Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Patent•
12 Sep 2002TL;DR: In this article, a method and system for authenticating a message is described, in which the message contains a network address, at least a portion of which is a digital fingerprint.
Abstract: A method and system for authenticating a message is described, in which the message contains a network address, at least a portion of which is a digital fingerprint. Embedded in the message is data, such as a code, that indicates the size of the digital fingerprint. A device receiving the message uses the size data and, for example, the public key of the sender to attempt to reproduce the digital fingerprint. If successful, the device receiving the message verifies the identity of the sender.
48 citations
01 Jan 1997
TL;DR: A set of characteristics that are common to all public-key in-frastructures are presented, intended to encapsulate the fundamental issues that arise when dealing with such systems, to enhance rather than restrict development in the field.
Abstract: ii ABSTRACT Public-key cryptography is fast becoming the foundation for online commerce and other applications that require security and authentication in an open network. The widespread use of public-key cryptography requires a public-key infrastructure to publish and manage public-key values. Without a functioning infrastructure , public-key cryptography is only marginally more useful than traditional, secret key cryptography. This thesis presents a set of characteristics that are common to all public-key in-frastructures. These criteria are intended to encapsulate the fundamental issues that arise when dealing with such systems. They can be used both as a " shopping list " for those who need to choose an infrastructure for a particular application, and as a guide for infrastructure developers, that they may be more aware of any compromises or tradeoffs they might make in their work. The characteristics are used to present a survey of current and some proposed infrastructure systems. The criteria reveal the strengths and weaknesses of each system, and indicate where improvements may be required. The characteristics presented here are intended to enhance rather than restrict development in the field. This is not necessarily an exhaustive list, and it is the author's intention to revise these criteria as new ideas emerge. iii RESUME La cryptographie à clé publique s'impose rapidement comme l'élément de base du commerce virtuel et d'autres applications exigeant des protocoles de sécurité et d'authentification dans un réseau ouvert. Son utilisation par le plus grand nombre nécessite une infrastructure permettant la publication et la gestion de clés publiques. Sans une infrastructure efficace, la cryptographie à clé publique ne saurait véritablement rendre de plus grands services que les méthodes classiques de cryptographie à clé secrète. La présente thèse propose un ensemble de caractéristiques communes à toutes les infrastructures de clés publiques, afin de résumer les problèmes fondamentaux que peuvent poser des systèmes de cette nature. Les personnes devant choisir une infrastructure convenant à une application en particulier pourront donc s'y reporter, tandis que les créateurs d'infrastructures y trouveront un aperçu des compromis qu'ils pourraient être tenus d'accepter. L'énoncé de ces caractéristiques correspond également à un survol des infrastructures existantes ainsi que de certains modèles à l'étude. Ces critères font ressortir les points forts et les points faibles de chaque système ainsi que les améliorations souhaitables. Ces caractéristiques sont présentées dans le but d'améliorer les progrès dans ce domaine, et non de les restreindre. La liste n'est pas forcément …
48 citations
01 Nov 2007
TL;DR: This document defines and formalizes the concept of channel bindings to secure layers and defines the channel bindings for several types of secure channels.
Abstract: The concept of channel binding allows applications to establish that
the two end-points of a secure channel at one network layer are the
same as at a higher layer by binding authentication at the higher
layer to the channel at the lower layer. This allows applications to
delegate session protection to lower layers, which has various
performance benefits. This document discusses and formalizes the
concept of channel binding to secure channels.
48 citations
Patent•
22 Dec 2015TL;DR: In this article, a method for forwarding packets in a network device is disclosed, which consists of receiving a packet and mapping the packet to a bucket, where the bucket is associated with a packet processing thread from a plurality of packet processing threads; and determining whether the packet process thread is oversubscribed.
Abstract: A method for forwarding packets in a network device is disclosed. The method comprises receiving a packet; mapping the packet to a bucket, where the bucket is associated with a packet processing thread from a plurality of packet processing threads; and determining whether the packet processing thread is oversubscribed. The method continues with, in response to determining that the packet processing thread is not oversubscribed, mapping the packet to the packet processing thread; and in response to determining that the packet processing thread is oversubscribed, the method comprises distributing the packet to one of the plurality of packet processing threads based on a predefined load balancing scheme, processing the packet in the one of the plurality of packet processing threads, and forwarding the packet according to a predetermined order, where the predetermined order is based on a position of the packet relative to other packets at their receipt.
48 citations
TL;DR: The security weaknesses of the BE IoT are surveyed, and the design of a secure deterministic industrial-tactile IoT core network, which can embed millions of distinct secure Deterministic virtual networks (SD-VNs) in layer 2, is presented.
Abstract: Today’s best-effort (BE) Internet of Things (IoT) faces challenges in providing the end-to-end-performance, security, and energy efficiency needed for the Smart Systems of the 21st century. These future smart systems will include smart cities , smart transportation systems , and smart manufacturing . This paper surveys the security weaknesses of the BE IoT. The BE-IoT cannot be partitioned into distinct interference-free virtual networks , which compromises performance, cyber-security, and energy efficiency. The design of a secure deterministic industrial-tactile IoT core network, which can embed millions of distinct secure deterministic virtual networks (SD-VNs) in layer 2, is then presented. Deterministic communications, combined with low-jitter scheduling, offers several benefits: 1) the removal of all congestion, interference, and DOS attacks; 2) a significant reduction in IoT router buffer sizes; 3) a significant reduction in IoT energy use; 4) a reduction of end-to-end IoT delays to the speed of light in fiber; and 5) deterministic packet-switches are relatively easy to synthesize using FPGA technologies. These benefits apply to optical and 5G wireless networks. Future smart systems can reserve their own congestion-free SD-VNs in layer 2 to manage their traffic, with significantly improved performance, security, and energy efficiency. A speed-of-light deterministic IoT core network can transform cloud services in the 21st century by exploiting a new technology: FPGAs combined with silicon photonics transceivers to achieve terabits/second of optical bandwidth. To illustrate the transformational potential, Big Data green cloud computing over a secure deterministic IoT spanning the European Union is explored.
48 citations
Cites methods from "Security Architecture for the Inter..."
...A service-provider can use a technology such as Internet Protocol Security (IPsec) to secure the P2P links in the IP layer (layer 3) [26]....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations