Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Patent•
31 Jul 2012TL;DR: In this article, a general packet radio service (GPRS) tunnel protocol (GTP) is implemented in a packet core (PC) of a third generation (3G) network having a split architecture where a control plane of the PC of the 3G network is in a cloud computing system, the cloud system including a controller, the controller to execute a plurality of control plane modules, the control plane to communicate with the data plane of a PC through a control-plane protocol.
Abstract: A method for implementing a general packet radio service (GPRS) tunnel protocol (GTP) in a packet core (PC) of a third generation (3G) network having a split architecture where a control plane of the PC of the 3G network is in a cloud computing system, the cloud computing system including a controller, the controller to execute a plurality of control plane modules, the control plane to communicate with the data plane of the PC through a control plane protocol, the data plane implemented in a plurality of network elements of the 3G network by configuring switches implementing a data plane of the SGSN and GGSN and intermediate switches to establish a first and second GTP tunnel endpoint.
386 citations
31 May 2005
TL;DR: An overview of IT security issues in industrial automation systems which are based on open communication systems, which have a number of security-relevant characteristics distinct from the office IT systems are given.
Abstract: Modern industrial communication networks are increasingly based on open protocols and platforms that are also used in the office IT and Internet environment. This reuse facilitates development and deployment of highly connected systems, but also makes the communication system vulnerable to electronic attacks. This paper gives an overview of IT security issues in industrial automation systems which are based on open communication systems. First, security objectives, electronic attack methods, and the available countermeasures for general IT systems are described. General security objectives and best practices are listed. Particularly for the TCP/IP protocol suite, a wide range of cryptography-based secure communication protocols is available. The paper describes their principles and scope of application. Next, we focus on industrial communication systems, which have a number of security-relevant characteristics distinct from the office IT systems. Confidentiality of transmitted data may not be required; however, data and user authentication, as well as access control are crucial for the mission critical and safety critical operation of the automation system. As a result, modern industrial automation systems, if they include security measures at all, emphasize various forms of access control. The paper describes the status of relevant specifications and implementations for a number of standardized automation protocols. Finally, we illustrate the application of security concepts and tools by brief case studies describing security issues in the configuration and operation of substations, plants, or for remote access.
382 citations
Cites background from "Security Architecture for the Inter..."
...2) Internet Layer Security: Security at the Internet layer is provided by Internet Protocol Security (IPSec) [45]....
[...]
...However, IPSec, or more specifically its key exchange protocol IKE, is not designed to handle security associations for the multicast case [45]....
[...]
Proceedings Article•
01 Jan 2002TL;DR: It is concluded that 802.11 WEP is totally insecure, and some recommendations are provided to make the attack more efficient.
Abstract: We implemented an attack against WEP, the link-layer security protocol for 802.11 networks. The attack was described in a recent paper by Fluhrer, Mantin, and Shamir. With our implementation, and permission of the network administrator, we were able to recover the 128 bit secret key used in a production network, with a passive attack. The WEP standard uses RC4 IVs improperly, and the attack exploits this design failure. This paper describes the attack, how we implemented it, and some optimizations to make the attack more efficient. We conclude that 802.11 WEP is totally insecure, and we provide some recommendations.
379 citations
TL;DR: An overview of different approaches to provide security features to routing protocols in mobile ad hoc networks (MANET) is given and Secure AODV is described giving a summary of its operation and talking about future enhancements to the protocol.
Abstract: This article gives an overview of different approaches to provide security features to routing protocols in mobile ad hoc networks (MANET). It also describes Secure AODV (an extension to AODV that provides security features) giving a summary of its operation and talking about future enhancements to the protocol.
376 citations
17 Aug 2003
TL;DR: The SIGMA family of key exchange protocols as mentioned in this paper provides perfect forward secrecy via a Diffie-Hellman exchange authenticated with digital signatures, and is specifically designed to ensure sound cryptographic key exchange while providing a variety of features and trade-offs required in practical scenarios.
Abstract: We present the SIGMA family of key-exchange protocols and the “SIGn-and-MAc” approach to authenticated Diffie-Hellman underlying its design. The SIGMA protocols provide perfect forward secrecy via a Diffie-Hellman exchange authenticated with digital signatures, and are specifically designed to ensure sound cryptographic key exchange while providing a variety of features and trade-offs required in practical scenarios (such as optional identity protection and reduced number of protocol rounds). As a consequence, the SIGMA protocols are very well suited for use in actual applications and for standardized key exchange. In particular, SIGMA serves as the cryptographic basis for the signature-based modes of the standardized Internet Key Exchange (IKE) protocol (versions 1 and 2).
347 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations