Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
•
22 Jun 2016TL;DR: This paper presents SoftFlow, an extension of Open vSwitch that seamlessly integrates middlebox functionality while maintaining the familiar OpenFlow forwarding model and performing significantly better than alternative techniques for middlebox integration.
Abstract: Open vSwitch is a high-performance multi-layer virtual switch that serves as a flexible foundation for building virtualized, stateless Layer 2 and 3 network services in multitenant datacenters. As workloads become more sophisticated, providing tenants with virtualized middlebox services is an increasingly important and recurring theme, yet it remains difficult to integrate these stateful services efficiently into Open vSwitch and its OpenFlow forwarding model: middleboxes perform complex operations that depend on internal state and inspection of packet payloads - functionality which is impossible to express in OpenFlow. In this paper, we present SoftFlow, an extension of Open vSwitch that seamlessly integrates middlebox functionality while maintaining the familiar OpenFlow forwarding model and performing significantly better than alternative techniques for middlebox integration.
49 citations
••
TL;DR: It is demonstrated that randomization can be a very competitive approach even in hostile environments where arbitrary faults can occur, and a stack of randomized intrusion-tolerant protocols is described and its performance evaluated under several settings.
Abstract: Randomized agreement protocols have been around for more than two decades. Often assumed to be inefficient due to their high expected communication and computation complexities, they have remained overlooked by the community-at-large as a valid solution for the deployment of fault-tolerant distributed systems. This paper aims to demonstrate that randomization can be a very competitive approach even in hostile environments where arbitrary faults can occur. A stack of randomized intrusion-tolerant protocols is described and its performance evaluated under several settings in both local-area-network (LAN) and wide-area-network environments. The stack provides a set of relevant services ranging from basic communication primitives up to atomic broadcast. The experimental evaluation shows that the protocols are efficient, especially in LAN environments where no performance reduction is observed under certain Byzantine faults.
49 citations
01 Jan 2002
TL;DR: A simulation study of the performance of the current IETF approach to authenticating mobile nodes by means of an integrated Authentication, Authorization and Accounting (AAA) infrastructure finds that the use of asymmetric cryptography would possibly lead to overload situations under the investigated conditions.
Abstract: This article 1 describes a simulation study of the performance of the current IETF approach to authenticating mobile nodes by means of an integrated Authentication, Authorization and Accounting (AAA) infrastructure. The main findings of the study are: 1) the delay experienced by a mobile node in case of a full authentication dialogue involving entities of the mobile node’s home network is largely determined by the end-to-end delay between the foreign and the home network, 2) the workload of AAA servers remains moderate in case of a load- and mobility model inspired by established values of GSM networks as well as in case of a more progressive mobility model [5], and 3) the workload of AAA servers grows infinitely under both mobility models if cryptographic algorithms are used that require about 100 (30) times the processing capabilities of algorithms currently envisaged by the IETF (cryptographic hash functions and symmetric encryption). An important consequence of this finding is that the use of asymmetric cryptography would possibly lead to overload situations under the investigated conditions.
48 citations
•
06 Dec 2012
TL;DR: In this article, redundantly clustered machines are used to provide failover mechanisms for mobile traffic management and network resource conservation including, a first set of redundant clustered machines coupled to a second set of redundancy-clustered machines via a common repository node.
Abstract: Systems of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation are disclosed. One embodiment includes a system of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation including, a first set of redundantly clustered machines coupled to a second set of redundantly clustered machines via a common repository node where each of the first and second set of redundantly clustered machines function independently to provide mobile traffic management or network resource conservation services. The first and second set of redundantly clustered machines can be physically located in different data centers or in the same data center.
48 citations
••
TL;DR: An overview of the issues the CDMA community has encountered in standardizing a mobile IP-based network architecture in a cellular telephony environment, including current points of contention, is given and a summary of the current state of the standards is given.
Abstract: The CDMA community, under the umbrella of the 3rd Generation Partnership Project 2, has embarked on a standardization effort for wireless data based on mobile IP. Important issues addressed include the link layer interface to a mobile IP foreign agent; how link-layer mobility interacts with IP-layer mobility; how virtual private network services will be supported; and how to provide authentication, authorization, and accounting in a cellular mobile IP environment. Members of 3GPP2 are also active in the Internet Engineering Task Force's mobile IP, ROAMOPS, and AAA working groups. Based on our experiences in this effort, this article gives an overview of the issues we have encountered in standardizing a mobile IP-based network architecture in a cellular telephony environment, including current points of contention, and gives a summary of the current state of the standards.
48 citations
References
More filters
••
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
••
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations