Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Patent•
28 Mar 2002TL;DR: In this paper, a data protection system that includes a multiplicity of terminals, and an encryption device that encrypts distribution data that is distributed to each terminal is presented, where each terminal corresponded with one node on a lowest level of 4-ary tree structure or the like that has a plurality of hierarchies.
Abstract: The present invention is a data protection system that includes a multiplicity of terminals, and an encryption device that encrypts distribution data that is distributed to each terminal. Each terminal is corresponded with one node on a lowest level of 4-ary tree structure or the like that has a plurality of hierarchies. The data protection system, for each node in the tree structure, excluding those on the lowest level, determines a plurality of combination patterns that include combinations of two or more of all four nodes that are reached one level below the node, decides an individual decryption key for each determined combination pattern, further decides an individual decryption key for each node on the lowest level, and has each terminal store all decryption keys decided for the nodes on the path from the node on the lowest level that corresponds to the terminal through to the node on the highest level.
49 citations
TL;DR: An improved protocol for SIP authentication is proposed by using elliptic curve cryptography that encounters the previous threat with enhanced security and shows that proposed scheme is suitable for applications with higher security requirements.
Abstract: Session initiation protocol SIP provides the basis for establishing the voice over internet protocol sessions after authentication and exchanging signaling messages. SIP is one of the significant and extensively used protocols in the multimedia protocol stack. Since the RFC2617 was put forth, numerous schemes for SIP authentication have been presented to overcome the flaws. Recently, in 2012, Tang and Liu proposed SIP based authentication protocol and claimed for eliminating the threats in Arshad and Ikram protocol. However the scheme can be made more robust by making further improvements, as the former scheme may come under a threat by adversaries through impersonating a server, given that the user password is compromised. We have proposed an improved protocol for SIP authentication by using elliptic curve cryptography that encounters the previous threat with enhanced security. The analysis shows that proposed scheme is suitable for applications with higher security requirements. Copyright © 2013 John Wiley & Sons, Ltd.
49 citations
01 Jan 2004
TL;DR: This presentation discusses attacks with New Considerations in IPv6 with strong IPv4 and IPv6 Similarities, as well as attacks with Strong IPv3 and IPv4 Similarities.
Abstract: 3.1 Attacks with New Considerations in IPv6 4 3.1.1 Reconnaissance 4 3.1.2 Unauthorized Access 7 3.1.3 Header Manipulation and Fragmentation 11 3.1.4 Layer 3-Layer 4 Spoofing 13 3.1.5 ARP and DHCP Attacks 15 3.1.6 Broadcast Amplification Attacks (smurf) 16 3.1.7 Routing Attacks 17 3.1.8 Viruses and Worms 18 3.1.9 Translation, Transition, and Tunneling Mechanisms 19 3.2 Attacks with Strong IPv4 and IPv6 Similarities 20 3.2.1 Sniffing 20 3.2.2 Application Layer Attacks 21 3.2.3 Rogue Devices 21 3.2.4 Man-in-the-Middle Attacks 21 3.2.5 Flooding 21
49 citations
Cites background from "Security Architecture for the Inter..."
...However, because IPv6 mandates the inclusion of IP Security (IPsec) [3], it has often been stated that IPv6 is more secure than IPv4....
[...]
...txt [3] S Kent, R Atkinson, “Security Architecture for the Internet Protocol” (November 1998), RFC 2401 at http://www....
[...]
Patent•
27 Mar 2003TL;DR: Disclosed as mentioned in this paper is an authentication mechanism that provides much of the security of heavyweight authentication mechanisms, but with lower administrative and communicative overhead while at the same time not being limited to a 64-bit limit on the length of a cryptographic hash value.
Abstract: Disclosed is an authentication mechanism that provides much of the security of heavyweight authentication mechanisms, but with lower administrative and communicative overhead while at the same time not being limited to a 64-bit limit on the length of a cryptographic hash value. Removal of this limitation is achieved by increasing the cost of both address generation and brute-force attacks by the same parameterized factor while keeping the cost of address use and verification constant. The address owner computes two hash values using its public key and other parameters. The first hash value is used by the owner to derive its network address. The purpose of the second hash is to artificially increase that computational complexity of generating new addresses and, consequently, the cost of brute-force attacks. As another measure against brute-force attacks, the routing prefix (i.e., the non-node selectable portion) of the address is included in the first hash input.
49 citations
Patent•
IBM1
TL;DR: In this article, an audio stream is securely transformed to an encoded text stream (such as an ASCII, EBCDIC, or Unicode text stream), and the authenticated identities of the components performing the transformation can also be determined from the cryptographically-protected information.
Abstract: A method, system, computer program product, and method of doing business by providing improved audio compression wherein an audio stream is securely transformed to an encoded text stream (such as an ASCII, EBCDIC, or Unicode text stream). One or more components which are involved in the transformation process are authenticated. A unique identifier of each such component is included within cryptographically-protected information that is provided for the encoded text stream. A digital signature is preferably used for the cryptographic protection, thereby digitally notarizing the encoded text stream. The authenticity and integrity of the encoded text stream can therefore be verified. In preferred embodiments, the authenticated identities of components performing the transformation can also be determined from the cryptographically-protected information. The encoded text stream will typically require much less storage space than the audio stream, and providing the digital notarization along with the encoded text stream serves to reliably establish evidence of the contents of the audio stream (even though a perfect speech-to-text transformation might not be achieved).
49 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations