Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Patent•
15 Mar 2013
TL;DR: In this article, the authors present an architecture for optimizing signaling for arbitrary proprietary and non-proprietary protocols, where the local proxy observes and identifies patterns within the byte stream, without being aware of the underlying protocol.
Abstract: An architecture for optimizing signaling for arbitrary proprietary and non-proprietary protocols. In one embodiment, a Transmission Control Protocol (TCP) stream is passed as a byte stream from an application to a local proxy over a first session, from the local proxy to a proxy server over a second TCP session, and from the proxy server to a content server over a third TCP session. The local proxy observes and identifies patterns within the byte stream, without being aware of the underlying protocol. Once a pattern is identified, the second TCP session is torn down such that the first TCP session replays the pattern to the application, and third TCP session replays the pattern to the content server. Once either side detects a change in the pattern, the second TCP session is re-established to deliver the changed content to the other end.
26 citations
01 Jan 2005
TL;DR: A methodology is developed to automatically derive this annotated, directed, acyclic graph (ADAG) from run-time instruction traces that can be obtained easily from simulations to consider the natural clustering of instructions within an application.
Abstract: In this chapter, an annotated, directed, acyclic graph is introduced to represent application characteristics and dependencies in architecture independent fashion. A methodology is developed to automatically derive this annotated directed acyclic graph (ADAG) from run-time instruction traces that can be obtained easily from simulations. To consider the natural clustering of instructions within an application, maximum local ratio cut (MLRC) is used to group instruction blocks and reduce the overall ADAG size. For four network processing applications, such ADAGs are presented and how the inherent parallelism (multiprocessing or pipelining) can be observed is shown. Using the ADAG representation, processing steps can be allocated to processing resources using a heuristic that uses node criticality as a metric. This is an important step towards automatically analyzing applications and mapping processing tasks to heterogeneous network processor architectures. Finally, it is necessary to develop a robust methodology for automatically identifying processing blocks for coprocessors and hardware accelerators.
26 citations
06 Aug 2001
TL;DR: It is illustrated that a security mechanism like IPsec can be modulated to provide levels of security that are in harmony with QoSS requests, and an approach through which security can be treated as a QoS dimension is demonstrated.
Abstract: Presents our approach to handling security as a QoS dimension and discusses how variability in network security services and their associated costs can be managed in a middleware environment. We present our "quality of security service" (QoSS) concepts in terms of various security mechanisms and dynamic security policies. We also briefly describe our QoSS costing framework and demonstration, which illustrate how costs associated with network security services can be calculated and supplied to a middleware resource management system (RMS). Finally, we discuss our experiments on linking QoSS conditions to an underlying security mechanism, such as IPsec. Our aim is to demonstrate an approach through which security can be treated as a QoS dimension. We have illustrated that a security mechanism like IPsec can be modulated to provide levels of security that are in harmony with QoSS requests.
26 citations
Cites background from "Security Architecture for the Inter..."
...The SA is a "simplex connection that affords security services to the traffic carried by it" and it essentially is "a management construct used to enforce a security policy in the IPsec environment" [12]....
[...]
TL;DR: By forming a reduction between the elastic and original versions, it is proved that the elastic version of a cipher is secure against round-key recovery attacks if the original cipher isSecure against such attacks.
Abstract: Standard block ciphers are designed around one or a small number of block sizes. From both a practical and a theoretical perspective, the question of how to efficiently support a range of block sizes is of interest. In applications, the length of the data to be encrypted is often not a multiple of the supported block size. This results in the use of plaintext-padding schemes that impose computational and space overheads. Furthermore, a variable-length block cipher ideally provides a variable-length pseudorandom permutation and strong pseudorandom permutation, which are theoretical counterparts of practical block ciphers and correspond to ideal properties for a block cipher.
The focus of my research is the design and analysis of a method for creating variable-length block ciphers from existing fixed-length block ciphers. As the heart of the method, I introduce the concept of an elastic block cipher, which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. I create a structure, referred to as the elastic network, that uses the round function from any existing block cipher in a manner that allows the properties of the round function to be maintained and results in the security of the elastic version of a block cipher being directly related to that of the original version. By forming a reduction between the elastic and original versions, I prove that the elastic version of a cipher is secure against round-key recovery attacks if the original cipher is secure against such attacks. I illustrate the method by creating elastic versions of four existing block ciphers. In addition, the elastic network provides a new primitive structure for use in symmetric-key cipher design. It allows for the creation of variable-length pseudorandom permutations and strong pseudorandom permutations in the range of b to 2b bits from round functions that are independently chosen pseudorandom permutations on b bits.
26 citations
01 Sep 2004
TL;DR: This document defines a Session Description Protocol (SDP) Transport Independent Application Specific Maximum (TIAS) bandwidth modifier that does not include transport overhead; instead an additional packet rate attribute is defined.
Abstract: This document defines a Session Description Protocol (SDP) Transport
Independent Application Specific Maximum (TIAS) bandwidth modifier
that does not include transport overhead; instead an additional packet
rate attribute is defined. The transport independent bit-rate value
together with the maximum packet rate can then be used to calculate
the real bit-rate over the transport actually used. The existing SDP
bandwidth modifiers and their values include the bandwidth needed for
the transport and IP layers. When using SDP with protocols like the
Session Announcement Protocol (SAP), the Session Initiation Protocol
(SIP), and the Real-Time Streaming Protocol (RTSP), and when the
involved hosts has different transport overhead, for example due to
different IP versions, the interpretation of what lower layer
bandwidths are included is not clear. [STANDARDS-TRACK]
26 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations