Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: This paper provides a comprehensive and neutral analysis of salient security and privacy features (and issues) in these NSF-funded future Internet architectures and compares the four candidate designs with the current IP-based architecture.
Abstract: The Internet protocol (IP) is the lifeblood of the modern Internet. Its simplicity and universality have fueled the unprecedented and lasting global success of the current Internet. Nonetheless, some limitations of IP have been emerging in recent years. Furthermore, starting in mid-1990s, the advent of mobility, wirelessness, and the Web substantially shifted Internet usage and communication paradigms. This accentuated long-term concerns about the current Internet architecture and prompted interest in alternative designs. The U.S. National Science Foundation (NSF) has been one of the key supporters of efforts to design a set of candidate next-generation Internet architectures. As a prominent design requirement, NSF emphasized “security and privacy by design” in order to avoid the long and unhappy history of incremental patching and retrofitting that characterizes the current Internet architecture. To this end, as a result of a competitive process, four prominent research projects were funded by the NSF in 2010: nebula, named-data networking, MobilityFirst, and expressive Internet architecture. This paper provides a comprehensive and neutral analysis of salient security and privacy features (and issues) in these NSF-funded future Internet architectures. Prior surveys on future Internet architectures provide a limited, or even no, comparison on security and privacy features. In addition, this paper also compares the four candidate designs with the current IP-based architecture and discusses similarities, differences, and possible improvements.
30 citations
01 Jan 2005
TL;DR: The possibility of establishing a secure VoIP telephone call using SIP using different security services relevant for VoIP is studied and it is argued that end-to-end authenticatio is needed.
Abstract: In this paper we study the possibility of establishing a secure VoIP telephone call using SIP. Different security services relevant for VoIP are presented and we argue that end-to-end authenticatio ...
30 citations
TL;DR: This paper quantitatively analyzes anonymous communication systems (ACS) with regard to anonymity properties and shows that the probability that the true identity of a sender can be discovered in an ACS might not always decrease as the length of communication path increases.
Abstract: This paper quantitatively analyzes anonymous communication systems (ACS) with regard to anonymity properties. Various ACS have been designed & implemented. However, there are few formal & quantitative analyzes on how these systems perform. System developers argue the security goals which their systems can achieve. Such results are vague & not persuasive. This paper uses a probabilistic method to investigate the anonymity behavior of ACS. In particular, this paper studies the probability that the true identity of a sender can be discovered in an ACS, given that some nodes have been compromised. It is through this analysis that design guidelines can be identified for systems aimed at providing communication anonymity. For example, contrary to what one would intuitively expect, these analytic results show that the probability that the true identity of a sender can be discovered might not always decrease as the length of communication path increases.
30 citations
TL;DR: A vertical handover mechanism for TCP, based on receiver bandwidth delay product (BDP) measurement and congestion control using the receiver's advertised window, which resolves the problem of buffer overflow in a low capacity network on handover from a high capacity network, and the under-utilisation problem on hand over in the reverse direction.
Abstract: We propose and evaluate a vertical handover mechanism for TCP, based on receiver bandwidth delay product (BDP) measurement and congestion control using the receiver's advertised window. It addresses the negative impact of abrupt changes in link capacity and latency on TCP performance during make-before-break vertical handover in heterogeneous networks, enabling TCP to seamlessly adapt to new conditions. It resolves the problem of buffer overflow in a low capacity network on handover from a high capacity network, and the under-utilisation problem on handover in the reverse direction. All modifications are restricted to the mobile device, and the proposed technique is fully interoperable with existing TCP and mobile IP infrastructure. It maintains end-to-end semantics, supports IP security, and can be easily deployed
30 citations
Patent•
07 Aug 2014TL;DR: In this paper, a link state routing protocol and a shortest path algorithm are implemented by a network device executing a local computation engine and a link-state routing protocol, which support automatic establishment of redundant paths and cautious restoration in a packet network.
Abstract: A method is implemented by a network device executing a local computation engine and a link state routing protocol. The local computation engine and the link state protocol support automatic establishment of redundant paths and cautious restoration in a packet network. The method includes receiving an explicit path (EP) type length value (TLV) via a link state routing protocol, executing a shortest path algorithm to obtain a shortest path for loose hops of a path identified by the EP TLV, the shortest path to be a primary path, updating a network graph to prune links of the primary path or bias links of the primary path, and calculating a backup path using the shortest path algorithm on the updated network graph.
30 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations