Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
23 Sep 2003
TL;DR: The technical considerations and experimental results strongly emphasized the better scalability and reliability of the MPLS/BGP model that seems to be the most promising approach for the provisioning of VPN services on the future Giga-speed optical backbones.
Abstract: The rapid growth of the Internet and the widespread deployment of networks built around the Internet protocol suite are creating a demand for new capabilities in IP networks. The IP-based virtual private network (VPN) technology is rapidly becoming the foundation for the delivery of future Internet services, and many service providers are offering value-added applications on top of their VPN transport networks. Two unique and complementary architectures based on traditional industry standard encrypted tunnels (IPSec) and still developing multiprotocol label switching (MPLS) technologies are emerging to form the predominant framework for delivery of high performance VPN services. We analyzed the strengths and the weaknesses of both the approaches, and compared their performance and scalability features by carefully testing them against the requirements of the future optical high performance backbones. Our technical considerations and experimental results strongly emphasized the better scalability and reliability of the MPLS/BGP model that seems to be the most promising approach for the provisioning of VPN services on the future Giga-speed optical backbones.
36 citations
Patent•
30 Oct 2003TL;DR: The IEEE 802.1Q VLAN bridge model has been extended with three extensions in this paper : cryptographic separation of VLANs over trunk links, division of a trunk port into inbound and outbound ports, and a protocol that automatically infers for each outbound port, a set of LAN segment types for the port that minimizes the number of transfers between encapsulated and unencapsulated segments required to transport a frame in the bridged VLAN.
Abstract: The invention comprises three extensions of the IEEE 802.1Q VLAN bridge model. The first extension is the cryptographic separation of VLANs over trunk links. A LAN segment type referred to as an encapsulated LAN segment is introduced. All frames on such a segment are encapsulated according to an encryption and authentication code scheme. The second extension is the division of a trunk port into inbound and outbound ports. The third extension is a protocol that automatically infers for each outbound port in a bridged VLAN, a set of LAN segment types for the port that minimizes the number of transfers between encapsulated and unencapsulated segments required to transport a frame in the bridged VLAN.
35 citations
Patent•
31 May 2000TL;DR: In this paper, a method and apparatus for generating an identification to be used for a connection in a network is presented, which is generated by adding a reuse information (reuse field or bit) to an allocated identifier to increase the time period until the same identification is generated again.
Abstract: The present invention relates to a method and apparatus for generating an identification to be used for a connection in a network. The identification is generated by adding a reuse information (reuse field or bit) to an allocated identifier to thereby increase the time period until the same identification is generated again. The reuse information is updated and used for generating the new identification when the allocated identifier is reallocated to a new connection. Since the time period until the same identification is reused is increased, the risk of misrouting any data packets relating to a destroyed connection can be significantly reduced.
35 citations
Patent•
18 Dec 2001
TL;DR: In this paper, a GPRS-based communications network that includes a Serving GPN (SGSN) and a Gateway GNN (GGSN) assigns an IPv4 address to a mobile station in a GPN-based network that conserves IPv4 addresses and simultaneously maintains end-to-end security and application friendliness.
Abstract: A General Packet Radio System (GPRS)-based communications network that includes a Serving GPRS Support Node (SGSN) and a Gateway GPRS Support Node (GGSN) assigns an IPv4 address to a mobile station in a GPRS-based network that conserves IPv4 addresses and simultaneously maintains end-to-end security and application friendliness. The SGSN receives from a mobile station an Activate PDP Context Request message having an APN field that requests a private or a public network address. The SGSN then sends a Create PDP Context Request message to the GGSN. The GGSN assigns a private or a public network address to the mobile station, and sends a Create PDP Context Response message to the SGSN. In turn, the SGSN sends an Activate PDP Context Accept message to the mobile station assigning a private or a public network address to the mobile station.
35 citations
01 Jan 1998
TL;DR: The focus of this study is on federated trading, but trading problems in traditional distributed environments are also discussed, and the design, implementation and performance of the DRYAD trading system is presented.
Abstract: The current development of computing and telecommunication environments aims towards interoperability across separate platforms and organisations in a world-wide fashion. Interoperability means that software components can be exploited from arbitrary computers in such a way that the service semantics is preserved. The mechanisms supporting interoperability at the application level must mask heterogeneity of the compound computing environment. The term ‘open distributed processing’ does not currently have a single, commonly accepted interpretation. Therefore, the main system architecture models are critically analysed in order to contrast the facilities for interoperation in each model. The focus of this dissertation is on the problems arising when the interoperating computing systems are controlled by autonomous organisations, i.e., problems of federated systems. Federations between sovereign systems involve exploitation of open interfaces and run-time information about the system facilities. Open systems, especially federated systems, must be based on a shared, very high level architecture model. The Open Distributed Processing (ODP) framework standard has been developed to enable world-wide computing services to evolve. Among other specifications, the family of ODP standards also identifies a set of fundamental services required from each participating system. The trading service is one of the essential meta-information services of open systems. Trading presents a global mediator for information about available services and their properties. This dissertation presents work on the provision of the trading functionality. It analyses the requirements of trading designs and the ways trading function interacts with the system environment. The focus of this study is on federated trading, but trading problems in traditional distributed environments are also discussed. Furthermore, the design, implementation and performance of the DRYAD trading system is presented. In addition, exploitation scenarios for trading functionality in open distributed environments are analysed. Special attention is given for the use of trading in the explicit exchange, negotiation, and contract establishment required for interoperation in federated environments. The trading functionality is a powerful tool to be used within the open infrastructure to support controlled cooperation between autonomous organisations. It allows construction of a worldwide computing environment that tolerates the constant evolution of services and applications. The exploitation of such a world-wide system requires software engineering tools that are based on the open system services. Therefore, major changes are expected in the areas of application architectures and software development processes within the next few years. Computing Reviews (1998)
35 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations