Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
01 Nov 2011
TL;DR: This work describes a Self-shielding Dynamic Network Architecture (SDNA) which allows multiple types of dynamics to be constructively combined and can be either completely prevented or severely limited by SDNA.
Abstract: The current static nature of computer networks allows attackers to gather intelligence, perform planning, and then execute attacks at will. This situation creates a low barrier of entry and assures that any given computer network will eventually be successfully attacked. In particular, once an attacker has gained access to a node within an enclave, there is little to stop a determined attacker from eventually accessing other hosts and services within the enclave. To reduce the impact of an attack in the time frame between when the attack begins and when the attacker is (eventually) detected and removed, we propose a fundamental change to the nature of the network by introducing cryptographically-strong dynamics. In this work, we describe a Self-shielding Dynamic Network Architecture (SDNA) which allows multiple types of dynamics to be constructively combined. We have implemented SDNA on real hardware in a testbed network and have designed SDNA to eliminate many of the technical challenges, user impacts, and compatibility issues faced by such an architecture. Through the use of a hypervisor, SDNA is transparent to the OS and is not noticeable to the average user. SDNA can also be added to an existing network with little to no infrastructure or configuration changes. At the same time, many classes of attacks can be either completely prevented or severely limited by SDNA.
42 citations
01 Mar 2005
TL;DR: This document specifies two IP-based encapsulations: MPLS-in- IP and MPLS -in-GRE (Generic Routing Encapsulation).
Abstract: Various applications of MPLS make use of label stacks with multiple
entries. In some cases, it is possible to replace the top label of the
stack with an IP-based encapsulation, thereby enabling the application
to run over networks that do not have MPLS enabled in their core
routers. This document specifies two IP-based encapsulations: MPLS-in-
IP and MPLS-in-GRE (Generic Routing Encapsulation). Each of these is
applicable in some circumstances. [STANDARDS-TRACK]
42 citations
TL;DR: A novel approach in power line communication that delivers high resilient communication capable of efficiently transmitting IPv6 and demonstrates the capability of PLC to efficiently handle IPv6 in the field level of the smart grid.
Abstract: The Internet Protocol version 6 is expected to be a strong enabler for the smart grid, promising seamless communication and network technology independence. However, IP has to be delivered to the last node in the field in order to become the lingua franca of the future smart grid. This article presents a novel approach in power line communication that delivers high resilient communication capable of efficiently transmitting IPv6. Based on the requirements of smart grid applications, the architecture of the communication system developed in the DLC+VIT4IP project is presented. New techniques for integrating IPv6, IPsec security, robust header compression, and end-to-end QoS are described, demonstrating the capability of PLC to efficiently handle IPv6 in the field level of the smart grid.
42 citations
TL;DR: This paper overviews the mechanisms serving time synchronization for the smart grid, analyzing their security aspects and review their pitfalls, and the standardization efforts to meet the grid's timing needs.
Abstract: The need to dynamically monitor the modern power grid, react to its disturbances, control, and protect its operations requires the availability of globally synchronized measurement devices. Accurate time synchronization across these devices is as essential as the services they provide. The secure operation of the time supplying mechanisms soar among the main concerns on the path towards the smart grid. In this paper, we overview the mechanisms serving time synchronization for the smart grid. We analyze their security aspects and review their pitfalls. The standardization efforts to meet the grid’s timing needs are also presented. Finally, gaps revealed through the analysis are disclosed and mitigation strategies are proposed.
41 citations
01 Jan 2005
TL;DR: This paper considers the vulnerabilities of existing interdomain routing and surveys works relating to BGP security, and centrally note that no current solution has yet found an adequate balance between comprehensive security and deployment cost.
Abstract: The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance BGP has been historically acceptable, there are mounting concerns about its ability to meet the needs of the rapidly evolving Internet. A central limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past e!orts at securing interdomain routing. This paper considers the vulnerabilities of existing interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their design considered. We centrally note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further introspection on the problems and solutions of BGP security.
41 citations
Cites background from "Security Architecture for the Inter..."
...IPsec is not specific to BGP, but is a suite of protocols that provide security at the network layer [Kent and Atkinson 1998c; Thayer et al. 1998]....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations