scispace - formally typeset
Search or ask a question

Security Architecture for the Internet Protocol

01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK]

Content maybe subject to copyright    Report

Citations
More filters
01 Feb 2004
TL;DR: This document describes the method detecting a dead Internet Key Exchange (IKE) peer that is presently in use by a number of vendors, and uses IPSec traffic patterns to minimize the number of IKE messages that are needed to confirm liveness.
Abstract: This document describes the method detecting a dead Internet Key Exchange (IKE) peer that is presently in use by a number of vendors. The method, called Dead Peer Detection (DPD) uses IPSec traffic patterns to minimize the number of IKE messages that are needed to confirm liveness. DPD, like other keepalive mechanisms, is needed to determine when to perform IKE peer failover, and to reclaim lost resources.

34 citations

Proceedings ArticleDOI
03 Dec 2003
TL;DR: A fully integrated and synthesizable cipher core supporting the advanced encryption standard - Rijndael is presented, designed and fabricated using TSMC 0.18 /spl mu/m technology.
Abstract: The growth of the Internet as a vehicle for secure communication and electronic commerce has brought cryptographic processing performance to the forefront of high throughput system design. This trend will gain further momentum with the widespread adoption of secure protocols such as secure IP (IPSEC) and virtual private networks (VPNs). In this paper, we present a fully integrated and synthesizable cipher core supporting the advanced encryption standard - Rijndael. We designed and fabricated the fully integrated core $key scheduler, encipher, and decipher using TSMC 0.18 /spl mu/m technology. The core operating frequency is 465 MHz and throughput is 2.3 Gb/s.

34 citations

Journal ArticleDOI
TL;DR: This paper investigates the recent advances in wireless security from theoretical foundations to evaluation techniques, from network level management to end user trust inference and from individual protocol to hybrid systems and identifies the open security issues associated with trust, management, interoperation and measurement.
Abstract: The pervasive availability and wide usage of wireless networks with different kinds of topologies, techniques and protocol suites have brought with them a need to improve security mechanisms. The design, development and evaluation of security techniques must begin with a thorough analysis of the requirements and a deeper understanding of the approaches that are practical within the system constraints. In this paper, we investigate the recent advances in wireless security from theoretical foundations to evaluation techniques, from network level management to end user trust inference and from individual protocol to hybrid systems. We identify the open security issues associated with trust, management, interoperation and measurement. These problems, whose solutions are different in nature and scale from their companions in wired networks, must be properly addressed to establish confidence in the security of wireless networking environments.

34 citations

Proceedings ArticleDOI
03 Jul 2001
TL;DR: The protocol, Baal, is presented as a scalable solution to group key management problems and it is shown how Baal resolves the user's revocation problem.
Abstract: If multicast communication appears as the most efficient way to send data to a group of participants, it presents also more vulnerabilities to attacks and requires services such as authentication, integrity and confidentiality to transport data securely. We present the protocol, Baal, as a scalable solution to group key management problems and show how Baal resolves the user's revocation problem. This protocol is based on decentralized group key management with only one key shared among group members. We use then Network Simulator ns-2, in order to evaluate the performance of our protocol in the case of group initialization, and compare it with single key distribution center (SKDC) approaches.

34 citations

Proceedings ArticleDOI
01 Jan 2001
TL;DR: This research clearly defined a higher level policy, called security requirement, and clearly defined their satisfaction, and designed algorithms to automatically generate correct policies given security requirements, which can not only save tremendous administrative labor but also guarantee the policies are correct.
Abstract: IPSec (1) policies are widely deployed in firewalls or security gateways to protect information property. The security treatment (e.g. deny, allow or encrypt etc.) of all inbound or outbound traffic will be determined by the security policies, and thus it is critical for policies to be specified and configured correctly. IPSec policies are manually configured to individual security gateway in current practice, which could be very inefficient and error-prone. In this research, we focus on two questions: 1) How to ensure policy correctness? 2) How to systematicall y specify correct policies instead of manually configuring? Apparently, policies are correct if they do what they are wanted to do. However, there is vague relationship between what they are wanted and what they really do. In our research, we clearly defined a higher level policy, called security requirement, and clearly defined their satisfaction. Therefore, policies are correct only if they satisfy all requirements. Furthermore, we designed algorithms to automatically generate correct policies given security requirements. People can specify their requirements at a high level without concerning specific low level parameters, and then correct low level policies will be automatically generated. The automation can not only save tremendous administrative labor but also guarantee the policies are correct.

34 citations


Cites background from "Security Architecture for the Inter..."

  • ...IPSec (Suite of protocols for IP layer Security) [1] policies are widely deployed in firewalls or security gateways to restrict access or selectively enforce security operations....

    [...]

  • ...For example, sec_link[1] is the coverage requirement for link 1-2....

    [...]

  • ...Abstract: IPSec [1] policies are widely deployed in firewalls or security gateways to protect information property....

    [...]

  • ...• Security Association Requirement (SAR) Security Associations (SA) [1] need to be formed to perform encryption/authentication function....

    [...]

  • ...Then for the Three_Reqs example, we have the following protection requirements: sec_link[1]=(auth, strong), sec_link[2]=(enc, strong) and (auth, strong), sec_link[3] = (enc, strong); sec_node[1]=none, sec_node[2]=none, sec_node[3]=none, sec_node[4]=none....

    [...]

References
More filters
Journal ArticleDOI
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

14,980 citations

01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:

3,501 citations

Journal ArticleDOI
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.

2,671 citations

01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.

2,112 citations

01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.

1,967 citations