Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: The results indicate that a new authentication and key agreement protocol is required to secure handover in this environment, and Casper/FDR, is used in the analysis and development of the protocol.
Abstract: Next generation networks will comprise different wireless networks including cellular technologies, WLAN and indoor technologies. To support these heterogeneous environments, there is a need to consider a new design of the network infrastructure. Furthermore, this heterogeneous environment implies that future devices will need to roam between different networks using vertical handover techniques. When a mobile user moves into a new foreign network, data confidentiality and mutual authentication between the user and the network are vital issues in this heterogeneous environment. This article deals with these issues by first examining the implication of moving towards an open architecture, and then looking at how current approaches such as the 3GPP, HOKEY and mobile ethernet respond to the new environment while trying to address the security issue. The results indicate that a new authentication and key agreement protocol is required to secure handover in this environment. Casper/FDR, is used in the analysis and development of the protocol. The proposed protocol has been proven to be successful in this heterogeneous environment.
30 citations
01 Oct 2015
TL;DR: It is shown that attacking nodes have no merits to claim lower ranks than true ones in a secure parent node selection scheme, and the proposed scheme reduces the total number of child nodes attached to attacking nodes in comparison with the conventional RPL scheme.
Abstract: The IPv6 Routing Protocol for Low-power and Lossy networks (RPL) is a standard routing protocol to realize the Internet of Things (IoT). Since RPL is a tree-based topology network, an attacking node may falsely claim its rank towards neighbor nodes in order to be chosen as a parent of them and to collect more packets to tamper. In this paper, we propose a secure parent selection scheme so that each child node can select a legitimate node as its parent. In the proposed scheme, each node chooses a parent after excluding the best candidate if multiple parent candidates exist. Our scheme utilizes the fact that an attacking node claims falsely a lower rank than that of a legitimate nodes. We show that attacking nodes have no merits to claim lower ranks than true ones in a secure parent node selection scheme. By the computer simulation, we show that the proposed scheme reduces the total number of child nodes attached to attacking nodes in comparison with the conventional RPL scheme.
30 citations
TL;DR: A simple and complete secured QoS-aware ICT architecture with self-management capabilities, provided by a cognitive system, to meet the requirements of Smart Grids is proposed.
Abstract: Smart grids are typically built by means of several techniques and technologies concerning poorly correlated research disciplines. Up to now, practitioners have decomposed the Smart Grid problem according to each knowledge domain, and, thus, some partial solutions have been presented so far. However, these proposals are often difficult to integrate between each other and with existing platforms due to the fact that they do not consider the Smart Grid as a whole. The purpose of this paper is to propose a simple and complete secured QoS-aware ICT architecture with self-management capabilities, provided by a cognitive system, to meet the requirements of Smart Grids. Presented experimentations show the feasibility of our solution and encourage practitioners to focus their efforts in this direction.
30 citations
Patent•
27 Nov 2007TL;DR: In this article, a secure packet-switched connection for exchanging predefined signaling messages between network elements associated with distinct network domains, determining and implementing at least one media exchange technology for transporting media between the networks, exchanging signaling and media border processing information between the network domains and exchanging access device information between network domains.
Abstract: In one of many possible embodiments, an exemplary method includes establishing a secure packet-switched connection for exchanging predefined signaling messages between network elements associated with distinct network domains, determining and implementing at least one media exchange technology for transporting media between the network domains, exchanging signaling and media border processing information between the network domains, exchanging access device information between the network domains, determining and implementing at least one service policy associated with the network domains, and providing a packet-switched network-to-network interconnection interface configured for peering at least one session between the network domains based on the predefined signaling messages, media exchange technology, signaling media border processing information, access device information, and service policy.
30 citations
Proceedings Article•
31 Jul 2005TL;DR: In this article, the authors propose an application-aware IPsec policy system on the existing IPsec/IKE infrastructure, in which a socket monitor running in the application context reports the socket activities to the application policy engine.
Abstract: As a security mechanism at the network-layer, the IP security protocol (IPsec) has been available for years, but its usage is limited to Virtual Private Networks (VPNs). The end-to-end security services provided by IPsec have not been widely used. To bring the IPsec services into wide usage, a standard IPsec API is a potential solution. However, the realization of a user-friendly IPsec API involves many modifications on the current IPsec and Internet Key Exchange (IKE) implementations. An alternative approach is to configure application-specific IPsec policies, but the current IPsec policy system lacks the knowledge of the context of applications running at upper layers, making it infeasible to configure application-specific policies in practice.
In this paper, we propose an application-aware IPsec policy system on the existing IPsec/IKE infrastructure, in which a socket monitor running in the application context reports the socket activities to the application policy engine. In turn, the engine translates the application policies into the underlying security policies, and then writes them into the IPsec Security Policy Database (SPD) via the existing IPsec policy management interface. We implement a prototype in Linux (Kernel 2.6) and evaluate it in our testbed. The experimental results show that the overhead of policy translation is insignificant, and the overall system performance of the enhanced IPsec is comparable to those of security mechanisms at upper layers. Configured with the application-aware IPsec policies, both secured applications at upper layers and legacy applications can transparently obtain IP security enhancements.
30 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations