Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: This analysis leads to a fast and secure multihop broadcast algorithm for vehicular communication, which is proved to be resilient to security attacks.
Abstract: Intervehicular communication (IVC) is an important emerging research area that is expected to considerably contribute to traffic safety and efficiency. In this context, many possible IVC applications share the common need for fast multihop message propagation, including information such as position, direction, and speed. However, it is crucial for such a data exchange system to be resilient to security attacks. Conversely, a malicious vehicle might inject incorrect information into the intervehicle wireless links, leading to life and money losses or to any other sort of adversarial selfishness (e.g., traffic redirection for the adversarial benefit). In this paper, we analyze attacks to the state-of-the-art IVC-based safety applications. Furthermore, this analysis leads us to design a fast and secure multihop broadcast algorithm for vehicular communication, which is proved to be resilient to the aforementioned attacks.
49 citations
Posted Content•
TL;DR: A design philosophy for interoperable blockchain systems is discussed, using the design philosophy of the Internet architecture as the basis to identify key design principles that are informing the interoperability architecture of the MIT Tradecoin system.
Abstract: In this paper we discuss a design philosophy for interoperable blockchain systems, using the design philosophy of the Internet architecture as the basis to identify key design principles. Several interoperability challenges are discussed in the context of cross-domain transactions. We illustrate how these principles are informing the interoperability architecture of the MIT Tradecoin system.
49 citations
TL;DR: This paper considers how the neighbor discovery protocols provide address-resolution services and allow hosts to find and keep track of routers, determine when a neighbor becomes unreachable, and switch dynamically to backup routers should the ones they are using fail.
Abstract: The next-generation Internet Protocol, IPv6, includes autoconfiguration facilities that allow IPv6 hosts to plug into the network and start communicating with no special configuration required. These facilities address the requirements of hosts connecting to isolated standalone networks (such as home networks). The paper considers how the neighbor discovery protocols provide address-resolution services and allow hosts to find and keep track of routers, determine when a neighbor becomes unreachable, and switch dynamically to backup routers should the ones they are using fail.
49 citations
TL;DR: The topics covered include IPv6 addressing and routing concepts, changes to the minimum IPv6 packet size, flows, and traffic classes, the neighbor discovery and node auto-configuration mechanisms, and an overview of mobile IPv6 and the network security architecture.
Abstract: This article presents an overview of several key improvements offered by the Internet protocol version 6 (IPv6) over current Internet protocol version 4 (IPv4). The topics covered include IPv6 addressing and routing concepts, changes to the minimum IPv6 packet size, flows, and traffic classes, the neighbor discovery and node auto-configuration mechanisms, and an overview of mobile IPv6 and the network security architecture. Transition mechanisms, such as dual stacks and the 6bone, are also discussed. The 6bone is a virtual network that is used to help test and facilitate the development of IPv6. Key concepts associated with the 6bone, such as setup requirements, IPv6 DNS support, and tunnel mechanics, are also presented.
49 citations
Cites methods from "Security Architecture for the Inter..."
...The IP security architecture [ 20 ] is required for every IPv6 implementation and is applicable to, but not required for, IPv4....
[...]
Patent•
26 Jul 2002TL;DR: In this paper, the Java Secure Sockets Extension (JSSE) version of SSL is used to authenticate requests for an external connection to a firewall computer in order to prevent incoming data connections from outside of the corporate computer network.
Abstract: In a method of establishing a secure data connection, a corporate computer network comprises a LAN to which is connected a first, second and third client computer. At the boundary of the corporate computer network is a firewall computer (hereinafter simply referred to as 'the firewall'). The firewall is configured to prevent incoming data connections being made to the LAN from outside of the corporate computer network. As well as preventing incoming communications with the LAN, the firewall is also configured to control connections requested from within the corporate computer network to external computers. Indeed, for security purposes, the firewall is configured to require authentication of such requests for an external connection (i.e. to verify who is actually making the request) prior to establishing the external connection. This authentication is performed using the SSL protocol. In this case, the Java Secure Sockets Extension (JSSE) version of SSL is used. Multiple SSL sessions are used, firstly to obtain the necessary authentication of the relevant client computer to the firewall, and then to obtain a secure connection between the client computer and a destination computer. These multiple SSL sessions are set-up in a nested manner, the general method being applicable to situations where a larger number of SSL sessions are required.
49 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations