed)g(for)e(accommo)q(dating)e(fragmen)o
(tation)h(while)h(preserving)i(data)f(signatures)g([88)o(],)f(w)o(e)i(insist)
e(that)h(the)-90 1485 y(source)k(end-system)f(a)o(v)o(oid)e(sending)i(pac)o
(k)o(ets)h(that)f(will)e(ha)o(v)o(e)i(to)f(b)q(e)i(fragmen)o(ted.)22
b(A)16 b(router)h(should)e(assist)i(in)e(this)h(b)o(y)f(returning)-90
1535 y(an)f(error)i(pac)o(k)o(et)f(when)g(it)f(is)g(unable)h(to)f(transmit)g
(a)g(data)g(pac)o(k)o(et)h(without)f(fragmen)o(ting)f(it;)h(in)g(fact,)g(the)
h(IP)g(proto)q(col)f(includes)h(a)-90 1585 y(mec)o(hanism)d(for)h(doing)g(so)
h(through)g(the)g(use)h(of)e(ICMP)i Fw(Destination)g(Unr)n(e)n(achable/F)m(r)
n(agmentation)g(Ne)n(e)n(de)n(d)f Fx(message)g([74)o(].)-90
1723 y Fv(3.7.7)55 b(Loss)19 b(of)g(State)-90 1818 y Fx(Reliable)d(state)i
(in)f(visa-routers)h(\(i.e.,)f(visa-tables\))h(is)f(one)h(of)e(the)i
(fundamen)o(tal)e(features)i(and)f(requiremen)o(ts)h(of)f Fw(Visa)g
Fx(proto)q(col)-90 1868 y(presen)o(ted)j(in)c(this)i(c)o(hapter.)29
b(Nev)o(ertheless,)21 b(it)c(is)g(unreasonable)h(to)f(exp)q(ect)i
(visa-routers)f(to)f(b)q(e)h(non-fault)o(y)e(at)i(all)e(times.)28
b(The)-90 1918 y(implication)8 b(is)j(that)g(loss)g(of)f(state)i(in)f
(visa-routers)g(ma)o(y)f(o)q(ccur)i(infrequen)o(tly)f(and)f(pro)o(visions)h
(m)o(ust)f(b)q(e)i(made)d(for)i(the)h(reinstatemen)o(t)-90
1967 y(of)20 b(state)i(after)f(when)g(a)g(visa-router)g(b)q(ecomes)g(op)q
(erational.)38 b(F)m(or)20 b(this)h(reason,)h(an)f(initializing)d
(visa-router)j(sends)h(a)f(sp)q(ecial)-90 2017 y(R)o(OUTER-UP)11
b(pac)o(k)o(et)i(to)e(its)h(lo)q(cal)f(A)o(CS.)g(\(Visa-routers)i(are)f
(required)g(to)g(k)o(eep)g(lo)q(cal)f(A)o(CS)h(address\(es\))i(in)d(stable)h
(storage\).)18 b(Up)q(on)-90 2067 y(receipt)e(of)e(a)g(R)o(OUTER-UP)m(,)f(A)o
(CS)i(replies)g(with)f(one)g(or)h(more)e(VISA-LIST)i(pac)o(k)o(ets)g(whic)o
(h)f(con)o(tain)g(a)h(set)g(of)f(all)f(curren)o(tly)j(v)n(alid)-90
2117 y(visas)e(issued)h(to)f(the)h(visa-router)f(in)g(question.)19
b(The)c(format)d(of)i(a)g(VISA-LIST)g(is)g(similar)e(to)i(that)g(of)f(a)h
Fw(Visa)g Fx(pac)o(k)o(et,)g(except)i(that)-90 2167 y(it)e(con)o(tains)f(m)o
(ultiple)f(visa)h(records.)20 b(R)o(OUTER-UP)14 b(only)f(sp)q(eci\014es)i
(the)g(iden)o(tit)o(y)e(of)h(the)g(initializing)d(visa-router.)1797
2152 y Ft(6)-28 2234 y Fx(In)k(spite)g(of)f(the)h(mec)o(hanism)d(describ)q
(ed)k(herein,)f(not)g(all)e(state)i(can)g(b)q(e)g(e\013ectiv)o(ely)g(reco)o
(v)o(ered.)22 b(In)15 b(particular,)f(visa)g(expiration)-90
2284 y(conditions)k(suc)o(h)i(as)f(inactivit)o(y)e(timeouts,)i(data)f(and)h
(pac)o(k)o(et)g(limits)e(require)i(main)o(taining)d(state)j(\(i.e.,)g(usage)g
(meters\))g(that)g(is)-90 2334 y(up)q(dated)11 b(on)e(a)h(p)q(er)g(pac)o(k)o
(et)h(basis.)16 b(Unless)11 b(it)f(is)f(k)o(ept)h(in)g(stable)g(storage)g
(\(an)g(unreasonable)g(requiremen)o(t\),)h(this)e(state)i(is)f(irreco)o(v)o
(erably)-90 2384 y(lost)k(when)g(a)g(visa-router)g(fails.)p
-90 2456 864 2 v -44 2483 a Fj(6)-26 2495 y Fi(An)f(in)o(truder)d
(masqueradin)o(g)g(as)j(a)f(legitimate)e(visa-router)g(ma)o(y)i(generate)e(R)
o(OUTER-UP)15 b(pac)o(k)o(ets,)c(ho)o(w)o(ev)o(er,)h(visas)g(con)o(tained)e
(in)i(the)g(subsequen)o(t)-90 2534 y(VISA-LIST)g(are)e(only)h(in)o
(telligible)d(to)j(gen)o(uine)f(visa-routers.)2028 2770 y Fx(34)p
eop
%%Page: 35 10
bop -90 -108 a Fv(3.7.8)55 b(Stateful)18 b(Mo)r(del)-90 -14
y Fx(In)h(this)g(section,)i(w)o(e)e(summarize)e(the)j(reasons)g(for)f
(selecting)h(stateful)f(o)o(v)o(er)g(stateless)i(visa-router)e(mo)q(del.)33
b(There)20 b(are)f(sev)o(eral)-90 36 y(incen)o(tiv)o(es)14
b(for)g(main)o(taining)c(state)15 b(in)f(visa-routers:)-28
137 y Fu(\017)21 b Fx(Repla)o(y)13 b(prev)o(en)o(tion)14 187
y(As)19 b(discussed)h(in)e(Section)h(3.7.2,)e(it)i(is)f(imp)q(ossible)f(to)h
(detect)i(repla)o(y)o(ed)f(pac)o(k)o(ets)g(in)f(a)g(visa-router)h(without)f
(main)o(taining)14 236 y(state.)g(This)13 b(is)f(b)q(est)i(illustrated)e(b)o
(y)g(a)h(situation)e(whereb)o(y)j(an)e(in)o(truder)h(simply)e(duplicates)i
(eac)o(h)g(v)n(alid)e(pac)o(k)o(et)i(and)f(forw)o(ards)14 286
y(it)17 b(imm)o(ediately)d(after)k(the)f(original.)26 b(Because)19
b(the)f(t)o(w)o(o)f(pac)o(k)o(ets)h(are)f Fw(b)n(ack-to-b)n(ack)p
Fx(,)h(ev)o(en)g(if)e Fq(GW)1649 292 y Fp(a)1686 286 y Fx(has)i(some)e(idea)h
(of)f(the)14 336 y Fq(H)49 342 y Fp(a)80 336 y Fu(!)11 b Fq(GW)205
342 y Fp(a)239 336 y Fx(dela)o(y)m(,)h(it)i(w)o(ould)f(accept)i(b)q(oth)f
(pac)o(k)o(ets)h(as)f(v)n(alid.)-28 419 y Fu(\017)21 b Fx(Visa)13
b(expiration)h(b)o(y)f(means)g(other)i(than)f(timeouts)14 469
y(In)g(order)h(to)f(expire)h(visas)g(b)o(y)f(means)f(of)h(data,)f(pac)o(k)o
(et)i(or)g(idle-time)d(limits,)g(a)i(visa-router)g(m)o(ust)g(main)o(tain)d
(running)j(tallies.)14 519 y(This)g(is)f(imp)q(ossible)g(to)g(ac)o(hiev)o(e)h
(with)g(a)g(stateless)h(router)g(mo)q(del.)-28 602 y Fu(\017)21
b Fx(Visa)13 b(rev)o(o)q(cation)14 651 y(If)g(an)h(A)o(CS)g(decides)h(that)f
(it)f(no)h(longer)g(trusts)h(a)e(previously)h(appro)o(v)o(ed)g(connection,)g
(it)f(ma)o(y)f(need)j(to)f(rev)o(ok)o(e)g(a)g(visa)f(prema-)14
701 y(turely)m(.)18 b(As)c(describ)q(ed)i(in)e(Section)g(3.7.4,)e(A)o(CS)i
(explicitly)f(noti\014es)h(the)h(appropriate)f(visa-router)g(\(via)f(a)h(REV)
o(OKE)g(pac)o(k)o(et\))14 751 y(that)j(a)h(certain)g(visa)f(is)g(no)g(longer)
h(v)n(alid.)27 b(T)m(o)17 b(uphold)g(the)h(rev)o(o)q(cation)f(of)g(a)h(visa,)
f(i.e.,)g(to)g(let)h(no)f(more)g(pac)o(k)o(ets)h(b)q(earing)14
801 y(deriv)o(ed)c(visa-stamps)f(through,)g(the)i(visa-router)f(has)g(to)g
(main)o(tain)d(a)i(record)i(\(state\))g(with)f(resp)q(ect)i(to)e(the)g(rev)o
(ok)o(ed)h(visa.)-28 884 y Fu(\017)21 b Fx(In)o(terpla)o(y)13
b(with)h(transit)g(p)q(olicy)f(enforcemen)o(t)14 934 y(A)g(\014nal)g(reason)i
(has)e(to)h(do)f(with)g(the)h(in)o(tegration)f(of)g(stub)h(and)g(transit)f(p)
q(olicy)g(enforcemen)o(t)h(mec)o(hanisms.)i(As)e(describ)q(ed)h(in)14
984 y(the)f(next)g(c)o(hapter,)f(transit)h(p)q(olicy)f(enforcemen)o(t)g(in)g
(stub)h(ADs)f(also)g(tak)o(es)h(place)f(at)g(AD)h(b)q(oundaries)f(in)g(en)o
(tities)h(referred)h(to)14 1033 y(as)f Fw(Policy)g(Gateways)g
Fx(\(PGs\).)k(As)d(it)e(turns)h(out,)g(eac)o(h)g(PG)f(in)h(a)f(stub)h(AD)g
(main)o(tains)d(a)j(table)f(of)g(end-system)h(pairs)g(that)g(are)14
1083 y(engaged)h(in)g(in)o(ter-AD)h(comm)o(unicatio)o(n.)k(The)c(purp)q(ose)g
(of)f(this)h(table)f(is)g(to)g(map)f(end-system)i(pairs)f(in)o(to)g
(so-called)g Fw(Policy)14 1133 y(R)n(outes)p Fx(.)23 b(Although)15
b(a)g(PG)g(and)h(a)f(visa-router)h(are)g(logically)d(distinct,)i(for)h(the)g
(most)e(part,)h(they)h(share)h(the)f(same)e(ph)o(ysical)14
1183 y(lo)q(cation.)-90 1338 y Fs(3.8)70 b(Securit)n(y)21 b(Analysis)-90
1447 y Fx(In)13 b(this)g(section)h(w)o(e)f(address)i(the)f(securit)o(y)g(of)e
Fw(Visa)h Fx(proto)q(col)g(presen)o(ted)i(earlier)e(in)g(the)h(c)o(hapter.)19
b(As)13 b(men)o(tioned)f(b)q(efore,)i(in)o(tra-AD)-90 1497
y(messages)h(and)f(other)h(in)o(tra-AD)f(comm)o(unication)d(is)k(assumed)f
(to)g(b)q(e)i(secure)g(and)f(eac)o(h)g(AD)f(is)g(assumed)h(to)f(emplo)o(y)f
(an)h(authen)o(ti-)-90 1546 y(cation)f(mec)o(hanism)e(of)h(su\016cien)o(t)i
(strength.)19 b(What)13 b(remains)f(to)h(b)q(e)g(sho)o(wn)h(is)f(the)g
(securit)o(y)i(of)d(the)i(in)o(ter-AD)f(comm)o(unication,)c(i.e.,)-90
1596 y(the)14 b(t)o(w)o(o)g(messages)g(exc)o(hanged)g(among)e
Fq(AC)s(S)659 1602 y Fp(a)693 1596 y Fx(and)i Fq(AC)s(S)863
1602 y Fp(b)894 1596 y Fx(as)g(part)g(of)f(the)i(setup)g(phase)f(and)g(the)g
(subsequen)o(t)i(data)d(pac)o(k)o(ets.)-28 1664 y(F)m(or)f(eac)o(h)g(of)g
(these)h(messages,)f(t)o(w)o(o)g(securit)o(y)h(issues)g(are)g(of)e(in)o
(terest:)18 b(i\))12 b(whether)h(or)f(not)g(the)h(message)f(con)o(v)o(eys)g
(the)h(information)-90 1714 y(necessary)g(to)e(establish)g(its)g(origin,)f
(authen)o(ticate)i(its)f(con)o(ten)o(ts)h(and)f(assure)i(freshness,)g(and)e
(ii\))f(whether)i(it)f(can)g(b)q(e)h(used)g(maliciously)-90
1763 y(\(e.g.,)h(if)g(it)g(is)h(in)o(tercepted)i(b)o(y)d(an)h(in)o(truder\))h
(to)f(ac)o(hiev)o(e)g(unauthorized)g(or)g(otherwise)h(compromised)d(comm)o
(uni)o(cation.)-90 1902 y Fv(3.8.1)55 b(VISA-REQUEST)-90 1992
y Fx(The)14 b(\014rst)h(in)o(ter-AD)f(message)f(in)h(the)g(setup)h(phase)g
(is)f(the)g(VISA-REQUEST:)655 2073 y Fo(AC)s(S)737 2077 y Fm(a)767
2073 y Fn(=)-6 b Fl(\))10 b Fo(AC)s(S)921 2077 y Fm(b)948 2073
y Fn(:)g Fo(V)f(I)s(S)r(A)g Fl(\000)f Fo(RE)r(QU)t(E)r(S)r(T)-1407
b Fn(\(3.8\))581 2154 y Fo(V)9 b(I)s(S)r(A)f Fl(\000)h Fo(RE)r(QU)t(E)r(S)r
(T)29 b Fn(=)21 b([)10 b Fo(H)1062 2158 y Fm(a)1081 2154 y
Fo(;)c(H)1130 2158 y Fm(b)1145 2154 y Fo(;)g(T)f(S)1212 2158
y Fm(a)1243 2154 y Fn(])1265 2136 y Fm(D)q(K)1317 2142 y Fk(AC)q(S)1379
2146 y(a)-90 2154 y Fn(\(3.9\))-90 2221 y Fx(Up)q(on)10 b(its)g(arriv)n(al,)f
Fq(AC)s(S)301 2227 y Fp(b)328 2221 y Fx(has)h(to)g(v)o(erify)g(that)g
Fq(AC)s(S)732 2227 y Fp(a)762 2221 y Fx(originated)g Fr(this)f(exact)h
Fx(pac)o(k)o(et)h Fr(recen)o(tly)p Fx(.)j(Once)e Fq(AC)s(S)1677
2227 y Fp(b)1704 2221 y Fx(obtains)d Fq(C)s(E)r(RT)1967 2227
y Fp(AC)r(S)2038 2231 y Fk(a)2058 2221 y Fx(,)-90 2270 y(extracts)14
b(from)e(it)g Fq(E)r(K)273 2276 y Fp(AC)r(S)344 2280 y Fk(a)378
2270 y Fx(and)h(re-computes)g(the)h(pac)o(k)o(et)f(signature)h(it)e(is)h
(assured)i(that)e(the)g(pac)o(k)o(et)h(is)f(originated)f(b)o(y)h
Fq(AC)s(S)1970 2276 y Fp(a)2003 2270 y Fx(and)-90 2320 y(is)h(authen)o(tic.)k
(Of)c(course,)h(this)f(is)f(v)o(ery)i(m)o(uc)o(h)d(dep)q(enden)o(t)k(up)q(on)
e(the)g(strength)h(of)f(the)g(signature)g(mec)o(hanism.)-28
2388 y(Both)k(timeliness)e(and)h(uniqueness)h(of)f(the)g(VISA-REQUEST)h(are)g
(established)g(b)o(y)f(examining)d(the)k Fq(T)6 b(S)1712 2394
y Fp(a)1750 2388 y Fx(\014eld.)28 b(Recall)16 b(that)-90 2438
y Fq(T)6 b(S)-35 2444 y Fp(a)3 2438 y Fx(is)17 b(the)i(timestamp)c(assigned)j
(b)o(y)f Fq(AC)s(S)651 2444 y Fp(a)671 2438 y Fx(.)29 b Fq(AC)s(S)801
2444 y Fp(a)839 2438 y Fx(is)18 b(resp)q(onsible)g(for)f(ensuring)h(that)g
(it)f(has)h(nev)o(er)h(b)q(een)f(used)h(b)q(efore.)29 b(As)-90
2488 y(describ)q(ed)16 b(in)d(Section)h(2.2.3,)e(A)o(CSs's)i(clo)q(c)o(ks)g
(are)h(not)e(necessarily)i(closely)f(sync)o(hronized,)h(i.e.,)d(a)i(certain)g
(clo)q(c)o(k)g(sk)o(ew)h(is)e(exp)q(ected.)-90 2537 y(W)m(e)h(assume,)g
(there)h(exists)g(an)g(upp)q(er)g(b)q(ound)g(\(referred)h(to)e(as)h(\001)974
2543 y Fp(T)999 2537 y Fx(\))g(on)f(the)h(clo)q(c)o(k)g(sk)o(ew)g(b)q(et)o(w)
o(een)g(an)o(y)f(t)o(w)o(o)g(A)o(CSs.)20 b(By)15 b(comparing)-90
2587 y(its)j(curren)o(t)h(clo)q(c)o(k)e(reading)h(to)f Fq(T)6
b(S)489 2593 y Fp(a)510 2587 y Fx(,)18 b Fq(AC)s(S)629 2593
y Fp(b)663 2587 y Fx(can)g(establish)g(the)g(timeliness)f(of)g(the)h
(VISA-REQUEST.)g(Ho)o(w)o(ev)o(er,)g Fw(timeliness)f Fx(is)-90
2637 y(relativ)o(e)d(to)f(\001)143 2643 y Fp(T)183 2637 y Fx(since)i(an)e(in)
o(truder)i(can)f(still)f(dela)o(y)g(a)h(VISA-REQUEST)g(for,)g(at)f(most,)f
(the)j(v)n(alue)e(of)g(\001)1634 2643 y Fp(T)1660 2637 y Fx(.)2028
2770 y(35)p eop
%%Page: 36 11
bop -28 -108 a Fx(Uniqueness)16 b(is)d(a)h(di\013eren)o(t)h(matter.)i(In)d
(order)h(to)f(establish)g(that)g(a)g(VISA-REQUEST)g(has)g(not)g(b)q(een)h
Fw(se)n(en)f Fx(b)q(efore,)h(eac)o(h)f(A)o(CS)-90 -59 y(has)j(to)f(k)o(eep)h
(state)g(in)f(the)h(form)e(of)h(a)g Fw(p)n(e)n(er-table)p Fx(.)25
b(Eac)o(h)16 b(en)o(try)h(in)f(the)h(p)q(eer-table)h(corresp)q(onds)g(to)f(a)
f(p)q(eer)h(A)o(CS)g(\(in)f(a)g(di\013eren)o(t)-90 -9 y(AD\))i(whic)o(h)h
(has)g(previously)f(comm)o(unicated)e(with)i(the)h(A)o(CS)g(in)f(question.)32
b(Among)17 b(other)i(information)d(\(suc)o(h)j(as)g(public)f(k)o(ey)-90
41 y(certi\014cates\),)d(eac)o(h)f(en)o(try)g(stores)h(the)f(timestamp)d(of)i
(the)h(last)f(VISA-REQUEST)h(b)o(y)f(the)i(corresp)q(onding)f(A)o(CS.)f(\(W)m
(e)g(refer)i(to)e(this)-90 91 y(v)n(alue)j(as)h Fq(T)6 b(S)131
76 y Fp(last)129 101 y(a)191 91 y Fx(\).)27 b(If)17 b Fq(T)6
b(S)346 97 y Fp(a)383 91 y Fq(<)17 b(T)6 b(S)489 76 y Fp(last)487
101 y(a)549 91 y Fx(,)17 b Fq(AC)s(S)667 97 y Fp(b)701 91 y
Fx(can)g(susp)q(ect)i(a)e(repla)o(y)g(attac)o(k.)27 b(Ho)o(w)o(ev)o(er,)17
b(it)g(can)g(not)g(b)q(e)h(absolutely)e(sure)i(since)-90 141
y(VISA-REQUEST)11 b(pac)o(k)o(ets)h(can)f(arriv)o(e)g(out)g(of)f(order.)18
b(If)10 b Fq(T)c(S)902 147 y Fp(a)934 141 y Fx(=)12 b Fq(T)6
b(S)1035 126 y Fp(last)1033 151 y(a)1095 141 y Fx(,)11 b(the)g(VISA-REQUEST)g
(pac)o(k)o(et)h(is)e(ob)o(viously)g(a)g(duplicate.)-28 208
y(As)j(far)f(as)h(the)g(in)o(truder)f(is)h(concerned,)h(there)g(is)e(little)f
(v)n(alue)h(in)g(a)g(VISA-REQUEST)h(pac)o(k)o(et.)18 b(It)12
b(con)o(tains)h(no)f(secret)i(\014elds)f(and)-90 258 y(it)f(only)g(rev)o
(eals)h(that)f(a)g(visa)g(for)g(comm)o(unication)d(b)q(et)o(w)o(een)14
b Fq(H)923 264 y Fp(a)955 258 y Fx(and)f Fq(H)1070 264 y Fp(b)1098
258 y Fx(has)g(b)q(een)g(requested)i(\(hence,)f(a)e(VISA-GRANT)g(ma)o(y)e
(\015o)o(w)-90 308 y(in)15 b(the)g(opp)q(osite)h(direction)f(so)q(on)g
(thereafter\).)24 b(Also,)14 b(mo)q(di\014cation)f(of)i(pac)o(k)o(et)g(data)g
(is)g Fw(unpr)n(o)n(ductive)h Fx(as)f(eac)o(h)g(VISA-REQUEST)-90
358 y(is)g(protected)h(b)o(y)e(an)h(unforgeable)f(signature.)21
b(Repla)o(y)14 b(of)g(a)g(VISA-REQUEST)i(is)e(just)h(as)g(futile)f(as)h(can)g
(b)q(e)g(seen)h(from)d(the)i(ab)q(o)o(v)o(e)-90 408 y(discussion.)-28
475 y(Another)21 b(securit)o(y-related)g(asp)q(ect)g(is)f(the)g(issue)h(of)e
(the)h(implied)e(b)q(eliefs)i(carried)g(in)g(a)f(VISA-REQUEST.)h(Sp)q
(eci\014cally)m(,)g(it)-90 525 y(con)o(v)o(eys)14 b(to)g Fq(AC)s(S)202
531 y Fp(b)233 525 y Fx(that)g(i\))f Fq(AC)s(S)453 531 y Fp(a)487
525 y Fx(authorizes)i(the)f([)p Fq(H)804 531 y Fp(a)823 525
y Fq(;)7 b(H)877 531 y Fp(b)893 525 y Fx(])13 b(comm)o(unication,)d(and)k
(ii\))f(b)q(eliev)o(es)i(that)f(the)g(requesting)h(end-system)-90
575 y Fq(H)-55 581 y Fp(a)-24 575 y Fx(is)d(authen)o(tic.)18
b Fq(AC)s(S)304 581 y Fp(b)333 575 y Fx(has)12 b(no)g(reason)g(to)g(question)
g(or)g(doubt)g(the)h(former)e(\(since)i(it)e(is)h(sub)r(ject)h(to)f
Fq(AD)1619 581 y Fp(a)1640 575 y Fx('s)g(lo)q(cal)f(p)q(olicy)g(em)o(b)q(o)q
(died)-90 625 y(in)16 b Fq(AC)s(S)50 631 y Fp(a)70 625 y Fx(\),)h(ho)o(w)o
(ev)o(er,)f(with)g(regard)h(to)f(authen)o(tication)g(of)g Fq(H)933
631 y Fp(a)953 625 y Fx(,)g Fq(AC)s(S)1070 631 y Fp(b)1103
625 y Fx(has)g(to)h Fw(take)g Fq(AC)s(S)1412 631 y Fp(a)1432
625 y Fw('s)g(wor)n(d)f(for)h(it)p Fx(.)25 b(In)16 b(other)h(w)o(ords,)f(the)
-90 674 y(end-result)d(is)f(that:)17 b Fq(AC)s(S)336 680 y
Fp(b)366 674 y Fw(b)n(elieves)c(that)g Fq(AC)s(S)685 680 y
Fp(a)719 674 y Fw(b)n(elieves)f(that)i Fq(H)984 680 y Fp(a)1016
674 y Fw(is)f(authentic)n(ate)n(d)p Fx(.)18 b(This)12 b(conclusion)g(ma)o(y)e
(b)q(e)j(to)q(o)e(w)o(eak)h(in)g(some)-90 724 y(circumstances.)19
b(In)14 b(order)g(to)g(obtain)f(a)h(stronger)h(conclusion)f(suc)o(h)g(as)g
Fq(AC)s(S)1163 730 y Fp(b)1195 724 y Fw(b)n(elieves)h(that)f
Fq(H)1463 730 y Fp(a)1498 724 y Fw(is)g(authentic)n(ate)n(d)p
Fx(,)g(either:)-39 822 y(1.)20 b Fq(AC)s(S)103 828 y Fp(b)134
822 y Fx(has)14 b(to)f(conduct)i(a)f(separate,)g(p)q(ossibly)g(higher-lev)o
(el,)f(authen)o(tication)h(dialog)e(with)h Fq(H)1545 828 y
Fp(a)1565 822 y Fx(,)g(or)-39 903 y(2.)20 b Fq(AC)s(S)103 909
y Fp(a)137 903 y Fx(has)14 b(to)g(include)g(an)f(unforgeable)h(pro)q(of)f(of)
h(iden)o(tit)o(y)f(for)h Fq(H)1093 909 y Fp(a)1126 903 y Fx(as)g(part)g(of)f
(the)i(VISA-REQUEST)-90 1000 y(The)k(second)g(c)o(hoice)g(is)f(preferable)i
(b)q(ecause)g(it)e(do)q(es)h(not)f(in)o(v)o(olv)o(e)f(relying)h(on)g(other)h
(proto)q(cols)g(and)f(in)o(tro)q(duces)i(no)e(additional)-90
1050 y(comm)o(unication)c(o)o(v)o(erhead.)30 b(Ho)o(w)o(ev)o(er,)19
b(it)e(has)h(t)o(w)o(o)f(imp)q(ortan)o(t)f(dra)o(wbac)o(ks:)26
b(i\))18 b(the)g(problem)f(of)g(scale)h(with)f(regard)i(to)e(issuing)-90
1100 y(pro)q(of-of-iden)o(tit)o(y)e(certi\014cates)j(at)f(the)g(gran)o
(ularit)o(y)e(of)h(end-systems,)h(and)f(ii\))g(the)h(additional)e(o)o(v)o
(erhead)h(incurred)i(b)o(y)e(the)h(use)h(of)-90 1150 y(public-k)o(ey)13
b(encryption)i(for)f(subsequen)o(t)h(comm)o(unication.)g(This)f(sub)r(ject)h
(is)f(discussed)h(further)g(in)e(Section)i(3.8.3)d(b)q(elo)o(w.)-90
1288 y Fv(3.8.2)55 b(VISA-GRANT)-90 1378 y Fx(VISA-GRANT)13
b(is)h(the)h(second)g(in)o(ter-AD)e(message)h(exc)o(hanged)h(as)f(part)g(of)f
(the)h(setup)h(phase.)639 1459 y Fo(AC)s(S)721 1463 y Fm(b)747
1459 y Fn(=)-6 b Fl(\))11 b Fo(AC)s(S)902 1463 y Fm(a)932 1459
y Fn(:)f Fo(V)f(I)s(S)r(A)g Fl(\000)f Fo(GRAN)t(T)1255 1441
y Fm(AC)r(S)1321 1445 y Fk(a)-90 1459 y Fn(\(3.10\))548 1541
y Fh(V)g(I)s(S)r(A)g Fg(\000)g Fh(GRAN)t(T)15 b Fi(=)10 b([)p
Fh(H)911 1545 y Fm(a)930 1541 y Fh(;)c(H)975 1547 y Fm(b)990
1541 y Fh(;)g(T)f(S)1053 1545 y Fm(a)1072 1541 y Fh(;)g Fi(\()p
Fh(S)1124 1527 y Fm(a)1122 1551 y(b)1143 1541 y Fi(\))1157
1527 y Fm(E)q(K)1206 1533 y Fk(AC)q(S)1268 1537 y(a)1290 1541
y Fi(])1300 1525 y Fm(D)q(K)1352 1531 y Fk(AC)q(S)1414 1538
y(b)-90 1541 y Fi(\(3.11\))-90 1603 y Fx(When)14 b Fq(AC)s(S)120
1609 y Fp(a)154 1603 y Fx(receiv)o(es)i(a)d(VISA-GRANT)h(pac)o(k)o(et,)g(it)f
(has)h(to:)-28 1701 y Fu(\017)21 b Fx(matc)o(h)8 b(the)i Fq(T)c(S)257
1707 y Fp(a)287 1701 y Fx(found)j(in)g(the)h(pac)o(k)o(et)g(with)f(the)h
(corresp)q(onding)g Fq(T)c(S)1110 1707 y Fp(a)1140 1701 y Fx(stored)11
b(in)e(its)g(table)h(of)e(outstanding)h(VISA-REQUESTs.)14 1751
y(A)14 b(successful)h(matc)o(h,)e(in)g(itself,)g(demonstrates)h(b)q(oth)g
(freshness)i(and)e(uniqueness)h(of)e(the)i(VISA-GRANT)e(pac)o(k)o(et.)-28
1832 y Fu(\017)21 b Fx(authen)o(ticate)g(the)g(con)o(ten)o(ts)g(of)f(the)g
(pac)o(k)o(et.)38 b(Since)21 b Fq(AC)s(S)1008 1838 y Fp(a)1048
1832 y Fx(already)f(kno)o(ws)g Fq(E)r(K)1400 1838 y Fp(AC)r(S)1471
1842 y Fk(b)1489 1832 y Fx(,)h(it)f(can)g(re-compute)h(the)g(pac)o(k)o(et)14
1882 y(signature)14 b(and)g(establish)g(that)g Fq(AC)s(S)625
1888 y Fp(b)656 1882 y Fx(originated)f(this)h(pac)o(k)o(et)g(and)g(its)g(con)
o(ten)o(ts)g(are)h(authen)o(tic.)-90 1979 y(As)e(with)g(a)g(VISA-REQUEST,)g
(an)g(in)o(truder)g(can)g(capture)h(a)f(v)n(alid)e(VISA-GRANT)i(pac)o(k)o(et)
g(and)g(attempt)f(to)h(attac)o(k)g(the)h(proto)q(col.)-90 2029
y(Ho)o(w)o(ev)o(er,)k(since)g(a)f(VISA-GRANT)f(is)h(signed)h(and)f(timestamp)
q(ed,)e(no)i(mo)q(di\014cation)e(or)i(repla)o(y)g(is)g(p)q(ossible)h(without)
e(detection.)-90 2079 y(A)g(danger)g(ev)o(en)g(gra)o(v)o(er)f(than)h
(successful)h(fabrication)e(or)g(repla)o(y)h(of)f(a)g(VISA-GRANT)g(pac)o(k)o
(et)h(is)f(the)i(p)q(ossibilit)o(y)d(of)h(an)g(in)o(truder)-90
2129 y(disco)o(v)o(ering)f Fq(S)151 2114 y Fp(a)149 2140 y(b)172
2129 y Fx(.)20 b(\(This)15 b(w)o(ould)f(p)q(ermit)f(the)i(in)o(truder)h(to)e
(generate)i(arbitrary)e("gen)o(uine")h(pac)o(k)o(ets\).)21
b(Therefore,)15 b(the)g(e\013ectiv)o(eness)-90 2178 y(of)d
Fw(Visa)g Fx(proto)q(col)h(dep)q(ends)h(to)e(a)h(great)g(exten)o(t)g(on)g
(the)g(strength)h(of)e(the)h(underlying)f(public-k)o(ey)g(encryption)h
(\(signature\))h(function.)-90 2316 y Fv(3.8.3)55 b(Data)19
b(pac)n(k)n(ets)-90 2407 y Fx(Recall)13 b(that)h(data)g(pac)o(k)o(ets)g(b)q
(elonging)f(to)h(a)g(visa)f(connection)i(ha)o(v)o(e)e(the)i(follo)o(wing)c
(structure:)417 2487 y Fo(D)q(AT)5 b(A)k Fl(\000)f Fo(P)d(AC)s(K)s(E)r(T)16
b Fn(=)10 b([)p Fo(H)s(E)r(AD)q(E)r(R;)c(D)q(AT)f(A;)h(V)j(I)s(S)r(A)g
Fl(\000)f Fo(S)r(T)d(AM)t(P)q(;)i(T)e(S)1532 2491 y Fm(a)1552
2487 y Fn(])-1653 b(\(3.12\))-90 2573 y Fx(A)14 b(data)g(pac)o(k)o(et)g
(arriving)f(at)g Fq(GW)458 2579 y Fp(a)492 2573 y Fx(or)h Fq(GW)615
2579 y Fp(b)632 2573 y Fx(,)f(has)h(to)g(sho)o(w)g(that:)-28
2670 y Fu(\017)21 b Fx(it)13 b(originated)g(at)h Fq(H)337 2676
y Fp(a)371 2670 y Fx(and)f(is)h(addressed)i(to)d Fq(H)768 2676
y Fp(b)2028 2770 y Fx(36)p eop
%%Page: 37 12
bop -28 -108 a Fu(\017)21 b Fx(it)13 b(w)o(as)h(sen)o(t)h(recen)o(tly)-28
-25 y Fu(\017)21 b Fx(it)13 b(w)o(as)h(not)g(mo)q(di\014ed)e(in)i(transit)-90
75 y(W)m(e)f(b)q(egin)h(b)o(y)g(observing)g(that)g(the)g(metho)q(d)f(b)o(y)h
(whic)o(h)g Fq(GW)898 81 y Fp(a)931 75 y Fx(determines)h(the)f(origin)f(of)g
(a)h(data)f(pac)o(k)o(et)h(is)g(the)h(v)o(eri\014cation)e(of)g(the)-90
125 y(visa-stamp)e(attac)o(hed)j(to)e(the)i(pac)o(k)o(et)f(whic)o(h)g(is)g
(computed)f(with)g(a)h(secret)i(visa-k)o(ey)m(,)d Fq(S)1323
110 y Fp(a)1321 137 y(b)1344 125 y Fx(.)17 b(In)c(addition)f(to)g
Fq(H)1671 131 y Fp(a)1691 125 y Fx(,)h Fq(S)1743 110 y Fp(a)1741
137 y(b)1776 125 y Fx(is)g(kno)o(wn)g(to)f(four)-90 175 y(other)j
(principals:)k Fq(H)261 181 y Fp(a)280 175 y Fx(,)14 b Fq(AC)s(S)395
181 y Fp(a)416 175 y Fx(,)g Fq(GW)514 181 y Fp(a)534 175 y
Fx(,)g Fq(AC)s(S)649 181 y Fp(b)680 175 y Fx(and)g Fq(GW)833
181 y Fp(b)850 175 y Fx(.)19 b(This)14 b(implies)f(that)h(an)o(y)g(of)g
(these)i(principals)e(can)g(p)q(oten)o(tially)g(generate)-90
225 y Fw(genuine)h Fx(visa-stamps.)-28 293 y(After)j(v)o(erifying)e(the)i
(visa-stamp,)e(timestamp)f(and)j(addressing)g(information)c(of)j(a)g(data)g
(pac)o(k)o(et,)h(the)g(only)f(conclusion)g(that)-90 342 y Fq(GW)-18
348 y Fp(a)17 342 y Fx(can)d(mak)o(e)g(is:)19 b Fw(the)d(p)n(acket)g(c)n
(ontents)g(ar)n(e)f(authentic,)h(the)f(p)n(acket)h(is)g(not)g(a)f(r)n(eplay,)
g(and)i(its)e(origin)g(c)n(an)h(b)n(e)g(any)g(of)f Fq(H)1933
348 y Fp(a)1953 342 y Fw(,)g Fq(GW)2053 348 y Fp(b)-90 392
y Fw(or)f Fq(AC)s(S)52 398 y Fp(b)69 392 y Fx(.)k(W)m(e)13
b(assume)g(that)h Fq(GW)475 398 y Fp(a)508 392 y Fx(b)q(eliev)o(es)g(in)g
(its)f(o)o(wn)g Fw(go)n(o)n(dness)p Fx(,)h(th)o(us)g(it)f(can)h(b)q(e)g(sure)
h(that)e(it)h(did)f(not)g(originate)g(the)h(said)f(data)-90
442 y(pac)o(k)o(et,)g(and,)f Fq(GW)214 448 y Fp(a)246 442 y
Fx(trusts)i Fq(AC)s(S)452 448 y Fp(a)485 442 y Fx(enough)f(to)f(b)q(eliev)o
(e)h(that)g Fq(AC)s(S)990 448 y Fp(a)1023 442 y Fx(did)f(not)g(originate)g
(the)h(pac)o(k)o(et.)18 b(Similarly)m(,)9 b Fq(GW)1809 448
y Fp(b)1838 442 y Fx(can)k(establish)-90 492 y(that)h(the)g(origin)f(of)g(a)h
(data)g(pac)o(k)o(et)g(can)g(b)q(e)g Fq(H)663 498 y Fp(a)683
492 y Fx(,)f Fq(GW)780 498 y Fp(a)814 492 y Fx(or)h Fq(AC)s(S)954
498 y Fp(a)974 492 y Fx(.)986 477 y Ft(7)-28 559 y Fx(The)i(uncertain)o(t)o
(y)f(ab)q(out)g(the)g(exact)h(origin)e(of)g(data)h(pac)o(k)o(ets)g(is,)g(p)q
(oten)o(tially)m(,)e(a)h(reason)i(for)f(concern.)22 b(Nonetheless,)17
b(w)o(e)e(argue)-90 609 y(that)g(the)h(o)o(v)o(erall)e(securit)o(y)i(and)f
(robustness)i(of)e Fw(Visa)g Fx(proto)q(col)g(relies)h(on)f(the)g(in)o
(vulnerabilit)o(y)f(of)g(the)i(A)o(CSs)g(and)f(visa-routers.)22
b(If)-90 659 y(the)c(securit)o(y)h(of)e(an)h(A)o(CS)f(or)h(a)g(visa-router)g
(is)f(someho)o(w)g(compromised,)f(fraudulen)o(t)h(visas)h(ma)o(y)e(b)q(e)i
(issued)h(and)e(unauthorized)-90 709 y(comm)o(unication)12
b(can)j(transpire.)22 b(On)16 b(the)f(other)h(hand,)f(it)g(is)g(w)o(orth)g
(considering,)g(if)f(only)g(for)h(academic)f(reasons,)i(what)f(it)g(w)o(ould)
-90 759 y(tak)o(e)c(to)h(remo)o(v)o(e)e(the)i(ab)q(o)o(v)o(e)g(uncertain)o(t)
o(y)m(,)f(i.e.,)f(allo)o(w)g(visa-routers)i(to)g(determine)f(the)h(source)h
(of)e(eac)o(h)h(data)f(pac)o(k)o(et)h(unam)o(biguously)l(.)-28
826 y(T)m(o)j(do)g(so)g(w)o(ould)f(require)i(that)f(eac)o(h)h(end-system)f(b)
q(e)h(able)f(to)g(certify)g(its)g(iden)o(tit)o(y)m(,)f(i.e.,)g(b)q(e)i
(uniquely)f(iden)o(ti\014able)f(b)o(y)h(a)g(some)-90 876 y(prop)q(ert)o(y)i
(that)f(can)h(b)q(e)g(used)g(to)f(sign)g(data)g(lea)o(ving)f(no)h(doubt)g(ab)
q(out)g(the)h(iden)o(tit)o(y)f(of)g(the)g(signature)h(creator.)26
b(The)17 b(immedia)o(te)-90 926 y(consequence)j(of)d(this)g(statemen)o(t)h
(is)f(that)h(con)o(v)o(en)o(tional)e(cryptograph)o(y)i(is)f(unable)g(to)h
(solv)o(e)f(the)h(problem)e(since)j(it)e(calls)g(for)g(\(at)-90
976 y(least\))f(t)o(w)o(o)f(principals)g(sharing)h(a)f(k)o(ey)m(.)23
b(\(If)15 b Fq(AC)s(S)721 982 y Fp(a)757 976 y Fx(and)h Fq(H)875
982 y Fp(a)910 976 y Fx(p)q(ossess)h(the)g(same)d(k)o(ey)m(,)h
Fq(K)1353 982 y Fp(H)1380 986 y Fk(a)1401 976 y Fx(,)h(an)o(y)f(one)h(of)f
(them)g(can)g(generate)i(data)-90 1026 y(signatures)e(with)e(that)h(k)o
(ey\).)-28 1093 y(The)19 b(only)e(remaining)e(c)o(hoice)k(is)f(the)g(use)h
(of)e(public-k)o(ey)g(cryptograph)o(y)m(.)30 b(Supp)q(ose)19
b(that)f(eac)o(h)g(participating)f(end-system)h(is)-90 1143
y(issued)c(a)f(public-k)o(ey)g(pair)h([)p Fq(E)r(K)431 1149
y Fp(H)458 1153 y Fk(a)478 1143 y Fq(;)7 b(D)q(K)567 1149 y
Fp(H)594 1153 y Fk(a)614 1143 y Fx(])13 b(and)h(a)f(corresp)q(onding)h
(certi\014cate,)h Fq(C)s(E)r(RT)1345 1149 y Fp(H)1372 1153
y Fk(a)1392 1143 y Fx(,)e(b)o(y)g(a)g(w)o(ell-kno)o(wn)g(authorit)o(y)m(.)
1902 1128 y Ft(8)1937 1143 y Fx(Instead)-90 1193 y(of)i(issuing)h(a)f
(secret,)j(con)o(v)o(en)o(tional)d(visa-k)o(ey)m(,)f Fq(AC)s(S)766
1199 y Fp(b)799 1193 y Fx(w)o(ould)h(generate)i(a)e(public-k)o(ey)h(pair,)f
([)p Fq(E)r(K)1510 1178 y Fp(a)1507 1205 y(b)1530 1193 y Fq(;)7
b(D)q(K)1622 1178 y Fp(a)1619 1205 y(b)1642 1193 y Fx(],)15
b(and)h(a)f(VISA-GRANT)-90 1243 y(pac)o(k)o(et)f(w)o(ould)f(tak)o(e)h(the)h
(form)d(of:)423 1334 y Fq(V)e(I)s(S)r(A)g Fu(\000)g Fq(GRAN)5
b(T)17 b Fx(=)12 b([)p Fq(H)854 1340 y Fp(a)873 1334 y Fq(;)7
b(H)927 1340 y Fp(b)943 1334 y Fq(;)g(T)f(S)1017 1340 y Fp(a)1037
1334 y Fq(;)h(;)g(E)r(K)1146 1317 y Fp(a)1143 1344 y(b)1165
1334 y Fq(;)g Fx(\()p Fq(D)q(K)1273 1317 y Fp(a)1270 1344 y(b)1293
1334 y Fx(\))1309 1317 y Fp(E)r(K)1363 1321 y Fk(H)1386 1325
y(a)1409 1334 y Fx(])1421 1317 y Fp(D)q(K)1477 1321 y Fk(AC)q(S)1539
1328 y(b)-90 1334 y Fx(\(3.13\))-90 1425 y(Note)13 b(that)g
Fq(S)125 1410 y Fp(a)123 1437 y(b)158 1425 y Fx(is)f(replaced)i(b)o(y)e
Fq(D)q(K)490 1410 y Fp(a)487 1437 y(b)511 1425 y Fx(,)h(the)g(secret)h
(\(signature\))g(comp)q(onen)o(t)d(of)h(the)i(public-k)o(ey)e(pair.)17
b(Because)d(it)e(is)h(encrypted)h(with)-90 1475 y Fq(E)r(K)-22
1481 y Fp(H)5 1485 y Fk(a)26 1475 y Fx(,)g Fq(D)q(K)125 1460
y Fp(a)122 1487 y(b)161 1475 y Fx(can)h(only)g(b)q(e)g(computed)g(b)o(y)g
Fq(H)675 1481 y Fp(a)694 1475 y Fx(.)21 b(Ho)o(w)o(ev)o(er,)16
b(an)o(y)o(one)e(\()p Fq(AC)s(S)1153 1481 y Fp(a)1174 1475
y Fx(,)h Fq(GW)1273 1481 y Fp(a)1292 1475 y Fx(,)g Fq(GW)1391
1481 y Fp(b)1408 1475 y Fx(,)f(etc.\))23 b(can)15 b(obtain)f(the)i(corresp)q
(onding)-90 1525 y(public)d(k)o(ey)m(,)g Fq(E)r(K)188 1510
y Fp(a)185 1537 y(b)208 1525 y Fx(.)18 b(If)13 b Fq(H)314 1531
y Fp(a)347 1525 y Fx(generates)i(data)e(pac)o(k)o(et)h(visa-stamps)e(with)h
Fq(D)q(K)1145 1510 y Fp(a)1142 1537 y(b)1166 1525 y Fx(,)g(b)q(oth)h
Fq(GW)1361 1531 y Fp(a)1394 1525 y Fx(and)g Fq(GW)1547 1531
y Fp(b)1577 1525 y Fx(can)f(trace)i(the)f(pac)o(k)o(et)g(source)-90
1575 y(to)g Fq(H)-4 1581 y Fp(a)29 1575 y Fx(as)g(no)g(other)g(en)o(tit)o(y)g
(can)g(b)q(e)h(in)e(p)q(ossession)i(of)e Fq(D)q(K)864 1560
y Fp(a)861 1587 y(b)885 1575 y Fx(.)-28 1643 y(While)f(this)h(approac)o(h)g
(results)h(in)e(somewhat)g(increased)i(proto)q(col)f(securit)o(y)m(,)g(its)g
(b)q(ene\014ts)h(are)g(out)o(w)o(eighed)e(b)o(y)h(the)g(cost)h(of)e(using)-90
1692 y(public)17 b(k)o(ey)g(encryption)h(on)f(a)g(p)q(er)h(pac)o(k)o(et)g
(basis.)28 b(Another)18 b(dra)o(wbac)o(k)f(is)g(\(as)h(alluded)f(to)g(in)g
(Section)g(3.8.1\))f(the)i(issue)g(of)e(scale)-90 1742 y(with)e(resp)q(ect)i
(to)d(certi\014cation)i(of)e(the)i(individual)c(end-systems.)19
b(Finally)m(,)11 b(one)j(of)g(the)g(fundamen)o(tal)e(proto)q(col)i
(assumptions)f(is)g(the)-90 1792 y(securit)o(y)i(of)f(the)h(A)o(CSs)g(and)f
(visa-routers.)20 b(Because)d(A)o(CSs)d(are)h(presumed)g(to)f(exercise)i
(extensiv)o(e)g(con)o(trol)e(o)o(v)o(er)g(their)h(constituen)o(t)-90
1842 y(end-systems,)f(it)g(ma)o(y)d(b)q(e)k(unreasonable)f(to)g(trust)h(an)f
(end-system)g(in)f(an)h(AD)f(whose)i(A)o(CS)f(or)g(visa-router)g(is)f(not)h
(trusted.)-90 1997 y Fs(3.9)70 b(Proto)r(col)22 b(Costs)-90
2106 y Fx(In)14 b(this)g(section)h(w)o(e)f(address)h(the)f(impact)f(of)g
Fw(Visa)h Fx(proto)q(col)g(on)f(its)h(participan)o(ts.)k(In)c(particular,)f
(w)o(e)i(consider)f(the)h(costs)g(incurred)-90 2156 y(p)q(er)g(visa)e(as)h(w)
o(ell)f(as)h(p)q(er)h(data)f(pac)o(k)o(et.)-90 2294 y Fv(3.9.1)55
b(Setup)19 b(and)g(Distribution)-90 2389 y Fx(The)j(setup)h(phase)f(in)o(v)o
(olv)o(es)f(at)h(least)g(t)o(w)o(o)f(pac)o(k)o(ets:)35 b(a)21
b(HOST-REQUEST)i(from)d Fq(H)1377 2395 y Fp(a)1418 2389 y Fx(to)i
Fq(AC)s(S)1566 2395 y Fp(a)1586 2389 y Fx(,)h(and)f(a)f(VISA-REQUEST)-90
2438 y(from)16 b Fq(AC)s(S)101 2444 y Fp(a)138 2438 y Fx(to)i
Fq(AC)s(S)282 2444 y Fp(b)298 2438 y Fx(.)29 b(The)18 b(distribution)f(phase)
h(in)o(v)o(olv)o(es)e(at)h(least)h(four)f(more)f(pac)o(k)o(ets:)26
b Fq(V)10 b(I)s(S)r(A)j Fu(\000)f Fq(GRAN)5 b(T)1792 2423 y
Fp(AC)r(S)1863 2427 y Fk(a)1882 2438 y Fx(,)18 b Fq(V)10 b(I)s(S)r(A)j
Fu(\000)p -90 2519 864 2 v -44 2546 a Fj(7)-26 2557 y Fi(Note)e(that)f(if)i
(the)e(proto)q(col)g(op)q(erates)f(correctly)m(,)g(none)h(of)h
Fh(GW)844 2561 y Fm(a)864 2557 y Fi(,)h Fh(GW)946 2563 y Fm(b)962
2557 y Fi(,)g Fh(AC)r(S)1058 2561 y Fm(a)1090 2557 y Fi(and)e
Fh(AC)r(S)1232 2563 y Fm(b)1261 2557 y Fi(ev)o(er)h(generate)e(data)h(pac)o
(k)o(ets)g(signed)g(with)h Fh(S)1893 2546 y Fm(a)1891 2570
y(b)1912 2557 y Fi(.)-44 2586 y Fj(8)-26 2597 y Fi(The)g(authorit)o(y)e(can)i
(not)f(b)q(e)h Fh(AC)r(S)450 2601 y Fm(a)482 2597 y Fi(or)h(an)o(y)e(other)g
(en)o(tit)o(y)g(in)h Fh(AD)881 2601 y Fm(a)901 2597 y Fi(,)g(for)g(ob)o
(vious)f(reasons.)2028 2770 y Fx(37)p eop
%%Page: 38 13
bop -90 -108 a Fq(GRAN)5 b(T)74 -124 y Fp(GW)131 -120 y Fk(b)148
-108 y Fx(,)13 b Fq(V)c(I)s(S)r(A)i Fu(\000)e Fq(GRAN)c(T)501
-124 y Fp(GW)558 -120 y Fk(a)591 -108 y Fx(and)14 b Fq(V)9
b(I)s(S)r(A)h Fu(\000)f Fq(GRAN)c(T)999 -124 y Fp(H)1026 -120
y Fk(a)1046 -108 y Fx(.)1058 -124 y Ft(9)1095 -108 y Fx(In)13
b(total,)g(a)g(minim)n(um)d(of)j(six)g(pac)o(k)o(ets)i(are)f(exc)o(hanged,)g
(y)o(et)-90 -59 y(only)f(t)o(w)o(o)h(of)f(the)h(six)g(tra)o(v)o(el)f(across)i
(AD)f(b)q(oundaries.)-90 80 y Fv(3.9.2)55 b(State)18 b(Ov)n(erhead)-90
174 y Fx(State)f(o)o(v)o(erhead,)f(consisting)g(of)f(storage)i(costs,)g(is)f
(in)o(tro)q(duced)h(in)e(this)i(proto)q(col)e(mainly)f(b)o(y)i(the)g(need)h
(for)f(all)f(participan)o(ts,)h(but)-90 224 y(esp)q(ecially)e(visa-routers,)g
(to)g(k)o(eep)g(visa-tables.)-28 292 y(In)h(order)g(to)f(facilitate)f(fast)h
(pac)o(k)o(et)h(switc)o(hing,)e(routers)j(often)e(use)h(sp)q(ecialized)g
(hardw)o(are)g(equipp)q(ed)g(with)f(v)o(ery)g(fast)g(memory)m(.)-90
342 y(Ho)o(w)o(ev)o(er,)h(this)g(memory)d(is)i(exp)q(ensiv)o(e)i(and,)f
(hence)h(its)f(a)o(v)n(ailabil)o(it)o(y)d(is)i(limited.)k(Therefore,)e
(storage)f(o)o(v)o(erhead)g(in)g(visa-routers)g(is)-90 391
y(of)e(particular)f(imp)q(ortance.)17 b(Its)d(ma)r(jor)d(con)o(tributing)i
(factor)g(is)g(the)h(main)o(tenance)e(of)h(a)g(visa-table)f(where)j(eac)o(h)e
(en)o(try)h(corresp)q(onds)-90 441 y(to)f(a)g(curren)o(tly)h(v)n(alid)e
(visa.)18 b(As)13 b(illustrated)h(in)e(Figure)i(3.4,)e(eac)o(h)i(en)o(try)g
(con)o(tains)f(essen)o(tially)g(the)h(same)f(information)d(as)j(carried)h(in)
-90 491 y(the)i(corresp)q(onding)g(VISA-GRANT)e(pac)o(k)o(et.)22
b(The)16 b(only)e(exception)i(is)f(that)g(visa-routers)h(m)o(ust)e(constan)o
(tly)h(monitor)e(bandwidth)-90 547 y(usage)f(of)g(individual)e(connections.)
18 b(Also,)12 b(the)g(timestamp)e(of)h(the)i(last)e(data)h(pac)o(k)o(et,)g
Fq(T)6 b(S)1357 525 y Ft(\()p Fp(a;b)p Ft(\))1355 559 y Fp(last)1441
547 y Fx(is)11 b(k)o(ept)i(in)e(order)i(to)f(i\))f(prev)o(en)o(t)i(repla)o(y)
-90 597 y(of)g(old)g(pac)o(k)o(ets,)i(and)e(ii\))g(monitor)f(the)j(inactivit)
o(y)d(time.)-28 664 y(An)g(A)o(CS)f(m)o(ust)g(also)g(k)o(eep)h(a)f(table)g
(of)g(activ)o(e)g(visas.)18 b(A)o(CS's)11 b(visa-table)g(is)g(essen)o(tially)
g(the)h(same)f(as)g(the)h(visa-router's)g(visa-table,)-90 714
y(except)18 b(A)o(CSs)f(are)g(not)g(required)g(to)g(k)o(eep)g(running)g(coun)
o(ters.)27 b(In)17 b(addition,)f(an)g(A)o(CS)h(needs)h(to)e(k)o(eep)i(a)e
Fw(p)n(e)n(er)h(A)o(CS)g Fx(table)f(whic)o(h)-90 764 y(con)o(tains)e
(certi\014cates)i(for)d(A)o(CSs)h(in)g(other)g(ADs)g(and,)f(for)h(eac)o(h)g
(p)q(eer)h(A)o(CS,)f(a)f(timestamp)f(of)h(the)i(last)e(VISA-REQUEST)i(receiv)
o(ed)-90 814 y(from)d(that)i(A)o(CS.)193 799 y Ft(10)180 863
y
 23681433 14208860 0 0 24628690 32680378 startTexFig
180 863 a
%%BeginDocument: visat.ps
/FMversion (2.0) def 
/FrameDict 170 dict def 
systemdict /errordict known not { /errordict 10 dict def
		errordict /rangecheck { stop } put } if
FrameDict /tmprangecheck errordict /rangecheck get put 
errordict /rangecheck {FrameDict /bug true put} put 
FrameDict /bug false put 
mark 
currentfile 5 string readline
00
0000000000
cleartomark 
errordict /rangecheck FrameDict /tmprangecheck get put 
FrameDict /bug get { 
	/readline {
		/gstring exch def
		/gfile exch def
		/gindex 0 def
		{
			gfile read pop 
			dup 10 eq {exit} if 
			dup 13 eq {exit} if 
			gstring exch gindex exch put 
			/gindex gindex 1 add def 
		} loop
		pop 
		gstring 0 gindex getinterval true 
		} def
	} if
/FMVERSION {
	FMversion ne {
		/Times-Roman findfont 18 scalefont setfont
		100 100 moveto
		(FrameMaker version does not match postscript_prolog!)
		dup =
		show showpage
		} if
	} def 
/FMLOCAL {
	FrameDict begin
	0 def 
	end 
	} def 
	/gstring FMLOCAL
	/gfile FMLOCAL
	/gindex FMLOCAL
	/orgxfer FMLOCAL
	/orgproc FMLOCAL
	/organgle FMLOCAL
	/orgfreq FMLOCAL
	FrameDict /graymode true put
	/yscale FMLOCAL
	/xscale FMLOCAL
	/PrintInColor systemdict /colorimage known def
PrintInColor 
	
	{
	/HUE 0 def
	/SAT 0 def
	/BRIGHT 0 def
	% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
	/Colors   
	[[0    0  ]    % black
	 [0    0  ]    % white
	 [0.00 1.0]    % red
	 [0.37 1.0]    % green
	 [0.60 1.0]    % blue
	 [0.50 1.0]    % cyan
	 [0.83 1.0]    % magenta
	 [0.16 1.0]    % comment
	 ] def
      
	/BEGINBITMAPCOLOR { 
		BITMAPCOLOR } def
	/BEGINBITMAPCOLORc { 
		BITMAPCOLORc } def
	/K { 
		Colors exch get dup
		0 get /HUE exch store 
		1 get /BRIGHT exch store
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} def
	/mysetgray { 
		/SAT exch 1.0 exch sub store 
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} bind def
	}
	
	{
	/BEGINBITMAPCOLOR { 
		BITMAPGRAY } def
	/BEGINBITMAPCOLORc { 
		BITMAPGRAYc } def
	/mysetgray { setgray } bind def
	/K { 
		pop
		} def
	}
ifelse
/max	{2 copy lt {exch} if pop} bind def
/min	{2 copy gt {exch} if pop} bind def
/mtx matrix defaultmatrix def
/setmanualfeed {
	 statusdict /manualfeed true put
	} def
/FMDOCUMENT { 
	array /FMfonts exch def
	/#copies exch def
	0 ne dup {setmanualfeed} if
	FrameDict begin
	/manualfeed exch def
	/paperheight exch def
	/paperwidth exch def
	setpapername
	manualfeed {true} {papersize} ifelse 
	{manualpapersize} {false} ifelse 
	{desperatepapersize} if
	/yscale exch def
	/xscale exch def
	currenttransfer cvlit /orgxfer exch def
	currentscreen cvlit /orgproc exch def
	/organgle exch def /orgfreq exch def
	end 
	} def 
	/pagesave FMLOCAL
	/orgmatrix FMLOCAL
	/landscape FMLOCAL
/FMBEGINPAGE {  
	FrameDict begin 
	/pagesave save def
	3.86 setmiterlimit
	/landscape exch 0 ne store
	landscape { 
		90 rotate 0 exch neg translate pop 
		}
		{ pop pop }
		ifelse
	xscale yscale scale
	/orgmatrix matrix def
	gsave 
	} def 
/FMENDPAGE {
	grestore 
	pagesave restore
	end 
	showpage
	} def 
	/fontname FMLOCAL
	/fontscale FMLOCAL
	/fontnum FMLOCAL
	/fontdict FMLOCAL
/FMDEFINEFONT {
	FrameDict begin
	/fontname exch def
	/fontscale exch def
	/fontnum exch def
	/fontdict fontname findfont fontscale scalefont def
	fontdict /Encoding get StandardEncoding eq
	{
		fontdict DiacriticEncode 
		/fontdict exch def
	} {
		fontdict NonDiacriticEncode
		/fontdict exch def
	} ifelse
	FMfonts fontnum
		fontnum fontdict definefont
	put
	end 
	} def 
/FMNORMALIZEGRAPHICS { 
	newpath
	0.0 0.0 moveto
	1 setlinewidth
	0 setlinecap
	0 mysetgray
	} bind def
/FMBEGINEPSF { 
	end 
	/FMEPSF save def
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall 
	fx fy translate 
	rotate
	fw urx llx sub div fh ury lly sub div scale 
	llx neg lly neg translate 
	} bind def
/FMENDEPSF {
	FMEPSF restore
	FrameDict begin 
	} bind def
FrameDict begin 
/pagedimen { 
	paperheight sub abs 16 lt exch 
	paperwidth sub abs 16 lt and
	{/papername exch def} {pop} ifelse
	} def
/inch {72 mul} def
/setpapername { 
	/papersizedict 14 dict def 
	papersizedict begin
	/papername /unknown def 
		/Letter 8.5 inch 11.0 inch pagedimen
		/LetterSmall 7.68 inch 10.16 inch pagedimen
		/Tabloid 11.0 inch 17.0 inch pagedimen
		/Ledger 17.0 inch 11.0 inch pagedimen
		/Legal 8.5 inch 14.0 inch pagedimen
		/Statement 5.5 inch 8.5 inch pagedimen
		/Executive 7.5 inch 10.0 inch pagedimen
		/A3 11.69 inch 16.5 inch pagedimen
		/A4 8.26 inch 11.69 inch pagedimen
		/A4Small 7.47 inch 10.85 inch pagedimen
		/B4 10.125 inch 14.33 inch pagedimen
		/B5 7.16 inch 10.125 inch pagedimen
	end
	} def
/papersize {
	papersizedict begin
		/Letter {lettertray} def
		/LetterSmall {lettertray lettersmall} def
		/Tabloid {11x17tray} def
		/Ledger {ledgertray} def
		/Legal {legaltray} def
		/Statement {statementtray} def
		/Executive {executivetray} def
		/A3 {a3tray} def
		/A4 {a4tray} def
		/A4Small {a4tray a4small} def
		/B4 {b4tray} def
		/B5 {b5tray} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	statusdict begin stopped end 
	} def
/manualpapersize {
	papersizedict begin
		/Letter {letter} def
		/LetterSmall {lettersmall} def
		/Tabloid {11x17} def
		/Ledger {ledger} def
		/Legal {legal} def
		/Statement {statement} def
		/Executive {executive} def
		/A3 {a3} def
		/A4 {a4} def
		/A4Small {a4small} def
		/B4 {b4} def
		/B5 {b5} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	stopped 
	} def
/desperatepapersize {
	statusdict /setpageparams known
		{
		paperwidth paperheight 0 1 
		statusdict begin
		{setpageparams} stopped pop 
		end
		} if
	} def
/savematrix {
	orgmatrix currentmatrix pop
	} bind def
/restorematrix {
	orgmatrix setmatrix
	} bind def
/dmatrix matrix def
/dpi    72 0 dmatrix defaultmatrix dtransform
    dup mul exch   dup mul add   sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq { pop 1 } if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/DiacriticEncoding [
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
] def
	/basefontdict FMLOCAL
	/newfontdict FMLOCAL
/DiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{dup /Encoding eq
			{exch pop DiacriticEncoding}
			{exch}
			ifelse
			newfontdict 3 1 roll put
			}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
/NonDiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{exch newfontdict 3 1 roll put}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
	/bwidth FMLOCAL
	/bpside FMLOCAL
	/bstring FMLOCAL
	/onbits FMLOCAL
	/offbits FMLOCAL
	/xindex FMLOCAL
	/yindex FMLOCAL
	/x FMLOCAL
	/y FMLOCAL
/setpattern {
	 /bwidth  exch def
	 /bpside  exch def
	 /bstring exch def
	 /onbits 0 def  /offbits 0 def
	 freq sangle landscape {90 add} if 
		{/y exch def
		 /x exch def
		 /xindex x 1 add 2 div bpside mul cvi def
		 /yindex y 1 add 2 div bpside mul cvi def
		 bstring yindex bwidth mul xindex 8 idiv add get
		 1 7 xindex 8 mod sub bitshift and 0 ne
		 {/onbits  onbits  1 add def 1}
		 {/offbits offbits 1 add def 0}
		 ifelse
		}
		setscreen
	 {} settransfer
	 offbits offbits onbits add div mysetgray
	/graymode false store
	} bind def
/grayness {
	mysetgray
	graymode not {
		/graymode true store
		orgxfer cvx settransfer
		orgfreq organgle orgproc cvx setscreen
		} if
	} bind def
/normalize {
	transform round exch round exch itransform
	} bind def
/dnormalize {
	dtransform round exch round exch idtransform
	} bind def
/lnormalize { 
	0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
	} bind def
/H { 
	lnormalize setlinewidth
	} bind def
/Z { 
	setlinecap
	} bind def
/X { 
	fillprocs exch get exec
	} bind def
/V { 
	gsave eofill grestore
	} bind def
/N { 
	stroke
	} bind def
/M {newpath moveto} bind def
/E {lineto} bind def
/D {curveto} bind def
/O {closepath} bind def
	/n FMLOCAL
/L { 
 	/n exch def
	newpath
	normalize
	moveto 
	2 1 n {pop normalize lineto} for
	} bind def
/Y { 
	L 
	closepath
	} bind def
	/x1 FMLOCAL
	/x2 FMLOCAL
	/y1 FMLOCAL
	/y2 FMLOCAL
	/rad FMLOCAL
/R { 
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	x1 y1
	x2 y1
	x2 y2
	x1 y2
	4 Y 
	} bind def
/RR { 
	/rad exch def
	normalize
	/y2 exch def
	/x2 exch def
	normalize
	/y1 exch def
	/x1 exch def
	newpath
	x1 y1 rad add moveto
	x1 y2 x2 y2 rad arcto
	x2 y2 x2 y1 rad arcto
	x2 y1 x1 y1 rad arcto
	x1 y1 x1 y2 rad arcto
	closepath
	16 {pop} repeat
	} bind def
/C { 
	grestore
	gsave
	R 
	clip
	} bind def
/U { 
	grestore
	gsave
	} bind def
/F { 
	FMfonts exch get
	setfont
	} bind def
/T { 
	moveto show
	} bind def
/RF { 
	rotate
	0 ne { -1 1 scale } if
	} bind def
/TF { 
	gsave
	moveto 
	RF
	show
	grestore
	} bind def
/P { 
	moveto
	0 32 3 2 roll widthshow
	} bind def
/PF { 
	gsave
	moveto 
	RF
	0 32 3 2 roll widthshow
	grestore
	} bind def
/S { 
	moveto
	0 exch ashow
	} bind def
/SF { 
	gsave
	moveto
	RF
	0 exch ashow
	grestore
	} bind def
/B { 
	moveto
	0 32 4 2 roll 0 exch awidthshow
	} bind def
/BF { 
	gsave
	moveto
	RF
	0 32 4 2 roll 0 exch awidthshow
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/dx FMLOCAL
	/dy FMLOCAL
	/dl FMLOCAL
	/t FMLOCAL
	/t2 FMLOCAL
	/Cos FMLOCAL
	/Sin FMLOCAL
	/r FMLOCAL
/W { 
	dnormalize
	/dy exch def
	/dx exch def
	normalize
	/y  exch def
	/x  exch def
	/dl dx dx mul dy dy mul add sqrt def
	dl 0.0 gt {
		/t currentlinewidth def
		savematrix
		/Cos dx dl div def
		/Sin dy dl div def
		/r [Cos Sin Sin neg Cos 0.0 0.0] def
		/t2 t 2.5 mul 3.5 max def
		newpath
		x y translate
		r concat
		0.0 0.0 moveto
		dl t 2.7 mul sub 0.0 rlineto
		stroke
		restorematrix
		x dx add y dy add translate
		r concat
		t 0.67 mul setlinewidth
		t 1.61 mul neg  0.0 translate
		0.0 0.0 moveto
		t2 1.7 mul neg  t2 2.0 div     moveto
		0.0 0.0 lineto
		t2 1.7 mul neg  t2 2.0 div neg lineto
		stroke
		t setlinewidth
		restorematrix
		} if
	} bind def
/G { 
	gsave
	newpath
	normalize translate 0.0 0.0 moveto 
	dnormalize scale 
	0.0 0.0 1.0 5 3 roll arc 
	closepath fill
	grestore
	} bind def
/A { 
	gsave
	savematrix
	newpath
	2 index 2 div add exch 3 index 2 div sub exch 
	normalize 2 index 2 div sub exch 3 index 2 div add exch 
	translate 
	scale 
	0.0 0.0 1.0 5 3 roll arc 
	restorematrix
	stroke
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/w FMLOCAL
	/h FMLOCAL
	/xx FMLOCAL
	/yy FMLOCAL
	/ww FMLOCAL
	/hh FMLOCAL
	/FMsaveobject FMLOCAL
	/FMoptop FMLOCAL
	/FMdicttop FMLOCAL
/BEGINPRINTCODE { 
	/FMdicttop countdictstack 1 add def 
	/FMoptop count 4 sub def 
	/FMsaveobject save def
	userdict begin 
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	3 index neg 3 index neg translate
	} bind def
/ENDPRINTCODE {
	count -1 FMoptop {pop pop} for 
	countdictstack -1 FMdicttop {pop end} for 
	FMsaveobject restore 
	} bind def
/gn { 
	0 
	{	46 mul 
		cf read pop 
		32 sub 
		dup 46 lt {exit} if 
		46 sub add 
		} loop
	add 
	} bind def
	/str FMLOCAL
/cfs { 
	/str sl string def 
	0 1 sl 1 sub {str exch val put} for 
	str def 
	} bind def
/ic [ 
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0
	{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
	{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
	{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
	{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
	{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
	{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
	{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
	{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
	{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
	] def
	/sl FMLOCAL
	/val FMLOCAL
	/ws FMLOCAL
	/im FMLOCAL
	/bs FMLOCAL
	/cs FMLOCAL
	/len FMLOCAL
	/pos FMLOCAL
/ms { 
	/sl exch def 
	/val 255 def 
	/ws cfs 
	/im cfs 
	/val 0 def 
	/bs cfs 
	/cs cfs 
	} bind def
400 ms 
/ip { 
	is 
	0 
	cf cs readline pop 
	{	ic exch get exec 
		add 
		} forall 
	pop 
	
	} bind def
/wh { 
	/len exch def 
	/pos exch def 
	ws 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/bl { 
	/len exch def 
	/pos exch def 
	bs 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/s1 1 string def
/fl { 
	/len exch def 
	/pos exch def 
	/val cf s1 readhexstring pop 0 get def
	pos 1 pos len add 1 sub {im exch val put} for
	pos len 
	} bind def
/hx { 
	3 copy getinterval 
	cf exch readhexstring pop pop 
	} bind def
	/h FMLOCAL
	/w FMLOCAL
	/d FMLOCAL
	/lb FMLOCAL
	/bitmapsave FMLOCAL
	/is FMLOCAL
	/cf FMLOCAL
/wbytes {  
	dup 
	8 eq { pop } { 1 eq { 7 add 8 idiv } { 3 add 4 idiv } ifelse } ifelse
	} bind def
/BEGINBITMAPBWc { 
	1 {} COMMONBITMAPc
	} bind def
/BEGINBITMAPGRAYc { 
	8 {} COMMONBITMAPc
	} bind def
/BEGINBITMAP2BITc { 
	2 {} COMMONBITMAPc
	} bind def
/COMMONBITMAPc { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	r                    
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} image 
	bitmapsave restore 
	grestore
	} bind def
/BEGINBITMAPBW { 
	1 {} COMMONBITMAP
	} bind def
/BEGINBITMAPGRAY { 
	8 {} COMMONBITMAP
	} bind def
/BEGINBITMAP2BIT { 
	2 {} COMMONBITMAP
	} bind def
/COMMONBITMAP { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	r                    
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } image
	bitmapsave restore 
	grestore
	} bind def
/Fmcc {
    /proc2 exch cvlit def
    /proc1 exch cvlit def
    /newproc proc1 length proc2 length add array def
    newproc 0 proc1 putinterval
    newproc proc1 length proc2 putinterval
    newproc cvx
} bind def
/colorsetup {
	currentcolortransfer
	/gryt exch def
	/blut exch def
	/grnt exch def
	/redt exch def
	/ngrayt 256 array def
	/nredt 256 array def
	/nbluet 256 array def
	/ngreent 256 array def
	0 1 255 {
		/indx exch def
		/cynu 1 red indx get 255 div sub def
		/magu 1 green indx get 255 div sub def
		/yelu 1 blue indx get 255 div sub def
		/k cynu magu min yelu min def
		/u k currentundercolorremoval exec def
		nredt indx 1 0 cynu u sub max sub redt exec put
		ngreent indx 1 0 magu u sub max sub grnt exec put
		nbluet indx 1 0 yelu u sub max sub blut exec put
		ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
	} for
	{255 mul cvi nredt exch get}
	{255 mul cvi ngreent exch get}
	{255 mul cvi nbluet exch get}
	{255 mul cvi ngrayt exch get}
	setcolortransfer
	{pop 0} setundercolorremoval
	{} setblackgeneration
	} bind def
/fakecolorsetup {
	/tran 256 string def
	0 1 255 { /ind exch def 
		tran ind
		red ind get 77 mul
		green ind get 151 mul
		blue ind get 28 mul
		add add 256 idiv put } for
	currenttransfer
	{ 255 mul cvi tran exch get 255.0 div }
	exch Fmcc settransfer
} bind def
/BITMAPCOLOR { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	colorsetup
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } {is} {is} true 3 colorimage 
	bitmapsave restore 
	grestore
	} bind def
/BITMAPCOLORc { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	colorsetup
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} {is} {is} true 3 colorimage
	bitmapsave restore 
	grestore
	} bind def
/BITMAPGRAY { 
	8 {fakecolorsetup} COMMONBITMAP
	} bind def
/BITMAPGRAYc { 
	8 {fakecolorsetup} COMMONBITMAPc
	} bind def
/ENDBITMAP {
	} bind def
end 
(2.0) FMVERSION
1 1  2 2  0 1 2 FMDOCUMENT
/fillprocs 32 array def
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 9 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<03060c183060c081> 8 1 setpattern } put
fillprocs 14 {<8040201008040201> 8 1 setpattern } put
fillprocs 15 {} put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 25 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
fillprocs 30 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 31 {} put
0 36 /NewCenturySchlbk-Roman FMDEFINEFONT
1 24 /NewCenturySchlbk-Roman FMDEFINEFONT
374.4 496.8 0 FMBEGINPAGE
-118.8 -147.6 493.2 644.4 C
-118.8 -147.6 493.2 644.4 R
7 X
0 K
V
-46.8 598.4 421.2 608.4 R
V
-46.8 -114.93 421.2 -104.93 R
V
-7.8 65.4 384.2 427.4 R
6 X
V
3 H
0 Z
0 X
N
0 F
(H) 71.2 381.4 T
(a) 102.2 372.4 T
(H) 258.2 384.4 T
(b) 288.2 369.4 T
(T) 306.2 308.4 T
1 F
(a,b) 336.2 327.4 T
(last) 327.2 297.4 T
0 F
(S) 321.2 236.4 T
1 F
(a) 347.2 259.4 T
(b) 346.2 225.4 T
(Expiration criteria) 80.2 166.4 T
(Authentication) -2.8 252.4 T
(type) 2.2 226.4 T
(Usage Conditions) 81.2 96.4 T
-5.8 354.4 384.2 354.4 2 L
2 Z
N
-5.8 281.4 381.2 281.4 2 L
N
-5.8 210.4 381.2 210.4 2 L
N
-7.8 139.4 383.2 139.4 2 L
N
( T) -10.8 311.4 T
(ime of last packet arrival --) 11.27 311.4 T
(Secret key --) 180.2 242.4 T
164.2 280.4 164.2 211.4 2 L
N
185.2 355.4 185.2 426.4 2 L
N
FMENDPAGE
%%EndDocument
 180 863 a
 endTexFig
737 1857 a Fx(Figure)g(3.4:)j(Visa)d(table)f(en)o(try)-90 2053
y Fv(3.9.3)55 b(P)n(er)19 b(pac)n(k)n(et)g(costs)-90 2148 y
Fx(The)e(p)q(er)h(pac)o(k)o(et)g(costs)g(include)f(the)g(additional)f
(\014elds)h(in)g(data)f(pac)o(k)o(ets,)i(table)f(lo)q(ok-ups)g(in)f
(visa-routers,)i(and)f(data)g(signature)-90 2197 y(computations.)-28
2265 y(Eac)o(h)h(data)g(pac)o(k)o(et)g(carries)h(a)f(visa)f(header)i
(depicted)g(in)e(Figure)h(3.2)f(ab)q(o)o(v)o(e.)30 b(The)18
b(visa)f(iden)o(ti\014er,)i Fq(T)6 b(S)1710 2271 y Fp(a)1748
2265 y Fx(is)18 b(64-bit)f(quan)o(tit)o(y)-90 2315 y(\(su\016cien)o(t)c
(width)e(for)h(a)g(timestamp\))d(and)j(the)h(end-system)f(timestamp,)e
Fq(T)c(S)1162 2321 y Fp(H)1189 2325 y Fk(a)1209 2315 y Fx(,)12
b(is)g(also)g(64)f(bits)h(wide.)17 b(The)c(size)g(of)e(the)i(visa-stamp)-90
2365 y(dep)q(ends)j(on)d(the)i(signature)f(metho)q(d,)e(e.g.,)h(128)g(bits)h
(for)g(MD4)f(secret)j(pre\014x/su\016x)e(or)g(64)f(bits)h(for)g(DES-based)g
(MA)o(C.)-28 2432 y(The)g(o)o(v)o(erhead)g(due)g(to)g(data)f(signature)h(op)q
(erations)g(dep)q(ends)h(up)q(on)f(the)g(particular)f(signature)h(sc)o(heme)g
(used.)19 b(It)13 b(also)g(dep)q(ends)-90 2482 y(up)q(on)19
b(whether)i(the)f(op)q(eration)f(in)o(v)o(olv)o(es)f(passing)h(o)o(v)o(er)g
(the)h(en)o(tire)g(or)f(only)f(part)i(of,)f(the)h(pac)o(k)o(et.)34
b(F)m(urthermore,)20 b(the)g(cost)g(of)p -90 2563 864 2 v -44
2589 a Fj(9)-26 2601 y Fi(Additional)9 b(exc)o(hanges)g(ma)o(y)h(b)q(e)h
(required)f(in)h(order)f(for)h Fh(H)793 2605 y Fm(a)823 2601
y Fi(to)h(authen)o(tica)o(te)c(itself)j(to)g Fh(AC)r(S)1272
2605 y Fm(a)1304 2601 y Fi(and)g Fh(AC)r(S)1447 2607 y Fm(b)1464
2601 y Fi(.)-59 2629 y Fj(10)-26 2641 y Fi(See)f(Section)g(3.8.1.)2028
2770 y Fx(38)p eop
%%Page: 39 14
bop -90 -108 a Fx(signature)16 b(computation)d(can)i(b)q(e)h(signi\014can)o
(tly)e(more)h(exp)q(ensiv)o(e)h(than)f(the)h(cost)g(of)e(signature)i(v)o
(eri\014cation)f(as)g(in)g(some)f(prop)q(osed)-90 -59 y(v)n(ariations)e(of)h
(RSA)g([76)o(].)k(In)d(general,)f(there)i(are)f(three)h(op)q(erations)e(in)o
(v)o(olv)o(ed:)k(signature)c(computation)f(at)h Fq(H)1712 -53
y Fp(a)1745 -59 y Fx(and)h(t)o(w)o(o)f(signature)-90 -9 y(v)o(eri\014cations)
h(at)g Fq(GW)264 -3 y Fp(a)297 -9 y Fx(and)g Fq(GW)450 -3 y
Fp(b)467 -9 y Fx(,)f(resp)q(ectiv)o(ely)m(.)-90 146 y Fs(3.10)70
b(Summary)-90 255 y Fx(In)14 b(conclusion,)f Fw(Visa)h Fx(proto)q(col)f
(presen)o(ted)j(in)d(this)h(c)o(hapter)h(is)f(a)f(simple)f(and)i(p)q(o)o(w)o
(erful)f(mec)o(hanism)f(for)h(con)o(trolling)g(pac)o(k)o(et)h(tra\016c)-90
305 y(at)e(stub)h(AD)f(net)o(w)o(ork)g(b)q(oundaries.)18 b(The)13
b(primary)d(goal)h(of)h Fw(Visa)g Fx(proto)q(col,)g(i.e.,)f(protection)i(of)e
(stub)i(AD)f(net)o(w)o(ork)h(and)f(end-system)-90 355 y(resources)k(from)c
(unauthorized)i(access,)h(is)e(ac)o(hiev)o(ed)h(b)o(y)f(requiring)g(that)h
(all)e(comm)o(unicatio)o(n)f(b)q(e)j(\014rst)g(authorized)g(b)o(y)g(the)g(A)o
(CSs)f(in)-90 405 y(end-p)q(oin)o(t)g(ADs.)19 b(Authorization)13
b(to)g(comm)o(unicate)e(is)j(then)g(em)o(b)q(o)q(died)f(in)g(a)g(visa)g(whic)
o(h)h(is)f(issued)i(to)e(the)h(requesting)h(end-system)-90
454 y(and)e(distributed)g(to)g(the)h(in)o(terv)o(ening)f(visa-routers.)18
b(Subsequen)o(t)d(pac)o(k)o(ets)e(carry)h(unforgeable)f(visa-stamps)e(whic)o
(h)i(are)h(v)o(eri\014ed)f(b)o(y)-90 504 y(the)h(visa-routers.)19
b(Visas)14 b(are)g(terminated)g(when)g(the)h(underlying)e(comm)o(unication)e
(exceeds)16 b(a)d(pre-determined)i(resource)h(limit.)-28 572
y Fw(Visa)c Fx(proto)q(col)f(do)q(es)i(not)e(impact)f(in)o(tra-AD)h(comm)o
(unication)d(and)k(has)g(no)f(in\015uence)i(on)e(the)i(end-systems)f(that)g
(do)f(not)h(partak)o(e)-90 622 y(in)i(in)o(ter-AD)g(comm)o(unication.)i
(Although,)e(as)g(illustrated)g(in)g(Chapter)h(5,)f(the)h(cost)g(of)f
(connection)h(setup)g(is)f(somewhat)g(high,)f(p)q(er)-90 671
y(pac)o(k)o(et)h(o)o(v)o(erhead)h(due)f(to)g(the)g(proto)q(col)g(is)g
(reasonable,)f(esp)q(ecially)m(,)h(when)g(non-cryptographic)g(pac)o(k)o(et)g
(signatures)h(are)f(used.)2028 2770 y(39)p eop
%%Page: 40 15
bop -90 192 a Fs(Chapter)23 b(4)-90 367 y(T)-6 b(ransit)23
b(P)n(olicy)e(Enforcemen)n(t:)30 b(Con)n(trol)23 b(of)g(T)-6
b(ransit)23 b(In)n(ternet)n(w)n(ork)g(T)-6 b(ra\016c)-90 601
y Fx(An)15 b(imp)q(ortan)o(t)f(conclusion)h(reac)o(hed)i(in)d(Chapter)i(1)f
(is)g(that)g(con)o(trolling)f(the)i(usage)g(of)e(net)o(w)o(ork)i(resources)h
(\(suc)o(h)f(as)g(routers)g(and)-90 651 y(links\))g(requires)i(additional)d
(proto)q(col)h(supp)q(ort)i(b)q(ecause)g(of)e(the)h(need)h(to)e(co)q
(ordinate)h(routing)f(decisions)h(among)e(all)g(in)o(terv)o(ening)-90
701 y(net)o(w)o(orks.)j(Th)o(us,)12 b(organizations)f(\(ADs\))h(cannot)g
(simply)d(enforce)k(p)q(olicy)e(restrictions)i(on)f(a)f(unilateral)g(basis)g
(at)h(pac)o(k)o(et)g(forw)o(arding)-90 750 y(time.)35 b(Instead,)21
b(in)o(ternet)o(w)o(ork)g Fw(r)n(outing)e Fx(decisions)i(m)o(ust)d(b)q(e)j
(made)d(according)i(to)g(p)q(olicy-related)g(parameters)g(suc)o(h)g(as)g
(access)-90 800 y(righ)o(ts)15 b(and)f(cost,)h(in)f(addition)f(to)i(the)g
(traditional)e(parameters)i(of)f(connectivit)o(y)h(and)f(dela)o(y)g([13)o(,)g
(26,)g(53)o(].)20 b(Consequen)o(tly)m(,)14 b(p)q(olicies)-90
850 y(p)q(ertaining)9 b(to)g(net)o(w)o(ork)h(resources)i(m)o(ust)c(either)j
(b)q(e)f(implicit)d(in)h(the)j(top)q(ology)d(of)h(an)g(in)o(ternet)o(w)o
(ork,)h(or)g(adv)o(ertised)g(to)f(the)h(an)o(ticipated)-90
900 y(resource)18 b(users.)25 b(Only)15 b(then)i(can)f(en)o(tities)g
(throughout)g(the)g(in)o(ternet)o(w)o(ork)h(determine)e(the)i(logical,)d
Fw(p)n(olicy-b)n(ase)n(d)i Fx(connectivit)o(y)g(of)-90 950
y(an)e(in)o(ternet)o(w)o(ork)g(and)g(compute)f(v)n(alid)f(routes.)-28
1017 y(This)f(c)o(hapter)h(addresses)h(the)f(design)f(of)g(proto)q(cols)g
(for)g Fr(secure)f Fx(con)o(trol)g(of)h(transit)g(tra\016c)g(on)g(an)g(in)o
(ternet)o(w)o(ork.)18 b(T)m(ransit)10 b(con)o(trol)-90 1067
y(proto)q(cols)17 b(can)g(b)q(e)h(designed)f(with)g(v)n(arying)e(lev)o(els)i
(of)f(securit)o(y)m(.)28 b(In)17 b(some)f(en)o(vironmen)o(ts,)g(relativ)o
(ely)g(vulnerable)h(proto)q(cols)g(ma)o(y)-90 1117 y(b)q(e)f(used)g(in)f
(conjunction)g(with)g Fw(p)n(ost)h(facto)g Fx(detection)g(mec)o(hanisms.)k
(Most)c(of)f(the)h(w)o(ork)f(in)g(p)q(olicy-based)g(proto)q(col)g(dev)o
(elopmen)o(t)-90 1167 y(is)j(b)q(eing)g(conducted)h(with)f(suc)o(h)h(en)o
(vironmen)o(ts)e(in)h(mind)e([13)o(,)h(53,)g(34,)g(54].)30
b(W)m(e)17 b(are)i(in)o(terested)g(in)f(en)o(vironmen)o(ts)f(where)j(p)q(ost)
-90 1217 y(facto)d(detection)i(is)e(not)g(adequate)h(or)g(p)q(ossible)f(in)g
(a)g(timely)f(manner.)28 b(In)17 b(particular,)h(w)o(e)f(address)i(the)f
(design)g(and)f(costs)h(\(i.e.,)-90 1266 y(p)q(erformance)d(and)f
(manageabilit)o(y\))e(of)i(incorp)q(orating)h(more)f(defensiv)o(e,)h
Fw(pr)n(eventative)g Fx(securit)o(y)h(measures)f(in)o(to)f(the)h(proto)q
(cols)g(for)-90 1316 y(con)o(trolling)e(in)o(ternet)o(w)o(ork)h(tra\016c.)-28
1384 y(The)i(rest)h(of)f(this)f(c)o(hapter)i(is)f(organized)g(as)f(follo)o
(ws.)23 b(Section)16 b(4.1)f(b)q(egins)h(b)o(y)f(considering)h(the)h
(extension)f(of)f(net)o(w)o(ork)h(access)-90 1434 y(con)o(trol)f(metho)q(ds)h
(to)f(con)o(trol)h(transit)g(in)o(ternet)o(w)o(ork)g(tra\016c.)24
b(In)15 b(resp)q(onse)j(to)e(some)f(fundamen)o(tal)e(de\014ciencies)18
b(of)d(b)q(oth)h(net)o(w)o(ork)-90 1484 y(access)k(con)o(trols)f(and)f
(traditional,)g(dela)o(y-based)g(in)o(ternet)o(w)o(ork)h(routing,)g(the)g
(remainder)f(of)f(Section)i(4.1)f(describ)q(es)i(the)f(role)g(of)-90
1533 y(the)g(so-called)e(P)o(olicy)h(Routing)f(proto)q(cols)h(in)f(pro)o
(viding)g(transit)h(con)o(trol.)31 b(Next,)19 b(Section)f(4.2)g(outlines)f
(the)i(securit)o(y)g(concerns)-90 1583 y(particular)14 b(to)h(the)g(P)o
(olicy)f(Routing)g(proto)q(cols.)21 b(The)15 b(discussion)g(of)f(securit)o(y)
i(is)e(con)o(tin)o(ued)h(in)g(the)g(remaining)e(sections)i(on)g(secure)-90
1633 y(proto)q(col)f(design)g(\(Section)g(4.3\))f(and)h(cost)g(assessmen)o(t)
h(\(Section)g(4.5\).)i(Section)d(4.6)f(summarizes)f(our)i(discussion.)-90
1788 y Fs(4.1)70 b(Con)n(trolling)21 b(T)-6 b(ransit)23 b(T)-6
b(ra\016c)-90 1897 y Fx(There)17 b(are)g(t)o(w)o(o)e(basic)i(approac)o(hes)f
(to)g(con)o(trolling)f(transit)h(tra\016c.)25 b(In)16 b(the)h(\014rst)g(part)
f(of)g(this)g(section,)h(w)o(e)f(discuss)h(an)f(approac)o(h)-90
1947 y(based)f(on)f(the)h(extension)g(of)f(traditional)e(net)o(w)o(ork)j
(access)h(con)o(trol)e(mec)o(hanisms)e(and)i(iden)o(tify)g(its)g
(limitations.)i(Subsequen)o(tly)m(,)f(w)o(e)-90 1997 y(consider)g(alternativ)
o(e)e(approac)o(hes)i(based)g(on)e(in)o(tegrating)g(con)o(trols)h(in)o(to)g
(in)o(ternet)o(w)o(ork)g(routing.)-90 2135 y Fv(4.1.1)55 b(Extending)18
b(Net)n(w)n(ork)g(Access)h(Con)n(trols)-90 2230 y Fx(One)13
b(p)q(oten)o(tial)f(metho)q(d)f(of)h(enforcing)g(transit)h(p)q(olicy)e
(enforcemen)o(t)i(is)f(the)h(extension)g(of)f(existing)g(stub)h(AD)f(access)i
(con)o(trol)e(mec)o(ha-)-90 2279 y(nisms)g(to)g(the)i(generalized)f(in)o
(ternet)o(w)o(ork)h(mo)q(del.)i(In)d(this)f(section,)i(w)o(e)f(discuss)h(an)e
(extension)i(of)e Fw(Visa)h Fx(proto)q(col)f(that)h(incorp)q(orates)-90
2329 y(supp)q(ort)k(for)f(transit)h(p)q(olicy)e(enforcemen)o(t.)25
b(Other)18 b(net)o(w)o(ork)e(access)i(con)o(trol)e(sc)o(hemes)h(are)g
(discussed)h(brie\015y)e(at)h(the)f(end)h(of)f(this)-90 2379
y(section.)2028 2770 y(40)p eop
%%Page: 41 16
bop -90 -108 a Fr(4.1.1.1)48 b(T)l(ransit)14 b Fw(Visa)i Fr(Proto)q(col)-90
-14 y Fx(As)21 b(describ)q(ed)h(in)d(the)i(previous)g(c)o(hapter,)h
Fw(Visa)e Fx(proto)q(col)g(w)o(as)g(originally)e(designed)j(to)f(pro)o(vide)g
(pac)o(k)o(et-lev)o(el)g(con)o(trol)g(at)g(AD)-90 36 y(b)q(oundaries.)119
21 y Ft(1)164 36 y Fx(Recall)c(that)g(a)h(secret)h(visa-k)o(ey)e(is)h(used)g
(b)o(y)g(the)g(comm)o(unicati)o(ng)d(end-system)j(to)f(compute)g(a)g
(visa-stamp)f(whic)o(h)-90 86 y(is)j(attac)o(hed)g(to)f(eac)o(h)i(data)e(pac)
o(k)o(et)h(to)g(assure)h(appropriate)f(b)q(order)g(routers)h(that)f(the)g
(transmission)f(across)h(AD)g(b)q(oundaries)g(is)-90 135 y(authorized.)g(A)13
b(visa-stamp)f(is)h(analogous)f(to)h(a)f(stamp)g(on)h(a)g(passp)q(ort)h(that)
f(allo)o(ws)f(a)h(tra)o(v)o(eler)h(to)f(cross)h(in)o(ternational)e(b)q
(orders.)19 b(A)-90 185 y(unique)14 b(visa-stamp)e(is)i(b)q(ound)g(to)g(eac)o
(h)g(pac)o(k)o(et)g(in)g(order)g(to)g(guaran)o(tee)g(the)h(authen)o(ticit)o
(y)f(and)f(the)i(in)o(tegrit)o(y)e(of)g(the)i(data.)-28 253
y(The)i(pro)q(cess)g(of)f(establishing)f(authorization)g(in)h(visa-con)o
(trolled)f(transit)h(ADs)g(is)g(essen)o(tially)g(the)g(same)f(as)h(for)g
(stub)g(ADs)g(in)-90 303 y Fw(Visa)f Fx(proto)q(col.)24 b(The)16
b(main)e(di\013erence)j(is)f(that)g(no)o(w)f(the)i(source)g(end-system)f(m)o
(ust)e(obtain)h(authorization)g(for)h(eac)o(h)g(transit)g(AD)-90
353 y(that)g(it)f(tra)o(v)o(erses,)i(in)f(addition)e(to)i(obtaining)e
(authorization)h(from)f Fq(AD)1109 359 y Fp(sr)q(c)1174 353
y Fx(and)i Fq(AD)1322 359 y Fp(dst)1370 353 y Fx(.)23 b(In)16
b(the)g(w)o(orst)g(case,)h(eac)o(h)f(transit)g(AD's)-90 402
y(A)o(CS)e(will)e(conduct)i(an)f(authen)o(tication)h(pro)q(cedure)h(b)q
(efore)f(establishing)g(authorization.)j(Of)c(course,)i(transit)e(ADs)h(ma)o
(y)e(c)o(ho)q(ose)i(to)-90 452 y(do)g(so)g(automatically)m(,)c(or)k(not)g
(require)h(an)o(y)f(authen)o(tication)g(at)g(all)f(where)i(transit)f
(tra\016c)h(is)f(concerned.)20 b(F)m(urthermore,)14 b(stub)h(ADs)-90
502 y(could)h(program)f(their)h(A)o(CSs)h(to)f(obtain)f(and)h(issue)h
(transit)f(visa-k)o(eys)g(in)g(adv)n(ance)g(of)g(the)h(actual)e(comm)o
(unication.)22 b(This)16 b(w)o(ould)-90 552 y(reduce)h(the)f(setup)g(dela)o
(y)f(at)g(connection)h(establishmen)o(t)f(time.)21 b(On)15
b(the)h(other)g(hand,)f(suc)o(h)h(mec)o(hanisms)d(increase)k(the)f(problems)
-90 602 y(asso)q(ciated)f(with)e(visas)h(expiring)f(b)q(efore,)i(or)e(while,)
g(they)i(are)f(in)f(use.)1050 587 y Ft(2)-90 732 y Fr(4.1.1.2)48
b(Discussion)-90 826 y Fx(The)17 b(use)g(of)f Fw(Visa)g Fx(proto)q(col)g(for)
g(transit)g(con)o(trol)g(ma)o(y)e(b)q(e)j(appropriate)g(if:)22
b(\(i\))16 b(transit)g(p)q(olicies)g(are)h(as)f(div)o(erse)i(as)e(stub)h(net)
o(w)o(ork)-90 876 y(p)q(olicies,)12 b(and)f(\(ii\))g(p)q(olicies)h(c)o(hange)
g(frequen)o(tly)m(.)17 b(The)12 b(former)f(limits)f(the)i(practicalit)o(y)f
(of)g(expressing)i(p)q(olicies)f(in)f(a)h(simple)e(univ)o(ersal)-90
926 y(syn)o(tax.)17 b(The)12 b(second)g(assumption)d(also)i(mak)o(es)f(it)h
(impractical)e(to)i(distribute)g(p)q(olicies)g(in)g(the)g(w)o(a)o(y)g(that)g
(w)o(e)g(distribute)h(connectivit)o(y)-90 976 y(information,)i(for)i(the)g
(fear)h(of)f(using)g(stale)g(route)h(information)d(or)i(incurring)g(excessiv)
o(e)i(o)o(v)o(erhead)f(due)g(to)f(frequen)o(t)h(information)-90
1026 y(up)q(dates.)i(These)c(assumptions)e(result)i(in)e(sev)o(eral)h(in)o
(teresting)h(features)g(of)e(transit)h Fw(Visa)g Fx(proto)q(col.)k(First,)13
b(organizational)f(p)q(olicies)-90 1075 y(are)h(em)o(b)q(o)q(died)f(in)g(A)o
(CSs)h(and)g(are)g(not)g(propagated)g(outside;)g(hence,)h(a)e(wide)h(range)g
(of)f(p)q(olicy)g(statemen)o(ts)h(can)g(b)q(e)g(accommo)q(dated.)-90
1125 y(Moreo)o(v)o(er,)f(v)o(ery)g(little)e(co)q(ordination)h(among)e(ADs)j
(\(b)q(ey)o(ond)g(that)f(in)g Fw(Visa)g Fx(proto)q(col)h(for)f(stub)h(net)o
(w)o(orks\))g(is)f(required)h(to)g(implem)o(en)o(t)-90 1175
y(this)i(proto)q(col.)-28 1243 y(Although)g(the)h(extension)g(of)e(the)i
Fw(Visa)f Fx(proto)q(col)g(concept)h(to)g(transit)f(con)o(trol)g(is)g(rather)
h(straigh)o(tforw)o(ard,)e(the)i(approac)o(h)f(do)q(es)-90
1293 y(not)h(scale)h(w)o(ell)f(to)g(an)g(in)o(ternet)o(w)o(ork)h(where)h(man)
o(y)c(ADs,)i(b)q(oth)h(stub)g(and)f(transit,)h(w)o(an)o(t)e(to)i(con)o(trol)f
(tra\016c)g(\015o)o(ws.)23 b(F)m(or)15 b(example,)-90 1342
y(acquisition)g(of)h(visa-k)o(eys)g(and)g(route)h(setup)g(m)o(ust)f(b)q(e)h
(rep)q(eated)h(\(or)e(adapted\))h(eac)o(h)f(time)f(an)h(in)o(v)o(olv)o(ed)f
(visa-router)i(go)q(es)g(do)o(wn.)-90 1392 y(Moreo)o(v)o(er,)12
b(a)f(source)i(AD)f(has)g(no)f(w)o(a)o(y)g(of)g(determining)f(if)h(it)g(will)
g(b)q(e)h(issued)g(a)g Fw(Visa)f Fx(without)g(incurring)h(the)g(o)o(v)o
(erhead)g(of)f(con)o(tacting)-90 1442 y(the)j(particular)g(A)o(CS)g(in)f
(question.)-28 1510 y(This)20 b(leads)g(us)g(to)f(a)h(\(not)f(unexp)q
(ected\))j(conclusion)e(that)g(transit)g(tra\016c)g(con)o(trol)f(is)h(in)o
(timately)d(related)j(to)f(in)o(ternet)o(w)o(ork)-90 1560 y(routing.)e
(Therefore,)e(con)o(trols)e(for)g(transit)g(should)g(b)q(e)h(incorp)q(orated)
g(in)o(to)f(the)h(route)g(calculation)e(itself,)g(not)i(only)e(in)o(to)h(the)
h(pac)o(k)o(et)-90 1609 y(forw)o(arding)f(function)g([13)o(].)-28
1677 y(Other)j(net)o(w)o(ork)f(access)h(con)o(trol)f(sc)o(hemes)g(suc)o(h)h
(as)e(SP3)h([81)o(])f(and)h(router)g(pac)o(k)o(et)g(\014lters)h([61)o(])e
(face)h(the)g(same)f(limitation)d(when)-90 1727 y(it)19 b(comes)f(to)h(con)o
(trolling)f(transit)h(tra\016c,)h(i.e.,)f(these)h(sc)o(hemes)g(enforce)g(con)
o(trols)f(on)g(pac)o(k)o(et)h(forw)o(arding)d(and)i(do)g(not)g(pro)o(vide)-90
1777 y(information)13 b(to)j(the)h(route)f(computation.)23
b(F)m(or)16 b(example,)e(SP3's)i(access)i(con)o(trol)e(p)q(olicy)f(is)h(endp)
q(oin)o(t-orien)o(ted.)25 b(It)16 b(is)g(concerned)-90 1826
y(mainly)e(with)i(determining)f(whether)j(or)e(not)h(t)o(w)o(o)f(end-systems)
h(ma)o(y)d(comm)o(unicate)g(and)i(what)h(t)o(yp)q(e)g(of)e(information)f
(they)j(ma)o(y)-90 1876 y(exc)o(hange.)-28 1944 y(In)e(summary)m(,)c
Fw(Visa)j Fx(proto)q(col)h(and)f(other)h(net)o(w)o(ork)g(access)i(con)o(trol)
d(mec)o(hanisms)f(are)i(b)q(est)g(suited)g(for)g(their)g(original)d(purp)q
(ose,)-90 1994 y(stub)i(AD)e(access)j(con)o(trol.)j(T)m(ransit)12
b(con)o(trol)h(for)g(large)f(in)o(ternet)o(w)o(orks)i(is)f(more)f(e\016cien)o
(tly)h(ac)o(hiev)o(ed)h(b)o(y)e(in)o(tegrating)h(p)q(olicy)f(consid-)-90
2044 y(erations)i(in)o(to)e(the)i(route)g(computation)d(pro)q(cess.)20
b(After)14 b(discussing)g(p)q(olicy-based)f(routing)f(in)h(the)h(next)g
(section,)f(w)o(e)h(return)g(to)f(the)-90 2093 y(problem)g(of)g
Fr(secure)g Fx(con)o(trol)g(of)h(transit)g(in)o(ternet)o(w)o(ork)g(tra\016c.)
-90 2232 y Fv(4.1.2)55 b(P)n(olicy)18 b(Routing)-90 2326 y
Fx(As)g(describ)q(ed)i(earlier,)f(the)f(cen)o(tral)g(goal)f(of)g(transit)i
(tra\016c)f(con)o(trol)f(is)h(to)g(allo)o(w)e(ADs)i(to)g(indep)q(enden)o(tly)
g(express)i(and)e(enforce)-90 2376 y(p)q(olicies)c(regarding)h(transit)f
(tra\016c.)20 b(The)15 b(discussion)g(in)f(the)i(previous)e(section)i
(demonstrates)f(that)f(transit)h(con)o(trol)f(is)h(in)o(timately)p
-90 2457 864 2 v -44 2483 a Fj(1)-26 2495 y Fi(In)c(a)h(connection-o)o(rie)o
(n)o(ted)c(net)o(w)o(ork)j(a)h(similar)f(approac)o(h)e(can)j(b)q(e)f(applied)
f(to)i(stamp)f(pac)o(k)o(ets.)k(Ho)o(w)o(ev)o(er,)d(the)f(establishmen)n(t)f
(of)h(a)h(visa-k)o(ey)e(can)i(b)q(e)-90 2535 y(part)e(of)i(the)e(connection)f
(setup)h(and)h(sev)o(eral)f(of)h(the)g(datagram)d(related)i(design)g(issues)h
(do)g(not)f(apply)m(.)-44 2562 y Fj(2)-26 2574 y Fi(More)i(aggressiv)o(e)f(p)
q(olicies)g(could)g(also)i(b)q(e)f(implemen)o(te)o(d)e(suc)o(h)i(as)h
(applying)e(for)h(group)f(visas)i(in)f(adv)n(ance)f(of)i(use)f(to)h(accommo)q
(d)o(ate)c(a)k(collection)e(of)-90 2614 y(end-systems)6 b(that)j(ha)o(v)o(e)f
(a)h(need)f(for)h(comm)o(unicat)o(ion)o(.)j(Ho)o(w)o(ev)o(er,)d(these)f(ma)o
(y)h(imply)f(signi\014can)o(tl)o(y)f(more)h(trust)g(among)g(the)g(ADs)i(and)e
(require)g(more)g(careful)-90 2653 y(consideratio)o(n.)2028
2770 y Fx(41)p eop
%%Page: 42 17
bop -90 -108 a Fx(related)14 b(to)g(In)o(ter-AD)g(Routing.)j(W)m(e)c(refer)i
(to)e(in)o(ter-AD)h(routing)f(that)g(incorp)q(orates)i(p)q(olicy)e(constrain)
o(ts)h(as)g(p)q(olicy)f(routing)g(\(PR\).)-90 -59 y(In)o(ter-AD)h(routing)g
(constitutes)h(the)f(highest)h(lev)o(el)e(of)h(the)g(OSI)g(routing)g(hierarc)
o(h)o(y)g(as)g(de\014ned)h(in)e([45)o(].)-28 9 y(In)k(this)f(section)h(w)o(e)
g(concen)o(trate)h(one)f(approac)o(h)f(to)g(p)q(olicy)g(routing,)g(the)h(In)o
(ter-Domain)d(P)o(olicy)i(Routing)f(\(IDPR\))h(prop)q(osal)-90
59 y([50)o(,)i(84)o(].)31 b(IDPR)17 b(is)h(designed)h(to)f(supp)q(ort)h(more)
e(general)h(transit)h(p)q(olicies)f(than)g(other)h(p)q(olicy)e(routing)h
(metho)q(ds)g(discussed)h(in)-90 109 y(Chapter)c(2.)i(\(F)m(or)d(further)h
(discussion)f(of)f(in)o(ter-AD)h(routing)g(arc)o(hitectures)i(see)f([7)o(,)e
(29].\))-28 176 y(P)o(olicy)d(routing)g(op)q(erates)i(at)f(the)g(net)o(w)o
(ork)g(la)o(y)o(er.)16 b(Only)11 b(b)q(order)g(routers)h(and)f(asso)q(ciated)
g(route)h(serv)o(ers)g(are)f(directly)g(a\013ected)h(b)o(y)-90
226 y(the)f(presence)i(of)d(the)h(in)o(ter-domain)d(routing)i(proto)q(cols.)
17 b(End-systems)11 b(and)g(in)o(terior)f(routers)i(con)o(tin)o(ue)e(emplo)o
(ying)e(in)o(ternet)o(w)o(orking)-90 276 y(proto)q(cols)13
b(desired)g(within)f(their)h(particular)f(ADs.)18 b(Border)c(routers)g(op)q
(erate)f(on)f(b)q(ehalf)h(of)e(the)j(end-systems.)k(F)m(or)12
b(this)g(reason,)h(the)-90 326 y(term)g Fw(sour)n(c)n(e)h Fx(hereafter)h
(refers)h(to)d(the)i(b)q(order)g(router)g(in)e(the)h(AD)g(of)f(the)i(source)g
(end-system.)-90 456 y Fr(4.1.2.1)48 b(IDPR)15 b(Arc)o(hitecture)-90
550 y Fx(In)o(ter-Domain)i(P)o(olicy)i(Routing)g(arc)o(hitecture)i(has)f(b)q
(een)g(dev)o(elop)q(ed)g(to)g(supp)q(ort)g(a)f(wide)h(range)g(of)f(p)q
(olicies.)34 b(It)20 b(incorp)q(orates)-90 600 y(mec)o(hanisms)12
b(that)i(represen)o(t)j(a)d(rather)h(radical)e(departure)j(from)c(existing)i
(routing)g(tec)o(hniques.)1494 585 y Ft(3)1533 600 y Fx(IDPR)f(allo)o(ws)g
(stub)i(and)f(transit)-90 650 y(ADs)g(to)g(express)i(and)d(exc)o(hange)i
(routing)e(and)h(pac)o(k)o(et)g(forw)o(arding)f(p)q(olicies.)18
b(The)d(most)d(distinguishing)h(feature)i(of)e(this)h(approac)o(h)-90
700 y(is)f(the)g(use)h(of)e(AD-lev)o(el)g(source)i(routing.)j(A)c
Fw(Link)h(State)f Fx(algorithm)d([56)o(])i(is)h(used)h(to)e(compute)g(source)
i(P)o(olicy)e(Routes)i(\(PRs\))f(at)f(the)-90 750 y(gran)o(ularit)o(y)g(of)g
(ADs.)18 b(Eac)o(h)13 b(AD)g(expresses)j(its)d(p)q(olicies)g(in)f(a)h
Fw(standar)n(d)g Fx(form,)e(called)i(P)o(olicy)f(T)m(erms)g(\(PTs\),)i(and)f
(distributes)h(them)-90 800 y(to)e(other)g(ADs.)18 b(Eac)o(h)12
b(AD)g(designates)g(sp)q(ecial)h(Route)e(Serv)o(ers)j(\(RSs\))e(to)g(collect)
g(PTs)g(and)g(compute)f(p)q(olicy)h(routes)g(for)g(constituen)o(t)-90
849 y(users.)19 b(The)c(basic)f(assumptions)f(of)g(this)h(mo)q(del)e(are:)-39
950 y(1.)20 b(Most)14 b(p)q(olicies)g(can)g(b)q(e)g(classi\014ed)h(and)e
(expressed)k(in)c(a)h(standard)g(notation.)-39 1033 y(2.)20
b(P)o(olicies)13 b(and)h(in)o(ter-AD)g(connectivit)o(y)g(c)o(hange)g(relativ)
o(ely)f(slo)o(wly)m(.)-39 1116 y(3.)20 b(End-p)q(oin)o(t)13
b(sp)q(eci\014c)j(p)q(olicies)d(should)h(b)q(e)h(supp)q(orted.)-90
1217 y(Tw)o(o)e(primary)e(concepts)k(in)e(this)g(prop)q(osal)g(are)g
Fw(Policy)h(R)n(outes)h(\(PRs\))f Fx(and)e Fw(Policy)j(T)m(erms)e(\(PTs\))p
Fx(.)k(A)d(PR)e(is)h(an)g(ordered)i(sequence)-90 1267 y(of)c(ADs,)g(i.e.,)g
(an)g(AD-lev)o(el)f(source)j(route.)18 b(In)11 b(other)h(w)o(ords,)g(there)g
(ma)o(y)e(b)q(e)i(m)o(ultiple)d(ph)o(ysical)i(realizations)g(of)f(a)h(PR)g
(giv)o(en)g(m)o(ultiple)-90 1317 y(ph)o(ysical)k(connections)h(b)q(et)o(w)o
(een)h(ADs)e(and)h(m)o(ultiple)d(in)o(tra-AD)h(routes.)23 b(The)16
b(actual)f(selection)h(of)f(a)g(particular)g(ph)o(ysical)g(path)g(is)-90
1367 y(done)g(at)g(pac)o(k)o(et)h(forw)o(arding)d(time)h(b)o(y)h(eac)o(h)g
(in)o(terv)o(ening)g(AD,)f(rather)i(than)f(b)o(y)g(the)h(source)g(AD)f(at)g
(route)g(computation)e(or)i(route)-90 1416 y(selection)f(time.)j(This)d
Fw(lazy)h(evaluation)f Fx(pro)o(vides)g(for)f(a)h(more)f(adaptiv)o(e)g(proto)
q(col)h(and)f(unrestricted)j(AD)e(in)o(terconnection.)19 b(P)o(olicy)-90
1466 y(T)m(erms)d(\(PTs\))i(are)f(the)g(units)g(of)f(routing)h(information)c
(exc)o(hanged)18 b(b)o(y)e(comm)o(unicating)e(ADs.)27 b(Eac)o(h)17
b(PT)g(represen)o(ts)i(a)e(distinct)-90 1516 y(p)q(olicy)c(of)h(the)g(AD)g
(that)g(expressed)i(it.)h(The)e(information)c(distributed)j(in)g(a)f(PT)h
(can)g(b)q(e)h(represen)o(ted)i(as:)1642 1501 y Ft(4)476 1607
y Fx([\()p Fq(H)539 1613 y Fp(a)559 1607 y Fq(;)7 b(AD)643
1613 y Fp(a)663 1607 y Fq(;)g(AD)747 1613 y Fp(ent)797 1607
y Fx(\))p Fq(;)g Fx(\()p Fq(H)883 1613 y Fp(b)899 1607 y Fq(;)g(AD)983
1613 y Fp(b)1000 1607 y Fq(;)g(AD)1084 1613 y Fp(exit)1145
1607 y Fx(\))p Fq(;)g(U)e(C)s(I)s(;)i(C)s(onditions)p Fx(])-1595
b(\(4.1\))-90 1699 y(The)17 b(purp)q(ose)g(of)e(a)h(PT)g(is)g(to)g(sp)q
(ecify)h(that)f(pac)o(k)o(ets)h(from)d(some)h(end-system)i(\(or)f(a)g(group)f
(thereof)s(\),)j Fq(H)1653 1705 y Fp(a)1672 1699 y Fx(,)e(in)g(a)g(stub)g
(AD,)g Fq(AD)2038 1705 y Fp(a)2058 1699 y Fx(,)-90 1749 y(are)i(allo)o(w)o
(ed)f(to)g(en)o(ter)i(the)f(AD)g(in)f(question)h(via)f(some)g(directly)h
(connected)h(AD,)e Fq(AD)1364 1755 y Fp(ent)1415 1749 y Fx(,)i(and)e(exit)h
(through)g(another)g(directly)-90 1798 y(connected)i(AD,)e
Fq(AD)266 1804 y Fp(exit)328 1798 y Fx(,)h(on)f(its)h(w)o(a)o(y)f(to)g(or)h
(from)e(an)h(end-system,)i Fq(H)1118 1804 y Fp(b)1134 1798
y Fx(,)f(in)f(another)h(stub)h(AD,)d Fq(AD)1630 1804 y Fp(b)1648
1798 y Fx(.)32 b(User)20 b(Class)e(Iden)o(ti\014er)-90 1848
y(\(UCI\))f(allo)o(ws)e(p)q(olicies)h(to)h(distinguish)e(b)q(et)o(w)o(een)j
(v)n(arious)e(user)i(classes,)g(e.g.,)d(Go)o(v)o(ernmen)o(t,)h(Researc)o(h,)i
(Commercial)o(,)c(Con)o(tract.)-90 1898 y(Conditions)e(represen)o(t)j(qualit)
o(y)d(of)g(service,)i(billing,)c(and)j(other)g(v)n(ariables,)f(and)h(can)g
(re\015ect)h(the)g(agreemen)o(ts)f(b)q(et)o(w)o(een)h(neigh)o(b)q(oring)-90
1948 y(ADs.)k(Examples)13 b(of)g(the)i(P)o(olicy)e(T)m(erms)g(can)h(b)q(e)g
(found)g(in)f([26)o(,)h(13)o(].)-28 2015 y(P)o(olicies)k(are)g(expressed)i(b)
o(y)d(source,)j(destination,)e(and)f(transit)h(ADs.)30 b(The)18
b(source)h(AD)e(ma)o(y)f(select)j(all)e(transit)h(ADs)f(while)-90
2065 y(transit)e(and)g(destination)g(ADs)g(con)o(trol)g(whic)o(h)g(source)h
(and)f(destination)g(ADs)g(can)g(comm)o(unicate)e(via)h(whic)o(h)h(directly)g
(connected)-90 2115 y(ADs.)26 b(ADs)17 b(run)g(link)e(state)j(routing)e
(algorithms)e(to)j(compute)f(their)h(resp)q(ectiv)o(e)h(tables)f(of)f(PRs.)26
b(There)18 b(ma)o(y)c(b)q(e)k(m)o(ultiple)c(PRs)-90 2165 y(listed)e(for)g
(the)h(same)e(destination)h(AD,)g(eac)o(h)h(with)e(a)h(di\013eren)o(t)i(set)f
(of)e(conditions)h(asso)q(ciated)h(with)f(its)g(use)h(\(e.g.,)f(QoS,)g
(time-of-da)o(y)l(,)-90 2215 y(or)i(UCI\).)-28 2282 y(Note)i(that)f(ADs)g
(\(with)g(the)g(exception)h(of)e(the)i(source)g(AD\))f(do)g(not)g(exert)h
(con)o(trol)e(o)o(v)o(er)h(the)h(en)o(tire)g(P)o(olicy)e(Route.)21
b(Referring)-90 2332 y(bac)o(k)16 b(to)f(our)h(tra)o(v)o(el)f(analogy)m(,)f
(it)h(is)g(di\016cult)g(to)h(enforce)g(p)q(olicies)g(that)f(are)h(based)h(on)
e(information)e(that)i(is)h(not)f(v)o(eri\014able)h(at)f(the)-90
2382 y(p)q(oin)o(t)j(of)h(reference.)35 b(F)m(or)18 b(example,)h(it)f(is)h
(di\016cult)f(to)h(enforce)g(a)g(p)q(olicy)f(that)h(dictates)h
(non-admittance)d(to)i(an)o(y)o(one)f(who)h(has)-90 2432 y
Fw(ever)14 b Fx(passed)i(through)e(coun)o(try)h Fw(X)p Fx(,)f(since)h(it)f
(is)g(v)o(ery)h(m)o(uc)o(h)e(dep)q(enden)o(t)j(on)e Fw(X)g
Fx(stamping)f(passp)q(orts)j(reliably)m(.)i(In)c(the)h(en)o(vironmen)o(t)-90
2482 y(of)h(in)o(terconnected)i(ADs,)f(a)f(transit)g(AD)g(can)h(v)o(erify)f
(the)h(previous)f(and)g(next)h(hops)g(b)q(ecause)h(of)d(its)i(direct)g
(connections)g(and)f(the)p -90 2562 864 2 v -44 2589 a Fj(3)-26
2601 y Fi(This)11 b(approac)o(h)e(w)o(as)j(\014rst)f(describ)q(ed)e(b)o(y)i
(D.)g(Clark)g(in)g([13)o(].)-44 2628 y Fj(4)-26 2640 y Fi(This)g(is)h(a)f
(simpli\014ed)e(v)o(ersion)h(of)h(the)g(actual)f(PT)i(format)d(used)i(in)g
(the)g(proto)q(col.)i(Ho)o(w)o(ev)o(er,)e(the)g(di\013erences)d(are)j(not)g
(relev)n(an)o(t)e(to)i(this)g(discussion.)2028 2770 y Fx(42)p
eop
%%Page: 43 18
bop -90 -108 a Fx(feasibilit)o(y)14 b(of)h(emplo)o(ying)d(pairwise)k(authen)o
(tication)f(with)g(the)h(relativ)o(ely)f(small)e(n)o(um)o(b)q(er)i(of)f
(neigh)o(b)q(ors.)23 b(V)m(erifying)15 b(other)h(transit)-90
-59 y(comp)q(onen)o(ts)e(of)f(the)h(PR)g(is)g(di\016cult,)e(if)h(not)h(imp)q
(ossible.)-28 9 y(If)g(the)g(end-p)q(oin)o(t)g(authen)o(tication)f(describ)q
(ed)j(in)d(later)h(sections)h(is)f Fw(not)g Fx(emplo)o(y)o(ed,)d(sp)q(o)q
(o\014ng)j(of)f(end-p)q(oin)o(t)h(addresses)i(en)e(route)-90
59 y(will)e(result)j(in)e(violation)f(of)h(some)g(end-p)q(oin)o(t)h(sp)q
(eci\014c)h(transit)f(p)q(olicies)g(and)g(p)q(ossibly)f(inappropriate)h
(billing)d(of)j(the)g(endp)q(oin)o(ts)g(for)-90 109 y(transit)f(services.)20
b(Ho)o(w)o(ev)o(er,)13 b(the)g(functionalit)o(y)f(a)o(v)n(ailable)f(to)h(the)
i(in)o(terlop)q(ers)g(is)f(limited{)d(they)k(can)f(send)h(pac)o(k)o(ets)f(in)
g(b)q(et)o(w)o(een)h(the)-90 158 y(indicated)h(endp)q(oin)o(t)g(ADs.)22
b(In)16 b(con)o(trast,)f(if)g(the)g(sp)q(o)q(ofer)h(mo)q(di\014es)e(path)h
(information)e(other)i(than)g(the)h(end-p)q(oin)o(ts)g(and)f(previous)-90
208 y(and)h(next)i(hop)e(in)g(order)i(to)e(b)q(e)h(p)q(ermitted)g(b)o(y)f(a)h
(transit)f(AD's)h(path)f(sp)q(eci\014c)j(p)q(olicies,)d(the)h(sp)q(o)q(ofer)h
(is)e(not)h(constrained)g(in)f(the)-90 258 y(manner)d(in)g(whic)o(h)h(it)g
(can)g(exploit)f(these)i(p)q(olicies.)-28 326 y(Eac)o(h)h(AD)g(has)g(one)g
(or)f(more)g(Route)h(Serv)o(er)g(\(RS\),)g(an)f(en)o(tit)o(y)h(that)f
(collects)i(P)o(olicy)e(Routing)f(information)f(from)h(other)i(ADs,)-90
376 y(distributes)i(lo)q(cal)e(p)q(olicy)g(information)e(to)j(other)g(ADs)g
(and)g(computes,)g(as)g(w)o(ell)f(as)h(issues,)i(PRs)e(to)f(lo)q(cal)g
(end-systems.)28 b(Actual)-90 425 y(p)q(olicy)11 b(enforcemen)o(t)h(is)g
(done)g(at)g(a)f(P)o(olicy)g(Gatew)o(a)o(y)h(\(PG\))f(whic)o(h,)h(in)g
(addition)e(to)i(the)g(usual)g(task)g(of)f(forw)o(arding)g(pac)o(k)o(ets,)i
(handles)-90 475 y(v)n(alidation)f(and)h(v)o(eri\014cation)h(of)f(the)i(PRs)f
(attac)o(hed)g(to)g(the)g(incoming)e(pac)o(k)o(ets.)-28 543
y(A)18 b(path)g(is)f(established)i(with)e(the)h(\014rst)h(pac)o(k)o(et)f
(carrying)f(the)h(full)f(PR,)g(i.e.,)g(the)h(complete)f(sequence)j(of)d(ADs)h
(in)f(the)h(route)-90 593 y(and)d(applicable)g(PT)h(iden)o(ti\014ers.)24
b(PGs)15 b(along)g(the)h(route)g(mak)o(e)e(sure)j(that)e(the)h(PR)g(agrees)g
(with)f(the)i(lo)q(cal)d(PTs)i(\(through)g(use)h(of)-90 643
y(templates,)e(for)h(example\).)23 b(The)16 b(result)h(is)f(cac)o(hed)g(so)g
(that)g(a)g(sp)q(eci\014ed)h Fw(PR)g(hand)r(le)g Fx(can)f(b)q(e)h(used)g(in)e
(the)h(future)h(to)f(refer)h(to)e(the)-90 692 y(cac)o(hed)g(en)o(try)m(.)k
(Successiv)o(e)d(pac)o(k)o(ets)f(carry)f(a)g(short)h(PR)f(handle,)f(not)h(a)g
(full)f(PR.)g(Man)o(y)h(transp)q(ort)h(lev)o(el)e(sessions,)i(and)f(ev)o(en)h
(pairs)-90 742 y(of)g(end-systems,)h(ma)o(y)e(share)i(a)g(single)f(PR)g(if)g
(the)i(p)q(olicies)e(enabling)g(it)g(are)h(not)g(end-system-sp)q(eci\014c;)h
(this)f(reduces)i(the)e(a)o(v)o(erage)-90 792 y(latency)g(and)f(state)h(o)o
(v)o(erhead)g(for)f(in)o(terv)o(ening)g(PGs.)22 b(PGs)16 b(use)g(PR)f
(handles)h(in)e(the)i(pac)o(k)o(ets)h(to)e(c)o(hec)o(k)h(for)f(cac)o(hed)h
(en)o(tries.)24 b(PGs)-90 842 y(also)15 b(ma)o(y)f(relate)i(return)h(\015o)o
(w)f(pac)o(k)o(ets)g(with)g(forw)o(ard)f(\015o)o(w.)24 b(Giv)o(en)15
b(information)e(ab)q(out)i(the)i(next)f(AD)f(for)h(a)f(particular)h(pac)o(k)o
(et,)-90 892 y(eac)o(h)e(PG)g(selects)i(the)e(next)h(PG)e(based)i(on)e(the)i
(information)c(exc)o(hanged)k(in)e(a)h(traditional)e(up-do)o(wn)h(proto)q
(col.)-90 1022 y Fr(4.1.2.2)48 b(Discussion)-90 1116 y Fx(P)o(olicy)15
b(routing)f(allo)o(ws)g(ADs)i(to)f(in)o(terconnect)i(to)e(the)h(global)d(in)o
(ternet)k(while)d(still)h(protecting)h(net)o(w)o(ork)f(resources)j(from)13
b(general,)-90 1166 y(unconstrained)i(use.)k(\(W)m(e)13 b(describ)q(ed)j
(earlier)e(wh)o(y)g(suc)o(h)g(a)g(function)g(can)g(not)g(b)q(e)g(left)g(to)g
(end-systems.\))k(Ho)o(w)o(ev)o(er,)c(p)q(olicy)f(routing)-90
1216 y(mec)o(hanisms)j(do)h(not)g(preclude)i(the)f(need)g(for)g(net)o(w)o
(ork)f(access)j(con)o(trols)d(in)g(the)h(b)q(order)h(routers)f(of)f(ADs)h
(that)f(wish)h(to)f(con)o(trol)-90 1266 y(access)f(to)d(individual)f
(end-systems.)19 b(This)14 b(sub)r(ject)h(has)f(b)q(een)h(extensiv)o(ely)f
(discussed)i(in)d(Chapter)i(1.)-28 1333 y(One)20 b(essen)o(tial)f
(di\013erence)i(b)q(et)o(w)o(een)f Fw(Visa)e Fx(proto)q(col)h(and)f(p)q
(olicy)g(routing)h(approac)o(hes)g(is)g(the)g(p)q(er)h(session)f(setup)h(o)o
(v)o(erhead.)-90 1383 y(T)m(ransit)15 b Fw(Visa)g Fx(proto)q(col)g(requires)h
(that)f(a)g(dialog)f(transpire)i(b)q(et)o(w)o(een)h(the)e(source)i(and)e(eac)
o(h)h(transit)f(ADs')g(A)o(CS,)g(and)g(that)g(corre-)-90 1433
y(sp)q(onding)g(k)o(eys)h(b)q(e)f(distributed.)23 b(Consequen)o(tly)m(,)15
b(the)h(initial)d(setup)j(dela)o(y)f(gro)o(ws)g(in)g(prop)q(ortion)g(to)g
(the)g(n)o(um)o(b)q(er)g(of)f(transit)i(ADs)-90 1483 y(in)e(a)g(PR.)f(F)m(or)
h(short)h(transactions)g(suc)o(h)f(o)o(v)o(erhead)h(is)f(not)g(acceptable.)20
b(A)15 b(p)q(olicy-sensitiv)o(e)f(approac)o(h)g(suc)o(h)h(as)f(IDPR)g(a)o(v)o
(oids)f(this)-90 1533 y(setup)j(dialog)d(through)j(bac)o(kground)e
(distribution)h(of)f(p)q(olicy)h(information)d(that)j(is)g(used)h(in)e(route)
i(computation.)k(The)15 b(w)o(ork)g(that)-90 1583 y(the)g(P)o(olicy)e
(Routing)f(proto)q(cols)j(do)e(to)h(distribute)h(p)q(olicy)e(terms)h(and)f
(compute)h(authorized)g(routes)h(m)o(ust)e(b)q(e)h(done)h(at)e(the)i(time)e
(of)-90 1632 y(the)h(session)h(setup)g(in)f Fw(Visa)f Fx(proto)q(col.)-28
1700 y(In)e(particular,)g(with)g(transit)h Fw(Visa)f Fx(proto)q(col)g(this)g
(translates)h(in)o(to)e(a)h(dialog)f(with)h(an)g(A)o(CS)g(for)g(eac)o(h)g(AD)
g(in)g(the)h(path.)17 b(Moreo)o(v)o(er,)-90 1750 y(this)e(assumes)g(that)g
(the)g(source)h(attempts)f(comm)o(uni)o(cation)d(o)o(v)o(er)j(a)f(path)h(for)
g(whic)o(h)f(it)h(has)g(authorization.)20 b(If)14 b(there)i(is)f(a)g
(con\015ict)-90 1800 y(with)f(ev)o(en)g(a)g(single)f(transit)h(AD's)g(p)q
(olicy)m(,)e(the)j(pro)q(cess)g(m)o(ust)e(b)q(egin)h(again.)j(P)o(olicy)c
(Routing)g(incorp)q(orates)h(p)q(olicy)g(in)o(to)f(the)h(route)-90
1849 y(computation)e(pro)q(cess)k(in)d(adv)n(ance)h(of)g(the)g(actual)g(comm)
o(uni)o(cation,)d(thereb)o(y)k(a)o(v)o(oiding)c(this)j(problem.)-28
1917 y(On)f(the)g(other)g(hand,)f(p)q(olicy-based)g(routing,)g(as)g(describ)q
(ed)j(th)o(us)d(far,)g(relies)h(on)f Fw(p)n(ost-facto)h Fx(detection)g(of)f
(abuse,)h(and,)f(is)g(in)g(that)-90 1967 y(sense)k(less)g(secure)h(than)e
(net)o(w)o(ork)g(access)h(con)o(trol)f(sc)o(hemes,)g(suc)o(h)g(as)g
Fw(Visa)g Fx(proto)q(col.)21 b(The)15 b(remainder)f(of)g(this)h(c)o(hapter)h
(addresses)-90 2017 y(the)e(in)o(tegration)g(of)f(prev)o(en)o(tativ)o(e)h
(mec)o(hanisms)e(in)o(to)h(p)q(olicy)h(routing)f(to)h(ac)o(hiev)o(e)g(secure)
i(con)o(trol)d(of)h(transit)g(tra\016c)g(for)f(those)i(ADs)-90
2067 y(that)f(desire)h(it.)-90 2222 y Fs(4.2)70 b(Securit)n(y)21
b(Issues)i(in)g(T)-6 b(ransit)23 b(Con)n(trol)-90 2331 y Fx(In)17
b(this)h(section)g(w)o(e)g(iden)o(tify)f(p)q(oten)o(tial)g(securit)o(y)h
(threats)h(faced)e(b)o(y)h(p)q(olicy)f(routing)g(and)g(detail)g(the)h(steps)h
(needed)g(in)e(a)g(secure)-90 2380 y(proto)q(col.)-90 2519
y Fv(4.2.1)55 b(Sp)r(eci\014c)18 b(Threats)-90 2613 y Fx(The)d(t)o(w)o(o)g
(basic)g(threats)h(to)f(the)g(securit)o(y)h(of)f(a)f(PR)h(proto)q(col)g(are)g
(falsi\014cation)f(of)g(routing)h(information)d(and)i(falsi\014cation)g(of)g
(data)-90 2663 y(pac)o(k)o(ets.)2028 2770 y(43)p eop
%%Page: 44 19
bop -39 -108 a Fx(1.)20 b(An)c(in)o(truder)h(ma)o(y)d(distribute)i(false)g
(routing)g(information)d(in)i(order)i(to)f(\(i\))g(disrupt)g(comm)o
(unication,)d(e.g.,)i(create)i(routing)14 -59 y(lo)q(ops,)e(or)g(\(ii\))g(ea)
o(v)o(esdrop)i(on)e(comm)o(unication,)d(e.g.,)j(re-route)i(tra\016c)e(to)h(a)
f(sp)q(eci\014c)i(lo)q(cation.)23 b(This)15 b(can)h(tak)o(e)g(the)g(form)e
(of)14 -9 y(distributing)e(falsi\014ed)g(or)h(prerecorded)i(PG)d(UP/DO)o(WN)h
(information)c(whic)o(h)k(ma)o(y)e(cause)i(stub)h(ADs)e(to)h(compute)f(PRs)h
(that)14 41 y(are)i(desired)i(b)o(y)e(the)g(in)o(truder.)23
b(Also,)15 b(falsi\014ed)f(P)o(olicy)h(T)m(erms)f(can)h(b)q(e)h(similarly)c
(distributed)k(whic)o(h)f(ma)o(y)e(result)j(in)f(in)o(v)n(alid)14
91 y(PRs)f(b)q(eing)g(computed.)-39 174 y(2.)20 b(If)11 b(routing)g(proto)q
(cols)g(protect)i(themselv)o(es)e(b)o(y)g(prescribing)h(an)g(authen)o
(tication)f(mec)o(hanism)e(for)i(v)n(alidating)e(routing)i(informa-)14
224 y(tion,)h(the)h(in)o(truder)h(can)f(turn)g(to)g(falsifying)d(con)o(trol)j
(and/or)f(data)h(pac)o(k)o(ets.)18 b(This)13 b(kind)f(of)g(attac)o(k)h(can)g
(lead)g(to)f(unauthorized)14 273 y(resource)i(usage,)e(unauthorized)h(comm)o
(unication,)c(and)j(inappropriate)f(accrual)i(of)e(c)o(harges.)18
b(W)m(e)12 b(iden)o(tify)g(three)h(sub-threats:)31 356 y(\(a\))21
b(F)m(alsi\014cation)13 b(of)g(con)o(trol)g(information)105
406 y(In)g(addition)f(to)g(the)i(usual)e(net)o(w)o(ork)h(la)o(y)o(er)g
(information)d(\(source)k(and)f(destination)f(addresses,)j(data)e(size,)g
(etc.\),)g(con)o(trol)105 456 y(information)i(includes)j(the)g(route)h(setup)
f(and)g(pac)o(k)o(et)g(forw)o(arding)f(parameters.)29 b(An)18
b(in)o(truder)h(can)e(also)h Fw(ste)n(al)f Fx(a)g(PR)105 506
y(handle)d(created)h(b)o(y)f(an)g(authorized)g(AD)g(and)f(substitute)j(an)d
(in)o(v)n(alid)f(Charge)i(Co)q(de.)29 572 y(\(b\))21 b(F)m(alsi\014cation)13
b(of)g(data)105 622 y(Data)g(p)q(ortion)h(of)f(a)h(pac)o(k)o(et)g(can)g(b)q
(e)h(mo)q(di\014ed)d(or)i(replaced)h(b)o(y)e(an)h(in)o(truder.)34
689 y(\(c\))21 b(Repla)o(y)105 738 y(Previously-recorded)d(legitimate)c(pac)o
(k)o(ets)j(can)g(b)q(e)g(repla)o(y)o(ed)f(b)o(y)g(an)g(in)o(truder.)26
b(Tw)o(o)16 b(sources)i(of)e(repla)o(y)g(are)h(of)e(equal)105
788 y(concern:)26 b(acciden)o(tal)17 b(repla)o(y)g(due)h(to)f(the)h
Fw(stuttering)f Fx(of)f(a)h(misb)q(eha)o(ving)e(mac)o(hine,)i(and)g
(malicious)d(repla)o(y)j(due)h(to)f(a)105 838 y(misb)q(eha)o(ving)12
b(p)q(erson)j(attempting)d(a)i(denial)f(of)h(service)h(attac)o(k.)-90
939 y(In)d(the)h(remainder)e(of)h(this)g(c)o(hapter)h(w)o(e)g(describ)q(e)h
(and)e(analyze)g(mec)o(hanisms)e(to)i(resist)h(these)h(threats.)k(Our)13
b(approac)o(h)f(is)g(not)g(incon-)-90 989 y(sisten)o(t)17 b(with)f(the)h
(original)d(prop)q(osal)i(in)f(IDPR.)g(The)i Fw(pr)n(evention-)p
Fx(based)g(\(as)f(opp)q(osed)h(to)f(detection-based\))i(measures)e(prop)q
(osed)-90 1038 y(here)f(can)f(b)q(e)h(included)f(as)g(optional)e(features)j
(within)e(the)i(proto)q(col.)-90 1177 y Fv(4.2.2)55 b(T)-5
b(erminology)-90 1272 y Fx(The)14 b(follo)o(wing)e(terminology)f(is)j(used)h
(throughout)f(this)g(c)o(hapter:)-28 1372 y Fu(\017)21 b(jj)13
b Fx(is)g(the)i(concatenation)f(op)q(erator,)g(e.g.,)f Fq(X)s
Fu(jj)p Fq(Y)c Fx(.)-28 1455 y Fu(\017)21 b Fq(N)d Fx(denotes)e(the)e(length)
g(of)f(a)h(PR,)f(i.e.,)f(the)j(n)o(um)o(b)q(er)e(of)g(ADs)h(in)g(a)f(PR.)-28
1538 y Fu(\017)21 b Fq(AD)79 1544 y Fp(i)107 1538 y Fx(\(0)11
b Fq(<)h(i)g(<)g(N)5 b Fx(\))14 b(denotes)h(the)f Fq(i)p Fx(-th)g(AD)g(in)g
(a)f(PR,)g Fq(AD)948 1544 y Ft(1)979 1538 y Fx(=)f Fq(AD)1088
1544 y Fp(sr)q(c)1151 1538 y Fx(and)i Fq(AD)1297 1544 y Fp(N)1340
1538 y Fx(=)e Fq(AD)1449 1544 y Fp(dst)1497 1538 y Fx(.)-28
1621 y Fu(\017)21 b Fq(K)52 1602 y Fp(j)49 1633 y(i)83 1621
y Fx(denotes)15 b(a)f(secret)i(k)o(ey)e(shared)h(b)o(y)e Fq(AD)715
1627 y Fp(i)744 1621 y Fx(and)g Fq(AD)889 1627 y Fp(j)907 1621
y Fx(.)-28 1705 y Fu(\017)21 b Fq(K)49 1711 y Fp(dsig)127 1705
y Fx(denotes)15 b(a)f(secret)i(k)o(ey)e(used)g(for)g(computing)e(data)i
(signatures.)-28 1788 y Fu(\017)21 b Fq(E)r(K)82 1794 y Fp(i)96
1788 y Fx(,)13 b Fq(D)q(K)191 1794 y Fp(i)220 1788 y Fx(denote)h(public)g
(\(encryption\))h(and)f(priv)n(ate)f(\(decryption\))i(k)o(eys)f(of)g
Fq(AD)1380 1794 y Fp(i)1394 1788 y Fx(.)-28 1871 y Fu(\017)21
b Fq(E)r Fx(\()p Fq(D)q(ata)p Fx(\))173 1855 y Fp(K)219 1871
y Fx(and)14 b Fq(D)q Fx(\()p Fq(D)q(ata)p Fx(\))461 1855 y
Fp(K)508 1871 y Fx(denote)h(encryption)f(and)g(decryption,)g(resp)q(ectiv)o
(ely)m(,)h(of)e Fq(D)q(ata)h Fx(with)g(k)o(ey)g Fq(K)s Fx(.)-28
1954 y Fu(\017)21 b Fq(F)41 1960 y Fp(hash)115 1954 y Fx(\()p
Fq(D)q(ata)p Fx(\))15 b(is)e(a)h(one-w)o(a)o(y)f(hash)h(function)g(digest)g
(of)f Fq(D)q(ata)p Fx(.)-28 2054 y(In)k(the)h(next)g(three)g(sections)h(w)o
(e)e(consider)h(separately)g(securit)o(y)g(issues)g(p)q(ertaining)f(to)g
(di\013eren)o(t)h(phases)h(of)d(P)o(olicy)h(Routing:)-90 2104
y(distribution)f(of)g(PTs,)i(PR)e(setup)i(and)e(pac)o(k)o(et)h(forw)o
(arding.)26 b(In)16 b(eac)o(h)h(of)g(these)h(phases)f(w)o(e)g(are)g
(concerned)i(primarily)14 b(with)i(data)-90 2154 y(in)o(tegrit)o(y)e(and)h
(source)h(authen)o(ticit)o(y)m(.)j(Con\014den)o(tialit)o(y)14
b(of)g(user)h(data)g(is)f(left)h(to)f(end-to-end)i(mec)o(hanisms)c([90)o(].)
20 b(Con\014den)o(tialit)o(y)14 b(of)-90 2204 y(routing)e(con)o(trol)g
(information)e(is)i(a)g(less)h(general)g(requiremen)o(t)f(than)h(in)o(tegrit)
o(y)e(and)i(authen)o(ticit)o(y)m(,)e(and)i(is)f(discussed)i(brie\015y)m(.)j
(T)m(ra\016c)-90 2254 y(analysis)c(is)h(not)g(addressed)h(here)g(\(p)q(er)g
(our)f(discussion)h(in)e(Chapter)i(1\).)-90 2392 y Fv(4.2.3)55
b(Distribution)18 b(of)g(P)n(olicy)g(T)-5 b(erms)-90 2487 y
Fx(In)10 b(order)h(to)f(pro)o(vide)g(for)g(secure)i(distribution)d(of)h(P)o
(olicy)f(T)m(erm)g(up)q(dates,)i(eac)o(h)g(AD)f(m)o(ust)f(b)q(e)i(able)e(to)h
(sign)g(its)g(o)o(wn,)g(and)g(authen)o(ticate)-90 2537 y(incoming)j(PTs.)21
b(Because)c(of)d(the)h(Link)g(State)g(nature)g(of)g(the)g(proto)q(col,)f(PT)h
(up)q(dates)h(m)o(ust)e(b)q(e)i(\015o)q(o)q(ded)f(to)g(ADs)g(throughout)f
(the)-90 2586 y(in)o(ternet)o(w)o(ork)c(so)g(that)g(all)f(participan)o(t)g
(ADs)h(can)g(use)h(them)e(in)g(their)i(PR)e(computation.)15
b(Before)c(using)f(a)f(new)h(PT,)g(eac)o(h)g(AD)g(needs)h(to)-90
2636 y(v)o(erify)g(the)h(authen)o(ticit)o(y)f(and)g(in)o(tegrit)o(y)g(of)g
(its)g(con)o(ten)o(ts.)18 b(This)12 b(is)f(di\016cult)f(to)i(ac)o(hiev)o(e)f
(in)g(a)g(con)o(v)o(en)o(tional)g(encryption)h(en)o(vironmen)o(t,)2028
2770 y(44)p eop
%%Page: 45 20
bop -90 -108 a Fx(as)17 b(the)g(n)o(um)o(b)q(er)f(of)f(p)q(oten)o(tial)h
(recipien)o(ts)i(of)e(a)g(PT)h(up)q(date)g(can)g(b)q(e)g(quite)f(large.)1257
-124 y Ft(5)1302 -108 y Fx(In)g(general,)h(con)o(v)o(en)o(tional)f
(encryption)h(is)f(not)-90 -59 y(w)o(ell-suited)e(for)g(an)g(en)o(vironmen)o
(t)f(suc)o(h)i(as)f(Link)g(State)g(routing)g(where)h(routing)f(up)q(dates)h
(are)g(broadcasted)g(to)f(a)g(large)g(n)o(um)o(b)q(er)g(of)-90
-9 y(recipien)o(ts.)-28 59 y(The)20 b(alternativ)o(e)g(is)f(to)g(use)i
(public)e(k)o(ey)g(encryption)i(for)e(the)h(distribution)f(of)g(PTs.)35
b(A)o(t)20 b(\014rst)g(glance,)h(this)e(migh)o(t)f(app)q(ear)-90
109 y(problematic)h(b)q(ecause)k(curren)o(t)f(public)e(k)o(ey)h(tec)o
(hnology)g(is)f(still)g(inferior)g(in)g(terms)h(of)f(p)q(erformance.)39
b(Ho)o(w)o(ev)o(er,)22 b(w)o(e)f(are)g(not)-90 158 y(in)o(terested)16
b(in)e(the)h(priv)n(acy)m(,)e(but)i(only)f(the)h(in)o(tegrit)o(y)f(and)g
(authen)o(ticit)o(y)g(of)g(routing)g(information.)j(Therefore,)f(signature)e
(metho)q(ds)-90 208 y(describ)q(ed)i(in)e(App)q(endix)h(A)g(can)f(b)q(e)h
(used)h(with)e(little)f(p)q(erformance)i(impact.)j(Moreo)o(v)o(er,)c(one)h
(of)f(the)h(cen)o(tral)g(assumptions)e(in)h(the)-90 258 y(IDPR)c(prop)q(osal)
g(is)h(that)f(p)q(olicies)h(c)o(hange)f(relativ)o(ely)g(slo)o(wly)m(.)16
b(An)o(y)10 b(added)h(pro)q(cessing)h(time)d(asso)q(ciated)i(with)f(public)h
(k)o(ey)f(encryption)-90 308 y(is)j(coun)o(ter-balanced)i(b)o(y)e(the)h
(ubiquit)o(y)e(and)h(e\016ciency)h(of)f(b)q(eing)g(able)h(to)f(generate)h(a)f
(single)g(unforgeable)h(pac)o(k)o(et)f(signature)h(whic)o(h)-90
358 y(can)h(b)q(e)h(authen)o(ticated)f(b)o(y)g(an)o(y)f(recipien)o(t.)22
b(An)15 b(example)f(of)g(a)g(Link)h(State)g(routing)f(proto)q(col)h(whic)o(h)
g(uses)h(public)e(k)o(ey)h(encryption)-90 408 y(for)f(routing)f(up)q(date)h
(distribution)g(is)g(presen)o(ted)i(in)d([71)o(].)-28 475 y(Routing)k
(information)e(distribution)j(is)g(one)g(area)g(of)g(p)q(olicy)f(routing)h
(where)h(con\014den)o(tialit)o(y)e(measures)i(ma)o(y)d(b)q(e)j(considered)-90
525 y(useful.)e(Ho)o(w)o(ev)o(er,)11 b(it)f(implies)f(that)h(the)i(en)o(tire)
f(routing)f(up)q(date)h(m)o(ust)f(b)q(e)h(encrypted)h Fr(separately)d
Fx(for)h(eac)o(h)h(an)o(ticipated)f(destination)-90 575 y(AD.)19
b(In)g(general,)i(this)e(is)g(impractical)f(regardless)i(of)f(the)h(t)o(yp)q
(e)g(of)f(encryption)h(used.)36 b(Since)19 b(a)h(link)e(state)i(up)q(date)g
(is)g(\015o)q(o)q(ded)-90 625 y(throughout)13 b(the)g(in)o(ternet)o(w)o(ork)g
(\(in)f(this)h(case,)g(to)g(all)e(ADs\),)i(the)g(n)o(um)o(b)q(er)f(of)g(p)q
(oten)o(tial)g(destinations)h(can)f(b)q(e)i(quite)e(large.)18
b(In)12 b(order)-90 674 y(to)k(ac)o(hiev)o(e)g(con\014den)o(tialit)o(y)e(in)i
(this)g(en)o(vironmen)o(t,)e(the)j(source)g(of)e(a)g(link)g(state)h(up)q
(date)h(needs)g(to)f(encrypt)h(the)f(up)q(date)g Fq(N)21 b
Fx(times)-90 724 y(\(where)15 b Fq(N)k Fx(is)14 b(the)g(total)f(n)o(um)o(b)q
(er)g(of)h(ADs\).)k(F)m(urthermore,)13 b(the)i(tra\016c)f(due)g(to)g(up)q
(date)h(propagation)d(will)h(increase)i Fq(N)5 b Fx(-fold.)-28
792 y(F)m(or)13 b(the)h(remainder)f(of)f(this)h(c)o(hapter)i(w)o(e)e
(consider)h(en)o(vironmen)o(ts)f(in)g(whic)o(h)g(only)f(in)o(tegrit)o(y)h
(and)g(authen)o(ticit)o(y)g(of)g(routing)f(data)-90 842 y(is)j(required)h
(and)f(where)h(public)f(k)o(ey)g(encryption)h(and)f(the)h(certifying)f
(authorit)o(y)f(mec)o(hanisms)f(describ)q(ed)k(in)e(Chapter)h(2)f(are)g(used)
-90 892 y(for)f(this)f(particular)h(function.)-28 959 y(Although)d(the)i
(distribution)e(of)g(PTs)i(raises)f(a)g(n)o(um)o(b)q(er)f(of)g(in)o
(teresting)h(issues,)h(the)f(underlying)g(concept)h(of)e(broadcasting)h
(signed)-90 1009 y(messages)19 b(is)g(not)g(unique)g(to)g(P)o(olicy)f
(Routing.)702 994 y Ft(6)753 1009 y Fx(Other)j(asp)q(ects)f(of)f(secure)i(P)o
(olicy)d(Routing,)h(suc)o(h)h(as)f(PR)g(setup)h(and)f(pac)o(k)o(et)-90
1059 y(forw)o(arding,)12 b(require)j(more)e(careful)h(proto)q(col)g(design)g
(b)q(ecause)h(of)f(the)g(asso)q(ciated)h(costs)g(and)e(threats.)-90
1195 y Fv(4.2.4)55 b(Route)18 b(Setup)-90 1289 y Fx(PR)11 b(setup)h(phase)f
(requires)i(that)e(eac)o(h)g(in)o(terv)o(ening)g(AD)g(ha)o(v)o(e)g(means)f
(to)h(forw)o(ard)f(subsequen)o(t)j(data)e(pac)o(k)o(ets)h(along)e(a)g(sp)q
(eci\014c)j(P)o(olicy)-90 1339 y(Route.)20 b(As)15 b(describ)q(ed)i(in)d
(Section)h(4.1.2.1,)d(eac)o(h)j(AD)g(along)e(the)i(route)h(m)o(ust)d(b)q(e)j
(supplied)e(with)h(the)g(next)g(hop)g(AD)f(at)g(PR)h(setup)-90
1389 y(time.)j(The)d(purp)q(ose)g(of)f(PR)g(setup)h(is)f(to)g(establish)h
(authorization)e(in)h(all)f(transit)i(ADs)f(and)g(create)i(state)f(in)f(all)f
(in)o(terv)o(ening)h(PGs.)-90 1439 y(Th)o(us,)f(P)o(olicy)f(Routing)g
(decisions)h(can)g(b)q(e)g(made)f(in)g(adv)n(ance)h(of)g(the)g(actual)g(comm)
o(uni)o(cation,)d(and,)i(subsequen)o(t)j(data)d(pac)o(k)o(ets)i(can)-90
1488 y(carry)g(a)g(minim)n(um)c(of)j(PR-related)h(information)d(thereb)o(y)k
(reducing)g(b)q(oth)f(o)o(v)o(erhead)g(and)g(latency)m(.)-28
1556 y(In)d(order)h(to)f(recognize)h(a)f Fw(b)n(ona)i(\014de)f
Fx(PR,)e(eac)o(h)i(AD)e(m)o(ust)g(authen)o(ticate)i(and)f(authorize)h(a)e
(PR.)h(Authen)o(tication)g(means)f(v)o(erifying)-90 1606 y(that)16
b(a)g(PR)f(w)o(as)h(issued)h(recen)o(tly)g(b)o(y)f(a)f(recognized)i(en)o(tit)
o(y)f(and)g(w)o(as)g(not)g(tamp)q(ered)f(with.)24 b(Authorization)16
b(en)o(tails)f(making)f(sure)-90 1656 y(that)g(a)g(PR)f(conforms)g(to)h(lo)q
(cal)f(p)q(olicy)m(.)-90 1723 y(More)h(sp)q(eci\014cally)m(,)g(secure)h(PR)f
(setup)h(needs)g(to)f(address)h(t)o(w)o(o)f(t)o(yp)q(es)g(of)g(threats:)-90
1791 y Fr(T)o(yp)q(e)i(1.)21 b Fw(Cr)n(e)n(ation)14 b(of)h(fr)n(audulent)g
(PRs)g(or)g(tamp)n(ering)f(with)h(existing)f(PRs.)-90 1841
y Fx(In)g(order)h(to)e(defend)i(against)e(this)h(threat,)g(eac)o(h)h(PR)e(m)o
(ust)g(b)q(e)i(traceable)g(to)e(the)i(issuing)e(AD.)h(In)g(other)g(w)o(ords,)
g(it)f(m)o(ust)g(b)q(e)i(signed)-90 1891 y(with)f(an)h(unforgeable)f
(signature.)21 b(F)m(or)15 b(all)e(in)o(terv)o(ening)i(ADs,)f(this)h(w)o
(ould)f(pro)o(vide)h(for)f(non-repudiation)g(of)g(issuance)i(and)e(sender)-90
1941 y(authen)o(ticit)o(y)m(.)-90 2008 y Fr(T)o(yp)q(e)i(2.)21
b Fw(R)n(eplay)15 b(of)g(pr)n(eviously)g(issue)n(d)g(setup)g(p)n(ackets.)-90
2058 y Fx(This)d(can)f(b)q(e)i(prev)o(en)o(ted)g(if)e(w)o(e)g(include)h(a)g
(timestamp)d(within)i(eac)o(h)h(PR.)f(The)h(signature)g(of)f(a)g(setup)i(pac)
o(k)o(et)f(b)q(ecomes)g(dep)q(enden)o(t)h(on)-90 2108 y(this)d(timestamp,)f
(and,)h(mak)o(es)f(repla)o(y)h(detection)i(p)q(ossible)e(within)g(the)h(gran)
o(ularit)o(y)e(of)h(the)h(timestamp)d(and)i(clo)q(c)o(k)g(sync)o
(hronizations.)-90 2158 y(As)18 b(the)g(n)o(um)o(b)q(er)f(of)g(setups)i(is)e
(relativ)o(ely)g(small)e(\(in)i(relation)g(to)g(the)h(n)o(um)o(b)q(er)f(of)g
(data)g(pac)o(k)o(ets\),)i(relativ)o(ely)e(coarse)h(timestamp)-90
2208 y(gran)o(ularit)o(y)h(\(e.g.,)h(1)p Fq(ms)p Fx(\))h(should)f(b)q(e)h
(adequate)g(and)f(is)g(preferable)h(to)f(the)g(managemen)o(t)e(required)j(to)
f(k)o(eep)h(trac)o(k)f(of)g(unique)-90 2257 y(sequence)g(n)o(um)o(b)q(ers.)31
b(W)m(e)18 b(note)g(that,)h(detecting)g(repla)o(y)f(of)f(PR)h(setup)i(pac)o
(k)o(ets)e(is)g(v)o(ery)h(similar)d(to)i(that)g(of)f(VISA-REQUEST)-90
2307 y(pac)o(k)o(ets)e(in)e Fw(Visa)h Fx(proto)q(col)f(\(see)j(Chapter)e
(3\).)-28 2375 y(As)k(with)e(PT)i(up)q(date)f(distribution,)g(w)o(e)g(are)h
(concerned)h(with)d(the)i(data)e(in)o(tegrit)o(y)h(and)g(authen)o(ticit)o(y)g
(of)f(the)i(setup)g(pac)o(k)o(ets.)-90 2425 y(Ho)o(w)o(ev)o(er,)d(unlik)o(e)g
(PT)g(up)q(dates,)h(PRs)f(are)g(set)h(up)f(relativ)o(ely)f(frequen)o(tly)i
(and)f(increased)h(latency)f(is)g(exp)q(erienced)i(directly)f(b)o(y)e(the)-90
2474 y(end-users.)19 b(Th)o(us,)10 b(w)o(e)g(are)g(far)g(more)e(concerned)k
(with)d(the)i(p)q(er-signature)g(o)o(v)o(erhead)f(for)f(PR)h(setup)h(than)e
(w)o(e)h(are)h(for)e(PT)h(distribution.)-90 2524 y(Consequen)o(tly)k(w)o(e)g
(will)f(in)o(v)o(estigate)h(the)g(use)h(of)e(b)q(oth)h(con)o(v)o(en)o(tional)
f(and)h(public)f(k)o(ey)h(encryption)h(signature)f(mec)o(hanisms.)p
-90 2592 864 2 v -44 2619 a Fj(5)-26 2630 y Fi(Sharing)9 b(a)i(single)g
(common)e(k)o(ey)h(among)g(all)h(no)q(des)f(a\013ords)g(little)g(protection,)
f(while)i(distributing)d(pairwise)j(k)o(eys)f(to)i(eac)o(h)e(AD-pair)h(is)g
(impractical.)-44 2658 y Fj(6)-26 2670 y Fi(With)g(the)f(exception)f(that)i
(routing)e(up)q(dates)h(are)h(infrequen)o(t)o(,)e(th)o(us,)h(fa)o(v)o(oring)g
(the)g(use)h(of)h(public)d(k)o(ey)i(encryption.)2028 2770 y
Fx(45)p eop
%%Page: 46 21
bop -28 -108 a Fx(As)12 b(discussed)h(earlier,)f(con)o(v)o(en)o(tional)e
(encryption,)i(implies)d(a)i(signi\014can)o(t)g(k)o(ey)g(managemen)o(t)e
(burden,)j(since)g(an)f(AD)h(has)f(to)g(share)-90 -59 y(a)k(secret)j(k)o(ey)e
(with)f(ev)o(ery)h(other)g(AD)g(that)f(it)h(ev)o(er)g(comm)o(unicates)e
(with.)22 b(Moreo)o(v)o(er,)16 b(it)g(en)o(tails)f(computing)f(a)h(PR)g
(signature)h(for)-90 -9 y(ev)o(ery)d(AD)f(in)o(v)o(olv)o(ed,)f(whereas)i(a)f
(single)g(PR)g(signature)g(v)o(eri\014able)g(b)o(y)g(all)f(in)o(terv)o(ening)
h(ADs)g(is)g(su\016cien)o(t)h(in)f(public)g(k)o(ey)g(encryption.)-90
41 y(On)i(the)g(other)h(hand,)e(a)g(t)o(ypical)g(PR)h(tra)o(v)o(erses)h(a)f
(relativ)o(ely)f(small)e(n)o(um)o(b)q(er)i(of)g(ADs)h(\()p
Fq(N)19 b Fx(is)14 b(usually)f(m)o(uc)o(h)f(less)j(than)e(the)i(diameter)-90
91 y(of)g(the)h(in)o(ternet)o(w)o(ork\).)23 b(This)16 b(mak)o(es)e(con)o(v)o
(en)o(tional)g(encryption)i(a)f(viable)g(c)o(hoice)h(since)g(a)f(PR)h(w)o
(ould)e(only)h(ha)o(v)o(e)g(to)g(b)q(e)h(signed)g Fq(N)-90
141 y Fx(times.)-28 208 y(The)e(ab)q(o)o(v)o(e)g(discussion)g(is)f(a)h
(standard)g(public)f(k)o(ey)h Fw(verses)f Fx(con)o(v)o(en)o(tional)g
(encryption)h(debate.)19 b(Both)14 b(metho)q(ds)f(ha)o(v)o(e)g(b)q
(ene\014cial)-90 258 y(as)i(w)o(ell)f(as)g(burdensome)h(features.)21
b(In)15 b(Section)g(4.3)f(w)o(e)g(demonstrate)h(a)f(PR)h(setup)g(proto)q(col)
g(based)g(on)f(public)h(k)o(ey)f(encryption,)h(a)-90 308 y(con)o(v)o(en)o
(tional)e(encryption)h(v)n(arian)o(t)f(is)h(similar.)-90 446
y Fv(4.2.5)55 b(P)n(ac)n(k)n(et)20 b(F)-5 b(orw)n(arding)-90
541 y Fx(After)16 b(a)f(PR)g(has)g(b)q(een)h(set)g(up,)g(subsequen)o(t)h
(data)d(pac)o(k)o(ets)i(can)g(tak)o(e)f(adv)n(an)o(tage)f(of)h(the)h(PR)f
(state)h(in)f(in)o(termediate)f(ADs.)22 b(First,)-90 591 y(instead)17
b(of)e(a)h(full)f(PR,)h(eac)o(h)g(data)g(pac)o(k)o(et)h(carries)g(only)f(an)g
(abbreviated)g(v)o(ersion)h(referred)h(to)e(as)g(the)h Fw(PR)g(hand)r(le)p
Fx(.)26 b(Second,)17 b(the)-90 641 y(state)e(in)f(all)f(in)o(terv)o(ening)h
(PGs)h(allo)o(ws)e(them)g(to)h(b)o(ypass)h(exp)q(ensiv)o(e)g(authorization)f
(c)o(hec)o(ks)h(on)f(a)g(p)q(er)i(pac)o(k)o(et)e(basis.)20
b(A)14 b(PR)g(handle)-90 690 y(only)e(needs)j(to)e(con)o(tain)f(the)i
(information)c(necessary)15 b(to)e(iden)o(tify)f(the)i(appropriate)f(state)h
(in)f(in)o(terv)o(ening)g(PGs.)18 b(Its)13 b(exact)h(con)o(ten)o(ts)-90
740 y(are)g(describ)q(ed)i(in)d(the)i(next)f(section.)-28 808
y(Assuming)e(appropriate)i(securit)o(y)g(measures)f(to)g(prev)o(en)o(t)h(PR)f
(setup)i(threats)f(ab)q(o)o(v)o(e,)f(there)h(remains)e(the)i(p)q(ossibilit)o
(y)e(of)h(attac)o(ks)-90 858 y(at)h(pac)o(k)o(et)g(forw)o(arding)f(time:)-90
925 y Fr(T)o(yp)q(e)h(3.)21 b Fw(A)o(n)14 b(intruder)f(c)n(an)i(c)n(opy)f(a)g
(valid)f(PR)i(hand)r(le)f(fr)n(om)f(a)h(le)n(gitimate)f(p)n(acket,)h(attach)g
(its)f(own)h(data)g(and)h(send)f(it)g(along)g(a)g(PR,)-90 975
y(thus,)h(obtaining)g(servic)n(e)g(fr)n(audulently.)-28 1043
y Fx(This)h(attac)o(k)g(can)g(b)q(e)g(fully)f(remedied)g(if)g(eac)o(h)h(data)
g(pac)o(k)o(et)g(is)g(signed)g(b)o(y)f(the)i(source)g(and)e(the)i(signature)f
(is)f(v)o(eri\014ed)i(at)e(eac)o(h)-90 1093 y(transit)i(hop.)25
b(Ho)o(w)o(ev)o(er,)17 b(ev)o(en)g(more)e(so)h(than)h(in)f(the)h(case)g(of)f
(PR)g(setup,)h(pro)q(cessing)h(dela)o(y)e(is)g(a)g(critical)g(concern)i(with)
e(resp)q(ect)-90 1142 y(to)f(forw)o(arding)f(of)h(data)g(pac)o(k)o(ets.)23
b(F)m(or)15 b(this)h(reason,)f(man)o(y)f(ADs)h(are)h(lik)o(ely)e(to)h(forego)
g(p)q(er-pac)o(k)o(et)i(signature)e(and)h(v)o(eri\014cation)f(of)-90
1192 y(most)e(tra\016c.)20 b(W)m(e)14 b(no)o(w)h(discuss)g(a)f(sp)q(ectrum)h
(of)f(p)q(ossibilities)g(whereb)o(y)i(ADs)e(can)h(trade)g(the)g(lev)o(el)g
(of)e(protection)j(for)e(the)h(amoun)o(t)-90 1242 y(of)e(o)o(v)o(erhead)i
(incurred.)-28 1310 y(There)g(are)g(three)g(factors)f(that)g(directly)g
(in\015uence)h(the)g(cost)f(of)f(data)h(authen)o(tication)g(\(w)o(e)g
(discuss)h(them)e(b)q(elo)o(w\):)-39 1411 y(1.)20 b(Signature)14
b(computation)e(metho)q(d)-39 1494 y(2.)20 b(Signature)14 b(co)o(v)o(erage)
-39 1577 y(3.)20 b(Signature)14 b(v)o(eri\014cation)f(metho)q(d)-90
1707 y Fr(4.2.5.1)48 b(Signature)13 b(computation)-90 1801
y Fx(The)19 b(particular)f(metho)q(d)f(used)j(in)e(the)g(signature)h
(computation)e(in\015uences)j(not)e(only)f(the)i(o)o(v)o(erhead)g(but)g(also)
e(the)i(securit)o(y)h(of)-90 1851 y(the)e(pac)o(k)o(et)h(forw)o(arding)d
(proto)q(col.)30 b(The)18 b(c)o(hoice)g(of)f(a)h(signature)g(mec)o(hanism)d
(is)j(mainly)d(dep)q(enden)o(t)20 b(up)q(on)d(the)i(sev)o(erit)o(y)f(of)f
(the)-90 1901 y(an)o(ticipated)d(hostile)f(attac)o(ks.)-28
1969 y(If)k(hostile)g(attac)o(ks)h(are)f(not)h(an)o(ticipated,)f(the)h
(signature)f(needs)i(only)d(a\013ord)i(protection)f(against)g(o)q(ccasional)g
(non-malicious)-90 2019 y(mo)q(di\014cation)g(of)h(data)g(pac)o(k)o(ets.)34
b(This)18 b(can)h(b)q(e)h(accomplished)d(b)o(y)i(using)g(a)f(simple,)g
(relativ)o(ely)g(w)o(eak)h(CR)o(C)f(function)g(\(e.g.,)h(an)-90
2068 y(IP-st)o(yle)14 b(CR)o(C)f([73)o(]\).)-28 2136 y(T)m(o)19
b(protect)h(against)e(tamp)q(ering)g(with)h(legitimate)e(data)i(pac)o(k)o
(ets,)h(the)g(signature)f(function)g(m)o(ust)f(ha)o(v)o(e)h(the)h(prop)q(ert)
o(y)g(that)-90 2186 y(mo)q(di\014cation)11 b(of)h(data)h(results)h(in)e
(unpredictable)i(c)o(hanges)f(in)g(the)g(signature.)18 b(A)13
b(strong)h(one-w)o(a)o(y)e(function)h(suc)o(h)g(as)g(MD4)g(or)f(MD2)-90
2236 y(is)i(a)f(go)q(o)q(d)h(candidate)g(for)f(this)h(t)o(yp)q(e)h(of)e
(protection.)-28 2303 y(Protection)18 b(against)e(message)g(substitution)h
(is)f(more)g(complicated.)25 b(In)17 b(addition)e(to)i(strong)g(data)f(in)o
(tegrit)o(y)g(protection,)h(the)-90 2353 y(signature)e(m)o(ust)f(b)q(e)i
Fw(unfor)n(ge)n(able)p Fx(,)f(i.e.,)e(only)i(a)f(legitimate)f(en)o(tit)o(y)i
(m)o(ust)f(b)q(e)h(able)g(to)g(compute)f(a)h(signature.)22
b(This)15 b(is)f(not)h(the)h(case)-90 2403 y(with)c(one-w)o(a)o(y)g(hash)h
(functions)g(since)g(an)o(y)o(one)f(can)h(pro)q(duce)h(an)e(arbitrary)h
(message)f(and)h(compute)f(its)g(signature.)18 b(In)13 b(other)g(w)o(ords,)
-90 2453 y(protection)k(against)e(message)h(substitution)g(m)o(ust)f(incorp)q
(orate)h(some)g(notion)f(of)g(signature)i(origin)e(authen)o(ticit)o(y)m(.)23
b(Consequen)o(tly)m(,)-90 2503 y(a)16 b(secret)j(quan)o(tit)o(y)c(\(i.e.,)h
(a)g(k)o(ey\))h(m)o(ust)f(b)q(e)h(used)g(in)f(signature)h(computation)e(suc)o
(h)i(that)g(only)e(the)i(true)h(originator)d(can)i(pro)q(duce)-90
2552 y(gen)o(uine)d(signatures)h(and)e(all)g(recipien)o(ts)i(can)f(easily)g
(v)o(erify)f(them.)-28 2620 y(One)20 b(simple)d(solution)h(is)h(for)g(the)g
(source)h(to)f(sign)f(data)h(pac)o(k)o(ets)h(in)e(the)i(same)e(manner)g(as)h
(PR)f(setup)i(pac)o(k)o(ets,)h(i.e.,)d(using)-90 2670 y(public)d(k)o(ey)h
(signatures.)24 b(This)16 b(satis\014es)h(our)e(goals)g(in)g(that)h(there)h
(is)f(but)g(one)g(en)o(tit)o(y)f(able)h(to)f(generate)i(signatures)g(with)e
(a)g(giv)o(en)2028 2770 y(46)p eop
%%Page: 47 22
bop -90 -108 a Fx(k)o(ey)m(.)22 b(Moreo)o(v)o(er,)16 b(since)g(transit)f(ADs)
h(are)g(already)f(in)g(p)q(ossession)h(of)f(the)h(source's)g(public)f(k)o(ey)
h(\(after)g(pro)q(cessing)g(setup)g(pac)o(k)o(ets\),)-90 -59
y(signature)h(v)o(eri\014cation)g(requires)h(little)e(additional)f(w)o(ork.)
27 b(Alas,)17 b(all)e(the)j(b)q(ene\014ts)g(of)f(this)g(approac)o(h)f(are)i
(o)o(v)o(ershado)o(w)o(ed)f(b)o(y)f(the)-90 -9 y(high)d(cost)i(of)e(p)q(er)i
(pac)o(k)o(et)f(public)g(k)o(ey)g(encryption.)-28 59 y(Another)i(p)q
(ossibilit)o(y)e(is)h(for)g(the)h(source)g(to)f(main)o(tain)d(pairwise)j
(secret)i(k)o(eys)f(with)f(the)g(signature)h(v)o(eri\014ers,)g(i.e.,)e
(transit)h(ADs.)-90 109 y(Then,)g(ev)o(ery)h(data)f(pac)o(k)o(et)g(w)o(ould)f
(need)i(to)f(b)q(e)h(signed)f Fq(N)20 b Fx(times)14 b(\(where)i
Fq(N)k Fx(is)15 b(the)g(PR)g(length\))g(b)o(y)g(the)g(source)i(using)d(a)h
(di\013eren)o(t)-90 158 y(k)o(ey)g(eac)o(h)g(time.)j(This)c(implies)f
(signi\014can)o(t)h(o)o(v)o(erhead)h(for)f(long)f(PRs)i(in)f(terms)g(of)g
(encryption)h(and)f(added)h(length.)1795 143 y Ft(7)1833 158
y Fx(On)g(the)g(other)-90 208 y(hand,)e(the)i(securit)o(y)g(of)e(this)h
(metho)q(d)f(is)h(almost)e(as)i(strong)g(as)g(that)g(of)f(public)h(k)o(ey)f
(signatures.)1466 193 y Ft(8)-28 276 y Fx(Alternativ)o(ely)m(,)f(the)i
(source)g(can)f(distribute)h(a)f(secret)i(k)o(ey)e(during)g(PR)g(setup)h(to)f
(b)q(e)g(shared)h(b)o(y)f(all)f(in)o(terv)o(ening)h(ADs.)18
b(\(Thereb)o(y)-90 326 y(establishing)13 b(a)g(simple)e(group)i(c)o
(hannel\).)19 b(Then,)13 b(only)f(a)h(single)g(signature)h(w)o(ould)e(b)q(e)i
(computed)e(b)o(y)h(the)h(source)h(and)e(subsequen)o(tly)-90
376 y(v)o(eri\014ed)f(b)o(y)g(all)f(transit)h(ADs.)17 b(This)12
b(metho)q(d)f(is)h(e\016cien)o(t)g(in)g(terms)f(of)g(computation)g(and)g
(added)h(pac)o(k)o(et)h(length.)k(Ho)o(w)o(ev)o(er,)12 b(b)q(ecause)-90
425 y(the)j(k)o(ey)g(is)g(shared,)g(it)g(b)q(ecomes)g(p)q(ossible)g(for)f(an)
o(y)h(AD)f(along)g(the)h(route)h(to)e(masquerade)h(as)f(the)i(source)g(for)e
(the)i(duration)e(of)g(the)-90 475 y(PR.)f(Moreo)o(v)o(er,)h(the)h(k)o(ey)f
(m)o(ust)f(b)q(e)i(distributed)g(without)e(undue)i(disclosure,)f(i.e.,)f
(only)g(the)i(in)o(tended)f(recipien)o(ts)i(m)o(ust)d(b)q(e)h(able)g(to)-90
525 y(obtain)e(it.)18 b(Therefore,)c(the)g(k)o(ey)f(has)g(to)g(b)q(e)h
(encrypted)h Fq(N)j Fx(times,)11 b(once)j(for)f(eac)o(h)h(transit)f(AD.)f(Ho)
o(w)o(ev)o(er,)i(this)f(exp)q(ensiv)o(e)h(op)q(eration)-90
575 y(tak)o(es)g(place)g(only)f(once)i(p)q(er)g(PR,)e(at)h(setup)h(time.)-28
643 y(This)f(sub)r(ject)h(is)f(discussed)i(further)e(in)g(Section)g(4.3.)-90
773 y Fr(4.2.5.2)48 b(Signature)13 b(Co)o(v)o(erage)-90 867
y Fx(Indep)q(enden)o(t)j(of)d(the)i(signature)f(computation)f(metho)q(d,)f
(is)i(the)h(issue)g(of)e(signature)i(co)o(v)o(erage,)f(i.e.,)e(what)i(part)g
(of)g(a)f(pac)o(k)o(et)i(has)f(to)-90 917 y(b)q(e)i(signed.)23
b(Recall)15 b(that)g(an)g(IDPR-encapsulated)h(data)f(pac)o(k)o(et)h(consists)
h(of:)j(i\))15 b(net)o(w)o(ork-la)o(y)o(er)g(header,)i(ii\))d(PR)i(header,)g
(and)f(iii\))-90 967 y(data)f(segmen)o(t.)-28 1035 y(Maxim)o(um)f(protection)
j(against)f(tamp)q(ering)g(can)h(b)q(e)h(attained)f(only)f(if)g(the)i(en)o
(tire)g(pac)o(k)o(et)f(is)g Fw(c)n(over)n(e)n(d)g Fx(b)o(y)g(the)g
(signature.)25 b(De-)-90 1084 y(p)q(ending)16 b(on)f(the)h(signature)g(metho)
q(d)e(used,)j(this)e(ma)o(y)f(pro)o(v)o(e)i(to)f(b)q(e)h(prohibitiv)o(ely)e
(exp)q(ensiv)o(e.)24 b(Consequen)o(tly)m(,)16 b(transit)f(ADs)h(ma)o(y)-90
1134 y(not)e(care)h(ab)q(out)e(the)i(authen)o(ticit)o(y)f(of)f(the)h
Fw(entir)n(e)g Fx(pac)o(k)o(et.)-28 1202 y(One)h(inexp)q(ensiv)o(e)g
(alternativ)o(e)f(is)g(to)f(compute)h(signatures)h(o)o(v)o(er)f(the)g(net)o
(w)o(ork-la)o(y)o(er)g(header)h(only)m(.)i(Ho)o(w)o(ev)o(er,)d(since)h(a)f
(PR)g(ma)o(y)-90 1252 y(b)q(e)f(utilized)f(b)o(y)g(m)o(ultiple)e(end-system)i
(pairs,)g(assigning)g(signature)g(k)o(eys)h(p)q(er)g(end-system)g(pair)e
(complicates)h(signature)g(v)o(eri\014cation)-90 1302 y(in)k(transit)h(PGs.)
25 b(This)17 b(is)f(b)q(ecause)i(transit)f(ADs)f(main)o(tain)e(state)j(on)f
(a)g(p)q(er)i(PR,`not)d(p)q(er)i(end-system)g(pair,)f(basis.)26
b(T)m(o)15 b(remedy)-90 1351 y(this)g(scaling)g(issue,)h(a)f(single)g
(signature)g(k)o(ey)h(m)o(ust)e(b)q(e)i(shared)g(for)f(all)f(end-system)i
(pairs)f(utilizing)f(a)g(giv)o(en)h(PR.)g(\(Actually)m(,)f(since)-90
1401 y(signatures)g(are)g(alw)o(a)o(ys)e(generated)j(b)o(y)e(the)g(source)i
(PG,)e(little)f(additional)g(securit)o(y)i(is)f(a\013orded)h(b)o(y)f(using)g
(signature)g(k)o(eys)h(on)f(a)g(p)q(er)-90 1451 y(end-system)j(pair)f(basis,)
g(o)o(v)o(er)h(p)q(er)g(PR)g(signature)g(k)o(eys\).)23 b(If)15
b(the)i(source)f(PG)g(signs)f(the)i(net)o(w)o(ork-la)o(y)o(er)e(header,)h(an)
g(in)o(truder)g(can)-90 1501 y(still)f(tamp)q(er)f(with)i(the)g(data)f
(segmen)o(t.)22 b(The)16 b(utilit)o(y)e(of)h(this)h(t)o(yp)q(e)g(of)f(attac)o
(k)g(is)h(limited)d(since)j(the)g(in)o(truder)g(is)g(not)f(able)h(to)f(alter)
-90 1551 y(end-system)f(addressing)h(information.)-28 1618
y(Another)20 b(p)q(ossibilit)o(y)e(is)i(to)f(sign)g(only)f(the)i(PR)f
(header.)36 b(This)19 b(lea)o(v)o(es)g(the)h(net)o(w)o(ork-la)o(y)o(er)f
(header)h(and)f(the)h(data)f(segmen)o(t)-90 1668 y(unprotected,)d(but)f(w)o
(e)f(can)h(guaran)o(tee)g(that)f(pac)o(k)o(ets)h(will)e(tra)o(v)o(el)h(along)
g(established,)g(authorized)h(PRs.)20 b(The)15 b(exact)g(con)o(ten)o(ts)g(of)
f(a)-90 1718 y(PR)g(header)h(are)f(imp)q(ortan)o(t)e(in)h(assessing)i(the)g
(vulnerabilities)e(of)g(this)h(metho)q(d.)-28 1786 y(First,)g(w)o(e)g(supp)q
(ose)h(that)f(a)f(PR)h(header)h(con)o(tains)e(only)g(a)h(PR)f(iden)o
(ti\014er)i(that)e(helps)i(eac)o(h)f(transit)g(AD)g(lo)q(cate)g(the)g
(appropriate)-90 1835 y(en)o(try)i(in)f(its)g(PR)g(table.)23
b(Then,)15 b(all)g(pac)o(k)o(ets)h(b)q(elonging)e(to)h(a)g(giv)o(en)g(PR)g
(carry)h(the)g(same)f(PR)g(header)h(and)f(the)h(same)f(PR)g(header)-90
1885 y(signature.)31 b(An)18 b(in)o(truder)g(can)g(attac)o(k)g(in)g(t)o(w)o
(o)f(w)o(a)o(ys:)26 b(i\))18 b(mo)q(dify)d(data)j(segmen)o(ts)g(of)f
(existing)h(data)g(pac)o(k)o(ets,)h(and)f(ii\))f(inject)h(its)-90
1935 y(o)o(wn)d(data)g(pac)o(k)o(ets)h(complete)e(with)h(PR)g(headers)i
(copied)e(from)f(v)n(alid)g(data)g(pac)o(k)o(ets.)23 b(The)16
b(\014rst)g(attac)o(k)f(is)g(imp)q(ossible)f(to)h(coun)o(ter)-90
1985 y(with)h(this)g(metho)q(d)f(since)i(data)f(segmen)o(ts)g(are)h(not)f(co)
o(v)o(ered)h(b)o(y)f(the)h(signature.)25 b(W)m(e)16 b(can,)g(ho)o(w)o(ev)o
(er,)h(address)g(the)g(second)g(attac)o(k)-90 2035 y(b)o(y)d(making)e(eac)o
(h)j(PR)f(header)i(unique.)j(The)c(originator)e(PG)h(can)h(include)g(a)f
(unique)g(timestamp)e(in)i(the)h(PR)f(header)i(of)d(eac)o(h)i(data)-90
2084 y(pac)o(k)o(et,)e(whic)o(h)g(mak)o(es)f(the)i(signature)f(dep)q(enden)o
(t)i(on)e(the)h(pac)o(k)o(et)f(timestamp.)i(Hence,)g(eac)o(h)e(pac)o(k)o(et)h
(carries)g(a)f(distinct)g(signature.)-90 2134 y(F)m(urthermore,)i(if)f(w)o(e)
h(require)h(transit)f(PGs)g(to)g(record)h(and)f(k)o(eep)h(trac)o(k)f(of)f
(most)g(recen)o(t)j(pac)o(k)o(et)e(timestamps)e(on)i(a)g(p)q(er)h(PR)e
(basis,)-90 2184 y(duplicate)g(and)g(reordered)h(pac)o(k)o(ets)g(can)f(b)q(e)
h(easily)e(detected)j([72)o(])e(as)g(describ)q(ed)h(in)f(Section)g(4.2.5.4)d
(b)q(elo)o(w.)-28 2252 y(The)17 b(accomplishmen)o(t)d(of)i(this)h(metho)q(d)f
(amoun)o(ts)f(to)h(restricting)h(the)g(bandwidth)g(a)o(v)n(ailable)d(to)i(a)h
(p)q(oten)o(tial)e(in)o(truder)j(to,)e(at)-90 2302 y(most,)g
Fr(the)i(bandwidth)e(utilized)g(b)o(y)j(the)f(legitimat)o(e)e(tra\016c)j
(source)p Fx(.)26 b(In)16 b(other)i(w)o(ords,)f(an)f(in)o(truder)i(can)f
(still)f(in)o(tercept)-90 2351 y(ev)o(ery)c(legitimate)e(data)h(pac)o(k)o
(et,)h(substitute)h(\(or)f(otherwise)g(mangle\))e(its)i(data)f(segmen)o(t)g
(and)g(inject)h(it)g(bac)o(k)f(in)o(to)g(the)h(tra\016c)g(stream.)-90
2401 y(Suc)o(h)h(fraudulen)o(t)f(pac)o(k)o(ets)i(will)d(not)h(b)q(e)h
(detected)i(in)d(transit.)18 b(Ho)o(w)o(ev)o(er,)13 b(an)f(in)o(truder)h(is)g
Fw(unable)g Fx(to:)k(i\))12 b(create)i(its)f(o)o(wn)f(PR)g(headers,)p
-90 2484 864 2 v -44 2511 a Fj(7)-26 2522 y Fi(F)m(or)f(long)f(PRs,)i(the)e
(o)o(v)o(erhead)f(ma)o(y)i(actually)e(equal)h(or)h(exceed)f(that)h(of)g
(using)f(a)i(single)e(public)g(k)o(ey-based)e(signature!)-44
2550 y Fj(8)-26 2562 y Fi(Strictly)h(sp)q(eaking,)g(the)h(di\013erence)f(b)q
(et)o(w)o(een)h(them)g(is)h(t)o(w)o(ofold:)j(i\))d(public)f(k)o(ey)g
(encryption)e(is)j(generally)e(considered)g(more)h(resistan)o(t)f(to)i(attac)
o(ks,)e(and)-90 2601 y(ii\))h(public)g(k)o(ey)f(signatures)g(pro)o(vide)g
Fe(non-repuditation)f Fi(of)i(origin)g(\(signatures)e(generated)g(using)h(a)i
(shared)e(k)o(ey)h(can)g(not)g(b)q(e)h(unam)o(biguo)o(usl)o(y)d(attributed)
-90 2641 y(to)j(an)o(y)g(mem)o(b)q(er)e(of)i(the)g(group)f(that)g(shares)h
(the)g(k)o(ey\).)2028 2770 y Fx(47)p eop
%%Page: 48 23
bop -90 -108 a Fx(since)13 b(it)g(has)f(no)g(means)g(of)g(generating)h
(signatures,)g(and)f(ii\))g(use)h(an)o(y)f(of)g(the)h(captured)h(PR)e
(headers)i(more)e(than)g(once,)h(since)h(transit)-90 -59 y(PGs)g(can)g
(detect)i(duplicate)e(and)f Fw(stale)h Fx(PR)f(headers.)-28
9 y(Finally)m(,)d(b)q(oth)j(net)o(w)o(ork-la)o(y)o(er)f(and)g(PR)g(headers)i
(can)e(b)q(e)h(protected.)20 b(In)12 b(this)g(case,)i(the)e(destination)h
(stub)g(AD)f(is)g(assured)i(of)d(the)-90 59 y(addressing)16
b(authen)o(ticit)o(y)m(,)e(while)g(transit)i(ADs)f(are)g(satis\014ed)h(that)f
(pac)o(k)o(ets)h(\015o)o(w)f(along)f(authorized)h(PRs.)22 b(W)m(e)14
b(note)i(that,)f(insofar)-90 109 y(as)e(transit)f(ADs,)h(the)g(securit)o(y)h
(of)d(this)i(approac)o(h)g(gains)e(little)h(protection)h(o)o(v)o(er)g
(signatures)g(co)o(v)o(ering)g(only)e(the)i(PR)g(header)g(b)q(ecause)-90
158 y(net)o(w)o(ork-la)o(y)o(er)h(headers)h(are)f("transparen)o(t")h(to)e
(PGs.)-28 226 y(The)g(ab)q(o)o(v)o(e)f(discussion)g(leads)g(to)g(an)g(imp)q
(ortan)o(t)f(observ)n(ation)g(that)i(a)e(t)o(ypical)h(transit)g(AD)g(ma)o(y)e
(only)h(b)q(e)i(concerned)h(with)e(tra\016c)-90 276 y(not)j(violating)d(its)j
(p)q(olicies,)f(i.e.,)f(it)h(ma)o(y)f(not)h(care)i(ab)q(out)e(the)i(authen)o
(ticit)o(y)e(of)g(the)h(data)g(therein)g(as)g(m)o(uc)o(h)e(as)i(it)f(cares)i
(ab)q(out)e(the)-90 326 y(tra\016c)g(\015o)o(wing)e(to,)i(from)d(or)j
(through)g(appropriate)f(lo)q(cations.)18 b(In)c(other)g(w)o(ords,)f(as)h
(long)f(as)h(the)g(pac)o(k)o(et)g(indexes)g(a)g(v)n(alid)e(PR,)h(it)g(is)-90
376 y(authorized)h(to)g(tra)o(v)o(el)g(to)f(its)h(in)o(tended)h(destination.)
-28 443 y(T)m(o)f(summarize)f(our)i(discussion,)g(T)m(able)f(4.2.5.2)e
(illustrates)j(the)h(resilience)f(of)g(the)g(v)n(arious)f(signature)h(co)o(v)
o(erage)g(metho)q(ds)g(to)f(a)-90 493 y(range)g(of)f(hostile)h(attac)o(ks.)p
797 591 872 2 v 787 623 2 34 v 796 623 V 821 613 a Ft(Repla)o(y)p
945 623 V 51 w(Data)c(Segmen)o(t)p 1199 623 V 60 w(Addressing)p
1429 623 V 74 w(PR)i(header)p 1659 623 V 1667 623 V 787 656
V 796 656 V 945 656 V 983 646 a(mo)q(di\014cation)p 1199 656
V 62 w(mo)q(di\014cation)p 1429 656 V 50 w(mo)q(di\014cation)p
1659 656 V 1667 656 V 312 658 1356 2 v 312 660 V 311 691 2
34 v 320 691 V 345 681 a(None)p 787 691 V 796 691 V 439 w(N)p
945 691 V 177 w(N)p 1199 691 V 217 w(N)p 1429 691 V 196 w(N)1549
668 y Fd(\003)p 1659 691 V 1667 691 V 312 693 1356 2 v 311
726 2 34 v 320 726 V 345 716 a Ft(Net)o(w)o(ork)f(header)p
787 726 V 796 726 V 285 w(N)p 945 726 V 177 w(N)p 1199 726
V 217 w(Y)p 1429 726 V 196 w(N)1549 703 y Fd(\003)p 1659 726
V 1667 726 V 312 728 1356 2 v 311 761 2 34 v 320 761 V 345
751 a Ft(PR)h(header)p 787 761 V 796 761 V 360 w(N)p 945 761
V 177 w(N)p 1199 761 V 217 w(N)p 1429 761 V 204 w(Y)p 1659
761 V 1667 761 V 312 762 1356 2 v 311 796 2 34 v 320 796 V
345 786 a(PR)g(header)f(\(timestamp)q(ed\))p 787 796 V 796
796 V 137 w(Y)p 945 796 V 177 w(N)p 1199 796 V 217 w(N)p 1429
796 V 204 w(Y)p 1659 796 V 1667 796 V 312 797 1356 2 v 311
830 2 34 v 320 830 V 345 820 a(Net)o(w)o(ork)g(and)g(PR)h(headers)p
787 830 V 796 830 V 150 w(N)p 945 830 V 177 w(N)p 1199 830
V 217 w(Y)p 1429 830 V 204 w(Y)p 1659 830 V 1667 830 V 312
832 1356 2 v 311 865 2 34 v 320 865 V 345 855 a(Net)o(w)o(ork)f(and)g(PR)h
(headers)p 787 865 V 796 865 V 150 w(Y)p 945 865 V 177 w(N)p
1199 865 V 217 w(Y)p 1429 865 V 204 w(Y)p 1659 865 V 1667 865
V 311 899 V 320 899 V 345 889 a(\(timestamp)q(ed\))p 787 899
V 796 899 V 945 899 V 1199 899 V 1429 899 V 1659 899 V 1667
899 V 312 900 1356 2 v 311 933 2 34 v 320 933 V 345 923 a(En)o(tire)h(pac)o
(k)o(et)p 787 933 V 796 933 V 319 w(N)p 945 933 V 177 w(Y)p
1199 933 V 217 w(Y)p 1429 933 V 204 w(Y)p 1659 933 V 1667 933
V 312 935 1356 2 v 311 968 2 34 v 320 968 V 345 958 a(En)o(tire)g(pac)o(k)o
(et)e(\(timestamp)q(ed\))p 787 968 V 796 968 V 96 w(Y)p 945
968 V 177 w(Y)p 1199 968 V 217 w(Y)p 1429 968 V 204 w(Y)p 1659
968 V 1667 968 V 312 970 1356 2 v 312 972 V 521 1086 a Fx(T)m(able)i(4.1:)k
(Resilience)d(of)g(signature)g(co)o(v)o(erage)g(metho)q(ds)-28
1201 y(One)i(curious)f(detail)g(in)f(the)h(ab)q(o)o(v)o(e)g(table)g(is)g(the)
g(similarit)o(y)d(b)q(et)o(w)o(een)k(the)g(cases)g(of)e(no)h(signature)g
(protection)h(and)e(PR)h(header)-90 1250 y(signatures)21 b(\(without)g
(timestamps\).)37 b(These)22 b(t)o(w)o(o)e(metho)q(ds)g(di\013er)h(only)f
(insofar)g(as)h(PR)g(header)g(mo)q(di\014cation)e(is)h(concerned.)-90
1300 y(Ho)o(w)o(ev)o(er,)13 b(when)g(a)f(PR)h(header)h(do)q(es)f(not)g
(include)f(a)h(timestamp,)d(i.e.,)h(it)i(is)f(constan)o(t)h(for)g(the)g
(lifetime)e(of)h(a)g(giv)o(en)g(PR,)g(its)h(con)o(ten)o(ts)-90
1350 y(are)g(reduced)i(to)e(a)g(PR)g(handle)g(alluded)f(to)h(earlier.)18
b(A)13 b(PR)g(handle)g(is,)g(essen)o(tially)m(,)f(an)h(iden)o(ti\014er)g
(that)g(indexes)h(an)f(appropriate)g(PR)-90 1400 y(table)h(en)o(try)g(in)f
(eac)o(h)i(transit)f(PG.)471 1385 y Ft(9)502 1400 y Fx(If)g(the)g(in)o
(truder)h(mo)q(di\014es)d(the)j(unprotected)g(PR)f(handle)g(of)f(a)g(data)h
(pac)o(k)o(et,)f(when)i(this)f(pac)o(k)o(et)-90 1450 y(reac)o(hes)h(its)f
(next-hop)g(PG,)g(t)o(w)o(o)f(outcomes)h(are)g(p)q(ossible:)-39
1545 y(1.)20 b(The)14 b(mo)q(di\014ed)e(PR)h(handle)g(can)g(not)h(b)q(e)g
(mapp)q(ed)e(in)o(to)h(a)g(v)n(alid)e(PR)i(en)o(try)h(and)g(the)g(PG)f(is)g
(forced)h(to)f(discard)h(the)g(pac)o(k)o(et.)k(In)14 1595 y(this)c(case,)g(w)
o(e)g(conclude)h(that)f(the)g(attac)o(k)g(did)g(not)f(succeed.)-39
1675 y(2.)20 b(The)d(mo)q(di\014ed)e(PR)i(handle)f(is)h(mapp)q(ed)e(in)o(to)h
(a)h(v)n(alid)e(PR)h(en)o(try)h(and)g(the)g(PG)g(switc)o(hes)g(the)h
("fraudulen)o(t")e(pac)o(k)o(et)h(to)f(the)14 1725 y(next)e(hop)g(\(sp)q
(eci\014ed)h(in)f(the)g(en)o(try\).)-90 1820 y(The)i(in)o(truder's)h(goal)d
(in)h(this)h(attac)o(k)g(is)g(to)f(generate)i(fraudulen)o(t)f(pac)o(k)o(et)g
(tra\016c,)g(sp)q(eci\014cally)m(,)g(to)f(send)i(pac)o(k)o(ets)f(along)f(PRs)
h(that)-90 1870 y(it)f(has)g(no)g(authorit)o(y)f(to)h(use.)23
b(But,)15 b(ev)o(en)h(if)e(data)h(pac)o(k)o(ets)h(carry)g(signed)f(PR)g
(headers)h(\(without)f(timestamps\),)e(the)j(in)o(truder)g(can)-90
1920 y(ac)o(hiev)o(e)j(the)g(same)f(result)i(b)o(y)e(recording)h(PR)g
(headers)h(\(along)e(with)g(the)h(corresp)q(onding)h(signatures\))g(of)e(gen)
o(uine)h(pac)o(k)o(ets)g(and)-90 1970 y(comp)q(osing)11 b(an)o(y)g(n)o(um)o
(b)q(er)h(of)g(fraudulen)o(t)g(pac)o(k)o(ets)h(b)o(y)f(concatenating)g(an)o
(y)g(recorded)i(PR)e(header)h(with)f(an)g(arbitrary)g(data)g(segmen)o(t.)-90
2020 y(Consequen)o(tly)m(,)i(as)h(long)e(as)i(data)f(pac)o(k)o(ets)i(do)e
(not)g(carry)i Fw(unique)f Fx(PR)f(headers,)i(PR)e(header)i(signatures)f(do)f
(not)h(con)o(tribute)g(to)f(the)-90 2069 y(securit)o(y)h(of)e(the)i(proto)q
(col.)345 2054 y Ft(10)-90 2198 y Fr(4.2.5.3)48 b(Signature)13
b(V)l(eri\014cation)-90 2293 y Fx(Another)h(factor)g(con)o(tributing)f(to)h
(b)q(oth)f(the)h(securit)o(y)h(and)e(the)h(o)o(v)o(erhead)g(is)g(the)g
(question)g(of)f(who)g(c)o(hec)o(ks)i(the)f(signature)g(and)f(ho)o(w)-90
2343 y(often.)-90 2467 y Fr(Endp)q(oin)o(t)39 b Fx(If)11 b(authen)o(ticating)
h(data)f(in)h(transit)g(is)g(prohibitiv)o(ely)e(exp)q(ensiv)o(e,)j
(end-to-end)g(data)e(in)o(tegrit)o(y)h(similar)d(to)j(that)g(in)f
Fw(Visa)-90 2517 y Fx(proto)q(col)16 b(ma)o(y)e(b)q(e)j(appropriate.)25
b(Ev)o(ery)17 b(data)f(pac)o(k)o(et)g(is)g(signed)h(at)f(the)h(source)g(but)f
(is)h(c)o(hec)o(k)o(ed)g(only)e(at)h(the)h(destination.)25
b(This)p -90 2592 864 2 v -44 2619 a Fj(9)-26 2630 y Fi(See)10
b(Section)g(4.3.4)g(b)q(elo)o(w.)-59 2658 y Fj(10)-26 2670
y Fi(The)h(only)f(b)q(ene\014t)g(a\013orded)f(b)o(y)i(header)f(signatures)f
(is)i(the)g(abilit)o(y)e(to)i(detect)f(non-malicio)o(us)f(header)g(mo)q
(di\014cation)o(s,)g(e.g.,)h(those)h(due)f(to)h(noisy)f(lines.)2028
2770 y Fx(48)p eop
%%Page: 49 24
bop -90 -108 a Fx(approac)o(h)18 b(has)g(limitatio)o(ns,)e(most)h(notably)g
(the)i(fact)f(that)g(an)f(in)o(truder)i(lo)q(cated)f(at)g(some)f(p)q(oin)o(t)
g(along)g(the)i(route)f(can)g(mo)q(dify)-90 -59 y(data)13 b(in)g(eac)o(h)g
(pac)o(k)o(et)h(and)f(the)h(forgery)f(will)f(not)h(b)q(e)h(detected)h(un)o
(til)d(the)i(pac)o(k)o(et)g(reac)o(hes)h(the)e(destination)g(AD.)g(This)g
(can)g(result)h(in)-90 -9 y(unauthorized)d(use)g(of)f(transit)g(resources)j
(and)d(inappropriate)g(billing)e(of)i(the)h(source.)18 b(On)10
b(the)h(other)g(hand,)f(p)q(er)i(pac)o(k)o(et)e(latency)h(is)f(lo)o(w)-90
41 y(and)h(indep)q(enden)o(t)h(of)f(the)h(PR's)f(length.)17
b(This)11 b(approac)o(h)g(pro)o(vides)g(prev)o(en)o(tativ)o(e)h(con)o(trol)f
(for)g(stub)g(ADs,)h(but)f(only)f(detection-based)-90 91 y(con)o(trol)k(for)f
(transit)h(ADs.)-90 217 y Fr(F)l(ull)f(T)l(ransit)40 b Fx(In)13
b(en)o(vironmen)o(ts)g(where)h(securit)o(y)g(concerns)h(out)o(w)o(eigh)e(the)
h(o)o(v)o(erhead)g(of)e(extra)i(pro)q(cessing,)g(the)g(data)f(p)q(ortion)g
(of)-90 266 y(ev)o(ery)k(pac)o(k)o(et)f(is)g(sub)r(ject)h(to)f(forgery)g(and)
f(m)o(ust)g(b)q(e)i(c)o(hec)o(k)o(ed)g(\(for)e(authen)o(ticit)o(y)h(and)g(in)
o(tegrit)o(y\))f(at)h(eac)o(h)g(hop)g(on)g(its)f(w)o(a)o(y)h(to)f(the)-90
316 y(destination.)i(Ev)o(ery)d(data)e(pac)o(k)o(et)h(is)g(signed)g(at)f(the)
h(source)h(and)f(c)o(hec)o(k)o(ed)h(at)e(eac)o(h)h(AD)g(hop)f(en)i(route.)k
(The)13 b(proto)q(col)f(for)h(this)g(class)-90 366 y(of)h(en)o(vironmen)o(t)f
(has)i(the)g(highest)f(o)o(v)o(erhead,)h(commensurate)e(with)h(securit)o(y)h
(requiremen)o(ts.)20 b(The)15 b(p)q(er-pac)o(k)o(et)g(pro)q(cessing)h(in)e
(this)-90 416 y(v)n(arian)o(t)f(is)h(similar)d(to)j(transit)g
Fw(Visa)f Fx(proto)q(col.)670 401 y Ft(11)-90 542 y Fr(Designated)g(T)l
(ransit)40 b Fx(If)13 b(Endp)q(oin)o(t)g(exp)q(oses)i(transit)f(resources)i
(to)e(excessiv)o(e)h(misuse,)e(y)o(et)h(F)m(ull)e(T)m(ransit)h(is)h(to)q(o)f
(exp)q(ensiv)o(e,)h(the)-90 591 y(source)h(AD)e(can)h(designate)g(at)f(PR)h
(setup)g(time)e(a)h(sp)q(eci\014c)i(transit)f(AD)g(to)f(p)q(erform)g(data)g
(in)o(tegrit)o(y)g(c)o(hec)o(ks.)19 b(Ev)o(ery)14 b(data)f(pac)o(k)o(et)h(is)
-90 641 y(still)d(signed)g(at)h(the)g(source,)h(but)f(only)e(one)i(transit)g
(and)f(the)h(destination)g(c)o(hec)o(k)g(the)g(signature.)18
b(The)12 b(p)q(ositioning)e(of)h(the)h(designated)-90 691 y(AD)j(in)f(the)i
(PR)e(is)h(imp)q(ortan)o(t:)j(ha)o(ving)c(it)h(to)q(o)f(close)i(to)e
Fq(AD)908 697 y Fp(sr)q(c)973 691 y Fx(is)g(almost)f(equiv)n(alen)o(t)i(to)f
(no)h(c)o(hec)o(king)g(at)g(all,)e(whereas)k(ha)o(ving)c(it)-90
741 y(to)q(o)i(close)h(to)g Fq(AD)203 747 y Fp(dst)267 741
y Fx(is)f(equiv)n(alen)o(t)g(to)g(the)i(Endp)q(oin)o(t)e(v)n(arian)o(t.)22
b(The)16 b(designated)g(AD)g(can)g(b)q(e)g(reassigned)h(from)c(time)i(to)g
(time)f(in)-90 791 y(order)h(to)e(reduce)j(the)e(c)o(hance)h(of)f(its)f
(exploitation)g(b)o(y)h(an)f(in)o(truder.)-90 916 y Fr(P)o(atterned)39
b Fx(Instead)15 b(of)f(eac)o(h)h(transit)f(AD)h(ha)o(ving)e(to)h(authen)o
(ticate)h(eac)o(h)g(pac)o(k)o(et,)g(it)f(ma)o(y)e(su\016ce)k(to)e(authen)o
(ticate)h(ev)o(ery)h Fq(m)p Fx(-th)-90 966 y(pac)o(k)o(et.)i(In)11
b(the)h(simplest)e(v)o(ersion)i(of)e(this)i(patterned)g(authen)o(tication)f
(sc)o(heme,)h Fq(AD)1271 972 y Fp(sr)q(c)1332 966 y Fx(w)o(ould)e(c)o(ho)q
(ose)i Fq(m)g Fx(at)f(random)f(from)f(a)i(lo)q(cally)-90 1016
y(de\014ned)k(range)f(of)f(v)n(alues)h(and)f(then)i(sp)q(ecify)f
Fq(m)g Fx(during)g(route)g(setup.)19 b(In)14 b(this)g(sc)o(heme)g(only)f(1)p
Fq(=)p Fw(m)j Fx(data)e(pac)o(k)o(ets)g(are)h(signed)f(at)f(the)-90
1066 y(source)i(and)f(the)g(same)f(1)p Fq(=)p Fw(m)k Fx(pac)o(k)o(ets)e(are)f
(c)o(hec)o(k)o(ed.)-28 1134 y(T)m(ransit)h(ADs)g(w)o(ould)f(either)h(accept)h
(or)f(reject)h(the)g(prop)q(osed)f Fq(m)p Fx(.)21 b(If)15 b(all)e(ADs)i
(accept)h(the)g(prop)q(osed)f(v)n(alue)f(for)h Fq(m)p Fx(,)g(then)g(ev)o(ery)
-90 1183 y(AD)h(will)f(c)o(hec)o(k)i(data)f(in)o(tegrit)o(y)f(of)h(ev)o(ery)h
Fq(m)p Fx(-th)f(pac)o(k)o(et.)25 b(If)16 b(an)o(y)g(AD)g(do)q(es)h(not)f
(accept)h Fq(m)g Fx(\(if)e(it)h(is)g(considered)h(to)q(o)f(large)g(or)g(to)q
(o)-90 1233 y(small\))10 b(then)j(the)g(source)h(and)e(all)f(other)i(ADs)f(m)
o(ust)g(c)o(ho)q(ose)h(a)f(di\013eren)o(t)h(m.)j(In)c(return)i(for)e(reduced)
i(o)o(v)o(erhead,)e(if)g(the)h(v)n(alue)e(for)h(m)f(is)-90
1283 y(disco)o(v)o(ered)j(b)o(y)f(an)g(in)o(truder)h(then)g
Fw(\(m-1\)/m)f Fx(of)g(the)h(PR's)f(bandwidth)g(can)g(b)q(e)h(abused.)19
b(Moreo)o(v)o(er,)13 b(the)h(sync)o(hronization)f(inheren)o(t)-90
1333 y(to)h(this)g(proto)q(col)f(implies)f(that)i(care)h(m)o(ust)e(b)q(e)h
(tak)o(en)g(to)g(reco)o(v)o(er)h(from)d(lost)i(and)g(out-of-order)f(pac)o(k)o
(ets.)-28 1400 y(Alternativ)o(ely)m(,)h(instead)g(of)g(the)h(source)h(c)o(ho)
q(osing)f Fq(m)f Fx(,)h(ev)o(ery)g(transit)g Fq(AD)1181 1406
y Fp(i)1209 1400 y Fx(can)g(c)o(ho)q(ose)g(its)g(o)o(wn)f Fq(m)1600
1406 y Fp(i)1629 1400 y Fx(and)g(elect)i(not)e(to)g(disclose)-90
1450 y(it.)19 b(Or,)14 b(a)g(transit)h Fq(AD)278 1456 y Fp(i)307
1450 y Fx(could)f(c)o(ho)q(ose)h(to)f(authen)o(ticate)h(eac)o(h)g(pac)o(k)o
(et)g(with)f(probabilit)o(y)e Fq(p)1393 1456 y Fp(i)1407 1450
y Fx(.)19 b(In)c(this)f(sc)o(heme)g(all)f(data)h(pac)o(k)o(ets)i(are)-90
1500 y(signed)e(at)g(the)g(source,)h(but)f(only)f(1)p Fq(=m)p
Fx(-th)h(\(or)g Fq(p)p Fx(\045\))g(of)f(the)i(pac)o(k)o(ets)f(are)h(c)o(hec)o
(k)o(ed)g(p)q(er)g(AD)e(hop.)18 b(This)c(metho)q(d)f(has)h(the)h(adv)n(an)o
(tage)-90 1550 y(of)e(b)q(eing)h(\015exible)g(and)g(robust)g(in)g(that)g(co)q
(ordination)f(among)e(transit)k(ADs)f(is)f(not)h(required.)-28
1618 y(An)19 b(imp)q(ortan)o(t)e(disadv)n(an)o(tage)h(common)e(to)j(all)e
Fw(p)n(atterne)n(d)i Fx(v)n(arian)o(ts)f(stems)h(from)e(the)i(p)q(oten)o
(tially)f(large)g(v)n(ariance)h(in)f(dela)o(y)-90 1667 y(b)q(et)o(w)o(een)13
b("c)o(hec)o(k)o(ed")g(and)f("unc)o(hec)o(k)o(ed")h(pac)o(k)o(ets.)18
b(Applications)11 b(exp)q(ecting)i(little)e(v)n(ariance)h(in)f(dela)o(y)h
(\(e.g.,)f(pac)o(k)o(etized)i(v)o(oice\))f(ma)o(y)-90 1717
y(therefore)j(su\013er.)-90 1843 y Fr(Round)e(Robin)40 b Fx(This)12
b(sc)o(heme)h(ac)o(hiev)o(es)h(constan)o(t)g(p)q(er)f(pac)o(k)o(et)h(o)o(v)o
(erhead)f(b)o(y)g(using)f Fw(r)n(ound-r)n(obin)h Fx(data)g(authen)o
(tication.)k(T)m(ransit)-90 1893 y(ADs)g(tak)o(e)g(turn)h(authen)o(ticating)e
(pac)o(k)o(ets.)28 b(In)17 b(general,)h(pac)o(k)o(et)f(n)o(um)o(b)q(er)f(K)h
(is)g(authen)o(ticated)h(b)o(y)f(a)f(PG)h(in)g Fq(AD)1798 1900
y Ft([)p Fp(K)r(modM)s Ft(])1964 1893 y Fx(where)-90 1943 y
Fq(M)j Fx(is)c(the)g(n)o(um)o(b)q(er)f(of)f(ADs)i(in)f(the)h(PR.)f(All)g
(data)g(pac)o(k)o(ets)h(are)g(signed)g(at)f(the)h(source)h(but)f(only)f(one)g
(c)o(hec)o(k)i(is)e(done)h(en)g(route)g(to)-90 1992 y(the)f(destination.)j
(Destination)13 b(c)o(hec)o(king)i(can)f(b)q(e)g(added)h(for)e(extra)i
(assurance)g(at)f(the)h(cost)g(of)e(a)h(single)f(additional)g(decryption)h(b)
o(y)-90 2042 y(the)h(destination.)i(Moreo)o(v)o(er,)d(unlik)o(e)g(Source)h(P)
o(atterned)g(v)n(arian)o(t,)d(lost)i(and)g(out-of-order)f(pac)o(k)o(ets)i
(can)f(b)q(e)h(accommo)q(dated)c(easily)m(.)-90 2092 y(On)17
b(the)h(other)f(hand,)g(AD)g(indep)q(endence)i(m)o(ust)d(b)q(e)i
(sacri\014ced)g(due)g(to)e(the)i(co)q(ordination)e(required)i(to)f(set)h(up)f
(the)g(round-robin)-90 2142 y(arrangemen)o(t.)24 b(While)15
b(this)h(approac)o(h)g(b)q(ene\014ts)i(from)c(fair)i(sharing)f(of)h
(encryption)g(costs)i(among)c(transit)i(ADs,)g(it)g(is)g(only)f(w)o(orth)-90
2192 y(considering)f(in)g(cases)h(when)f(the)h(n)o(um)o(b)q(er)e(of)g
(transit)h(ADs)g(is)g(large,)f(i.e.,)g(the)h(PR)g(is)f(long.)-90
2322 y Fr(4.2.5.4)48 b(Prev)o(en)o(tin)o(g)13 b(Repla)o(y)i(of)g(Data)h(P)o
(ac)o(k)o(ets)-90 2416 y Fx(The)e(\014nal)g(t)o(yp)q(e)g(of)f(attac)o(k)h
(considered)h(is)f(the)h(repla)o(y)e(of)h(data)f(pac)o(k)o(ets:)-90
2484 y Fr(T)o(yp)q(e)j(4.)22 b Fw(A)o(n)15 b(intruder)g(c)n(an)h(r)n(eplay)e
(pr)n(eviously)h(r)n(e)n(c)n(or)n(de)n(d)g(data)g(p)n(ackets,)g(which)g(c)n
(an)h(le)n(ad)f(to)g(unjusti\014e)n(d)h(char)n(ging)f(and/or)h(denial)-90
2534 y(of)f(servic)n(e.)p -90 2614 864 2 v -59 2641 a Fj(11)-26
2653 y Fi(Ho)o(w)o(ev)o(er,)10 b(the)h(F)m(ull)g(T)m(ransit)g(approac)o(h)e
(a)o(v)o(oids)h(the)h(p)q(er-session)e(setup)h(dialog)g(asso)q(ciated)f(with)
i(visa)g(acquisition.)2028 2770 y Fx(49)p eop
%%Page: 50 25
bop -28 -108 a Fx(There)12 b(are)f(other,)g(more)f(serious)h(threats)g(p)q
(osed)h(b)o(y)e(malicious)e(repla)o(y)m(.)16 b(Ho)o(w)o(ev)o(er,)11
b(w)o(e)g(are)g(concerned)h(primarily)c(with)i(protecting)-90
-59 y(net)o(w)o(ork-la)o(y)o(er)h(resources;)j(other)d(repla)o(y)g(attac)o
(ks)h(are)f(assumed)g(to)g(b)q(e)g(handled)g(b)o(y)g(the)h(end-p)q(oin)o(ts.)
17 b(Also,)11 b(w)o(e)g(only)g(need)h(to)f(protect)-90 -9 y(against)j(repla)o
(y)o(ed)h(pac)o(k)o(ets)g(within)f(the)h(life-span)f(of)g(the)i(asso)q
(ciated)f(PR.)f(After)h(a)g(PR)f(expires)i(or)e(is)h(closed)g(all)f(pac)o(k)o
(ets)h(carrying)-90 41 y(the)f(expired)h(PR)f(iden)o(ti\014er)g(will)e(not)i
(b)q(e)h(pro)q(cessed.)-28 109 y(Tw)o(o)j(sources)i(of)e(repla)o(y)g(deserv)o
(e)i(equal)e(consideration.)31 b(The)19 b(\014rst)g(is)f(acciden)o(tal)h
(repla)o(y)f(due)h(to)f(a)g(misb)q(eha)o(ving)e(mac)o(hine)-90
158 y(stuttering)h(and)e(generating)i(repla)o(y)o(ed)f(pac)o(k)o(ets.)24
b(The)17 b(second)g(is)e(malicious)f(repla)o(y)i(due)g(to)g(an)f(in)o(truder)
i(in)o(ten)o(tionally)d(repla)o(ying)-90 208 y(prerecorded)19
b(pac)o(k)o(ets)e(in)f(order)h(to)f(den)o(y)g(resources)j(\(or)d(in\015ate)g
(costs\))i(to)e(the)h(righ)o(tful)e(o)o(wner.)25 b(Neither)17
b(kind)f(of)g(repla)o(y)g(can)g(b)q(e)-90 258 y(handled)e(on)g(a)f(purely)h
(end-to-end)h(basis)f(b)q(ecause)i(b)o(y)d(the)i(time)e(a)g(duplicate)h(pac)o
(k)o(et)h(is)e(disco)o(v)o(ered,)i(the)f(resources)j(are)d(consumed)-90
308 y(and)e(asso)q(ciated)h(c)o(harges)h(are)e(incurred,)i(e.g.,)d(the)i
(bill)e(re\015ects)j(the)f(repla)o(y)o(ed)g(pac)o(k)o(et)g(and)f(the)h(righ)o
(tful)e(user)i(of)f(the)h(a\017icted)f(c)o(harge)-90 358 y(co)q(de)j(can)f
(no)f(longer)h(obtain)f(service)j(due)e(to)g(an)f(o)o(v)o(erdra)o(wn)h
(accoun)o(t.)-28 425 y(In)e(some)e(circumstances,)i(the)g(p)q(ost)g(facto)f
(approac)o(h)g(of)g(repla)o(y)g(detection)i(and)e(cost)h(reco)o(v)o(ery)g(ma)
o(y)e(b)q(e)i(adequate.)17 b(This)11 b(includes)-90 475 y(auditing)g(pac)o(k)
o(et)h(coun)o(ts,)h(setting)f(a)g(limit)d(on)j(the)h(n)o(um)o(b)q(er)e(of)g
(pac)o(k)o(ets)i(that)f(can)g(use)h(a)f(PR)f(and)h(other)h(ad)f(ho)q(c)g
(metho)q(ds.)17 b(Ho)o(w)o(ev)o(er,)-90 525 y(in)d(sensitiv)o(e)i(en)o
(vironmen)o(ts,)e(more)f(aggressiv)o(e)i(prev)o(en)o(tion)h(is)e(required,)i
(alb)q(eit)e(at)h(some)f(cost.)21 b(Since)15 b(our)g(goal)e(is)i(to)g
(analyze)f(the)-90 575 y(implications)d(of)i(secure)j(con)o(trol)e(of)f
(transit)h(tra\016c,)g(w)o(e)g(presen)o(t)h(a)f(metho)q(d)f(for)h(prev)o(en)o
(ting)g(repla)o(y)m(.)-28 643 y(There)i(are)f(t)o(w)o(o)g(basic)g(approac)o
(hes)g(for)g(coun)o(tering)g(repla)o(y)f(attac)o(ks:)20 b(i\))15
b(nonce)g(iden)o(ti\014ers,)g(and)g(ii\))f(timestamps.)1840
627 y Ft(12)1894 643 y Fx(The)h(main)-90 692 y(disadv)n(an)o(tage)f(of)h
(using)g(nonces)i(is)e(the)h(di\016cult)o(y)e(in)h(their)h(v)o
(eri\014cation.)22 b(In)16 b(particular,)f(eac)o(h)h(relev)n(an)o(t)f(en)o
(tit)o(y)g(\(eac)o(h)h(PG,)f(in)g(our)-90 742 y(case\))i(needs)h(to)d(k)o
(eep)i(a)f(complete)f(history)h(of)g(past)g(nonces)h(whic)o(h)f(mak)o(es)f
(the)i(v)o(eri\014cation)e(ine\016cien)o(t.)25 b(Timestamps)14
b(are)i(m)o(uc)o(h)-90 792 y(b)q(etter)d(suited)f(for)f(this)g(application.)
