Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
26 Dec 2007
TL;DR: The aim of the paper is to discuss the advantages and disadvantages of the DTN approach compared to more conventional solutions, and to assess DTN performance by using a testbed based on a cluster of Linux PCs running theDTNperf application.
Abstract: Satellite communications pose serious challenges to transport layer performance, mainly because of long propagation delays (especially in geosynchronous systems) and the possible presence of random errors on the satellite link. Solutions that cope with these impairments usually rely upon either the adoption of enhanced versions of transport protocols, or the insertion of intermediate agents, like PEPs (Performance Enhancing Proxy). An alternative approach is to adopt DTN (Delay/Disruption Tolerant Network) architecture, based on the introduction of the new "bundle" layer in the protocol stack. The aim of the paper is to discuss the advantages and disadvantages of the DTN approach compared to more conventional solutions. DTN performance is assessed by using a testbed based on a cluster of Linux PCs running the DTNperf application, which was developed to this end by the authors and now included in the official DTN package. Preliminary results are presented and discussed in the paper.
35 citations
TL;DR: This work proposes a design and implementation of a lightweight bootstrapping service for IoT networks that leverages one of the application protocols used in IoT : Constrained Application Protocol (CoAP), and named this service CoAP-EAP.
Abstract: The Internet of Things (IoT) is becoming increasingly important in several fields of industrial applications and personal applications, such as medical e-health, smart cities, etc. The research into protocols and security aspects related to this area is continuously advancing in making these networks more reliable and secure, taking into account these aspects by design. Bootstrapping is a procedure by which a user obtains key material and configuration information, among other parameters, to operate as an authenticated party in a security domain. Until now solutions have focused on re-using security protocols that were not developed for IoT constraints. For this reason, in this work we propose a design and implementation of a lightweight bootstrapping service for IoT networks that leverages one of the application protocols used in IoT : Constrained Application Protocol (CoAP). Additionally, in order to provide flexibility, scalability, support for large scale deployment, accountability and identity federation, our design uses technologies such as the Extensible Authentication Protocol (EAP) and Authentication Authorization and Accounting (AAA). We have named this service CoAP-EAP. First, we review the state of the art in the field of bootstrapping and specifically for IoT. Second, we detail the bootstrapping service: the architecture with entities and interfaces and the flow operation. Third, we obtain performance measurements of CoAP-EAP (bootstrapping time, memory footprint, message processing time, message length and energy consumption) and compare them with PANATIKI. The most significant and constrained representative of the bootstrapping solutions related with CoAP-EAP. As we will show, our solution provides significant improvements, mainly due to an important reduction of the message length.
35 citations
11 Dec 2010
TL;DR: A thorough analysis of the major security issue in wireless sensor networks is made and the ongoing aspect of further development to designers in their struggle to implement the most cost effective and appropriate method of securing their network is presented.
Abstract: Wireless sensor networks are a new type of networked systems, characterized by severely constrained computational and energy resources, and an ad hoc operational environment. When wireless sensor networks are deployed in a hostile terrain, security becomes extremely important, as they are prone to different types of malicious attacks. Due to the inherent resource limitations of sensor nodes, existing network security methods, including those developed for Mobile Ad-Hoc Networks, are not well suitable for wireless sensor networks. As a crucial issue security in wireless sensor networks has attracted a lot of attention in the recent year. This paper made a thorough analysis of the major security issue and presented the ongoing aspect of further development to designers in their struggle to implement the most cost effective and appropriate method of securing their network.
35 citations
Patent•
21 Sep 2001TL;DR: In this article, the authors describe a system for managing network connectivity for mobile users, particularly when a mobile user roams between two networks or between two subnets of a network.
Abstract: Systems and methods are described for managing network connectivity for mobile users, particularly when a mobile user roams between two networks or between two subnets of a network. An announcer signal is broadcast by a host organization. The announcer signal includes a network identifier, an authorizer address and a verifier address. A mobile client monitors for the announcer signal and, when detected, provides an option to connect to the network via the authorizer. Once authorization is obtained, the mobile client communicates with the network through the verifier. The verifier received tagged data packets from a mobile client and only accepts the data packets if a valid tag (created with an authorization key) is included therewith. Multiple verifiers may be used to provide load balancing and fault tolerance (in the event a verifier fails). If a mobile client disconnects from a network and later reconnects, the mobile client does not have to be re-authorized if the mobile client still has a valid authorization key.
35 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations