Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
24 Nov 1998
TL;DR: It is proposed that bilateral service agreements are made for aggregate border-crossing traffic between neighboring administrative domains and that administrative domains make their own decision on strategies and protocols to use for internal resource management and QoS support.
Abstract: This draft proposes a two-tier resource management model for different iated services networks. Following the approach taken by the Internet routing architecture, we propos e that bilateral service agreements are made for aggregate border-crossing traffic between neighboring administrative domains. We also propose that administrative domains indivi dually make their own decision on strategies and protocols to use for internal resource managem e t and QoS support, both to meet internal client needs and to fulfill external commitm ents.
41 citations
DOI•
01 Jan 2009
TL;DR: This paper begins to examine the current state of affairs on VoIP/IMS security through a survey of known/disclosed security vulnerabilities in bug-tracking databases, as a starting point for understanding the threats and risks in a rapidly evolving set of technologies that are seeing increasing deployment and use.
Abstract: Voice over IP (VoIP) and Internet Multimedia Subsystem (IMS) technologies are rapidly being adopted by consumers, enterprises, governments and militaries. These technologies offer higher flexibility and more features than traditional telephony (PSTN) infrastructures, as well as the potential for lower cost through equipment consolidation and, for the consumer market, new business models. However, VoIP/IMS systems also represent a higher complexity in terms of architecture, protocols and implementation, with a corresponding increase in the potential for misuse. Here, we begin to examine the current state of affairs on VoIP/IMS security through a survey of known/disclosed security vulnerabilities in bug-tracking databases. This paper should serve as a starting point for understanding the threats and risks in a rapidly evolving set of technologies that are seeing increasing deployment and use. Our goal is to gain a better understanding of the security landscape with respect to VoIP/IMS, toward directing future research in this and other similar emerging technologies.
41 citations
Cites background from "Security Architecture for the Inter..."
...Alternatively, IPsec [ 25 ] may be used to protect all communications, regardless of the transport protocol....
[...]
Patent•
03 Feb 2011TL;DR: The Personal Virtual Bounded Local Area Network (personal VLAN) as mentioned in this paper is based on the use of a VLAN to partition a LAN segment logically into multiple VLANs by forwarding unicast and group frames only to those ports that serve the VLAN in which the frames belong.
Abstract: A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. In the preferred embodiment, a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP. In a preferred embodiment, the Personal VLAN bridge extends the standard VLAN bridge in at least any of the following ways: VLAN discovery in which a personal VLAN bridge provides a protocol for VLAN discovery; VLAN extension in which a Personal VLAN allows a station to create a new port that serves a new VLAN, or to join an existing VLAN via an authentication protocol; Logical ports in which a Personal VLAN bridge can maintain more than one logical port per physical port, and bridges between ports of any kind; and cryptographic VLAN separation.
41 citations
Patent•
05 Sep 2012
TL;DR: In this article, a system and methods for timing of a keep-alive messages used in a system for mobile network resource conservation and optimization are disclosed, which may be implemented on a system, of detecting a rate of content change at the content source and adjusting adjusts timing of keep-live messages sent to the mobile device based on the rate of change.
Abstract: Systems and methods for timing of a keep-alive messages used in a system for mobile network resource conservation and optimization are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, of detecting a rate of content change at the content source and adjusting adjusts timing of keep-alive messages sent to the mobile device based on the rate of content change. The timing of the keep-alive messages can further be determined using different polling rates for the content polls of the multiple applications on the mobile device detected by the local proxy.
41 citations
24 Jul 2011
TL;DR: The paper summarises the results of research activities performed by RSE to evaluate the exposition to cyber risks of the power grid control systems and defines a risk metric assigning a value to the cyber/power risk in relation to the occurrence rate of cyber contingencies and their impact on the power service.
Abstract: The paper summarises the results of research activities, both methodological and experimental, performed by RSE to evaluate the exposition to cyber risks of the power grid control systems. On the methodological side a risk metric has been defined assigning a value to the cyber/power risk in relation to the occurrence rate of cyber contingencies and their impact on the power service. The higher criticality threats have been experimented in the RSE Laboratory by simulating selected attack processes on telecontrol test beds of passive interconnected HV/MV distribution grids. The experiments concern cyber threats to ICT network components, such as routers and SCADA systems, having a critical role in power grid operation. The experiments assessed the residual vulnerabilities of protected IEC 60870–5–104 TCP/IP based communications between Control Centres and Substation Automation Systems in presence of attack processes assuming different degrees of knowledge about the attacked system's behaviour. The evaluation framework supporting the experimental activity allows monitoring the communication status through a set of measurements such as Inter Message Time, Number of Lost Messages, Inter Reconnection Time and Time To Failure. The knowledge and measures from controlled experiments are then exploited by the cyber-risk metrics to improve the estimation of the vulnerability and threat probabilities related to the successfulness of a given attack.
41 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations