Stephen T. Kent

Bio: Stephen T. Kent is an academic researcher from BBN Technologies. The author has contributed to research in topics: Encryption & Network packet. The author has an hindex of 14, co-authored 22 publications receiving 2239 citations.

Hash-based IP traceback

Abstract: The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, wide-spread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion.We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past. We demonstrate that the system is effective, space-efficient (requiring approximately 0.5% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware. We present both analytic and simulation results showing the system's effectiveness.

Single-packet IP traceback

Abstract: The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet Even in the absence of any deliberate attempt to disguise a packet's origin, widespread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source Techniques have been developed to determine the source of large packet flows, but, to date, no system has been presented to track individual packets in an efficient, scalable fashion We present a hash-based technique for IP traceback that generates audit trails for traffic within the network, and can trace the origin of a single IP packet delivered by the network in the recent past We demonstrate that the system is effective, space efficient (requiring approximately 05% of the link capacity per unit time in storage), and implementable in current or next-generation routing hardware We present both analytic and simulation results showing the system's effectiveness

Security Mechanisms in High-Level Network Protocols

Abstract: The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed. First the threats to security that may arise in such an environment are described, and then a set of goals for communications security measures is established. This is followed by a brief description of the two basic approaches to communications security, link-oriented measures and end-to-end measures, which concludes that end-to-end measures are more appropriate in an open-system environment. Next, relevant properties of data encryption--the fundamental technique on which all communications security mechanisms are based--are discussed. The remainder of the paper describes ho~w end-to-end measures can be used to achieve each of the security goals previously established.

Internet Privacy Enhanced Mail

Abstract: Privacy Enhanced Mail (PEM) consists of extensions to existing message processing software plus a key management infrastructure. These combine to provide users with a facility in which message confidentiality, authenticity, and integrity can be effected. PEM is compatible with RFC 822 message processing conventions and is transparent to SMTP mail relays. PEM uses symmetric cryptography — for example, the Data Encryption Standard (DES) — to provide (optional) encryption of messages. Although the RFCs permit the use of either symmetric or asymmetric (public key) cryptography (for instance, the RSA cryptosystem) to distribute symmetric keys, the RFCs strongly recommend the use of asymmetric cryptography for this purpose and to generate and validate digital signatures for messages and certificates. Public key management in PEM is based on the use of certificates as defined by the CCITT Directory Authentication Framework [CCIT88c]. A public key certification hierarchy for PEM is being established by the Internet Society. This certification hierarchy supports universal authentication of PEM users, under various policies, without the need for prior bilateral agreements among users or organizations with which the users may be affiliated.

Internet Privacy Enhanced Mail

Abstract: Privacy Enhanced Mail (PEM) consists of extensions to existing message processing software plus a key management infrastructure. These combine to provide users with a facility in which message confidentiality, authenticity, and integrity can be effected. PEM is compatible with RFC 822 message processing conventions and is transparent to SMTP mail relays. PEM uses symmetric cryptography — for example, the Data Encryption Standard (DES) — to provide (optional) encryption of messages. Although the RFCs permit the use of either symmetric or asymmetric (public key) cryptography (for instance, the RSA cryptosystem) to distribute symmetric keys, the RFCs strongly recommend the use of asymmetric cryptography for this purpose and to generate and validate digital signatures for messages and certificates. Public key management in PEM is based on the use of certificates as defined by the CCITT Directory Authentication Framework [CCIT88c]. A public key certification hierarchy for PEM is being established by the Internet Society. This certification hierarchy supports universal authentication of PEM users, under various policies, without the need for prior bilateral agreements among users or organizations with which the users may be affiliated.

Handbook of Applied Cryptography

Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

RTP: A Transport Protocol for Real-Time Applications

Abstract: This memorandum describes RTP, the real-time transport protocol. RTP provides end-to-end network transport functions suitable for applications transmitting real-time data, such as audio, video or simulation data, over multicast or unicast network services. RTP does not address resource reservation and does not guarantee quality-of-service for real-time services. The data transport is augmented by a control protocol (RTCP) to allow monitoring of the data delivery in a manner scalable to large multicast networks, and to provide minimal control and identification functionality. RTP and RTCP are designed to be independent of the underlying transport and network layers. The protocol supports the use of RTP-level translators and mixers.

Security Architecture for the Internet Protocol

Abstract: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK]

Comparative analysis of

Abstract: Border Gateway Protocol (BGP) is the protocol backing the core routing decisions on the Internet. It maintains a table of IP networks or 'prefixes' which designate network reachability among autonomous systems (AS). Point of concern in BGP is its lack of effective security measures which makes Internet vulnerable to different forms of attacks. Many solutions have been proposed till date to combat BGP security issues but not a single one is deployable in practical scenario. Any security proposal with optimal solution should offer adequate security functions, performance overhead and deployment cost. This paper critically analyzes the deployment issues of best three proposals considering trade-off between security functions and performance overhead.