scispace - formally typeset
Search or ask a question

Security Architecture for the Internet Protocol

01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK]

Content maybe subject to copyright    Report

Citations
More filters
01 Jan 1999
TL;DR: This document describes an architecture how QoS-enabled virtual private networks over the Internet can be built and managed and discusses in detail the required components and their interactions of an appropriate architecture.
Abstract: This document describes an architecture how QoS-enabled virtual private networks over the Internet can be built and managed. The basic technologies for secure VPNs and for QoS support are introduced in the first chapter. The second chapter describes our vision of a QoS-enabled VPN service over the Internet. It also discusses in detail the required components and their interactions of an appropriate architecture. Based on this architecture, a demonstrator will be implemented. Chapter 3 presents the simplified implementation scenario and some implementation details in order to achieve secure and QoS-enabled VPNs. Virtual Private Network Architecture 2 T. Braun, M. Gunter, M. Kasumi, I. Khalil

27 citations


Cites methods from "Security Architecture for the Inter..."

  • ...3 A VPN Enabling Technology: IPSec IPSec [2] evolved from the IPv6 development and is short of being finalized by the IETF....

    [...]

Journal ArticleDOI
TL;DR: Platypus is presented, an authenticated source routing system built around the concept of network capabilities, which allow for accountable, fine-grained path selection by cryptographically attesting to policy compliance at each hop along a source route.
Abstract: In today's Internet, inter-domain route control remains elusive; nevertheless, such control could improve the performance, reliability, and utility of the network for end users and ISPs alike. While researchers have proposed a number of source routing techniques to combat this limitation, there has thus far been no way for independent ASes to ensure that such traffic does not circumvent local traffic policies, nor to accurately determine the correct party to charge for forwarding the traffic. We present Platypus, an authenticated source routing system built around the concept of network capabilities, which allow for accountable, fine-grained path selection by cryptographically attesting to policy compliance at each hop along a source route. Capabilities can be composed to construct routes through multiple ASes and can be delegated to third parties. Platypus caters to the needs of both end users and ISPs: users gain the ability to pool their resources and select routes other than the default, while ISPs maintain control over where, when, and whose packets traverse their networks. We describe the design and implementation of an extensive Platypus policy framework that can be used to address several issues in wide-area routing at both the edge and the core, and evaluate its performance and security. Our results show that incremental deployment of Platypus can achieve immediate gains.

27 citations


Cites background from "Security Architecture for the Inter..."

  • ...IPsec-enabled packets may contain an authentication header with information similar to a network capability [5], except without a routing request....

    [...]

Proceedings ArticleDOI
17 Nov 2002
TL;DR: A new lightweight identity authentication protocol, SOLA (Statistical One-bit Lightweight Authentication), for access control well suited for IEEE 802.11 networks with IP connections, which prevents unauthorized access on a per packet basis.
Abstract: Given the wide deployment of IPSec/VPN (virtual private networks) technology, there might be a redundancy in security protection in some configurations. Various commercial companies have replaced 802.11 security with IPSec/VPN to protect the wireless LAN (local area network). How to do it in an efficient and lightweight way is a challenging research problem. This paper introduces a new lightweight identity authentication protocol, SOLA (Statistical One-bit Lightweight Authentication), for access control well suited for IEEE 802.11 networks with IP connections. This protocol prevents unauthorized access on a per packet basis. Since SOLA only adds one identity bit to each packet it will have a low impact on the network bandwidth and power consumption. The performance and efficiency of the SOLA protocol together with IEEE 802.11 is analyzed and evaluated via simulation.

27 citations

Journal ArticleDOI
TL;DR: This paper discusses why many traditional approaches to network security are not so effective in local networks and proposes a prospective solution for building of secure encrypted Ethernet LANs and proposes an in-depth security analysis of the proposed architecture.

27 citations

Patent
15 Feb 2011
TL;DR: In this article, a method for communicating a plurality of queries associated with common tracking areas in a wireless network, identifying a set of serving gateways that serve the common tracking area, and generating a tracking area identity (TAI) list to be used in provisioning network resources for user equipment is presented.
Abstract: A method is provided in one example embodiment and includes communicating a plurality of queries associated with common tracking areas in a wireless network; identifying a set of serving gateways that serve the common tracking areas; generating a tracking area identity (TAI) list to be used in provisioning network resources for user equipment; and selecting a first serving gateway from the set of serving gateways for the user equipment, wherein the first serving gateway is selected based on the common tracking areas served by the set of serving gateways. In more specific embodiments, the queries are domain name system (DNS) queries that are supported by a network element and that have no cached DNS response.

27 citations

References
More filters
Journal ArticleDOI
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

14,980 citations

01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:

3,501 citations

Journal ArticleDOI
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.

2,671 citations

01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.

2,112 citations

01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.

1,967 citations