16 b(First,)11 b(clo)q(c)o(ks)h(need)g(not)g(b)q(e)f(con)o(tin)o(uously)g
(sync)o(hronized)i(b)q(et)o(w)o(een)f(the)g(source)h(and)e(the)h(transit)-90
842 y(PGs.)24 b(This)16 b(is)g(b)q(ecause)i(a)d(PR)h(setup)h(pac)o(k)o(et)f
(is)g(timestamp)q(ed;)f(its)h(timestamp)e(can)i(b)q(e)g(used)h(as)f(a)g
Fw(lower-b)n(ound)g Fx(for)f(subsequen)o(t)-90 892 y(data)f(pac)o(k)o(ets)i
(in)e(all)f(in)o(terv)o(ening)h(PGs.)20 b(\(It)15 b(can)g(also)f(serv)o(e)i
(as)e(an)h(indication)e(of)h(the)h(clo)q(c)o(k)g(sk)o(ew\).)20
b(F)m(urthermore,)14 b(if)g(in)o(terv)o(ening)-90 941 y(PGs)g(main)o(tain)d
(a)j(more)f Fw(curr)n(ent)g Fx(lo)o(w)o(er-b)q(ound)g(timestamp)f(\()p
Fq(t)931 947 y Fp(low)q(er)1017 941 y Fx(\),)i(opp)q(ortunities)g(for)f
(repla)o(y)h(can)g(b)q(e)h(reduced)g(further.)-28 1009 y(Consider)g(the)f
(follo)o(wing)d(proto)q(col:)-39 1103 y(1.)20 b(When)14 b(a)h(PR)f(is)g
(issued,)h(the)g(originator)f(PG)g(timestamps)e(the)k(PR)e(setup)h(pac)o(k)o
(et,)g(and)f(distributes)i(the)f(timestamp,)d Fq(t)1976 1109
y Fp(setup)2058 1103 y Fx(,)14 1153 y(in)h(a)g(secure)j(fashion)d(to)h(all)e
(in)o(terv)o(ening)i(PGs)g(in)f(transit)h(ADs.)k(All)13 b(transit)h(PGs)g
(initialize)e(their)i Fq(t)1644 1159 y Fp(low)q(er)1744 1153
y Fx(v)n(alues)f(for)g(this)h(PR)14 1203 y(to)g Fq(t)80 1209
y Fp(setup)162 1203 y Fx(.)-39 1283 y(2.)20 b(When)e(a)g(data)f(pac)o(k)o(et)
i(is)f(sen)o(t,)h(the)f(originating)f(\(\014rst-hop\))h(PG,)g(timestamps)e
(its)i(PR)f(header.)32 b(\(Let)18 b Fq(t)1779 1289 y Fp(data)1865
1283 y Fx(denote)h(this)14 1333 y(v)n(alue\).)-39 1412 y(3.)h(When)12
b(this)h(data)f(pac)o(k)o(et)h(reac)o(hes)g(a)g(transit)f(PG,)g(its)g(PR)g
(header)i(is)e(examined)f(and)h(the)h Fq(t)1476 1418 y Fp(data)1556
1412 y Fx(is)f(compared)g(to)g Fq(t)1848 1418 y Fp(low)q(er)1934
1412 y Fx(.)18 b(Three)14 1462 y(outcomes)13 b(are)h(p)q(ossible:)31
1542 y(\(a\))21 b Fq(t)120 1548 y Fp(data)200 1542 y Fq(<)13
b(t)260 1548 y Fp(low)q(er)346 1542 y Fx(.)20 b(The)14 b(di\013erence)j(b)q
(et)o(w)o(een)e(the)g(t)o(w)o(o)f(v)n(alues)h(is)f(examined.)k(If)c(it)g(is)g
(small,)e(i.e.,)h(less)i(than)g(some)e(\(lo)q(cally)105 1592
y(de\014ned\))i(threshold,)f Fq(del)q(ta)549 1598 y Fp(t)564
1592 y Fx(,)f(the)i(pac)o(k)o(et)f(can)g(b)q(e)h(forw)o(arded.)j(Otherwise,)d
(the)f(pac)o(k)o(et)h(is)e(discarded.)29 1655 y(\(b\))21 b
Fq(t)120 1661 y Fp(data)206 1655 y Fq(>)d(t)271 1661 y Fp(low)q(er)357
1655 y Fx(.)29 b(In)17 b(that)h(case,)h(the)f(pac)o(k)o(et)g(is)g(forw)o
(arded)f(and)h Fq(t)1203 1661 y Fp(low)q(er)1306 1655 y Fx(is)g(set)g(to)g
Fq(t)1490 1661 y Fp(data)1557 1655 y Fx(.)30 b(Of)17 b(course,)i(a)f(PG)f(ma)
o(y)f(get)105 1705 y(suspicious)f(if)e(the)h(di\013erence)i(is)e(to)q(o)f
(large.)34 1768 y(\(c\))21 b Fq(t)120 1774 y Fp(data)200 1768
y Fx(=)12 b Fq(t)259 1774 y Fp(low)q(er)345 1768 y Fx(.)19
b(This)14 b(can)g(o)q(ccur)h(when)g(t)o(w)o(o)e(successiv)o(e)k(data)c(pac)o
(k)o(ets)i(b)q(elonging)e(to)h(the)h(same)e(PR)h(stream)g(carry)g(the)105
1818 y(same)e(timestamp.)k(T)m(o)c(distinguish)g(b)q(et)o(w)o(een)j(suc)o(h)f
(pac)o(k)o(ets,)f(it)g(w)o(ould)f(b)q(e)i(necessary)h(to)d(k)o(eep)i
(additional)d(information,)105 1868 y(e.g.,)j(a)h(pac)o(k)o(et)g(signature,)h
(for)e(the)i(last)f(data)g(pac)o(k)o(et)g(pro)q(cessed.)24
b(Ho)o(w)o(ev)o(er,)15 b(it)g(is)g(desirable)g(for)g(the)h(clo)q(c)o(k)f
(rate)g(to)g(b)q(e)105 1917 y(at)f(least)g(as)g(fast)g(as)g(the)g(maxim)n(um)
c(pac)o(k)o(et)k(rate.)19 b(This)14 b(w)o(ould)f(preclude)i(duplicate)f
(timestamps)d(on)j(data)g(pac)o(k)o(ets.)-90 2012 y(This)h(proto)q(col)h
(prev)o(en)o(ts)h(most,)d(but)i(not)f(all,)f(repla)o(y)h(attac)o(ks.)24
b(In)15 b(order)h(to)g(prev)o(en)o(t)g(all)e(repla)o(y)i(attac)o(ks,)f
Fq(del)q(ta)1767 2018 y Fp(t)1798 2012 y Fx(v)n(alues)g(m)o(ust)f(b)q(e)-90
2062 y(set)h(to)f(zero)h(in)e(all)g(transit)h(PGs,)g(whic)o(h)g(w)o(ould)f
(essen)o(tially)h(disallo)o(w)e(an)o(y)i(out-of-order)g(data)f(pac)o(k)o
(ets.)19 b(This)14 b(is)g(a)g(c)o(hoice)g(that)g(will)-90 2111
y(not)g(b)q(e)g(practical)g(for)g(in)o(ternet)o(w)o(ork)g(en)o(vironmen)o(ts)
f(where)i(out-of-order)f(pac)o(k)o(ets)h(are)f(a)f(frequen)o(t)i(o)q
(ccurrence.)-90 2265 y Fs(4.3)70 b(Proto)r(col)22 b(Description)-90
2374 y Fx(Based)15 b(on)e(the)i(ab)q(o)o(v)o(e)e(discussion)h(of)f(securit)o
(y)i(issue,)f(this)g(section)g(describ)q(es)i(the)f(secure)g(p)q(olicy)e
(routing)h(proto)q(col.)j(The)e(follo)o(wing)-90 2424 y(design)f(c)o(hoices)h
(are)f(made:)-28 2518 y Fu(\017)21 b Fx(All)13 b(PR)g(setup)i(con)o(trol)e
(pac)o(k)o(ets)i(are)f(protected)h(b)o(y)f(signatures)g(computed)f(with)g
(the)i(priv)n(ate)e(k)o(ey)h(of)f(the)h(originating)e(en)o(tit)o(y)m(.)p
-90 2592 864 2 v -59 2619 a Fj(12)-26 2631 y Fi(It)h(can)f(b)q(e)h(argued)f
(that)g(timestamps)e(of)k(su\016cien)o(t)e(width)h(and)f(gran)o(ularit)o(y)e
(are)j(nonces)f(as)h(w)o(ell.)21 b(Ho)o(w)o(ev)o(er,)13 b(a)h
Ff(true)g Fi(nonce)d(is)j(a)f(randomly)e(c)o(hosen)-90 2670
y(n)o(um)o(b)q(er)e(that)i(is)g(hard)g(to)g(predict.)2028 2770
y Fx(50)p eop
%%Page: 51 26
bop -28 -108 a Fu(\017)21 b Fx(A)13 b(secret)i(k)o(ey)f(is)f(distributed)h
(to)f(all)f(in)o(terv)o(ening)h(PGs)g(as)g(part)h(of)e(PR)h(setup.)19
b(\(This)14 b(k)o(ey)f(is)g(subsequen)o(tly)h(used)g(to)f(compute)14
-59 y(data)g(pac)o(k)o(et)h(signatures\).)19 b(As)14 b(describ)q(ed)i(in)d
(Section)h(4.2.5.1,)d(the)j(k)o(ey)g(is)g(enciphered)h Fq(N)k
Fx(times,)12 b(once)i(for)g(eac)o(h)g(in)o(terv)o(ening)14
-9 y(AD)f(using)h(that)g(AD's)g(public)f(k)o(ey)m(.)-28 74
y Fu(\017)21 b Fx(Data)14 b(pac)o(k)o(et)i(signatures)g(can)f(b)q(e)h
(computed)e(a)h(range)g(of)g(signature)g(metho)q(ds.)21 b(The)16
b(particular)f(metho)q(d,)f(is)h(negotiated)g(at)14 124 y(the)f(time)f(of)g
(PR)h(setup.)-28 207 y Fu(\017)21 b Fx(Signatures)13 b(co)o(v)o(er)g(either)h
(the)g(en)o(tire)f(pac)o(k)o(et)g(or)g(only)f(the)i(\(timestamp)q(ed\))d(PR)i
(header.)19 b(The)13 b(c)o(hoice)g(is)g(made)f(at)h(the)g(time)f(of)14
257 y(PR)h(setup.)-28 340 y Fu(\017)21 b Fx(A)14 b(transit)g(ADs)g(is)g(free)
g(to)g(c)o(ho)q(ose)h(on)e(a)h(p)q(er)h(PR)e(basis)h(whether)i(or)d(not)h(to)
g(authen)o(ticate)h(data)e(pac)o(k)o(ets.)-28 423 y Fu(\017)21
b Fx(All)12 b(pac)o(k)o(ets)h(\(con)o(trol)g(and)f(data\))g(are)i(timestamp)q
(ed)c(at)j(the)g(origin.)k(No)12 b(t)o(w)o(o)g(pac)o(k)o(et)h(of)f(the)i
(same)d(origin)h(and)g(t)o(yp)q(e)h(can)g(b)q(ear)14 473 y(iden)o(tical)g
(timestamps.)j(Clo)q(c)o(ks)e(are)g(assumed)g(to)f(nev)o(er)i(run)f(bac)o(kw)
o(ards.)-90 574 y(After)g(describing)f(proto)q(col)g(participan)o(ts)g(and)g
(pac)o(k)o(et)h(handling)d(rules)j(in)f(the)g(next)h(t)o(w)o(o)f(sections,)h
(proto)q(col)e(details)h(are)h(presen)o(ted)-90 623 y(in)f(Sections)i(4.3.3)d
(and)i(4.3.4.)-90 762 y Fv(4.3.1)55 b(P)n(articipan)n(ts)-90
856 y Fx(P)o(olicy)11 b(Gatew)o(a)o(ys)h(\(PGs\))g(are)h(the)f(principal)f
(participan)o(ts)h(in)g(b)q(oth)g(PR)g(setup)h(and)f(pac)o(k)o(et)g(forw)o
(arding)f(proto)q(cols.)18 b(In)12 b(PR)f(setup,)i(a)-90 906
y(Route)f(Serv)o(er)i(\(RS\))e(is)h(initially)d(consulted)j(for)f(a)g(route,)
h(ho)o(w)o(ev)o(er,)g(the)g(PG-RS)f(in)o(teraction)g(is)h(strictly)f(in)o
(tra-AD,)g(whic)o(h)g(mak)o(es)f(it)-90 956 y(of)g(little)g(in)o(terest)i(in)
f(the)g(con)o(text)h(of)e(our)h(discussion.)18 b(Unlik)o(e)11
b Fw(Visa)g Fx(proto)q(col,)h(end-systems)g(need)h(not)f(b)q(e)g(in)o(v)o
(olv)o(ed)f(in)g(the)i(proto)q(col;)-90 1006 y(PR)h(setup)h(and)e(PR-based)h
(pac)o(k)o(et)h(forw)o(arding)e(are)h(completely)f(transparen)o(t)i(to)e
(them.)-28 1074 y(With)h(resp)q(ect)i(to)d(a)h(single)g(PR,)f(there)i(are)f
(three)h(t)o(yp)q(es)g(of)e(PGs:)1034 1058 y Ft(13)-28 1174
y Fu(\017)21 b Fr(Originator)13 b Fx(is)j(the)g(\014rst)h(PG)f(in)g(a)g(PR.)f
(Its)h(task)h(is)f(to)g(asso)q(ciate)g(outgoing)f(pac)o(k)o(ets)i(with)f
(appropriate)g(PRs.)25 b(When)16 b(the)14 1224 y(originator)d(receiv)o(es)k
(a)d(data)h(pac)o(k)o(et)g(it)f(\014rst)i(lo)q(oks)e(up)h(the)g(source)i(and)
d(destination)h(net)o(w)o(ork)g(addresses)i(in)d(its)h(end-system)14
1274 y(table.)21 b(Eac)o(h)16 b(en)o(try)g(in)e(this)h(table)g(p)q(oin)o(ts)g
(to)g(a)g(PR)g(en)o(try)h(in)e(the)i(PR)f(table.)22 b(Using)15
b(the)g(information)e(from)g(the)j(PR)f(table,)14 1324 y(the)f(originator)f
(constructs)j(a)d(PR)h(header)h(and)f(attac)o(hes)g(it)g(to)g(the)g(pac)o(k)o
(et.)-28 1407 y Fu(\017)21 b Fr(T)l(ransit)12 b Fx(is)h(an)o(y)g(in)o
(termediate)g(PG)h(in)f(a)h(PR.)f(A)g(transit)h(PG's)g(main)d(task)j(is)g(to)
f(route)h(data)g(pac)o(k)o(ets)g(to)g(next-hop)g(adjacen)o(t)14
1457 y(PGs.)21 b(Eac)o(h)16 b(data)f(pac)o(k)o(et)g(carries)h(a)f(PR)g
(handle)g(\(see)h(b)q(elo)o(w\))f(whic)o(h)g(a)g(PG)g(uses)h(to)f(lo)q(okup)f
(a)h(corresp)q(onding)h(en)o(try)f(in)g(its)14 1507 y(PR)e(table.)18
b(Eac)o(h)d(en)o(try)f(con)o(tains)g(\(among)e(other)i(things\))g(the)h
(next-hop)f(PG)f(address.)-28 1590 y Fu(\017)21 b Fr(T)l(arget)13
b Fx(is)h(the)h(last)f(PG)g(in)g(a)g(PR.)f(Its)i(task)f(is)g(complemen)o
(tary)e(to)i(that)g(of)g(the)h(originator)e(PG,)g(i.e.,)g(it)h(has)g(to)g
(remo)o(v)o(e)f(PR)14 1639 y(headers)i(from)d(data)i(pac)o(k)o(ets)g(and)g
(forw)o(ard)g(them)f(to)g(the)i(destination)f(end-systems.)-90
1740 y(In)g(summary)m(,)c(the)15 b(requiremen)o(ts)f(for)g(a)f(PG)h(are)g(as)
g(follo)o(ws:)-28 1841 y Fu(\017)21 b Fx(main)o(tenance)13
b(of)g(activ)o(e)h(PRs)-28 1924 y Fu(\017)21 b Fx(main)o(tenance)13
b(of)g(lo)q(cal)g(PTs)i(\(for)e(v)n(alidating)f(SETUP)i(pac)o(k)o(ets\))-28
2007 y Fu(\017)21 b Fx(a)13 b(means)g(for)h(computing)e(and)i(v)o(erifying)f
(public)g(k)o(ey)h(signatures)h(\(for)e(all)g(con)o(trol)h(pac)o(k)o(ets\))
-28 2090 y Fu(\017)21 b Fx(supp)q(ort)14 b(for)g(a)g(range)g(of)f(signature)h
(metho)q(ds)-90 2191 y(The)i(ab)q(o)o(v)o(e)f(is)g(in)g(addition)g(to)g(the)h
(more)e(traditional)g(routing-related)i(requiremen)o(ts,)f(e.g.,)g
(monitoring)e(the)j(reac)o(habilit)o(y)e(status)-90 2241 y(of)f(adjacen)o(t)h
(PGs:)212 2226 y Ft(14)p -90 2321 864 2 v -59 2348 a Fj(13)-26
2360 y Fi(See)c(also)h(Figure)f(4.1.)-59 2388 y Fj(14)-26 2399
y Fi(Only)i(PGs)g(in)g(stub)f(ADs)i(are)f(exp)q(ected)d(to)j(compute)e
(routes.)17 b(Also,)12 b(since)f(lo)q(cal)g(p)q(olicy)g(serv)o(es)g(as)h(one)
g(of)g(the)f(inputs)g(to)h(route)f(computation)o(,)f(ADs)-90
2439 y(are)h(exp)q(ected)e(to)i(use)g(di\013eren)o(t)e(pro)q(cedures)g(for)i
(route)f(selection.)j(\(See)d([84)o(,)i(28)o(])g(for)f(more)f(information)o
(\).)2028 2770 y Fx(51)p eop
%%Page: 52 27
bop 150 -150 a
 26049576 28417720 0 0 40258437 52099153 startTexFig
150 -150 a
%%BeginDocument: path.ps
/FMversion (2.0) def 
/FrameDict 170 dict def 
systemdict /errordict known not { /errordict 10 dict def
		errordict /rangecheck { stop } put } if
FrameDict /tmprangecheck errordict /rangecheck get put 
errordict /rangecheck {FrameDict /bug true put} put 
FrameDict /bug false put 
mark 
currentfile 5 string readline
00
0000000000
cleartomark 
errordict /rangecheck FrameDict /tmprangecheck get put 
FrameDict /bug get { 
	/readline {
		/gstring exch def
		/gfile exch def
		/gindex 0 def
		{
			gfile read pop 
			dup 10 eq {exit} if 
			dup 13 eq {exit} if 
			gstring exch gindex exch put 
			/gindex gindex 1 add def 
		} loop
		pop 
		gstring 0 gindex getinterval true 
		} def
	} if
/FMVERSION {
	FMversion ne {
		/Times-Roman findfont 18 scalefont setfont
		100 100 moveto
		(FrameMaker version does not match postscript_prolog!)
		dup =
		show showpage
		} if
	} def 
/FMLOCAL {
	FrameDict begin
	0 def 
	end 
	} def 
	/gstring FMLOCAL
	/gfile FMLOCAL
	/gindex FMLOCAL
	/orgxfer FMLOCAL
	/orgproc FMLOCAL
	/organgle FMLOCAL
	/orgfreq FMLOCAL
	FrameDict /graymode true put
	/yscale FMLOCAL
	/xscale FMLOCAL
	/PrintInColor systemdict /colorimage known def
PrintInColor 
	
	{
	/HUE 0 def
	/SAT 0 def
	/BRIGHT 0 def
	% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
	/Colors   
	[[0    0  ]    % black
	 [0    0  ]    % white
	 [0.00 1.0]    % red
	 [0.37 1.0]    % green
	 [0.60 1.0]    % blue
	 [0.50 1.0]    % cyan
	 [0.83 1.0]    % magenta
	 [0.16 1.0]    % comment
	 ] def
      
	/BEGINBITMAPCOLOR { 
		BITMAPCOLOR } def
	/BEGINBITMAPCOLORc { 
		BITMAPCOLORc } def
	/K { 
		Colors exch get dup
		0 get /HUE exch store 
		1 get /BRIGHT exch store
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} def
	/mysetgray { 
		/SAT exch 1.0 exch sub store 
		  HUE 0 eq BRIGHT 0 eq and
			{1.0 SAT sub setgray }
			{HUE SAT BRIGHT sethsbcolor } 
		  ifelse
		} bind def
	}
	
	{
	/BEGINBITMAPCOLOR { 
		BITMAPGRAY } def
	/BEGINBITMAPCOLORc { 
		BITMAPGRAYc } def
	/mysetgray { setgray } bind def
	/K { 
		pop
		} def
	}
ifelse
/max	{2 copy lt {exch} if pop} bind def
/min	{2 copy gt {exch} if pop} bind def
/mtx matrix defaultmatrix def
/setmanualfeed {
	 statusdict /manualfeed true put
	} def
/FMDOCUMENT { 
	array /FMfonts exch def
	/#copies exch def
	0 ne dup {setmanualfeed} if
	FrameDict begin
	/manualfeed exch def
	/paperheight exch def
	/paperwidth exch def
	setpapername
	manualfeed {true} {papersize} ifelse 
	{manualpapersize} {false} ifelse 
	{desperatepapersize} if
	/yscale exch def
	/xscale exch def
	currenttransfer cvlit /orgxfer exch def
	currentscreen cvlit /orgproc exch def
	/organgle exch def /orgfreq exch def
	end 
	} def 
	/pagesave FMLOCAL
	/orgmatrix FMLOCAL
	/landscape FMLOCAL
/FMBEGINPAGE {  
	FrameDict begin 
	/pagesave save def
	3.86 setmiterlimit
	/landscape exch 0 ne store
	landscape { 
		90 rotate 0 exch neg translate pop 
		}
		{ pop pop }
		ifelse
	xscale yscale scale
	/orgmatrix matrix def
	gsave 
	} def 
/FMENDPAGE {
	grestore 
	pagesave restore
	end 
	showpage
	} def 
	/fontname FMLOCAL
	/fontscale FMLOCAL
	/fontnum FMLOCAL
	/fontdict FMLOCAL
/FMDEFINEFONT {
	FrameDict begin
	/fontname exch def
	/fontscale exch def
	/fontnum exch def
	/fontdict fontname findfont fontscale scalefont def
	fontdict /Encoding get StandardEncoding eq
	{
		fontdict DiacriticEncode 
		/fontdict exch def
	} {
		fontdict NonDiacriticEncode
		/fontdict exch def
	} ifelse
	FMfonts fontnum
		fontnum fontdict definefont
	put
	end 
	} def 
/FMNORMALIZEGRAPHICS { 
	newpath
	0.0 0.0 moveto
	1 setlinewidth
	0 setlinecap
	0 mysetgray
	} bind def
/FMBEGINEPSF { 
	end 
	/FMEPSF save def
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall 
	fx fy translate 
	rotate
	fw urx llx sub div fh ury lly sub div scale 
	llx neg lly neg translate 
	} bind def
/FMENDEPSF {
	FMEPSF restore
	FrameDict begin 
	} bind def
FrameDict begin 
/pagedimen { 
	paperheight sub abs 16 lt exch 
	paperwidth sub abs 16 lt and
	{/papername exch def} {pop} ifelse
	} def
/inch {72 mul} def
/setpapername { 
	/papersizedict 14 dict def 
	papersizedict begin
	/papername /unknown def 
		/Letter 8.5 inch 11.0 inch pagedimen
		/LetterSmall 7.68 inch 10.16 inch pagedimen
		/Tabloid 11.0 inch 17.0 inch pagedimen
		/Ledger 17.0 inch 11.0 inch pagedimen
		/Legal 8.5 inch 14.0 inch pagedimen
		/Statement 5.5 inch 8.5 inch pagedimen
		/Executive 7.5 inch 10.0 inch pagedimen
		/A3 11.69 inch 16.5 inch pagedimen
		/A4 8.26 inch 11.69 inch pagedimen
		/A4Small 7.47 inch 10.85 inch pagedimen
		/B4 10.125 inch 14.33 inch pagedimen
		/B5 7.16 inch 10.125 inch pagedimen
	end
	} def
/papersize {
	papersizedict begin
		/Letter {lettertray} def
		/LetterSmall {lettertray lettersmall} def
		/Tabloid {11x17tray} def
		/Ledger {ledgertray} def
		/Legal {legaltray} def
		/Statement {statementtray} def
		/Executive {executivetray} def
		/A3 {a3tray} def
		/A4 {a4tray} def
		/A4Small {a4tray a4small} def
		/B4 {b4tray} def
		/B5 {b5tray} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	statusdict begin stopped end 
	} def
/manualpapersize {
	papersizedict begin
		/Letter {letter} def
		/LetterSmall {lettersmall} def
		/Tabloid {11x17} def
		/Ledger {ledger} def
		/Legal {legal} def
		/Statement {statement} def
		/Executive {executive} def
		/A3 {a3} def
		/A4 {a4} def
		/A4Small {a4small} def
		/B4 {b4} def
		/B5 {b5} def
		/unknown {unknown} def
	papersizedict dup papername known {papername} {/unknown} ifelse get
	end
	stopped 
	} def
/desperatepapersize {
	statusdict /setpageparams known
		{
		paperwidth paperheight 0 1 
		statusdict begin
		{setpageparams} stopped pop 
		end
		} if
	} def
/savematrix {
	orgmatrix currentmatrix pop
	} bind def
/restorematrix {
	orgmatrix setmatrix
	} bind def
/dmatrix matrix def
/dpi    72 0 dmatrix defaultmatrix dtransform
    dup mul exch   dup mul add   sqrt def
/freq dpi 18.75 div 8 div round dup 0 eq { pop 1 } if 8 mul dpi exch div def
/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
/DiacriticEncoding [
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
/numbersign /dollar /percent /ampersand /quotesingle /parenleft
/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
/two /three /four /five /six /seven /eight /nine /colon /semicolon
/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
/udieresis /dagger /.notdef /cent /sterling /section /bullet
/paragraph /germandbls /registered /copyright /trademark /acute
/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
/periodcentered /quotesinglbase /quotedblbase /perthousand
/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
] def
	/basefontdict FMLOCAL
	/newfontdict FMLOCAL
/DiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{dup /Encoding eq
			{exch pop DiacriticEncoding}
			{exch}
			ifelse
			newfontdict 3 1 roll put
			}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
/NonDiacriticEncode {
	/basefontdict exch def
	/newfontdict basefontdict maxlength dict def
	basefontdict
	{exch dup /FID ne
		{exch newfontdict 3 1 roll put}
		{pop pop}
		ifelse
		} forall
	newfontdict
	} bind def
	/bwidth FMLOCAL
	/bpside FMLOCAL
	/bstring FMLOCAL
	/onbits FMLOCAL
	/offbits FMLOCAL
	/xindex FMLOCAL
	/yindex FMLOCAL
	/x FMLOCAL
	/y FMLOCAL
/setpattern {
	 /bwidth  exch def
	 /bpside  exch def
	 /bstring exch def
	 /onbits 0 def  /offbits 0 def
	 freq sangle landscape {90 add} if 
		{/y exch def
		 /x exch def
		 /xindex x 1 add 2 div bpside mul cvi def
		 /yindex y 1 add 2 div bpside mul cvi def
		 bstring yindex bwidth mul xindex 8 idiv add get
		 1 7 xindex 8 mod sub bitshift and 0 ne
		 {/onbits  onbits  1 add def 1}
		 {/offbits offbits 1 add def 0}
		 ifelse
		}
		setscreen
	 {} settransfer
	 offbits offbits onbits add div mysetgray
	/graymode false store
	} bind def
/grayness {
	mysetgray
	graymode not {
		/graymode true store
		orgxfer cvx settransfer
		orgfreq organgle orgproc cvx setscreen
		} if
	} bind def
/normalize {
	transform round exch round exch itransform
	} bind def
/dnormalize {
	dtransform round exch round exch idtransform
	} bind def
/lnormalize { 
	0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
	} bind def
/H { 
	lnormalize setlinewidth
	} bind def
/Z { 
	setlinecap
	} bind def
/X { 
	fillprocs exch get exec
	} bind def
/V { 
	gsave eofill grestore
	} bind def
/N { 
	stroke
	} bind def
/M {newpath moveto} bind def
/E {lineto} bind def
/D {curveto} bind def
/O {closepath} bind def
	/n FMLOCAL
/L { 
 	/n exch def
	newpath
	normalize
	moveto 
	2 1 n {pop normalize lineto} for
	} bind def
/Y { 
	L 
	closepath
	} bind def
	/x1 FMLOCAL
	/x2 FMLOCAL
	/y1 FMLOCAL
	/y2 FMLOCAL
	/rad FMLOCAL
/R { 
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	x1 y1
	x2 y1
	x2 y2
	x1 y2
	4 Y 
	} bind def
/RR { 
	/rad exch def
	normalize
	/y2 exch def
	/x2 exch def
	normalize
	/y1 exch def
	/x1 exch def
	newpath
	x1 y1 rad add moveto
	x1 y2 x2 y2 rad arcto
	x2 y2 x2 y1 rad arcto
	x2 y1 x1 y1 rad arcto
	x1 y1 x1 y2 rad arcto
	closepath
	16 {pop} repeat
	} bind def
/C { 
	grestore
	gsave
	R 
	clip
	} bind def
/U { 
	grestore
	gsave
	} bind def
/F { 
	FMfonts exch get
	setfont
	} bind def
/T { 
	moveto show
	} bind def
/RF { 
	rotate
	0 ne { -1 1 scale } if
	} bind def
/TF { 
	gsave
	moveto 
	RF
	show
	grestore
	} bind def
/P { 
	moveto
	0 32 3 2 roll widthshow
	} bind def
/PF { 
	gsave
	moveto 
	RF
	0 32 3 2 roll widthshow
	grestore
	} bind def
/S { 
	moveto
	0 exch ashow
	} bind def
/SF { 
	gsave
	moveto
	RF
	0 exch ashow
	grestore
	} bind def
/B { 
	moveto
	0 32 4 2 roll 0 exch awidthshow
	} bind def
/BF { 
	gsave
	moveto
	RF
	0 32 4 2 roll 0 exch awidthshow
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/dx FMLOCAL
	/dy FMLOCAL
	/dl FMLOCAL
	/t FMLOCAL
	/t2 FMLOCAL
	/Cos FMLOCAL
	/Sin FMLOCAL
	/r FMLOCAL
/W { 
	dnormalize
	/dy exch def
	/dx exch def
	normalize
	/y  exch def
	/x  exch def
	/dl dx dx mul dy dy mul add sqrt def
	dl 0.0 gt {
		/t currentlinewidth def
		savematrix
		/Cos dx dl div def
		/Sin dy dl div def
		/r [Cos Sin Sin neg Cos 0.0 0.0] def
		/t2 t 2.5 mul 3.5 max def
		newpath
		x y translate
		r concat
		0.0 0.0 moveto
		dl t 2.7 mul sub 0.0 rlineto
		stroke
		restorematrix
		x dx add y dy add translate
		r concat
		t 0.67 mul setlinewidth
		t 1.61 mul neg  0.0 translate
		0.0 0.0 moveto
		t2 1.7 mul neg  t2 2.0 div     moveto
		0.0 0.0 lineto
		t2 1.7 mul neg  t2 2.0 div neg lineto
		stroke
		t setlinewidth
		restorematrix
		} if
	} bind def
/G { 
	gsave
	newpath
	normalize translate 0.0 0.0 moveto 
	dnormalize scale 
	0.0 0.0 1.0 5 3 roll arc 
	closepath fill
	grestore
	} bind def
/A { 
	gsave
	savematrix
	newpath
	2 index 2 div add exch 3 index 2 div sub exch 
	normalize 2 index 2 div sub exch 3 index 2 div add exch 
	translate 
	scale 
	0.0 0.0 1.0 5 3 roll arc 
	restorematrix
	stroke
	grestore
	} bind def
	/x FMLOCAL
	/y FMLOCAL
	/w FMLOCAL
	/h FMLOCAL
	/xx FMLOCAL
	/yy FMLOCAL
	/ww FMLOCAL
	/hh FMLOCAL
	/FMsaveobject FMLOCAL
	/FMoptop FMLOCAL
	/FMdicttop FMLOCAL
/BEGINPRINTCODE { 
	/FMdicttop countdictstack 1 add def 
	/FMoptop count 4 sub def 
	/FMsaveobject save def
	userdict begin 
	/showpage {} def 
	FMNORMALIZEGRAPHICS 
	3 index neg 3 index neg translate
	} bind def
/ENDPRINTCODE {
	count -1 FMoptop {pop pop} for 
	countdictstack -1 FMdicttop {pop end} for 
	FMsaveobject restore 
	} bind def
/gn { 
	0 
	{	46 mul 
		cf read pop 
		32 sub 
		dup 46 lt {exit} if 
		46 sub add 
		} loop
	add 
	} bind def
	/str FMLOCAL
/cfs { 
	/str sl string def 
	0 1 sl 1 sub {str exch val put} for 
	str def 
	} bind def
/ic [ 
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
	0
	{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
	{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
	{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
	{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
	{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
	{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
	{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
	{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
	{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
	] def
	/sl FMLOCAL
	/val FMLOCAL
	/ws FMLOCAL
	/im FMLOCAL
	/bs FMLOCAL
	/cs FMLOCAL
	/len FMLOCAL
	/pos FMLOCAL
/ms { 
	/sl exch def 
	/val 255 def 
	/ws cfs 
	/im cfs 
	/val 0 def 
	/bs cfs 
	/cs cfs 
	} bind def
400 ms 
/ip { 
	is 
	0 
	cf cs readline pop 
	{	ic exch get exec 
		add 
		} forall 
	pop 
	
	} bind def
/wh { 
	/len exch def 
	/pos exch def 
	ws 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/bl { 
	/len exch def 
	/pos exch def 
	bs 0 len getinterval im pos len getinterval copy pop
	pos len 
	} bind def
/s1 1 string def
/fl { 
	/len exch def 
	/pos exch def 
	/val cf s1 readhexstring pop 0 get def
	pos 1 pos len add 1 sub {im exch val put} for
	pos len 
	} bind def
/hx { 
	3 copy getinterval 
	cf exch readhexstring pop pop 
	} bind def
	/h FMLOCAL
	/w FMLOCAL
	/d FMLOCAL
	/lb FMLOCAL
	/bitmapsave FMLOCAL
	/is FMLOCAL
	/cf FMLOCAL
/wbytes {  
	dup 
	8 eq { pop } { 1 eq { 7 add 8 idiv } { 3 add 4 idiv } ifelse } ifelse
	} bind def
/BEGINBITMAPBWc { 
	1 {} COMMONBITMAPc
	} bind def
/BEGINBITMAPGRAYc { 
	8 {} COMMONBITMAPc
	} bind def
/BEGINBITMAP2BITc { 
	2 {} COMMONBITMAPc
	} bind def
/COMMONBITMAPc { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	r                    
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} image 
	bitmapsave restore 
	grestore
	} bind def
/BEGINBITMAPBW { 
	1 {} COMMONBITMAP
	} bind def
/BEGINBITMAPGRAY { 
	8 {} COMMONBITMAP
	} bind def
/BEGINBITMAP2BIT { 
	2 {} COMMONBITMAP
	} bind def
/COMMONBITMAP { 
	/r exch def
	/d exch def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	r                    
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } image
	bitmapsave restore 
	grestore
	} bind def
/Fmcc {
    /proc2 exch cvlit def
    /proc1 exch cvlit def
    /newproc proc1 length proc2 length add array def
    newproc 0 proc1 putinterval
    newproc proc1 length proc2 putinterval
    newproc cvx
} bind def
/colorsetup {
	currentcolortransfer
	/gryt exch def
	/blut exch def
	/grnt exch def
	/redt exch def
	/ngrayt 256 array def
	/nredt 256 array def
	/nbluet 256 array def
	/ngreent 256 array def
	0 1 255 {
		/indx exch def
		/cynu 1 red indx get 255 div sub def
		/magu 1 green indx get 255 div sub def
		/yelu 1 blue indx get 255 div sub def
		/k cynu magu min yelu min def
		/u k currentundercolorremoval exec def
		nredt indx 1 0 cynu u sub max sub redt exec put
		ngreent indx 1 0 magu u sub max sub grnt exec put
		nbluet indx 1 0 yelu u sub max sub blut exec put
		ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
	} for
	{255 mul cvi nredt exch get}
	{255 mul cvi ngreent exch get}
	{255 mul cvi nbluet exch get}
	{255 mul cvi ngrayt exch get}
	setcolortransfer
	{pop 0} setundercolorremoval
	{} setblackgeneration
	} bind def
/fakecolorsetup {
	/tran 256 string def
	0 1 255 { /ind exch def 
		tran ind
		red ind get 77 mul
		green ind get 151 mul
		blue ind get 28 mul
		add add 256 idiv put } for
	currenttransfer
	{ 255 mul cvi tran exch get 255.0 div }
	exch Fmcc settransfer
} bind def
/BITMAPCOLOR { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/bitmapsave save def 
	colorsetup
	/is w d wbytes string def
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ cf is readhexstring pop } {is} {is} true 3 colorimage 
	bitmapsave restore 
	grestore
	} bind def
/BITMAPCOLORc { 
	/d 8 def
	gsave
	translate rotate scale /h exch def /w exch def
	/lb w d wbytes def 
	sl lb lt {lb ms} if 
	/bitmapsave save def 
	colorsetup
	/is im 0 lb getinterval def 
	ws 0 lb getinterval is copy pop 
	/cf currentfile def 
	w h d [w 0 0 h neg 0 h] 
	{ip} {is} {is} true 3 colorimage
	bitmapsave restore 
	grestore
	} bind def
/BITMAPGRAY { 
	8 {fakecolorsetup} COMMONBITMAP
	} bind def
/BITMAPGRAYc { 
	8 {fakecolorsetup} COMMONBITMAPc
	} bind def
/ENDBITMAP {
	} bind def
end 
(2.0) FMVERSION
1 1  2 2  0 1 3 FMDOCUMENT
/fillprocs 32 array def
fillprocs 0 { 0.000000 grayness } put
fillprocs 1 { 0.100000 grayness } put
fillprocs 2 { 0.300000 grayness } put
fillprocs 3 { 0.500000 grayness } put
fillprocs 4 { 0.700000 grayness } put
fillprocs 5 { 0.900000 grayness } put
fillprocs 6 { 0.970000 grayness } put
fillprocs 7 { 1.000000 grayness } put
fillprocs 8 {<0f1e3c78f0e1c387> 8 1 setpattern } put
fillprocs 9 {<0f87c3e1f0783c1e> 8 1 setpattern } put
fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
fillprocs 12 {<8142241818244281> 8 1 setpattern } put
fillprocs 13 {<03060c183060c081> 8 1 setpattern } put
fillprocs 14 {<8040201008040201> 8 1 setpattern } put
fillprocs 15 {} put
fillprocs 16 { 1.000000 grayness } put
fillprocs 17 { 0.900000 grayness } put
fillprocs 18 { 0.700000 grayness } put
fillprocs 19 { 0.500000 grayness } put
fillprocs 20 { 0.300000 grayness } put
fillprocs 21 { 0.100000 grayness } put
fillprocs 22 { 0.030000 grayness } put
fillprocs 23 { 0.000000 grayness } put
fillprocs 24 {<f0e1c3870f1e3c78> 8 1 setpattern } put
fillprocs 25 {<f0783c1e0f87c3e1> 8 1 setpattern } put
fillprocs 26 {<3333333333333333> 8 1 setpattern } put
fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
fillprocs 29 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
fillprocs 30 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
fillprocs 31 {} put
0 36 /Times-Roman FMDEFINEFONT
1 18 /Times-Roman FMDEFINEFONT
2 24 /Times-Roman FMDEFINEFONT
612 792 0 FMBEGINPAGE
0 0 612 792 C
0 0 612 792 R
7 X
0 K
V
501.94 356.73 M
 556.27 362.6 556.27 362.6 559.03 391.09 D
 561.8 419.58 561.8 419.58 527.72 458.13 D
5 H
2 Z
3 X
N
465.14 630.6 353.07 546.83 2 L
N
262.64 672.85 274.39 693.43 2 L
N
297.89 560.92 249.08 638.28 2 L
4 H
8 X
N
512.13 608.65 525.69 500.84 2 L
N
269.87 238.3 240.8 236.66 148.74 237.36 3 L
N
476.88 289.33 M
 457.89 314.84 459.7 343.65 330.44 257.23 D
7 X
V
5 H
3 X
N
102.64 253.94 135.18 316.49 2 L
N
147.84 359.28 211.11 407.84 2 L
4 H
10 X
N
236.39 754.12 M
 312.07 761.03 312.07 761.03 390.21 744.46 D
 468.35 727.89 468.35 727.89 452.66 716.15 D
 436.97 704.41 436.97 704.41 403.43 702.34 D
 369.9 700.27 369.9 700.27 337.29 700.27 D
 304.68 700.27 304.68 700.27 280.69 706.83 D
 256.69 713.39 256.69 713.39 241.31 717.88 D
 225.93 722.36 225.93 722.36 229.01 738.24 D
 232.08 754.12 232.08 754.12 241.31 754.81 D
0 X
N
395.88 232.83 M
 397.83 239.54 397.83 239.54 413.44 257.44 D
 429.05 275.34 429.05 275.34 462.21 266.39 D
 495.38 257.44 495.38 257.44 520.75 250.73 D
 546.11 244.02 546.11 244.02 555.87 244.02 D
 565.63 244.02 565.63 244.02 555.87 228.35 D
 546.11 212.69 546.11 212.69 532.45 201.51 D
 518.8 190.32 518.8 190.32 495.38 194.79 D
 471.97 199.27 471.97 199.27 471.97 192.56 D
 471.97 185.85 471.97 185.85 431 183.61 D
 390.02 181.34 390.02 181.34 388.07 205.98 D
 386.12 230.59 386.12 230.59 390.02 228.35 D
 393.93 226.12 393.93 226.12 395.88 232.83 D
O
N
0 F
(AD) 315.2 723.42 T
3 X
90 450 36.08 16.47 276.51 710.72 G
0 X
90 450 36.08 16.47 276.51 710.72 A
1 F
(src) 504 210.18 T
(dst) 366.05 720.56 T
2 F
(PG) 261.14 703.67 T
136.51 334.12 M
 196.59 293.44 196.59 293.44 230.07 349.54 D
 263.54 405.64 263.54 405.64 231.44 418.26 D
 199.34 430.89 199.34 430.89 137.88 402.84 D
 76.42 374.79 76.42 374.79 136.51 334.12 D
O
N
547.68 591.38 M
 495.38 645.69 495.38 645.69 466.24 570.78 D
 437.1 495.87 437.1 495.87 465.05 479.02 D
 492.99 462.16 492.99 462.16 546.49 499.62 D
 600 537.07 600 537.07 547.68 591.38 D
O
N
188.91 626.78 M
 119.36 579.47 119.36 579.47 215.29 553.12 D
 311.22 526.77 311.22 526.77 332.81 552.04 D
 354.39 577.31 354.39 577.31 306.43 625.7 D
 258.46 674.08 258.46 674.08 188.91 626.78 D
O
N
160.95 256.33 M
 89.53 218.8 89.53 218.8 188.04 197.9 D
 286.56 176.98 286.56 176.98 308.72 197.04 D
 330.89 217.09 330.89 217.09 281.63 255.47 D
 232.38 293.86 232.38 293.86 160.95 256.33 D
O
N
2 X
90 450 39.06 20.51 476.16 266.22 G
0 X
90 450 39.06 20.51 476.16 266.22 A
(PG) 460.01 260.06 T
5 X
90 450 39.06 20.51 110.06 231.66 G
0 X
90 450 39.06 20.51 110.06 231.66 A
(PG) 93.91 225.5 T
5 X
90 450 39.06 20.51 149.83 336.18 G
0 X
90 450 39.06 20.51 149.83 336.18 A
(PG) 133.68 330.02 T
5 X
90 450 39.06 20.51 506.9 630.82 G
0 X
90 450 39.06 20.51 506.9 630.82 A
(PG) 490.75 624.66 T
5 X
90 450 39.06 20.51 315.26 541.11 G
0 X
90 450 39.06 20.51 315.26 541.11 A
(PG) 299.11 534.95 T
5 X
90 450 39.06 17.05 264.64 654.51 G
0 X
90 450 39.06 17.05 264.64 654.51 A
(PG) 248.49 648.45 T
0 F
(............) 391.18 356.42 T
5 X
90 450 39.06 20.51 226.67 427.53 G
0 X
90 450 39.06 20.51 226.67 427.53 A
2 F
(PG) 210.52 421.37 T
0 F
(AD) 456.99 214.44 T
(AD) 193.03 207.04 T
1 F
(2) 240.04 203.64 T
0 F
(AD) 170.3 361.07 T
1 F
(3) 220.15 356.72 T
0 F
(AD) 498.57 546.12 T
1 F
(n-2) 545.58 542.72 T
0 F
(AD) 184.9 588.09 T
1 F
(n-1) 231.9 584.69 T
89.04 147.94 537.31 148.9 R
6 X
V
0 X
N
2 F
(Legend: ) 93.79 124.83 T
186.51 129.85 249.55 129.85 2 L
5 H
3 X
N
184.85 116.05 249.55 116.05 2 L
10 X
N
184.02 102.25 248.72 102.25 2 L
0 X
N
5 X
90 450 39.06 20.51 304.41 240.71 G
4 H
0 X
90 450 39.06 20.51 304.41 240.71 A
(PG) 288.26 234.55 T
5 X
90 450 19.53 6.38 405.08 113.24 G
0 X
90 450 19.53 6.38 405.08 113.24 A
3 X
90 450 19.53 6.38 405.08 95.08 G
0 X
90 450 19.53 6.38 405.08 95.08 A
2 X
90 450 19.53 6.38 404.13 131.4 G
0 X
90 450 19.53 6.38 404.13 131.4 A
1 F
(inter) 264.74 127.75 T
(-AD link) 297.36 127.75 T
(intra-AD path) 264.74 110.61 T
(AD boundary) 263.79 92.53 T
(ORIGINA) 435.69 125.85 T
(T) 509.63 125.85 T
(OR) 520.3 125.85 T
(TRANSIT) 435.69 108.71 T
(T) 434.74 90.62 T
(ARGET) 444.3 90.62 T
260.83 416.89 M
 339.11 373.98 339.11 373.98 391 356.82 D
5 H
3 X
N
5 X
90 450 39.06 20.51 525.88 478.56 G
4 H
0 X
90 450 39.06 20.51 525.88 478.56 A
2 F
(PG) 509.73 472.4 T
FMENDPAGE
%%EndDocument
 150 -150 a
 endTexFig
649 1771 a Fx(Figure)14 b(4.1:)j(P)o(olicy)c(Gatew)o(a)o(ys)h(in)f(IDPR)-90
1904 y Fv(4.3.2)55 b(P)n(ac)n(k)n(et)20 b(Handling)-90 1998
y Fx(Proto)q(col)c(participan)o(ts)g(distinguish)g(b)q(et)o(w)o(een)h(t)o(w)o
(o)f(t)o(yp)q(es)h(of)e(pac)o(k)o(ets:)24 b(con)o(trol)15 b(and)h(data.)25
b(Con)o(trol)15 b(pac)o(k)o(ets)i(are)g(used)g(for)e(route)-90
2048 y(setup)i(and)f(main)o(tenance,)f(dissemination)f(of)h(link-state)h(PT)g
(up)q(dates)h(and)f(PG)f(status)i(messages)f(,)g(i.e.,)f(all)g(pac)o(k)o(ets)
h(in)o(trinsic)g(to)-90 2098 y(IDPR.)e(Of)g(these,)i(only)e(con)o(trol)g(pac)
o(k)o(ets)i(p)q(ertaining)e(to)h(route)g(setup)h(and)e(main)o(tenance)g(are)h
(relev)n(an)o(t)g(to)g(our)f(discussion.)1942 2083 y Ft(15)1999
2098 y Fx(The)-90 2148 y(balance)g(of)f(the)i(in)o(ternet)o(w)o(ork)f
(tra\016c)g(consists)h(of)e(data)h(pac)o(k)o(ets.)-28 2216
y(Con)o(trol)k(and)g(data)g(pac)o(k)o(ets)h(di\013er)f(in)g(the)h(manner)e
(they)i(are)g(pro)q(cessed)h(b)o(y)e(the)h(PGs.)31 b(Con)o(trol)18
b(pac)o(k)o(ets)h(are)f(transmitted)-90 2265 y(reliably)m(.)e(Eac)o(h)e(con)o
(trol)f(pac)o(k)o(et)h(is)f(ac)o(kno)o(wledged)g(on)g(a)g(hop-b)o(y-b)q(op)f
(basis)i(\(i.e.,)e(b)q(et)o(w)o(een)i(adjacen)o(t)g(PGs\).)k(If)13
b(a)f(con)o(trol)h(pac)o(k)o(et)h(is)-90 2315 y(not)g(A)o(CK-ed)h(within)f(a)
g(predetermined)h(in)o(terv)n(al,)f(the)h(sender)h(retransmits.)j(After)d
(attempting)d Fq(n)h Fx(\()p Fq(n)g Fx(is)h(a)f(lo)q(cally)f(de\014ned)i(v)n
(alue\))-90 2365 y(successiv)o(e)h(retransmissions,)e(the)g(sender)i(PG)d
Fw(gives)i(up)g Fx(and)f(informs)e(the)i(con)o(trol)g(pac)o(k)o(et's)g
(source)i(of)d(the)i(failure)e(to)h(deliv)o(er.)k(All)-90 2415
y(con)o(trol)c(pac)o(k)o(ets)i(are)f(uniquely)f(iden)o(ti\014ed)h(b)o(y)f
(the)i(com)o(bination)c(of:)19 b(i\))14 b(pac)o(k)o(et)h(t)o(yp)q(e)g
(\(SETUP)m(,)g(REFUSE,)f(A)o(CCEPT,)h(etc.\),)g(and)-90 2465
y(ii\))e(PR)g(handle)g(whic)o(h)g(refers)i(to)e(a)g(particular)g(PR.)g(This)g
(com)o(bination)e(is)i Fw(guar)n(ante)n(e)n(d)h Fx(to)f(b)q(e)h(unique,)f
(i.e.,)f(no)h(t)o(w)o(o)g(con)o(trol)g(pac)o(k)o(ets)-90 2514
y(of)f(the)h(same)f(t)o(yp)q(e)h(carry)h(the)f(same)f(PR)g(handle.)18
b(Ev)o(ery)13 b(con)o(trol)g(pac)o(k)o(et)g(is)f(signed)h(with)g(the)g
(secret)i(k)o(ey)d(of)h(its)f(originator,)g(so)g(as)h(to)p
-90 2595 864 2 v -59 2622 a Fj(15)-26 2633 y Fi(F)m(or)e(a)g(detailed)e
(description,)g(see)i(IDPR)g(Arc)o(hitecture)e(and)i(IDPR)g(Sp)q
(eci\014cation)d(do)q(cumen)o(ts)h([50)o(,)i(84)o(].)2028 2770
y Fx(52)p eop
%%Page: 53 28
bop -90 -108 a Fx(allo)o(w)11 b(all)f(in)o(terested)k(parties)f(to)f(authen)o
(ticate)h(its)f(con)o(ten)o(ts.)19 b(After)13 b(receiving)f(and)g(authen)o
(ticating)g(a)g(con)o(trol)g(pac)o(k)o(et)g(a)g(PG)g(replies)-90
-59 y(to)k(the)h(previous)g(hop)f(PG)g(with)g(an)g(A)o(CK)g(pac)o(k)o(et)h
(con)o(taining)e(the)i(iden)o(ti\014er)g(of)f(the)h(con)o(trol)f(pac)o(k)o
(et)g(b)q(eing)h(ac)o(kno)o(wledged.)25 b(An)-90 -9 y(A)o(CK)14
b(is)h(used)g(only)e(b)q(et)o(w)o(een)j(adjacen)o(t)e(PGs.)20
b(It)14 b(is)g(protected)i(b)o(y)e(a)g(signature)h(of)e(its)i(sender)g(and)g
(con)o(tains)f(the)h(pac)o(k)o(et)f(t)o(yp)q(e)h(and)-90 41
y(the)e(PR)g(handle)g(of)f(the)h(con)o(trol)g(pac)o(k)o(et)g(b)q(eing)f(ac)o
(kno)o(wledged)h(\(see)h(Figure)f(4.3.2\).)j(It)d(do)q(es)g(not,)g(ho)o(w)o
(ev)o(er,)g(include)g(the)g(address)h(or)-90 91 y(an)o(y)f(other)h(iden)o
(ti\014er)g(of)f(the)h(sender.)19 b(This)14 b(is)f(b)q(ecause)i(the)f(in)o
(tended)g(recipien)o(t)h(of)d(an)i(A)o(CK)f(can)h(unam)o(biguously)d(asso)q
(ciate)j(a)f(PR)-90 141 y(handle)h(with)f(an)h(adjacen)o(t)g(PG)g(whic)o(h,)f
(in)g(turn,)h(determines)g(the)h(k)o(ey)f(to)g(b)q(e)g(used)h(for)e
(signature)i(v)o(eri\014cation.)p 773 242 435 2 v 773 244 V
772 291 2 50 v 798 277 a(P)o(ac)o(k)o(et)f(t)o(yp)q(e)g(\(=A)o(CK\))p
1206 291 V 773 293 435 2 v 772 343 2 50 v 815 328 a(Ac)o(k-ed)h(pac)o(k)o(et)
f(t)o(yp)q(e)p 1206 343 V 773 345 435 2 v 772 394 2 50 v 894
379 a(PR)f(handle)p 1206 394 V 773 396 435 2 v 772 446 2 50
v 897 431 a Fq(S)r(I)s(G)978 437 y Fp(sender)p 1206 446 V 773
448 435 2 v 772 613 a Fx(Figure)h(4.2:)j(A)o(CK)d(pac)o(k)o(et)-28
713 y(Unlik)o(e)20 b(con)o(trol)g(pac)o(k)o(ets,)j(data)d(pac)o(k)o(ets)h
(are)g(not)g(ac)o(kno)o(wledged)f(at)g(ev)o(ery)h(PG)g(hop.)37
b(Their)21 b(transmission)e(is)i(inheren)o(tly)-90 763 y(unreliable,)d(since)
h(a)f(PR)g(ma)o(y)e(tra)o(v)o(erse)j(a)f(n)o(um)o(b)q(er)f(of)h(lossy)g
(datagram)e(subnets.)32 b(One)19 b(similarit)o(y)c(b)q(et)o(w)o(een)20
b(con)o(trol)d(and)h(data)-90 813 y(pac)o(k)o(ets)e(is)f(that)g(b)q(oth)g
(carry)h(PR)f(handles.)22 b(PR)15 b(handles)g(allo)o(w)e(transit)j(PGs)f(to)g
(asso)q(ciate)h(data)e(pac)o(k)o(ets)i(with)f(PR)g(table)g(en)o(tries)-90
862 y(and)f(route)g(data)g(pac)o(k)o(ets)g(according)g(to)g(the)h
(information)c(stored)j(therein)h(\(i.e.,)e(the)h(next)h(hop)e(PG\).)-90
1001 y Fv(4.3.3)55 b(PR)19 b(Setup)-90 1095 y Fx(The)13 b(proto)q(col)f(b)q
(egins)g(with)g(a)g(data)g(pac)o(k)o(et)h(arriving)e(at)h(a)g(PG)h(in)e
Fq(AD)1050 1101 y Fp(sr)q(c)1100 1095 y Fx(.)17 b(When)c(this)f(PG)g(disco)o
(v)o(ers)h(that)g(it)e(has)i(no)f(activ)o(e)g(PR)g(for)-90
1145 y(the)j(source-destination)h(end-system)e(pair)g(in)g(that)h(pac)o(k)o
(et,)f(it)g(con)o(tacts)i(a)e(lo)q(cal)f(RS)h(and)h(asks)f(for)h(a)f(new)h
(PR)f(to)g(the)h(destination)-90 1195 y(AD.)e(\(Hereafter,)i(the)g
(requesting)g(PG)e(is)h(kno)o(wn)f(as)h(the)h(originator.\))i(RS)c(replies)i
(with)e(the)i(full)e(path:)489 1286 y Fq(P)6 b(R)11 b Fx(=)h([)p
Fq(S)r(E)r(GM)5 b(E)r(N)g(T)854 1292 y Ft(1)872 1286 y Fq(;)i(S)r(E)r(GM)e(E)
r(N)g(T)1124 1292 y Ft(2)1143 1286 y Fq(;)i(:::;)g(S)r(E)r(GM)e(E)r(N)g(T)
1450 1292 y Fp(N)1479 1286 y Fx(])-1581 b(\(4.2\))-90 1378
y(Eac)o(h)14 b(segmen)o(t)g(con)o(tains:)k Fq(S)r(E)r(GM)5
b(E)r(N)g(T)586 1384 y Fp(i)612 1378 y Fx(=)11 b([)p Fq(AD)732
1384 y Fp(i)746 1378 y Fq(;)c(V)i(ALI)s(D)912 1384 y Fp(i)927
1378 y Fx(])14 b(for)f(\(0)e Fq(<)h(i)g(<)p Fx(=)g Fq(N)5 b
Fx(\))-90 1445 y(where)15 b Fq(V)9 b(ALI)s(D)177 1451 y Fp(i)206
1445 y Fx(is)14 b(the)h(information)c(that)j Fq(AD)700 1451
y Fp(i)728 1445 y Fx(can)g(use)h(to)e(v)n(alidate)g(the)h(PR)g(\(e.g.,)f(a)g
(list)h(of)f(applicable)g(P)o(olicy)g(T)m(erms\).)1943 1430
y Ft(16)-28 1513 y Fx(No)o(w,)k(the)g(originator)e(comp)q(oses)h(a)g(new)h
(PR)g(SETUP)g(pac)o(k)o(et.)26 b(Included)17 b(in)f(the)h(pac)o(k)o(et)g(is)f
(the)h(unique)g(timestamp,)d Fq(T)6 b(S)2009 1519 y Fp(sr)q(c)2058
1513 y Fx(.)-90 1563 y(SETUP)17 b(also)e(con)o(tains)h(the)h
Fw(A)o(uthentic)n(ation-typ)n(e)f Fx(and)g Fw(Expir)n(ation)g
Fx(\014elds)g(whic)o(h)g(serv)o(e)h(the)g(same)e(purp)q(oses)i(as)g(their)f
(resp)q(ectiv)o(e)-90 1613 y(coun)o(terparts)g(in)e Fw(Visa)g
Fx(proto)q(col,)g(i.e.,)f(authen)o(tication)h(metho)q(d)g(for)g(subsequen)o
(t)i(data)e(pac)o(k)o(ets,)h(and,)f(PR)g(expiration)g(conditions,)-90
1663 y(resp)q(ectiv)o(ely)m(.)-28 1730 y(A)g(SETUP)h(pac)o(k)o(et)f(is)g
(protected)h(b)o(y)f(the)h(signature)f(of)f(its)h(originator:)713
1822 y Fq(S)r(I)s(G)794 1828 y Fp(sr)q(c)855 1822 y Fx(=)e([)p
Fq(F)938 1828 y Fp(hash)1012 1822 y Fx(\()p Fq(P)1055 1828
y Fp(setup)1137 1822 y Fx(\)])1165 1804 y Fp(D)q(K)1221 1808
y Fk(sr)q(c)-90 1822 y Fx(\(4.3\))-90 1913 y(where)19 b Fq(D)q(K)104
1919 y Fp(sr)q(c)171 1913 y Fx(is)f(the)g(secret)i(\(signature)e(or)f
(decryption\))i(k)o(ey)e(of)g Fq(AD)1089 1919 y Fp(sr)q(c)1156
1913 y Fx(and)h(one-w)o(a)o(y)f(hash)h(function)f(\(suc)o(h)i(as)e(MD4\))h
(and)f(a)-90 1963 y(strong)c(encryption)g(function)f(\(suc)o(h)h(as)f(RSA\),)
g(the)h(signature)f(is)g(su\016cien)o(t)h(to)f(main)o(tain)e(the)j(in)o
(tegrit)o(y)e(of)h(the)h(PR)f(SETUP)h(pac)o(k)o(et.)-90 2012
y(F)m(reshness)j(is)e(attained)f(b)o(y)h Fq(T)6 b(S)414 2018
y Fp(sr)q(c)477 2012 y Fx(within)13 b(the)i(SETUP)f(pac)o(k)o(et.)-28
2080 y(In)d(order)h(to)f(allo)o(w)f(for)h(the)g(authen)o(tication)g(of)g
(subsequen)o(t)i(data)e(pac)o(k)o(et)g(tra)o(v)o(eling)f(along)g(this)i(PR,)e
(the)i(originator)e(PG)h(needs)h(to)-90 2130 y(generate)f(a)f(new)g(data)f
(signature)h(k)o(ey)m(,)g Fq(K)565 2136 y Fp(dsig)629 2130
y Fx(,)h(for)e(use)i(in)e(whatev)o(er)i(p)q(er-pac)o(k)o(et)g(v)n(ariation)d
(is)h(used.)1495 2115 y Ft(17)1548 2130 y Fq(K)1583 2136 y
Fp(dsig)1657 2130 y Fx(m)o(ust)g(b)q(e)h(comm)o(unicated)-90
2180 y(in)15 b(secret)i(to)f(eac)o(h)g Fq(AD)292 2186 y Fp(i)306
2180 y Fx(.)23 b(This)15 b(requires)i(that)e Fq(AD)751 2186
y Fp(sr)q(c)816 2180 y Fx(encrypt)i Fq(K)1004 2186 y Fp(dsig)1083
2180 y Fq(N)k Fx(times,)14 b(i.e.,)g(compute)h Fq(E)r Fx(\()p
Fq(K)1595 2186 y Fp(dsig)1660 2180 y Fx(\))1676 2165 y Fp(E)r(K)1730
2169 y Fk(i)1760 2180 y Fx(for)g(all)g Fq(AD)1950 2186 y Fp(i)1964
2180 y Fx(.)23 b(The)-90 2230 y(resulting)14 b(PR)g(SETUP)g(pac)o(k)o(et)g
(is)g(depicted)h(in)f(Figure)g(4.3.)-28 2297 y(As)h(the)f(PR)g(setup)h(pac)o
(k)o(et)f(propagates)g(along)f(the)h(route,)g(eac)o(h)h(transit)f(PG)g(in)f
(the)h(PR)g(p)q(erforms)g(the)g(follo)o(wing)d(c)o(hec)o(ks:)-39
2398 y(1.)20 b(V)m(alidates)13 b(the)h(timestamp,)d Fq(T)6
b(S)537 2404 y Fp(sr)q(c)587 2398 y Fx(.)p -90 2478 864 2 v
-59 2505 a Fj(16)-26 2517 y Fi(Note)k(that)g(a)h(PR)g(carries)e(no)i
(information)c(regarding)i(individual)f(end-system)g(pairs.)14
b(This)d(is)g(b)q(ecause)e(all)h(PRs)h(are)f(initially)f(v)n(alidated)g(on)h
(the)g(basis)-90 2556 y(of)i Fh(AD)6 2560 y Fm(sr)q(c)52 2556
y Fi(,)h Fh(AD)130 2562 y Fm(dst)187 2556 y Fi(and)f(usage)f(conditions.)j
(If)f(a)f(transit)e(AD's)j(p)q(olicy)e(terms)g(are)g(end-system)f(sp)q
(eci\014c,)g(that)i(AD)h(can)e(v)o(erify)g(end-system)e(addresses)i(at)-90
2596 y(the)g(time)f(of)h(pac)o(k)o(et)f(forw)o(arding.)-59
2624 y Fj(17)-26 2636 y Fi(Actually)m(,)f Fh(K)153 2642 y Fm(dsig)225
2636 y Fi(is)i(not)g(necessarily)e(a)i(k)o(ey)m(,)g(p)q(er)g(se.)k(It)c(is)g
(a)h(secret)e(quan)o(tit)o(y)f(to)i(b)q(e)g(used)g(in)g(data)f(signature)f
(computation)o(.)2028 2770 y Fx(53)p eop
%%Page: 54 29
bop 749 -107 483 2 v 749 -105 V 748 -57 2 50 v 774 -72 a Fx(P)o(ac)o(k)o(et)
14 b(t)o(yp)q(e)g(\(=SETUP\))p 1231 -57 V 749 -55 483 2 v 748
-6 2 50 v 774 -20 a Fq(AD)839 -14 y Fp(sr)q(c)p 912 -6 V 1020
-20 a Fq(T)6 b(S)1075 -14 y Fp(sr)q(c)p 1231 -6 V 749 -4 483
2 v 748 46 2 50 v 807 31 a Fx(Authen)o(tication-t)o(yp)q(e)p
1231 46 V 749 48 483 2 v 748 97 2 50 v 893 82 a(Expiration)p
1231 97 V 749 99 483 2 v 748 149 2 50 v 961 134 a(PR)p 1231
149 V 749 151 483 2 v 748 200 2 50 v 872 185 a Fq(E)r Fx(\()p
Fq(K)956 191 y Fp(dsig)1020 185 y Fx(\))1036 170 y Fp(E)r(K)1090
174 y Fc(1)p 1231 200 V 749 202 483 2 v 748 252 2 50 v 872
237 a Fq(E)r Fx(\()p Fq(K)956 243 y Fp(dsig)1020 237 y Fx(\))1036
222 y Fp(E)r(K)1090 226 y Fc(2)p 1231 252 V 749 254 483 2 v
748 303 2 50 v 955 288 a Fb(\001)k(\001)g(\001)p 1231 303 V
749 305 483 2 v 748 355 2 50 v 866 340 a Fq(E)r Fx(\()p Fq(K)950
346 y Fp(dsig)1015 340 y Fx(\))1031 325 y Fp(E)r(K)1085 329
y Fk(N)p 1231 355 V 749 357 483 2 v 748 406 2 50 v 925 391
a Fq(S)r(I)s(G)1006 397 y Fp(sr)q(c)p 1231 406 V 749 408 483
2 v 748 574 a Fx(Figure)j(4.3:)18 b(SETUP)c(pac)o(k)o(et)-39
706 y(2.)20 b(Recomputes)14 b(and)f(v)o(eri\014es)i Fq(S)r(I)s(G)548
712 y Fp(sr)q(c)598 706 y Fx(.)-39 790 y(3.)20 b(Obtains)14
b Fq(K)206 796 y Fp(dsig)284 790 y Fx(b)o(y)g(decrypting)g
Fq(E)r Fx(\()p Fq(K)632 796 y Fp(dsig)697 790 y Fx(\))713 774
y Fp(D)q(K)769 778 y Fk(i)784 790 y Fx(.)-39 873 y(4.)20 b(V)m(alidates)13
b(the)h(PR)g(b)o(y)g(c)o(hec)o(king)g(the)g Fq(V)c(ALI)s(D)782
879 y Fp(i)811 873 y Fx(\014eld)k(in)f(the)i(corresp)q(onding)f(route)h
(segmen)o(t)e(\014eld.)-90 973 y(A)o(t)j(this)h(p)q(oin)o(t,)f(if)f(the)i
(setup)h(pac)o(k)o(et)f(passes)g(all)e(c)o(hec)o(ks,)j(the)f(transit)g(PG)f
(is)g(assured)i(that:)23 b(\(i\))16 b(the)h(PR)f(is)g(v)n(alid,)f(i.e.,)h(do)
q(es)h(not)-90 1023 y(violate)f(lo)q(cal)f(p)q(olicy)m(,)h(\(ii\))g(the)h(PR)
g(is)f(authen)o(tic,)i(i.e.,)d(issued)j(b)o(y)e(a)h(recognized)g(en)o(tit)o
(y;)h(and,)e(\(iii\))g(the)h(PR)g(is)f Fw(fr)n(esh)p Fx(,)g(i.e.,)g(issued)
-90 1073 y(recen)o(tly)m(.)j(In)14 b(other)g(w)o(ords,)g(eac)o(h)g
Fq(AD)529 1079 y Fp(i)557 1073 y Fx(is)g(protected)i(against)d(attac)o(ks)h
(of)f Fr(T)o(yp)q(e)j(1)e Fx(and)f Fr(T)o(yp)q(e)j(2)p Fx(.)-28
1141 y(Finally)m(,)e(the)i(PG)f(creates)i(a)e(new)h(table)g(en)o(try)g(for)f
(the)h(new)g(PR)f(and)h(computes)f(the)h(next)g(hop)f(PG)h(using)f(the)h
(next)g(hop)f(AD)-90 1191 y(sp)q(eci\014ed)g(in)f(the)g(next)h(PR)e(segmen)o
(t.)-28 1258 y(If)h(the)h(setup)g(pac)o(k)o(et)f(fails)f(one)i(of)e(the)i(ab)
q(o)o(v)o(e)e(c)o(hec)o(ks,)i(the)g(transit)f(\(or)h(target\))f(PG)g(in)g
(question)g(informs)e(the)j(originator)e(via)g(a)-90 1308 y(REFUSE)g(pac)o(k)
o(et.)19 b(\(See)14 b(Figure)f(4.4\).)k(Unlik)o(e)12 b(a)h(SETUP)h(pac)o(k)o
(et,)f(a)g(REFUSE)h(b)q(ears)g(no)f(timestamp)d(of)j(its)g(o)o(wn,)f(since)i
(there)h(can)-90 1358 y(b)q(e)h(at)g(most)e(one)i(REFUSE)g(pac)o(k)o(et)g
(for)f(a)h(single)f(SETUP)h(pac)o(k)o(et.)24 b(Instead,)17
b(a)e(REFUSE)h(pac)o(k)o(et)g(con)o(tains)g(the)g(timestamp)d(and)-90
1408 y(the)i Fq(AD)47 1414 y Fp(sr)q(c)110 1408 y Fx(\014eld)g(of)e(the)i
(corresp)q(onding)g(SETUP)g(pac)o(k)o(et)f(whic)o(h)g(helps)h(the)g
(originator)e(in)g(iden)o(tifying)g(the)i(exact)g(SETUP)g(pac)o(k)o(et)-90
1457 y(b)q(eing)i(rejected.)28 b(A)17 b(REFUSE)g(pac)o(k)o(et)g(is)f
(protected)j(b)o(y)d(a)g(signature)h(of)f(its)h(creator,)h(so)f(that)g(all)e
(in)o(terested)j(parties)g(can)e(v)o(erify)-90 1507 y(that)d(it)g(has)h(b)q
(een)g(generated)h(b)o(y)e(a)g(recognized)h(en)o(tit)o(y)m(,)e(i.e.,)g(b)o(y)
h(one)h(of)f(the)g(PGs)h(in)f(the)g(route.)19 b(\()p Fq(S)r(I)s(G)1578
1513 y Fp(i)1606 1507 y Fx(in)13 b(Figure)g(4.4)g(refers)h(to)f(the)-90
1557 y(signature)i(generated)i(b)o(y)d(the)i Fw(i)p Fx(-th)f(hop)g(transit)g
(AD\).)f(Up)q(on)i(receipt)g(of)e(a)h(REFUSE)g(all)f(PGs)h(tear)h(do)o(wn)e
(the)i(state)g(information)-90 1607 y(p)q(ertaining)c(to)g(the)h(PR)f(men)o
(tioned)g(therein)h(and)f(forw)o(ard)g(the)h(REFUSE)g(to)f(the)h(next)g(PG)f
(in)g(the)h(direction)g(of)f(the)g(originator)g(PG.)p 735 1708
511 2 v 735 1710 V 734 1758 2 50 v 760 1743 a(P)o(ac)o(k)o(et)i(t)o(yp)q(e)g
(\(=REFUSE\))p 1244 1758 V 735 1759 511 2 v 734 1809 2 50 v
760 1794 a Fq(AD)825 1800 y Fp(sr)q(c)p 898 1809 V 1020 1794
a Fq(T)6 b(S)1075 1800 y Fp(sr)q(c)p 1244 1809 V 735 1811 511
2 v 734 1861 2 50 v 777 1846 a Fq(AD)842 1852 y Fp(i)p 898
1861 V 1007 1846 a Fx(Reason)p 1244 1861 V 735 1862 511 2 v
734 1912 2 50 v 942 1897 a Fq(S)r(I)s(G)1023 1903 y Fp(i)p
1244 1912 V 735 1914 511 2 v 734 2080 a Fx(Figure)14 b(4.4:)j(REFUSE)d(pac)o
(k)o(et)-28 2179 y(After)i(a)e(SETUP)h(pac)o(k)o(et)g(successfully)h(passes)g
(through)f(all)e(transit)i(PGs,)g(it)f(\014nally)g(reac)o(hes)i(the)f
(last-hop,)f(target)h(PG.)f(After)-90 2229 y(v)n(alidating)9
b(the)i(PR,)g(the)g(target)h(PG)f(informs)e(the)i(originator)f(of)h(the)g
(setup)h(completion)e(b)o(y)g(means)h(of)f(an)h(A)o(CCEPT)g(pac)o(k)o(et)h
(\(Figure)-90 2279 y(4.5\).)22 b(An)16 b(A)o(CCEPT)g(pac)o(k)o(et)f(carries)i
(only)e(the)h(PR)f(handle.)23 b(Unlik)o(e)15 b(a)g(REFUSE,)g(it)g(do)q(es)i
(not)e(need)i(to)e(include)g(the)i(iden)o(tit)o(y)e(of)-90
2329 y(the)f(originating)e(AD.)i(This)f(is)h(b)q(ecause)i(an)d(A)o(CCEPT)i
(can)f(b)q(e)g(generated)i(only)d(b)o(y)g(a)h(target)g(PG)g(in)f(the)i
(destination)f(AD.)-28 2396 y(As)i(an)f(A)o(CCEPT)g(propagates)h(through)f
(eac)o(h)h(transit)f(PG)g(on)g(its)g(w)o(a)o(y)f(to)h(the)h(originator,)e(it)
h(enables)g(the)h(\(hereto)g(dorman)o(t\))-90 2446 y(corresp)q(onding)c(PR)g
(table)f(en)o(try)m(.)18 b(In)11 b(other)h(w)o(ords,)g(an)f(A)o(CCEPT)h
(signi\014es)g(that)g(the)g(PR)f(has)h(b)q(een)h(fully)d(authorized)i(b)o(y)f
(all)f(parties)-90 2496 y(in)o(v)o(olv)o(ed.)16 b(When)d(the)h(A)o(CCEPT)f
(\014nally)e(reac)o(hes)k(the)e(originator)f(PG,)g(data)g(pac)o(k)o(ets)i
(can,)e(at)h(last,)f(start)h(\015o)o(wing)f(along)g(the)h(newly)-90
2546 y(established)i(PR.)-28 2614 y(F)m(ailure)d(to)g(receiv)o(e)h(an)f(A)o
(CCEPT)h(within)e(a)h(pre-determined)h(p)q(erio)q(d)f(of)g(time,)f(causes)i
(the)g(originator)e(to)h(generate)h(and)g(re-send)-90 2663
y(a)f(new)h(SETUP)h(pac)o(k)o(et)f(for)f(the)h(same)f(PR.)g(The)h(new)g
(SETUP)g(is)g(essen)o(tially)f(the)i(same)d(as)i(the)g(original)e(one)i
(except)h(for)e(the)i Fq(T)6 b(S)2021 2669 y Fp(sr)q(c)2028
2770 y Fx(54)p eop
%%Page: 55 30
bop 731 -107 519 2 v 731 -105 V 730 -57 2 50 v 756 -72 a Fx(P)o(ac)o(k)o(et)
14 b(t)o(yp)q(e)g(\(=A)o(CCEPT\))p 1248 -57 V 731 -55 519 2
v 730 -6 2 50 v 756 -20 a Fq(AD)821 -14 y Fp(sr)q(c)p 894 -6
V 1020 -20 a Fq(T)6 b(S)1075 -14 y Fp(sr)q(c)p 1248 -6 V 731
-4 519 2 v 730 46 2 50 v 925 31 a Fq(S)r(I)s(G)1006 37 y Fp(dst)p
1248 46 V 731 48 519 2 v 730 213 a Fx(Figure)14 b(4.5:)j(A)o(CCEPT)d(pac)o(k)
o(et)-90 335 y(\014eld)k(whic)o(h)f(m)o(ust)g(re\015ect)i(the)f(curren)o(t)h
(clo)q(c)o(k)f(reading.)28 b(This)18 b(is)f(done)h(so)g(that)f(all)g(parties)
h(in)o(v)o(olv)o(ed)e(can)i(distinguish)f(b)q(et)o(w)o(een)-90
384 y(successiv)o(e)e(setup)f(attempts)e(for)g(the)i(same)d(route.)19
b(F)m(or)12 b(example,)f(if)h(the)h(originator)f(times)g(out)g(prematurely)g
(and)h(generates)h(a)f(new)-90 434 y(SETUP)j(while)e(the)i(A)o(CCEPT)f(for)g
(the)g(original)e(SETUP)j(is)f(still)f(en)h(route,)h(it)e(will)g(b)q(e)h
(able)g(to)g(decide)h(unam)o(biguously)c(that)j(the)-90 484
y(A)o(CCEPT)f(corresp)q(onds)i(to)e(the)g(original)e(SETUP)j(pac)o(k)o(et,)f
(not)f(the)i(retransmission.)-90 612 y Fr(4.3.3.1)48 b(PR)15
b(Setup)f(Summary)-90 706 y Fx(In)g(summary)m(,)c(PR)k(setup)h(in)o(v)o(olv)o
(es)e(the)h(follo)o(wing)e(steps:)839 691 y Ft(18)-39 796 y
Fx(1.)20 b Fq(AD)79 802 y Fp(sr)q(c)140 796 y Fx(=)-7 b Fu(\))11
b Fq(AD)283 802 y Ft(2)314 796 y Fx(:)g Fq(S)r(E)r(T)6 b(U)f(P)-39
873 y Fx(2.)20 b Fq(AD)79 879 y Ft(2)109 873 y Fx(=)-7 b Fu(\))12
b Fq(AD)253 879 y Fp(sr)q(c)314 873 y Fx(:)f Fq(AC)s(K)439
858 y Ft(2)436 883 y Fp(sr)q(c)97 937 y Fu(\001)c(\001)g(\001)-39
1014 y Fx(3.)20 b Fq(AD)79 1020 y Fp(i)105 1014 y Fx(=)-7 b
Fu(\))11 b Fq(AD)248 1020 y Fp(i)p Ft(+1)316 1014 y Fx(:)g
Fq(S)r(E)r(T)6 b(U)f(P)-39 1091 y Fx(4.)20 b Fq(AD)79 1097
y Fp(i)p Ft(+1)147 1091 y Fx(=)-7 b Fu(\))11 b Fq(AD)290 1097
y Fp(i)316 1091 y Fx(:)g Fq(AC)s(K)441 1073 y Fp(i)p Ft(+1)438
1103 y Fp(i)97 1155 y Fu(\001)c(\001)g(\001)-39 1232 y Fx(5.)20
b Fq(AD)79 1238 y Fp(n)p Fa(\000)p Ft(1)156 1232 y Fx(=)-7
b Fu(\))11 b Fq(AD)299 1238 y Fp(dst)359 1232 y Fx(:)g Fq(S)r(E)r(T)6
b(U)f(P)-39 1309 y Fx(6.)20 b Fq(AD)79 1315 y Fp(dst)138 1309
y Fx(=)-7 b Fu(\))12 b Fq(AD)282 1315 y Fp(n)p Fa(\000)p Ft(1)359
1309 y Fx(:)f Fq(AC)s(K)484 1294 y Fp(dst)481 1320 y(n)p Fa(\000)p
Ft(1)-39 1387 y Fx(7.)20 b Fq(AD)79 1393 y Fp(dst)138 1387
y Fx(=)-7 b Fu(\))12 b Fq(AD)282 1393 y Fp(n)p Fa(\000)p Ft(1)359
1387 y Fx(:)f Fq(AC)s(C)s(E)r(P)6 b(T)-39 1464 y Fx(8.)20 b
Fq(AD)79 1470 y Fp(n)p Fa(\000)p Ft(1)156 1464 y Fx(=)-7 b
Fu(\))11 b Fq(AD)299 1470 y Fp(dst)359 1464 y Fx(:)g Fq(AC)s(K)484
1446 y Fp(n)p Fa(\000)p Ft(1)481 1476 y Fp(dst)97 1528 y Fu(\001)c(\001)g
(\001)-39 1605 y Fx(9.)20 b Fq(AD)79 1611 y Fp(i)105 1605 y
Fx(=)-7 b Fu(\))11 b Fq(AD)248 1611 y Fp(i)p Fa(\000)p Ft(1)316
1605 y Fx(:)g Fq(AC)s(C)s(E)r(P)6 b(T)-60 1682 y Fx(10.)20
b Fq(AD)79 1688 y Fp(i)p Fa(\000)p Ft(1)147 1682 y Fx(=)-7
b Fu(\))12 b Fq(AD)291 1688 y Fp(i)316 1682 y Fx(:)f Fq(AC)s(K)441
1664 y Fp(i)p Fa(\000)p Ft(1)438 1694 y Fp(i)97 1746 y Fu(\001)c(\001)g(\001)
-60 1823 y Fx(11.)20 b Fq(AD)79 1829 y Ft(2)109 1823 y Fx(=)-7
b Fu(\))12 b Fq(AD)253 1829 y Fp(sr)q(c)314 1823 y Fx(:)f Fq(AC)s(C)s(E)r(P)6
b(T)-60 1900 y Fx(12.)20 b Fq(AD)79 1906 y Fp(sr)q(c)140 1900
y Fx(=)-7 b Fu(\))11 b Fq(AD)283 1906 y Ft(2)314 1900 y Fx(:)g
Fq(AC)s(K)439 1885 y Fp(sr)q(c)436 1911 y Ft(2)-90 2036 y Fv(4.3.4)55
b(P)n(ac)n(k)n(et)20 b(F)-5 b(orw)n(arding)-90 2131 y Fx(In)16
b(order)g(to)g(mak)o(e)e(use)j(of)e(an)g(existing)h(PR,)f(the)h(originator)f
(PG)g(m)o(ust)g(b)q(e)h(able)g(to)f(supply)h(information)d(necessary)18
b(to)d(asso)q(ciate)-90 2181 y(eac)o(h)f(data)g(pac)o(k)o(et)g(with)g(a)f(sp)
q(eci\014c)j(PR.)d(This)h(information)d(is)i(placed)i(in)e(the)h(PR)g
(header:)618 2272 y Fq(P)6 b(R)683 2278 y Fp(hdr)749 2272 y
Fx(=)12 b([)p Fq(AD)870 2278 y Fp(sr)q(c)919 2272 y Fq(;)7
b(T)f(S)993 2278 y Fp(sr)q(c)1042 2272 y Fq(;)h(T)f(S)1116
2278 y Fp(pack)q(et)1214 2272 y Fq(;)h(D)q(S)r(I)s(G)p Fx(])-1451
b(\(4.4\))-90 2363 y(The)18 b(com)o(bination)e(of)h Fq(AD)356
2369 y Fp(sr)q(c)424 2363 y Fx(and)g Fq(T)6 b(S)563 2369 y
Fp(sr)q(c)631 2363 y Fx(forms)16 b(the)j Fw(PR)g(hand)r(le)g
Fx(men)o(tioned)e(ab)q(o)o(v)o(e.)30 b(T)m(ransit)17 b(PGs)h(are)h(able)e(to)
h(lo)q(ok)f(up)h(the)-90 2413 y(appropriate)d(PR)g(in)g(their)h(tables)g
(using)f(the)h(PR)f(handle,)g([)p Fq(AD)963 2419 y Fp(sr)q(c)1012
2413 y Fq(;)7 b(T)f(S)1086 2419 y Fp(sr)q(c)1135 2413 y Fx(],)14
b(as)i(a)f(lo)q(ok-up)f(k)o(ey)m(.)22 b Fq(T)6 b(S)1560 2419
y Fp(pack)q(et)1675 2413 y Fx(is)15 b(an)g(optional)f(pac)o(k)o(et-)-90
2463 y(lev)o(el)19 b(timestamp)e(used)j(for)f(detecting)h(old)e(and)i
(out-of-order)f(data)f(pac)o(k)o(ets.)35 b(Finally)m(,)18 b
Fq(D)q(S)r(I)s(G)j Fx(is)e(the)h(\(also)f(optional\))f(pac)o(k)o(et)-90
2513 y(signature)d(used)h(to)f(protect)h(against)e Fr(T)o(yp)q(e)j(3)e
Fx(attac)o(k.)21 b Fq(D)q(S)r(I)s(G)p Fx('s)16 b(v)o(eri\014cation)e(is)h
(sub)r(ject)h(to)f(the)h(authen)o(tication)e(metho)q(d)g(agreed)-90
2563 y(to)g(up)q(on)g(PR)f(setup.)p -90 2631 864 2 v -59 2658
a Fj(18)-26 2670 y Fi(The)e(notation)e Fh(A)h Fi(=)-6 b Fg(\))11
b Fh(B)g Fi(:)f Fh(P)5 b(AC)r(K)r(E)r(T)17 b Fi(means)10 b
Ff("A)j(sends)g(P)m(A)o(CKET)g(to)g(B)g(")p Fi(.)2028 2770
y Fx(55)p eop
%%Page: 56 31
bop -90 -108 a Fs(4.4)70 b(Securit)n(y)21 b(Analysis)-90 0
y Fx(W)m(e)d(no)o(w)f(discuss)j(the)e(securit)o(y)i(of)d(the)i(prop)q(osed)g
(proto)q(col)f(considering)g(separately)h(the)g(route)f(setup)i(and)e(pac)o
(k)o(et)g(forw)o(arding)-90 50 y(phases.)-90 187 y Fv(4.4.1)55
b(PR)19 b(Setup)-90 282 y Fx(Successful)j(PR)e(setup)h(in)o(v)o(olv)o(es)f
(the)h(transmission)e(of)h(a)g(SETUP)h(pac)o(k)o(et)g(from)d(the)j
(originator)f(PG)g(along)f(the)i(PR)f(and)g(the)-90 332 y(subsequen)o(t)c
(transmission)c(of)i(an)f(A)o(CCEPT)h(pac)o(k)o(et)h(from)d(the)i(target)h
(PG)e(along)g(the)i(in)o(v)o(erted)f(PR.)-90 460 y Fr(4.4.1.1)48
b(SETUP)15 b(Pro)q(cessing)-90 555 y Fx(A)d(SETUP)i(pac)o(k)o(et)e(is)h
(signed)f(with)g(the)h(secret)i(k)o(ey)d(of)g(the)h(originator)e(and)h
(timestamp)q(ed)f(with)h(a)g(unique)h(timestamp.)i(This)d(allo)o(ws)-90
605 y(an)o(y)i(transit)g(PG)g(to)g(establish)h(that)f(the)h(SETUP)g(pac)o(k)o
(et)g(i\))f(w)o(as)g(sourced)h(in)f Fq(AD)1255 611 y Fp(sr)q(c)1305
605 y Fx(,)1317 590 y Ft(19)1366 605 y Fx(ii\))f(w)o(as)h(not)g(mo)q
(di\014ed)f(in)h(transit,)g(and)g(iii\))-90 655 y(w)o(as)g(generated)h
Fw(r)n(e)n(c)n(ently)p Fx(.)-28 722 y(In)e(addition,)f(a)g(transit)h(PG)g
(can)g(attempt)f(to)h(v)o(erify)f(that)h(the)h(PR)e(b)q(eing)h(installed)f
(do)q(es)i(not)f(violate)f(lo)q(cal)g(p)q(olicy)g(b)o(y)h(c)o(hec)o(king)-90
772 y(the)k(SETUP)h(pac)o(k)o(et)f(for)g(compliance)e(with)i(the)g(PTs)h
(referenced)h(therein.)28 b(A)17 b(PT)g(can)g(restrict)h(an)o(y)f(one)g(of)f
(the)h(follo)o(wing)e(\(see)-90 822 y(expression)g(4.1\):)-39
916 y(1.)20 b(Source)15 b(AD)-39 996 y(2.)20 b(Source)15 b(end-system)-39
1076 y(3.)20 b(Destination)13 b(AD)-39 1156 y(4.)20 b(Destination)13
b(end-system)-39 1236 y(5.)20 b(En)o(try)14 b(AD)g(\(i.e.,)e(previous)j(AD)e
(hop\))-39 1315 y(6.)20 b(Exit)13 b(AD)h(\(i.e.,)f(next)h(AD)g(hop\))-39
1395 y(7.)20 b(User)15 b(Class,)e(T)o(yp)q(e)h(of)g(Service)h(and)e(other)i
(c)o(haracteristics)h([84)o(])-90 1490 y(Of)i(the)h(ab)q(o)o(v)o(e,)f(only)f
(items)g(\(1\))h(and)g(\(6\))g(can)h(b)q(e)f(e\013ectiv)o(ely)h(v)o
(eri\014ed.)31 b(Source)19 b(AD)f(is)g(established)h(as)f(part)g(of)g(v)n
(alidating)d(the)-90 1540 y(SETUP)g(pac)o(k)o(et's)f(signature.)k(Exit)c(AD)g
(is)g(established)h(b)o(y)e(the)i(com)o(bination)c(of:)18 b(i\))13
b(c)o(hec)o(king)i(the)f(next)h(AD)f(segmen)o(t)f(within)g(the)-90
1589 y(PR)h(and)f(ii\))g(ph)o(ysically)g(forw)o(arding)g(the)h(SETUP)h(pac)o
(k)o(et)f(to)g(that)g(next)g(hop)g(AD)g(and)f(receiving)i(A)o(CK)f(in)f(resp)
q(onse.)-28 1657 y(Although,)i(in)g(theory)m(,)h(PTs)g(can)g(b)q(e)g(used)h
(to)e(restrict)i(source)g(or)f(destination)f(end-systems,)h(suc)o(h)g
(restrictions)h(are)f(generally)-90 1707 y(impractical.)f(The)e(reason)f(for)
f(this)h(is)g(t)o(w)o(ofold.)k(First,)c(it)f(is)h(impractical)e(for)h
(transit)h(ADs)g(to)g(b)q(e)g(concerned)i(with)e(large)f(n)o(um)o(b)q(ers)h
(of)-90 1757 y(ob)r(jects)h(at)e(the)h(gran)o(ularit)o(y)e(of)h(end-systems.)
