This document describes the Stream Control Transmission Protocol (SCTP). SCTP is designed to transport PSTN signaling messages over IP networks, but is capable of broader applications.

Stream Control Transmission Protocol

From the Publisher:
The most up-to-date introduction to the field of computer networking, this book's top-down approach starts at the application layer and works down the protocol stack. It also uses the Internet as the main example of networks. This all creates a book relevant to those interested in networking today. By starting at the application-layer and working down the protocol stack, this book provides a relevant introduction of important concepts. Based on the rationale that once a reader understands the applications of networks they can understand the network services needed to support these applications, this book takes a "top-down" approach that exposes readers first to a concrete application and then draws into some of the deeper issues surrounding networking. This book focuses on the Internet as opposed to addressing it as one of many computer network technologies, further motivating the study of the material. This book is designed for programmers who need to learn the fundamentals of computer networking. It also has extensive material making it of great interest to networking professionals.

/pdf/computer-networking-a-top-down-approach-featuring-the-qsqecl0jvt.pdf

Computer Networking: A Top-Down Approach Featuring the Internet

In this paper we present the design, rationale, and implementation of a security architecture for protecting the secrecy and integrity of Internet traffic at the Internet Protocol (IP) layer. The design includes three components: (1) a security policy for determining when, where, and how security measures are to be applied; (2) a modular key management protocol, called MKMP, for establishing shared secrets between communicating parties and meta-information prescribed by the security policy; and (3) the IP Security Protocol, as it is being standardized by the Internet Engineering Task Force, for applying security measures using information provided through the key management protocol. Effectively, these three components together allow for the establishment of a secure channel between any two communicating systems over the Internet. This technology is a component of IBM's firewall product and is now being ported to other IBM computer platforms.

/pdf/a-security-architecture-for-the-internet-protocol-3zr7jwv5n3.pdf

A security architecture for the Internet protocol

This document specifies a protocol which allows nodes to remain
reachable while moving around in the IPv6 Internet. Each mobile node
is always identified by its home address, regardless of its current
point of attachment to the Internet. While situated away from its
home, a mobile node is also associated with a care-of address, which
provides information about the mobile node's current location. IPv6
packets addressed to a mobile node's home address are transparently
routed to its care-of address. The protocol enables IPv6 nodes to
cache the binding of a mobile node's home address with its care-of
address, and to then send any packets destined for the mobile node
directly to it at this care-of address. To support this operation,
Mobile IPv6 defines a new IPv6 protocol and a new destination option.
All IPv6 nodes, whether mobile or stationary can communicate with
mobile nodes.

/pdf/mobility-support-in-ipv6-3nt79cwsa7.pdf

Mobility support in IPv6

In a computer system, the integrity of lower layers is typically treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, the integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked and (2) transitions to higher layers occur only after integrity checks on them are complete. The resulting integrity "chain" inductively guarantees system integrity. When these conditions are not met, as they typically are not in the bootstrapping (initialization) of a computer system, no integrity guarantees can be made, yet these guarantees are increasingly important to diverse applications such as Internet commerce, security systems and "active networks". In this paper, we describe the AEGIS architecture for initializing a computer system. It validates integrity at each layer transition in the bootstrap process. AEGIS also includes a recovery process for integrity check failures, and we show how this results in robust systems.

/pdf/a-secure-and-reliable-bootstrap-architecture-gb073vrwk6.pdf

A secure and reliable bootstrap architecture

This memo describes a protocol utilizing security concepts necessary for establishing Security Associations (SA) and cryptographic keys in an Internet environment. A Security Association protocol that negotiates, establishes, modifies and deletes Security Associations and their attributes is required for an evolving Internet, where there will be numerous security mechanisms and several options for each security mechanism. The key management protocol must be robust in order to handle public key generation for the Internet community at large and private key requirements for those private networks with that requirement. The Internet Security Association and Key Management Protocol (ISAKMP) defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation (e.g. denial of service and replay attacks). All of these are necessary to establish and maintain secure communications (via IP Security Service or any other security protocol) in an Internet environment.

Internet Security Association and Key Management Protocol (ISAKMP) Status of this Memo

/pdf/internet-security-association-and-key-management-protocol-22pqlwtn5f.pdf

Internet Security Association and Key Management Protocol (ISAKMP)

This document describes the security architecture required to
implement identity-based encryption, a public-key encryption
technology that uses a user's identity as a public key. It also
defines data structures that can be used to implement the technology.

https://www.rfc-editor.org/rfc/pdfrfc/rfc5408.txt.pdf

Identity-Based Encryption Architecture and Supporting Data Structures

This document describes the conventions for using the Boneh-Franklin
(BF) and Boneh-Boyen (BB1) identity-based encryption algorithms in the
Cryptographic Message Syntax (CMS) to encrypt content encryption keys.
Object identifiers and the convention for encoding a recipient's
identity are also defined.

https://ftp8.fr.freebsd.org/rfc/rfc5409.txt.pdf

Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax (CMS)

History tells us that Julius Cesar shifted each letter in his messages to his generals by three places in the alphabet. The generals knew to shift back by three letters to read the message. Securing information for transfer between entities requires an agreement on how the information will be protected. Modern science and technology has brought more advanced methods of protecting information, but the basic need for an agreement between entities desiring to communicate securely still exists. In modern terms this agreement is a security association (SA). There are varying definitions of a security association in current standards and this paper attempts to clarify, these definitions. Security protocols requiring security associations as well as emerging protocols that establish and manage security associations are presented. If future global interoperability is to be provided securely one of the first building blocks will be the ability to negotiate and establish security associations. Therefore, issues that must be resolved for future global interoperability are discussed. Our work to create a network security research environment for future global needs is also presented.

M. Schertler

Papers

Internet Security Association and Key Management Protocol (ISAKMP) Status of this Memo

Internet Security Association and Key Management Protocol (ISAKMP)

Identity-Based Encryption Architecture and Supporting Data Structures

Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax (CMS)

Security associations: building blocks for secure communications