Securing a Bandwidth Broker Architecture

In this paper we discuss the topic of the security in the context of a Bandwidth Broker’s operation based on the existing literature on this issue and new techniques and methods. We propose mechanisms to enhance the security of the communications during the Bandwidth Broker operation both within a single domain and across different domains. The message exchanges for the operation of a distributed Bandwidth Broker architecture are enumerated. The purpose is to examine the main security risks for a distributed Bandwidth Broker architecture operating in a real-world environment and address them using the PKI architecture mechanisms. We also present a proposal for identifying misbehaving flows that intends to be both simple and effective. We finally evaluate the performance impact that our solution incurs to the operation of the Bandwidth Broker and show that it offers an advantageous trade-off in most cases where security considerations exist.