18 b(Second,)12 b(\(also)f(b)q(ecause)i(of)e(scale\))h(it)f(is)h(di\016cult)e
(to)i(authen)o(ticate)g(tra\016c)g(on)f(the)h(basis)-90 1807
y(of)i(signatures)h(generated)h(b)o(y)e(individual)f(end-systems,)i(since)g
(man)o(y)e(end-system)h(pairs)h(can)g(b)q(e)g(asso)q(ciated)g(with)f(a)g
(single)h(PR.)e(If)-90 1856 y(a)h(transit)g(AD)g(still)f(decides)i(to)f
(include)g(end-system)g(restrictions)h(in)f(its)g(PTs,)g(it)g(has)g(to)g
Fr(trust)e Fx(the)i(end-p)q(oin)o(t)g(PGs)g(to)g(issue)h(PRs)-90
1906 y(only)g(to)h(appropriate)g(end-systems.)25 b(Nev)o(ertheless,)18
b(an)e(AD)g(migh)o(t)e(restrict)j(access)h(for)e(a)g(small)d(n)o(um)o(b)q(er)
j(of)f(select)i(end-systems)-90 1956 y(using)d(this)g(metho)q(d.)-28
2024 y(V)m(eri\014cation)j(of)g(the)h(previous)g(AD)f(hop)h(is)f(complicated)
f(b)o(y)h(the)h(fact)g(that)f(a)g(SETUP)i(pac)o(k)o(et)e(do)q(es)i(not)e
(re\015ect)i(the)f(actual)-90 2073 y(tra)o(v)o(ersed)13 b(route)f(\(whic)o(h)
g(ma)o(y)e(b)q(e)i(di\013eren)o(t)h(from)d(the)i(one)g(it)f(carries\).)19
b(In)11 b(other)i(w)o(ords,)f(a)f(PG)h(in)f(a)g(transit)h(AD)g(receiv)o(es)h
(a)e(SETUP)-90 2123 y(pac)o(k)o(et)k(whic)o(h)g(sp)q(eci\014es)i(some)d
(adjacen)o(t)h(AD)g(as)g(the)h(previous)f(hop.)22 b(Ho)o(w)o(ev)o(er,)15
b(this)g(giv)o(es)g(no)f(assurance)j(of)d(the)i(SETUP)g(pac)o(k)o(et)-90
2173 y(ha)o(ving)f(actually)h(passed)h(through)g(the)g(adjacen)o(t)f(AD)h(in)
f(question.)26 b(F)m(or)16 b(example,)f(a)h(link)g(connecting)h(t)o(w)o(o)f
(adjacen)o(t)g(ADs)h(ma)o(y)-90 2223 y(also)c(b)q(e)i(shared)g(b)o(y)e(other)
i(en)o(tities,)f(an)o(y)f(one)h(of)f(whic)o(h)h(could)g(ha)o(v)o(e)g(forw)o
(arded)g(the)g(SETUP)h(pac)o(k)o(et.)-28 2291 y(Ev)o(en)d(the)g(destination)g
(AD)f(is)h(not)f(v)o(eri\014able)g(at)h(SETUP)g(pro)q(cessing)h(time.)j(A)11
b(transit)h(AD)g(can)f(merely)g(conclude)h(that)g(the)g(last)-90
2340 y(AD)j(hop)g(in)g(the)h(PR)f(is)g(the)h Fw(app)n(ar)n(ent)f
Fx(destination.)22 b(Stronger)16 b(conclusion)f(can)h(b)q(e)g(made)e(only)g
(up)q(on)h(receiving)h(a)f(corresp)q(onding)-90 2390 y(A)o(CCEPT)d(pac)o(k)o
(et)g(\(see)h(b)q(elo)o(w\).)k(F)m(or)12 b(transit)f(ADs,)h(this)g(uncertain)
o(t)o(y)g(ma)o(y)e(serv)o(e)j(as)f(grounds)f(for)h(not)f(accepting)i(an)o(y)e
(data)g(pac)o(k)o(ets)-90 2440 y(for)j(a)f(PR)h(b)q(efore)g(receiving)h(A)o
(CCEPT.)-28 2508 y(Finally)m(,)10 b(v)o(eri\014cation)j(of)e(User)j(Class,)e
(T)o(yp)q(e)h(of)f(Service)i(and)e(other)h(restrictions)h(based)f(on)f
(tra\016c)h(c)o(haracterists)h(is)e(not)h(p)q(ossible)-90 2558
y(at)j(PR)g(setup)h(time.)24 b(F)m(or)15 b(example,)g(if)h(a)g(PT)g(con)o
(tains)g(User)h(Class)g(restrictions,)g(the)g(originator)e(can)h(lie)g(ab)q
(out)g(the)h(User)g(Class)p -90 2631 864 2 v -59 2658 a Fj(19)-26
2670 y Fi(F)m(or)11 b(simplicit)o(y)m(,)e(w)o(e)i(assume)f(that)h(all)g(PGs)g
(in)g(the)g(same)g(AD)h(share)e(the)h(same)f(public-k)o(ey)f(pair.)2028
2770 y Fx(56)p eop
%%Page: 57 32
bop -90 -108 a Fx(of)15 b(the)h(in)o(tended)g(tra\016c)f(source.)24
b(Unfortunately)m(,)15 b(a)g(transit)h(AD)f(has)h(no)f(means)f(of)h
(detecting)i(suc)o(h)f(abuse.)23 b(A)15 b(sole)h(exception)g(is)-90
-59 y(the)h(Date/Time)d(restriction)j(whic)o(h)f(sp)q(eci\014es)i(the)f(time)
d(in)o(terv)n(als)i(when)h(a)e(certain)i(PT)f(can)h(b)q(e)f(used.)26
b(It)16 b(is)g(trivial)f(to)h(establish)-90 -9 y(compliance)c(with)i(a)g
(Date/Time)e(restriction)j(at)e(SETUP)i(pro)q(cessing)g(time.)-90
121 y Fr(4.4.1.2)48 b(A)o(CCEPT)17 b(Pro)q(cessing)-90 215
y Fx(An)d(A)o(CCEPT)g(pac)o(k)o(et)f(is)h(signed)g(b)o(y)f(the)h(target)g(PG)
f(\(in)g(the)i(destination)e(AD\))g(and)h(b)q(ears)g(the)g(PR)g(handle)f(of)g
(the)h(corresp)q(onding)-90 265 y(SETUP)e(pac)o(k)o(et.)18
b(This)11 b(allo)o(ws)f(all)h(transit)g(PGs)h(and)f(the)h(originator)f(PG)g
(to)g(v)o(erify)g(its)h(origin)e(and)h(con)o(ten)o(ts.)19 b(Timeliness)10
b(is)h(deriv)o(ed)-90 315 y(from)h(the)j(presence)i(of)c(the)i(PR)f(handle,)f
(i.e.,)g(since)i(the)g(SETUP)f(b)q(earing)g(the)h(same)e(PR)h(handle)g(w)o
(as)g(observ)o(ed)h(recen)o(tly)g(and)f(the)-90 365 y(PR)g(handle)f(is)h
(unique,)g(the)g(A)o(CCEPT)g(pac)o(k)o(et)h(is)e(also)h(unique,)f(hence,)i
(it)e(m)o(ust)g(ha)o(v)o(e)h(b)q(een)h(recen)o(tly)g(generated.)-28
433 y(With)f(resp)q(ect)i(to)d(the)i(o)o(v)o(erall)e Fw(validity)g
Fx(of)g(a)h(PR,)f(a)h Fw(b)n(ona)h(\014de)g Fx(A)o(CCEPT)f(pac)o(k)o(et)g
(adds)g(the)h(follo)o(wing:)-28 532 y Fu(\017)21 b Fx(By)14
b(virtue)g(of)f(c)o(hec)o(king)i(the)f(pac)o(k)o(et)g(signature,)g(the)h
(destination)e(AD)h(is)g(\014nally)e(v)o(eri\014ed.)-28 614
y Fu(\017)21 b Fx(The)14 b(A)o(CCEPT)g(pac)o(k)o(et)h(itself)e(implies)f
(that)i(the)h(destination)e(AD)h(v)n(alidated)f(the)h(PR.)-90
713 y(Little)f(else)i(can)e(b)q(e)i(deriv)o(ed)f(from)e(an)h(A)o(CCEPT.)g(W)m
(e)h(observ)o(e)g(that)g(the)g(b)q(eliefs)g(deriv)o(ed)g(from)e(a)h
Fw(b)n(ona)i(\014de)g Fx(A)o(CCEPT)e(pac)o(k)o(et)h(fall)-90
763 y(short)f(of)f(assuring)h(the)g(originator)f(that)g Fw(ALL)h
Fx(transit)g(ADs)f(\(PGs\))h(ha)o(v)o(e)g(v)n(alidated)e(the)j(PR)e(and)g
(established)i(the)f(necessary)i(state.)-90 812 y(Since)f(the)g(A)o(CCEPT)g
(is)g(signed)f(b)o(y)h(the)g(target)g(PG)f(\(and)h(carries)g(within)f(it)g
(the)i(PR)e(handle)g(of)g(a)h(recen)o(tly)g(sen)o(t)h(SETUP)f(pac)o(k)o
(et\),)-90 862 y(the)j(originator)e(PG)h(is)g(assured)i(that)e(the)h(SETUP)g
(pac)o(k)o(et)g Fw(somehow)f Fx(reac)o(hed)i(the)f Fq(AD)1376
868 y Fp(dst)1440 862 y Fx(and)f(that)g Fq(AD)1680 868 y Fp(dst)1745
862 y Fx(v)n(alidated)f(the)i(PR.)-90 912 y(Nonetheless,)g(there)f(is)f(no)g
(direct)h(evidence)h(to)e(supp)q(ort)h(the)f(claim)e(that)j(the)f(SETUP)h
(passed)g(through)g(\(and)f(w)o(as)g(appro)o(v)o(ed)g(b)o(y\))-90
962 y(all)d(transit)g(ADs.)18 b(In)13 b(other)g(w)o(ords,)g(either)h(\(or)f
(b)q(oth\))g(SETUP)g(or)g(A)o(CCEPT)g(pac)o(k)o(ets)g(ma)o(y)e(ha)o(v)o(e)i
(tra)o(v)o(eled)g(along)e(a)i(route)g Fw(di\013er)n(ent)-90
1012 y Fx(from)h(that)i(sp)q(eci\014ed)i(in)e(the)g(PR.)g(This)g(t)o(yp)q(e)g
(of)g(anomaly)d(app)q(ears)k(unlik)o(ely)e(as)h(it)f(requires)j(activ)o(e)e
(in)o(terference)i(on)e(the)g(part)h(of)-90 1061 y(one)d(\(or)g(more\))f
(transit)h(ADs.)-28 1129 y(In)20 b(order)g(to)g(deriv)o(e)g(stronger)g(b)q
(eliefs)g(ab)q(out)g(setup)g(completion,)f(the)i(originator)d(m)o(ust)h(b)q
(e)h(assured)h(b)o(y)e(eac)o(h)h(transit)g(hop)-90 1179 y(individually)m(.)k
(This)16 b(can)h(b)q(e)h(accomplished)e(if)f(w)o(e)i(require)h(eac)o(h)f
(transit)g(PG)g(to)g(sign)f(the)h(A)o(CCEPT)h(as)e(it)h(tra)o(v)o(els)g(to)o
(w)o(ards)f(the)-90 1229 y(originator.)k(Then,)15 b(up)q(on)g(v)o(erifying)e
(all)h(of)g(the)i(trailing)d(signatures,)i(the)h(originator)d(can)i(b)q(e)h
(satis\014ed)f(that)g(all)f(transit)h(AD)g(ha)o(v)o(e,)-90
1279 y(in)e(fact,)g(authorized)g(the)h(PR)f(and)g(established)h(the)g
(necessary)h(state.)k(The)14 b(main)d(dra)o(wbac)o(k)i(of)g(this)g(mec)o
(hanism)e(is,)i(of)f(course,)i(the)-90 1328 y(additional)f(o)o(v)o(erhead)h
(due)h(to)g(signature)g(computations)e(and)h(v)o(eri\014cations)h(\(as)f(man)
o(y)f(as)h(there)i(are)f(ADs)g(in)f(the)h(PR\).)f(Moreo)o(v)o(er,)-90
1378 y(the)g(added)h(complexit)o(y)d(of)h(this)h(mec)o(hism)e(is)h(only)h(w)o
(orth)o(while)f(if)g(subsequen)o(t)i(data)f(pac)o(k)o(ets)h(are)f(treated)h
(similarly)m(.)-90 1516 y Fv(4.4.2)55 b(P)n(ac)n(k)n(et)20
b(F)-5 b(orw)n(arding)-90 1611 y Fx(As)16 b(discussed)i(in)e(Section)g
(4.2.5,)e(unless)j(a)f(strong)g(authen)o(tication)g(metho)q(d)f(is)h(used)h
(in)e(conjunction)h(with)g(repla)o(y)g(prev)o(en)o(tion,)g(a)-90
1661 y(transit)d(PG)g(can)h(deriv)o(e)f(v)o(ery)h(little)e(insofar)h(as)g
(the)h Fw(go)n(o)n(dness)g Fx(of)e(a)h(data)g(pac)o(k)o(et.)18
b(If)13 b(a)g(pac)o(k)o(et's)g(PR)g(handle)g(indexes)h(a)f(v)n(alid)e(PR)i
(in)-90 1710 y(the)h(PR)f(table,)f(the)i(only)e(conclusion)h(that)g(a)g
(transit)g(PG)g(can)h(mak)o(e)d(is)i(that)g(the)h(tra\016c)f(\015o)o(w)g
(whic)o(h)g(this)g(pac)o(k)o(et)g(purp)q(orts)i(to)e(b)q(e)g(a)-90
1760 y(part)i(of,)f(has)i(b)q(een)g(previously)f(authorized.)22
b(Stronger)15 b(b)q(eliefs)h(are)f(unattainable)f(without)h(a)g(stronger)h
(pro)q(of)e(of)h(the)g(relationship)-90 1810 y(b)q(et)o(w)o(een)g(the)g(pac)o
(k)o(et)f(and)g(the)g(PR)g(that)g(it)f(indexes.)-28 1878 y(Without)h(an)o(y)g
(authen)o(tication,)g(only)g(pac)o(k)o(ets)h(b)q(earing)g(in)o(v)n(alid)d
(PRs)j(can)g(b)q(e)g(detected.)22 b(If)14 b(only)g(PR)g(header)i(is)e(authen)
o(ticated)-90 1928 y(\(without)f(repla)o(y)f(prev)o(en)o(tion\),)h(no)g
(additional)e(securit)o(y)j(is)f(gained.)k(Since)c(all)f(pac)o(k)o(et)h(b)q
(elonging)f(to)h(the)g(same)f(PR)h(carry)g(the)h(same)-90 1977
y Fw("authentic)n(ate)n(d")g Fx(PR)e(header,)i(an)e(in)o(truder)h(can)g
(duplicate)g(this)f(header)i(inde\014nitely)e(\(for)h(the)g(lifetime)d(of)i
(the)i(PR\))e(attac)o(h)h(its)f(o)o(wn)-90 2027 y(data)i(and)f(inject)h(the)h
(resulting)f(tra\016c)g(in)o(to)f(the)i(stream)e(unnoticed!)-28
2095 y(If)i(repla)o(y)g(prev)o(en)o(tion)g(is)g(used,)h(eac)o(h)g(PR)f
(header)h(is)f(distinct)h(b)o(y)f(virtue)g(of)g(carrying)g(a)g(unique)g
(timestamp)d(\(hence,)17 b(a)e(unique)-90 2145 y(PR)f(header)h(signature)f
(as)g(w)o(ell\).)k(A)c(transit)g(PG)g(can)g(establish)g(the)h(origin)e(and)h
(timeliness)f(of)g(eac)o(h)i(data)e(pac)o(k)o(et,)1792 2130
y Ft(20)1841 2145 y Fx(ho)o(w)o(ev)o(er,)h(the)-90 2195 y(authen)o(ticit)o(y)
g(of)f(the)i(data)f(segmen)o(t)f(is)h(still)f(susp)q(ect.)21
b(Since)14 b(the)h(in)o(truder)f(is)g(no)g(longer)g(able)g(to)f(duplicate)h
(PR)g(headers,)h(the)g(only)-90 2244 y(v)o(en)o(ue)g(of)f(attac)o(k)h(left)f
(is)h(to)f(mangle)f(existing)h(data)h(pac)o(k)o(ets)g(\(e.g.,)f(substitute)i
(data)e(segmen)o(ts\).)21 b(Still,)13 b(this)i(lev)o(el)f(of)g(protection)h
(is)-90 2294 y(relativ)o(ely)d(inexp)q(ensiv)o(e)i(and)e(quite)h(e\013ectiv)o
(e)h(considering)f(that)g(it)f(mak)o(es)g(it)g(imp)q(ossible)f(for)i(the)g
(in)o(truder)h(to)e(i\))h(repla)o(y)f(old)g(pac)o(k)o(ets)-90
2344 y(and)i(ii\))g(create)i(more)d(pac)o(k)o(ets)j(than)e(generated)i(b)o(y)
e(the)h(true)h(source.)21 b(The)15 b(latter)f(protects)j(against)c
(in\015ated)i(c)o(harges)g(and)g(pac)o(k)o(et)-90 2394 y(storms.)-28
2461 y(Finally)m(,)f(akin)h(to)g(SETUP)h(and)g(A)o(CCEPT)g(pac)o(k)o(ets,)g
(data)g(pac)o(k)o(ets)g(con)o(v)o(ey)g(no)f(information)e(ab)q(out)j(the)g
(actual)f(route)h(tak)o(en.)-90 2511 y(Moreo)o(v)o(er,)g(b)q(ecause)h(data)e
(pac)o(k)o(ets)h(are)g(not)f(ac)o(kno)o(wledged)h(on)f(hop-b)o(y-hop)f
(basis,)i(neither)g(previous)g(nor)f(next)h(AD)f(hop)h(can)f(b)q(e)-90
2561 y(v)o(eri\014ed.)p -90 2631 864 2 v -59 2658 a Fj(20)-26
2670 y Fi(As)d(describ)q(ed)d(in)i(Section)e(2.2.3,)h(timeliness)g(dep)q
(ends)f(on)i(the)g(particular)e(\001)1042 2676 y Fm(T)1078
2670 y Fi(used.)2028 2770 y Fx(57)p eop
%%Page: 58 33
bop -90 -108 a Fs(4.5)70 b(Assessmen)n(t)21 b(and)j(Cost)-90
0 y Fx(Our)13 b(purp)q(ose)h(in)e(this)h(section)g(is)f(to)h(in)o(v)o
(estigate)f(b)q(ounds)h(on)f(ac)o(hiev)n(able)g(data)h(rates)g(with)f(the)i
(securit)o(y)f(sc)o(hemes)g(describ)q(ed)i(ab)q(o)o(v)o(e.)-90
50 y(Previous)e(w)o(ork)g(in)f(the)h(area)g(of)f(p)q(erformance)h(and)f(cost)
i(ev)n(aluation)d(of)h(secure)j(proto)q(cols)e([27)o(])f(iden)o(ti\014es)h
(four)g(imp)q(ortan)o(t)e(o)o(v)o(erhead)-90 100 y(con)o(tributors)k
(\(listed)f(in)f(the)i(order)f(of)f(magnitude\):)-28 201 y
Fu(\017)21 b Fx(P)o(er)14 b(P)o(ac)o(k)o(et)h(Signature)-28
284 y Fu(\017)21 b Fx(Increased)15 b(P)o(ac)o(k)o(et)g(Length)-28
367 y Fu(\017)21 b Fx(Setup)14 b(Ov)o(erhead)-28 450 y Fu(\017)21
b Fx(Other)15 b(Additional)d(P)o(er)j(P)o(ac)o(k)o(et)f(Pro)q(cessing)-90
551 y(In)i(the)g(remainder)g(of)f(this)h(section)h(w)o(e)f(analyze)g(eac)o(h)
g(of)f(the)i(ab)q(o)o(v)o(e)f(con)o(tributing)f(factors)h(in)g(sev)o(eral)g
(v)n(ariations)f(of)g(the)i(general)-90 601 y(sc)o(heme.)-90
739 y Fv(4.5.1)55 b(P)n(ac)n(k)n(et)20 b(Signatures)-90 834
y Fx(As)f(discussed)i(earlier)e(in)g(this)g(c)o(hapter,)i(p)q(er)e(pac)o(k)o
(et)h(signature)f(costs)h(are)f(largely)g(dep)q(enden)o(t)h(up)q(on)f(the)h
(particular)f(v)n(ariation)-90 883 y(of)e(pac)o(k)o(et)h(signature)g(c)o(hec)
o(king,)h(signature)f(computation)d(metho)q(d,)j(and)f(signature)h(co)o(v)o
(erage.)30 b(Previous)18 b(results)h(in)e(measuring)-90 933
y Fw(Visa)11 b Fx(proto)q(col)h(o)o(v)o(erhead)g([32)o(,)f(27])g(suggest)i
(that,)f(whenev)o(er)h(encryption)f(or)g(encryption-based)h(signatures)f(are)
h(used,)f(the)h(o)o(v)o(erhead)-90 983 y(b)q(ecomes)d(quite)h(noticeable.)17
b(In)10 b(Chapter)h(5,)f(w)o(e)h(illustrate)e(exp)q(erimen)o(tal)h(results)h
(using)f(non-cryptographic)h(pac)o(k)o(et)f(authen)o(tication)-90
1033 y(tec)o(hniques.)-28 1101 y(Repla)o(y)19 b(prev)o(en)o(tion)i(can)f(b)q
(e)g(used)h(indep)q(enden)o(t)g(of)f(the)g(data)g(authen)o(tication)f(metho)q
(d.)36 b(The)20 b(cost)h(of)e(repla)o(y)h(prev)o(en)o(tion)-90
1150 y(amoun)o(ts)11 b(to)h(one)g(additional)e(PR)i(header)h(\014eld)f
(\(32-64)f(bits)i(dep)q(ending)f(on)g(the)h(timestamp)d(gran)o(ularit)o(y\))h
(and)h(sev)o(eral)g(instructions)-90 1200 y(for)i(implem)o(en)o(ting)d(the)j
(proto)q(col)g(describ)q(ed)i(in)d(Section)i(4.2.5.4.)-90 1339
y Fv(4.5.2)55 b(Costs)19 b(Due)g(to)f(Increased)g(P)n(ac)n(k)n(et)i(Length)
-90 1433 y Fx(Increased)13 b(pac)o(k)o(et)f(length)f(is)h(incurred)g(b)o(y)f
(the)i(PR)e(header)h(carried)g(in)f(ev)o(ery)h(data)g(pac)o(k)o(et.)17
b(Recall)11 b(\(see)i(4.4\))d(the)i(PR)f(header)i(carries)-90
1483 y(the)k(AD)f(iden)o(ti\014er)h(of)f(the)h(source)g(and)g(the)g
(timestamp)d(of)h(the)i(original)e(setup)i(pac)o(k)o(et.)26
b(Assuming)16 b(32)f(bits)i(for)f Fq(AD)1868 1489 y Fp(sr)q(c)1934
1483 y Fx(and)g(\(at)-90 1533 y(most\))c(64)h(bits)h(for)f
Fq(T)6 b(S)281 1539 y Fp(sr)q(c)331 1533 y Fx(,)13 b(these)h(t)o(w)o(o)g
(\014elds)f(add)h(up)f(to)h(96)f(bits.)18 b(Dep)q(ending)13
b(on)h(the)g(requiremen)o(ts)g(for)f(data)g(authen)o(tication)g(and)-90
1583 y(repla)o(y)i(prev)o(en)o(tion,)h(PR)f(header)h(ma)o(y)d(include)j(a)f
(pac)o(k)o(et)g(timestamp)e(and)j(a)f(data)g(signature.)22
b(The)16 b(former)e(is)h(a)g(64-bit)g(quan)o(tit)o(y)m(.)-90
1632 y(The)g(length)f(of)g(the)h(data)f(signature)h(dep)q(ends)h(on)e(the)h
(particular)f(signature)g(metho)q(d)g(and)g(can)h(v)n(ary)f(b)q(et)o(w)o(een)
h(64)f(bits)h(\(e.g.,)e(DES)-90 1682 y(MA)o(C\))g(to)f(128)g(bits)h(\(e.g.,)f
(MD4\).)17 b(Th)o(us,)12 b(w)o(e)h(can)g(an)o(ticipate)f(that)h(the)g(length)
g(of)f(the)h(PR)g(header)g(will)e(range)i(b)q(et)o(w)o(een)h(96)e(and)h(288)
-90 1732 y(bits.)19 b(Previous)14 b(measuremen)o(ts)g(of)f
Fw(Visa)h Fx(proto)q(col)g(implem)o(en)o(tations)d([27)o(])j(sho)o(w)g(that)g
(this)g(o)o(v)o(erhead)h(ranges)f(from)e(20\045)i(for)f(small)-90
1782 y(\(e.g.,)i(16)h(b)o(ytes)g(of)f(user)i(data\))f(pac)o(k)o(ets)h(to)f
(less)g(than)g(4\045)f(for)h(larger,)f(e.g.,)h(1Kb)o(yte,)g(pac)o(k)o(ets.)25
b(\(The)16 b(length)g(of)f(a)h(visa)f(header)i(is)-90 1832
y(roughly)c(the)i(same)e(as)h(that)g(of)f(a)g(PR)h(header\).)-90
1970 y Fv(4.5.3)55 b(Setup)19 b(Ov)n(erhead)-90 2065 y Fx(PR)12
b(setup)i(is)f(accomplished)e(b)o(y)i(comp)q(osing)e(and)h(sending)h(a)g(pac)
o(k)o(et)g(con)o(taining)e(the)j(en)o(tire)f(PR)f(as)h(describ)q(ed)i(in)d
(Section)h(4.3.)k(The)-90 2115 y(costs)e(include:)-28 2215
y Fu(\017)21 b Fq(N)d Fx(con)o(v)o(en)o(tional)13 b(encryption)h(op)q
(erations)g(b)o(y)f Fq(AD)835 2221 y Fp(sr)q(c)898 2215 y Fx(to)h(encrypt)h
Fq(K)1135 2221 y Fp(dsig)1213 2215 y Fx(for)e(all)f(in)o(terv)o(ening)i
Fq(AD)1614 2221 y Fp(i)1628 2215 y Fx(s,)g(if)e(data)i(pac)o(k)o(et)g
(authen-)14 2265 y(tication)f(is)h(desired.)-28 2348 y Fu(\017)21
b Fx(A)10 b(hash)h(function)f(computation)f(o)o(v)o(er)i(the)g(en)o(tire)g
(PR)f(setup)i(pac)o(k)o(et)f(follo)o(w)o(ed)d(b)o(y)j(a)f(single)g(public)g
(k)o(ey)h(signature)g(computation)14 2398 y(o)o(v)o(er)j(the)g(hash)g
(function)g(v)n(alue.)-28 2481 y Fu(\017)21 b Fq(N)f Fx(hash)d(function)e
(computations)g(and)g Fq(N)21 b Fx(public)16 b(k)o(ey)f(signature)i(v)o
(eri\014cations)f(for)f(v)o(erifying)g(the)h(setup)h(pac)o(k)o(et)g
(signature)14 2531 y Fw(en)e(r)n(oute)f Fx(\(one)g(at)g(eac)o(h)g
Fq(AD)478 2537 y Fp(i)492 2531 y Fx(\).)-28 2614 y Fu(\017)21
b Fq(N)i Fx(decryption)c(op)q(erations)g(b)o(y)f(eac)o(h)g
Fq(AD)712 2620 y Fp(i)745 2614 y Fx(to)g(decrypt)i Fq(K)991
2620 y Fp(dsig)1055 2614 y Fx(.)31 b(Ho)o(w)o(ev)o(er,)20 b(this)e(can)h(b)q
(e)g(done)f(after)h(the)g(setup)g(pac)o(k)o(et)g(is)14 2664
y(forw)o(arded)14 b(to)f(the)i(next)f(hop)g(and)g(so)g(do)q(es)g(not)g(con)o
(tribute)h(directly)f(to)g(the)g(setup)h(latency)m(.)2028 2770
y(58)p eop
%%Page: 59 34
bop -90 -108 a Fx(The)17 b(ab)q(o)o(v)o(e)f(is)g(the)g(w)o(orst)h(case)g
(scenario.)25 b(Some)15 b(ADs)i(ma)o(y)d(not)i(care)h(to)f(authen)o(ticate)h
(PRs)g(up)q(on)f(setup.)26 b(F)m(urthermore,)16 b(if)f(PR)-90
-59 y(authen)o(tication)i(and)h(in)o(tegrit)o(y)f(requiremen)o(ts)g(\(or)h
(lac)o(k)f(thereof)s(\))i(are)f(expressed)i(in)d(a)g(transit)h(AD's)f(PTs,)h
(the)h(source)f(AD)g(can)-90 -9 y(a)o(v)o(oid)13 b(unnecessary)j(signature)e
(computation)e(and)i(reduce)h(the)g(setup)g(o)o(v)o(erhead.)-28
59 y(Measuremen)o(ts)g(of)e(PR)h(setup)h(o)o(v)o(erhead)f(are)g(presen)o(ted)
i(in)e(Chapter)g(5.)-90 197 y Fv(4.5.4)55 b(Other)18 b(P)n(er)h(P)n(ac)n(k)n
(et)h(Pro)r(cessing)d(Costs)-90 292 y Fx(Additional)c(\(other)h(than)g
(encryption\))h(pro)q(cessing)g(costs)g(are)g(incurred)g(mainly)c(b)o(y)j
(the)h(added)f(logic)f(in)g(routers)j(for)d(pro)q(cessing)j(of)-90
342 y(PR-based)e(pac)o(k)o(ets,)g(in)g(particular,)f(table)h(lo)q(okups.)-28
409 y(Eac)o(h)20 b(PG)f(main)o(tains)d(a)j(PR)g(table)g(where)h(eac)o(h)g(en)
o(try)g(corresp)q(onds)h(to)e(an)g(activ)o(e)g(PR.)f(Not)h(all)f(PGs)h(lo)q
(ok)g(up)g(this)g(table)-90 459 y(directly)m(.)27 b(A)17 b(PG)g(in)f(a)h
(stub)h(AD)e(acts)i(mainly)c(as)j(an)g Fw(originator)f Fx(and)h(do)q(es)h
(not)f(searc)o(h)h(its)f(PR)g(table;)h(instead)f(it)f(searc)o(hes)j(the)-90
509 y(end-system)d(table)f(with)g(source-destination)h(end-system)g
(addresses.)25 b(Eac)o(h)15 b(en)o(try)h(in)f(the)h(end-system)g(table)f(p)q
(oin)o(ts)g(directly)h(to)-90 559 y(the)d(corresp)q(onding)h(PR)e(table)h(en)
o(try)m(.)18 b(T)m(ransit)12 b(PGs,)g(on)h(the)g(other)g(hand,)g(ha)o(v)o(e)f
(to)h(p)q(erform)f(direct)h(PR)g(table)f(lo)q(okups.)17 b(PR)c(tables)-90
609 y(in)g(transit)g(PGs)g(are)h(an)o(ticipated)e(to)h(b)q(e)h(sev)o(eral)g
(orders)g(of)e(magnitude)g(larger)h(than)g(those)g(in)g(stub)h(PGs.)k
(Therefore,)c(lo)q(okup)e(costs)-90 658 y(are)i(of)e(concern.)19
b(Ho)o(w)o(ev)o(er,)14 b(if)e(en)o(tries)i(are)g(hashed)g(on)f(PR)f(handles)i
(using)f(a)g Fw(uniform)g Fx(hash)g(function)g([41)o(],)f(the)i(cost)g(of)e
(a)h(PR)g(table)-90 708 y(lo)q(okup)g(can)h(b)q(e)h(exp)q(ected)h(to)d(b)q(e)
i(negligible)d(\(on)i(the)h(a)o(v)o(erage\).)-28 776 y(In)j(addition)f(to)h
(authen)o(tication)f(and)h(lo)q(okup)f(costs,)j(there)f(is)f(also)f(the)h
(cost)h(of)e(PR)h(main)o(tenance.)29 b(F)m(or)18 b(eac)o(h)g(data)g(pac)o(k)o
(et)-90 826 y(switc)o(hed,)f(a)e(corresp)q(onding)i(PR)e(table)h(en)o(try)g
(is)g(up)q(dated.)24 b(This)16 b(includes)g(incremen)o(ting)f(sev)o(eral)h
(coun)o(ters)h(and)f(refreshing)g(t)o(w)o(o)-90 876 y(timestamp)11
b(v)n(alues)h(\(see)i(Chapter)g(5\).)k(The)13 b(cost)h(of)e(these)i(op)q
(erations)f(is)g(greatly)g(o)o(v)o(ershado)o(w)o(ed)g(b)o(y)g(other)g(o)o(v)o
(erhead-con)o(tributing)-90 925 y(factors.)-90 1081 y Fs(4.6)70
b(Conclusions)-90 1189 y Fx(T)m(ransit)13 b(con)o(trol)g(mec)o(hanisms)f(are)
i(needed)h(b)o(y)e(in)o(terconnected)i(ADs)f(to)f(retain)h(their)g(autonom)o
(y)d(in)i(setting)h(and)f(enforcing)h(p)q(olicy)-90 1239 y(while)c(still)h
(ac)o(hieving)f(desired)i(connectivit)o(y)m(.)17 b(The)11 b(problem)f(of)g
(in)o(terconnecting)i(Administrativ)o(e)d(Domains)g(and)i(na)o(vigating)e
(across)-90 1289 y(them)j(is)i(imp)q(ortan)o(t)d(b)q(ecause)k(the)f(p)q
(olicies)f(in)g(question)g(concern)i(con)o(trol)e(of)g(resource)i(access)g
(and)e(usage.)19 b(Moreo)o(v)o(er,)13 b(the)h(securit)o(y)-90
1339 y(of)i(the)g(transit)h(p)q(olicy)f(enforcemen)o(t)g(is)g(imp)q(ortan)o
(t,)f(esp)q(ecially)m(,)h(in)f(sensitiv)o(e)i(en)o(vironmen)o(ts.)25
b(On)16 b(the)h(other)g(hand,)f(the)h(securit)o(y)-90 1389
y(measures,)d(as)g(can)g(b)q(e)g(exp)q(ected,)i(tak)o(e)e(a)f(toll)g(in)h(o)o
(v)o(erall)e(system)i(complexit)o(y)e(and)i(p)q(erformance.)-28
1456 y(The)k(purp)q(ose)h(of)e(this)h(c)o(hapter)h(w)o(as)e(to)h(in)o(v)o
(estigate)f(the)i(design)e(of)g(transit)h(p)q(olicy)f(enforcemen)o(t)h(mec)o
(hanisms)e(for)h(sensitiv)o(e)-90 1506 y(en)o(vironmen)o(ts,)c(to)i(analyze)f
(their)h(securit)o(y)g(and)f(to)h(ev)n(aluate)f(the)h(p)q(erformance)f(o)o(v)
o(erhead.)20 b(W)m(e)14 b(b)q(egan)g(b)o(y)h(attempting)e(to)h(extend)-90
1556 y(existing)19 b(net)o(w)o(ork)g(access)h(con)o(trol)f(metho)q(ds)f(to)h
(the)g(more)f(general)h(transit)g(en)o(vironmen)o(t.)32 b(Subsequen)o(t)20
b(ev)n(aluation)e(iden)o(ti\014ed)-90 1606 y(sev)o(eral)f(basic)h
(de\014ciences)h(of)d(the)i(resulting)f(extension.)28 b(These)18
b(de\014ciencies)h(motiv)n(ate)14 b(the)k(in)o(tegration)e(of)h(p)q(olicy)f
(enforcemen)o(t)-90 1655 y(in)o(to)j(the)h(in)o(ternet)o(w)o(ork)g(routing,)g
(route)g(computation,)f(and)g(pac)o(k)o(et)h(forw)o(arding)f(proto)q(cols.)35
b(W)m(e)19 b(used)i(In)o(ter)f(Domain)d(P)o(olicy)-90 1705
y(Routing)12 b(\(IDPR\))g(as)i(the)f(foundation)f(for)g(the)i(proto)q(col)f
(design.)18 b(After)13 b(iden)o(tifying)f(p)q(oten)o(tial)g(securit)o(y)i
(threats)g(w)o(e)f(presen)o(ted)i(the)-90 1755 y(secure)h(P)o(olicy)d
(Routing)g(proto)q(col)g(and)h(analyzed)g(its)g(securit)o(y)h(and)e(p)q
(erformance)h(impact.)-28 1823 y(Securit)o(y)k(of)e(the)h(transit)h(con)o
(trol)e(mec)o(hanisms)f(should)i(b)q(e)g(approac)o(hed)g(from)e(an)i(in)o
(tegrated)g(p)q(ersp)q(ectiv)o(e.)29 b(It)17 b(exists)h(in)e(the)-90
1873 y(con)o(text)h(of)f(end-system)g(and)g(net)o(w)o(ork)h(access)h(con)o
(trol,)e(hence,)i(the)e(division)f(of)h(lab)q(or)g(deserv)o(es)i(careful)e
(consideration.)26 b(In)16 b(this)-90 1922 y(c)o(hapter)j(w)o(e)g(prop)q
(osed)h(that)e(P)o(olicy)g(Routing)f(b)q(e)i(equipp)q(ed)g(to)g(prev)o(en)o
(t)g(unauthorized)g(use)g(of)f(net)o(w)o(ork)h(resources,)i(and)e(exert)-90
1972 y(con)o(trol)c(o)o(v)o(er)g(routing)f(across)i(AD)f(b)q(oundaries.)22
b(Net)o(w)o(ork)15 b(access)i(con)o(trols)e(are)h(resp)q(onsible)g(for)e
(\014ner)i(grain)e(con)o(trol)h(\(e.g.,)f(on)h(an)-90 2022
y(end-system,)10 b(as)g(opp)q(osed)h(to)e(AD)h(basis\))g(and)f(end-systems)i
(for)e(protection)h(of)f(non-net)o(w)o(ork)h(resources.)19
b(The)10 b(prop)q(osed)h(mec)o(hanisms)-90 2072 y(w)o(ere)18
b(designed)g(to)f(supp)q(ort)h(in)o(ter-op)q(erabilit)o(y)e(across)i(ADs)g
(with)e(heterogeneous)k(p)q(olicies)d(to)g(the)g(exten)o(t)h(that)g(their)f
(com)o(bined)-90 2122 y(p)q(olicies)d(allo)o(w.)2028 2770 y(59)p
eop
%%Page: 60 35
bop -90 192 a Fs(Chapter)23 b(5)-90 367 y(Exp)r(erimen)n(tal)e(Results)-90
601 y Fx(In)14 b(Chapters)h(3)e(and)h(4)f(w)o(e)h(presen)o(ted)i(the)e
(design)g(of)f(stub)i(and)e(transit)h(p)q(olicy)f(enforcemen)o(t)h(mec)o
(hanisms,)d(resp)q(ectiv)o(ely)m(.)19 b(In)14 b(order)-90 651
y(to)g(supp)q(ort)h(our)g(design)f(c)o(hoices)i(and)e(to)g(demonstrate)g(the)
h(feasibilit)o(y)e(of)h(deplo)o(ymen)o(t,)e(this)j(c)o(hapter)g(describ)q(es)
i(the)e(exp)q(erimen)o(ts)-90 701 y(conducted)h(with)e(protot)o(yp)q(e)h
(implemen)o(tations)c(of)j(the)h(prop)q(osed)h(proto)q(cols.)k(The)15
b(purp)q(ose)g(of)f(the)h(exp)q(erimen)o(ts)g(w)o(as)g(t)o(w)o(ofold:)i(i\))
-90 750 y(to)d(v)o(erify)f(the)h(functionalit)o(y)f(of)g(the)h(implemen)o
(tation,)c(and)k(ii\))f(to)g(measure)h(the)g(o)o(v)o(erhead)h(imp)q(osed)d(b)
o(y)i(the)g(resp)q(ectiv)o(e)i(proto)q(cols.)-28 818 y(This)e(c)o(hapter)g
(is)g(organized)g(as)f(follo)o(ws.)k(W)m(e)c(b)q(egin)h(with)f(a)g(brief)h
(description)g(of)f(the)i(exp)q(erimen)o(tal)d(en)o(vironmen)o(t)h(in)g(the)h
(next)-90 868 y(section.)19 b(In)14 b(Sections)g(5.2)f(and)h(5.3)f(w)o(e)h
(describ)q(e)i(our)d(exp)q(erimen)o(ts)i(with)e Fw(Visa)h Fx(and)f(IDPR)h
(proto)q(cols,)f(resp)q(ectiv)o(ely)m(.)-90 1023 y Fs(5.1)70
b(Exp)r(erimen)n(tal)20 b(Platform)-90 1132 y Fx(F)m(or)d(the)h(purp)q(oses)h
(of)e(functionalit)o(y)f(and)h(p)q(erformance)h(testing,)g(b)q(oth)g
Fw(Visa)f Fx(and)g(IDPR)g(proto)q(cols)h(w)o(ere)g(implemen)o(ted)e(within)
-90 1182 y(the)e(SunOS)g(4.1)e(en)o(vironmen)o(t)g(whic)o(h)h(is)g(substan)o
(tially)f(similar)f(to)i(the)h(Berk)o(eley)g(4.3)f(UNIX.)g(Sun)g
Fw(Sp)n(ar)n(cStation)i(1+)e Fx(w)o(orkstations)-90 1232 y(w)o(ere)h(used)f
(as)g(the)h(hardw)o(are)f(platform)d(throughout)j(the)h(exp)q(erimen)o(ts.)k
(\()p Fw(Sp)n(ar)n(cStation)c(1+)f Fx(scores)h(15.8)e(MIPs)h(on)g(the)g(w)o
(ell-kno)o(wn)-90 1281 y Fw(Dhrystone)i(b)n(enchmark)p Fx(\).)k(All)13
b(exp)q(erimen)o(tal)g(w)o(orkstations)h(w)o(ere)h(equipp)q(ed)f(with)g(8)f
(to)h(12)f(Mb)o(ytes)i(of)e(main)f(memory)m(.)-28 1349 y(The)17
b(w)o(orkstations)f(directly)g(participating)f(in)h(the)h(exp)q(erimen)o(ts)f
(w)o(ere)h(in)o(terconnected)h(with)e(Ethernet)i(segmen)o(ts)e(to)g(form)e(a)
-90 1399 y(top)q(ology)f(depicted)i(in)f(Figure)g(5.1.)19 b(Ho)o(w)o(ev)o
(er,)14 b(a)g(n)o(um)o(b)q(er)f(of)h(other)h(w)o(orkstations)f(w)o(ere)h
(used)g(as)f Fw(se)n(c)n(ondary)p Fx(,)h(non-essen)o(tial)f(no)q(des)-90
1449 y(\(i.e.,)f(end-systems)h(in)f(IDPR)h(testing)g(and)g(visa-hosts)g(in)f
Fw(Visa)h Fx(proto)q(col)f(exp)q(erimen)o(ts\).)-28 1516 y(In)j(all)e(exp)q
(erimen)o(ts,)i(MD4)f(w)o(as)g(used)h(as)g(the)g(in)o(tegrit)o(y)f(mec)o
(hanism)e(for)i(all)g(pac)o(k)o(et)g(tra\016c.)23 b(Data)15
b(pac)o(k)o(et)h(authen)o(tication)f(in)-90 1566 y(b)q(oth)f
Fw(Visa)g Fx(and)g(IDPR)f(proto)q(cols)h(w)o(as)g(p)q(erformed)g(using)g(the)
g(secret)i(pre\014x)f(metho)q(d)e(in)h(conjunction)f(with)h(MD4)g(as)g
(describ)q(ed)h(in)-90 1616 y(App)q(endix)f(A.)-28 1684 y(Signatures)d(based)
h(on)e(public-k)o(ey)h(encryption)g(w)o(ere)h(not)f(implem)o(en)o(ted.)k
(Also,)c(w)o(e)g(did)f(not)h(implemen)o(t)d(secure)13 b(k)o(ey)d
(distribution)-90 1733 y(whic)o(h)j(is)h(part)f(of)g(b)q(oth)g(connection)h
(setup)h(in)e Fw(Visa)g Fx(and)g(PR)g(setup)i(in)e(IDPR.)f(The)i(main)d
(reason)j(for)f(this)h(is)f(the)h(apparen)o(t)g(lac)o(k)f(of)-90
1783 y(fast)f(public)f(k)o(ey)i(encryption)f(implemen)o(tation.)i
(Unfortunately)m(,)d(existing)h(state-of-the-art)h(public-k)o(ey)e(soft)o(w)o
(are)h(implemen)o(tations)-90 1833 y(are)17 b(excruciatingly)f(slo)o(w.)24
b(Ev)o(en)17 b(the)g(fastest)g(RSA)f(hardw)o(are)h(can)f(only)g(attain)g(a)g
(meager)f(2-4)h(Kbits/second)h(throughput)g([19)o(].)-90 1883
y(F)m(aster,)d(scaled-do)o(wn)f(v)n(arian)o(ts)g(of)f(RSA)h(ha)o(v)o(e)g(b)q
(een)i(prop)q(osed)f([51)o(].)j(F)m(or)c(example,)f(Priv)n(acy-Enhanced)i
(Electronic)g(Mail)e(sp)q(eci\014es)-90 1933 y(an)17 b(RSA)g(v)n(arian)o(t)f
(where)i(signature)g(v)o(eri\014cation)f(costs)h(signi\014can)o(tly)e(less)i
(than)f(signature)g(computation.)27 b(This)17 b(is)g(ac)o(hiev)o(ed)g(b)o(y)
-90 1983 y(using)f(a)g(large)g(\(e.g.,)g(512-bit\))f(secret)k(exp)q(onen)o(t)
e(in)f(conjunction)g(with)g(a)g(v)o(ery)h(small)d(\(e.g.,)i(8-bit\))f(public)
h(exp)q(onen)o(t.)26 b(Although)-90 2032 y(signature)15 b(v)o(eri\014cation)f
(b)q(ecomes)h(m)o(uc)o(h)e(c)o(heap)q(er)j(\(on)e(the)i(order)f(of)f(milli)o
(seconds\),)f(the)i(cost)g(of)f(signature)h(computation)e(remains)-90
2082 y(quite)18 b(high)f(\(e.g.,)h(4-5)g(seconds)h(for)f(a)f(512-bit)g(mo)q
(dulus\))g([51)o(,)g(36].)30 b(F)m(uture)18 b(v)o(ersions)h(of)e
Fw(Visa)h Fx(and)g(IDPR)f(proto)q(cols)h(will)f(tak)o(e)-90
2132 y(adv)n(an)o(tage)c(of)g(suc)o(h)i(metho)q(ds)e(as)h(they)h(b)q(ecome)e
(a)o(v)n(ailable.)-90 2287 y Fs(5.2)70 b(Visa)22 b(Exp)r(erimen)n(ts)-90
2396 y Fx(In)10 b(its)h(previous)f(incarnation)g([27)o(,)g(61)o(],)g
Fw(Visa)g Fx(proto)q(col)g(w)o(as)h(implem)o(en)o(ted)e(within)g(the)i(net)o
(w)o(ork)g(la)o(y)o(er)e(whic)o(h)i(required)g(mo)q(di\014cations)-90
2446 y(to)k(IP)m(.)g(All)f(visa-related)h(information)d(w)o(as)k(carried)g
(within)e(IP)h(option)g(\014elds.)22 b(This)15 b(had)h(sev)o(eral)f
(unpleasan)o(t)h(side-e\013ects:)22 b(i\))15 b(the)-90 2496
y(visa)g(option)g(\014elds)i(exceeded)h(40)d(b)o(ytes)h(whic)o(h)g(is)g(the)g
(maxim)n(um)c(IP)k(option)f(length,)g(and)h(ii\))f(IP)h(options)f(w)o(ere)i
(not)f(transparen)o(t)-90 2545 y(to)e(IP)h(routers)h(\(ev)o(en)f(those)g
(that)g(do)f(not)g(implemen)o(t)e Fw(Visa)i Fx(proto)q(col\).)20
b(The)15 b(former)e(limits)f(the)j(length)g(of)f(visa-related)g(data)g(and)
-90 2595 y(con)o(trol)i(messages,)h(while)f(the)h(latter)f(con)o(tributes)i
(to)e(increased)i(pro)q(cessing)g(dela)o(y)e(at)g(all)f(\(including)h
(non-visa\))f(IP)i(routers.)27 b(In)2028 2770 y(60)p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF