Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: This paper proposes an approach to IPv6 address autoconfigureduration in ad hoc networks, where the IPv6 Stateless Address Autoconfiguration Protocol and Neighbour Discovery Protocol are applied to the context of ad hoc Networks.
26 citations
01 Jul 2007
TL;DR: This document provides a threat analysis and derives the security requirements when using the Transport Stream, TS, to support an Internet network-layer using unidirectional lightweight encapsulation (ULE).
Abstract: The MPEG-2 standard supports a range of transmission methods for a range of services. This document provides a threat analysis and derives the security requirements when using the Transport Stream, TS, to support an Internet network-layer using unidirectional lightweight encapsulation (ULE). The document also provides the motivation for link-level security for a ULE Stream. A ULE Stream may be used to send IPv4 packets, IPv6 packets, and other Protocol Data Units to an arbitrarily large number of receivers supporting unicast and/or multicast transmissions.
26 citations
Cites background or methods from "Security Architecture for the Inter..."
...It allows a network operator to provide similar functions to that of IPsec [ RFC4301 ], but in addition provides MPEG-2 transmission link confidentiality and protection of ULE Receiver identity (NPA)....
[...]
...The current IPsec specifications [ RFC4301 ] only define a pairwise tunnel between two IPsec devices with manual keying....
[...]
...S. Iyengar 1, H. Cruickshank 1 , P.Pillai 2 , G. Fairhurst 3 , L. Duquerroy 4 on the forward and return links, in DVB-RCS star and mesh topologies, based on IPsec [ RFC4301 ]....
[...]
...The security architecture for the Internet Protocol [ RFC4301 ] describes security services for traffic at the IP layer....
[...]
21 May 2007
TL;DR: This paper proposes an one-pass AKA procedure, which not only avoids the lacks of the one- pass authentication procedure but also does not lose the efficiency of the IMS authentication.
Abstract: In IP Multimedia Subsystem (IMS) of UMTS, both packet-switch domain and IMS authentications are necessary for the IMS subscriber, so-called the two-pass authentication. However, the IMS authentication is carried out by IMS authentication and key agreement (IMS AKA). Since IMS AKA is based on 3GPP AKA that is used to Packet-switch domain authentication, almost all of the operations are the same. It is inefficient that almost all involved steps in the two-pass authentication are duplicated. Hence, Lin et al.'s proposed the one-pass authentication to increase efficiency of the IMS authentication. Unfortunately, in addition to some security problems, the one-pass authentication procedure only has unilateral authentication without capabilities of mutual authentication and key agreement. Therefore, this paper proposes an one-pass AKA procedure, which not only avoids the lacks of the one-pass authentication procedure but also does not lose the efficiency.
26 citations
[...]
TL;DR: This work shows that it is possible to implement a Byzantine SMR algorithm with only 2f+1 replicas by extending the system with a simple trusted distributed component and shows that the algorithm, BFT-TO, fares well in comparison with others in the literature.
Abstract: State machine replication (SMR) is a generic technique for implementing fault-tolerant distributed services by replicating them in sets of servers. There have been several proposals for using SMR to tolerate arbitrary or Byzantine faults, including intrusions. However, most of these systems can tolerate at most f faulty servers out of a total of 3f+1. We show that it is possible to implement a Byzantine SMR algorithm with only 2f+1 replicas by extending the system with a simple trusted distributed component. Several performance metrics show that our algorithm, BFT-TO, fares well in comparison with others in the literature. Furthermore, BFT-TO is not vulnerable to some recently presented performance attacks that affect alternative approaches.
25 citations
Patent•
09 Mar 2005TL;DR: In this paper, a source IP address is recognized from an IP header of the packet and a security policy is registered in an SPD, at the same time an encoding parameter for the encoded communication with the communicating terminal is registered, as long as there is no other entry referring to the deleted SA entry.
Abstract: When a packet arrives from a communication terminal apparatus, i.e., a communicating terminal with which the IPsec communication is performed, a source IP address is recognized from an IP header of the packet and a security policy is registered in an SPD. At the same time, an encoding parameter for the encoded communication with the communicating terminal is registered in an SAD. When an SA entry is deleted from the SAD, the security policy for the communicating terminal is deleted from the SPD, as long as there is no other entry that is referring to the security policy corresponding to the deleted SA entry.
25 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations