Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: The ring-based configuration of the NIST submission Round5, a Ring Learning with Rounding (RLWR)-based IND-CPA secure public-key encryption scheme, was presented in this article.
Abstract: We present the ring-based configuration of the NIST submission Round5, a Ring Learning with Rounding (RLWR)- based IND-CPA secure public-key encryption scheme. It combines elements of the NIST candidates Round2 (use of RLWR as underlying problem, having \(1+x+\ldots +x^n\) with \(n+1\) prime as reduction polynomial, allowing for a large design space) and HILA5 (the constant-time error-correction code XEf). Round5 performs part of encryption, and decryption via multiplication in \(\mathbb {Z}_{p}[x]/(x^{n+1}-1)\), and uses secret-key polynomials that have a factor \((x-1)\). This technique reduces the failure probability and makes correlation in the decryption error negligibly low. The latter allows the effective application of error correction through XEf to further reduce the failure rate and shrink parameters, improving both security and performance.
45 citations
04 Apr 2005
TL;DR: This paper proposes a new authentication mechanism that treats the invariant CRC (ICRC) field as an authentication tag, which is compatible with current IBA specification and dramatically enhances IBA's authentication capability without hampering IBA performance benefit.
Abstract: The InfiniBand/spl trade/ architecture (IBA) is a new promising I/O communication standard positioned for building clusters and system area networks (SANs). However, the IBA specification has left out security resulting in potential security vulnerabilities, which could be exploited with moderate effort. In this paper, we view these vulnerabilities from three classical security aspects: availability, confidentiality, and authentication. For better availability of IBA, we recommend that a switch be able to enforce partitioning for data packets for which we propose an efficient implementation method using trap messages. For confidentiality, we encrypt only secret keys to minimize performance degradation. The most serious vulnerability in IBA is authentication since IBA authenticates packets solely by checking the existence of plaintext keys in the packet. In this paper, we propose a new authentication mechanism that treats the invariant CRC (ICRC) field as an authentication tag, which is compatible with current IBA specification. When analyzing the performance of our authentication approach along with other authentication algorithms, we observe that our approach dramatically enhances IBA's authentication capability without hampering IBA performance benefit. Furthermore, simulation results indicate that our methods enhance security in IBA with marginal performance overhead.
45 citations
TL;DR: In this article, the authors provide an overview of AANET solutions by characterizing the associated scenarios, requirements and challenges, and identify the remaining challenges associated with developing AANets and present their prospective solutions as well as open issues.
Abstract: The engineering vision of relying on the ``smart sky" for supporting air traffic and the ``Internet above the clouds" for in-flight entertainment has become imperative for the future aircraft industry. Aeronautical ad hoc Networking (AANET) constitutes a compelling concept for providing broadband communications above clouds by extending the coverage of Air-to-Ground (A2G) networks to oceanic and remote airspace via autonomous and self-configured wireless networking amongst commercial passenger airplanes. The AANET concept may be viewed as a new member of the family of Mobile ad hoc Networks (MANETs) in action above the clouds. However, AANETs have more dynamic topologies, larger and more variable geographical network size, stricter security requirements and more hostile transmission conditions. These specific characteristics lead to more grave challenges in aircraft mobility modeling, aeronautical channel modeling and interference mitigation as well as in network scheduling and routing. This paper provides an overview of AANET solutions by characterizing the associated scenarios, requirements and challenges. Explicitly, the research addressing the key techniques of AANETs, such as their mobility models, network scheduling and routing, security and interference are reviewed. Furthermore, we also identify the remaining challenges associated with developing AANETs and present their prospective solutions as well as open issues. The design framework of AANETs and the key technical issues are investigated along with some recent research results. Furthermore, a range of performance metrics optimized in designing AANETs and a number of representative multi-objective optimization algorithms are outlined.
45 citations
01 Jan 2005
TL;DR: Not only are mobile devices getting smaller, cheaper, more convenient, and more powerful, they also run more applications and network services, which are fueling the explosive growth of the mobile computing equipment market seen today.
Abstract: The wireless arena has been experiencing exponential growth in the past decade. We have seen great advances in network infrastructures, growing availability of wireless applications, and the emergence of omnipresent wireless devices such as portable or handheld computers, PDAs, and cell phones, all getting more powerful in their capabilities. These devices are now playing an ever-increasingly important role in our lives. To mention only a few examples, mobile users can rely on their cellular phone to check e-mail and browse the Internet; travelers with portable computers can surf the internet from airports, railway stations, cafes, and other public locations; tourists can use GPS terminals installed inside rental cars to view driving maps and locate tourist attractions; files or other information can be exchanged by connecting portable computers via wireless LANs while attending conferences; and at home, a family can synchronize data and transfer files between portable devices and desktops. Not only are mobile devices getting smaller, cheaper, more convenient, and more powerful, they also run more applications and network services. All of these factors are fueling the explosive growth of the mobile computing equipment market seen today. Market reports from independent sources show that the worldwide number of cellular users has been doubling every 11⁄2 years, with the total number growing from 23 million in 1992 to 860 million in June 2002. This growth is being fueled further by the exploding number of
45 citations
01 Nov 2001
TL;DR: The IP Measurement Protocol (IPMP) is presented as a protocol that addresses several of the limitations discussed, and can be avoided in current packet probing techniques.
Abstract: Packet probing is an important Internet measurement technique, supporting the investigation of packet delay, path, and loss. Current packet probing techniques use Internet Protocols such as the Internet Control Message Protocol (ICMP), the User Datagram Protocol (UDP), and the Transmission Control Protocol (TCP). These protocols were not originally designed for measurement purposes. Current packet probing techniques have several limitations that can be avoided. The IP Measurement Protocol (IPMP) is presented as a protocol that addresses several of the limitations discussed.
45 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations