Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Proceedings Article•
12 Jun 2005TL;DR: Using Causeway, operating system support facilitating the development of meta-applications, like priority scheduling and performance debugging, that control and analyze the execution of distributed programs is introduced.
Abstract: In this paper we introduce Causeway, operating system support facilitating the development of meta-applications, like priority scheduling and performance debugging, that control and analyze the execution of distributed programs. Meta-applications use Causeway to inject and access metadata on application execution paths to implement their specific goals. Causeway has two components: (1) interfaces to inject and access metadata and (2) mechanisms to automate propagation of meta-data. Using Causeway we could rapidly implement a distributed priority scheduling system where priority of a task is injected and propagated as metadata, and accessed to implement global priority scheduling. This required writing only about 150 lines of code on top of Causeway. With this system we demonstrate global priority scheduling on an implementation of the TPC-W benchmark.
24 citations
Additional excerpts
...Like SDI [9] we argue that the issue of illegal network access modifying metadata in IP packets should be addressed by using IPSec [6]....
[...]
01 Jan 2010
TL;DR: UbiPOL aims to provide 'context aware knowledge' provision with regards to policy making through UbiPOL enabling citizens in identifying any relevant policies along with other citizens' opinion 'whenever they want' 'wherever they are' according to their everyday life pattern.
Abstract: The purpose of UbiPOL project is to develop a ubiquitous platform that allows citizens be involved in Policy Making Processes PMPs regardless of their current locations and time. However, literature highlights one of the foremost reasons that make citizens de-motivated in engaging themselves in policy making-the ignorance of germane policies and PMPs within the government organizations. It is highly suggested that while more citizens find connections between their everyday life activities and pertinent government policies, the more they become pro-active or motivated to be involved in PMPs. For this reason, UbiPOL aims to provide 'context aware knowledge' provision with regards to policy making, i.e. through UbiPOL enabling citizens in identifying any relevant policies along with other citizens' opinion 'whenever they want' 'wherever they are' according to their everyday life pattern. As a result of this platform, citizens are anticipated to be more acquainted with the newest relevant policies and PMPs for their participation during their routine life activities. Moreover, this platform is also anticipated to provide policy tracking functionality through a 'workflow engine' and 'opinion tag' concept to improve the transparency of PMPs. As a final point, the platform intends to facilitate policy makers to collect citizen opinions more efficiently as the opinions are collected as soon as they are created in the middle of citizen's everyday life. UbiPOL provides security and identity management facility to ensure only authorized citizens can have access to relevant policies according to their roles in PMPs. The delivery of the opinion and policy data over the wireless network is secure as the platform use leading edge encryption algorithm in its communication kernels. UbiPOL is a scalable platform ensuring at least 100,000 citizens can use the system at the same time e.g., for e-Voting applications through its well proven automatic load balancing mechanisms. The privacy ensuring opinion mining engine prevents unwanted revealing of citizen identities and the mining engine prevents any unrelated commercial advertisements are included in the opinion base to minimize the misuse of the system.
24 citations
TL;DR: Analysis shows that MGSC-GDH is a semantic secure multi-recipient generalized signcryption scheme and more efficient than other similar schemes in computational and communicational aspects.
Abstract: Secure multicast is one of the majority services in the near future. The frameworks for IP multicast cannot be directly applied in wireless networks. To address the natural issues of wireless multicast and enhance the efficiency, an adaptive secure multicast framework based on a new primitive called multi-recipient generalized signcryption and a multi-recipient generalized signcryption scheme based on the gap Diffie–Hellman problem (MGSC-GDH) are proposed. The key technologies to construct a high-performance adaptive scheme including identification function, randomness reusing are investigated. The framework provides separate or joint encryption and signature functions according to users' identities and requirements transparently, and has the ability to aggregate multiple unicast besides the common multicast service. Therefore, overheads are reduced sharply for multiple functions which are provided with a single primitive. By the precise reduction, the gap-bridge between the security of a base scheme and the corresponding multi-recipient generalized signcryption scheme is built, which is a direct measure to quantify the security. Analysis shows that MGSC-GDH is a semantic secure multi-recipient generalized signcryption scheme and more efficient than other similar schemes in computational and communicational aspects. It is suitable for dynamic environment for rekeying is avoided when membership changes. Copyright © 2009 John Wiley & Sons, Ltd.
Proposed a framework of adaptive secure multicast framework for wireless networks based on the proposed primitive multi-recipient generalized signcryption firstly. The framework provides separate or joint privacy and authenticity according to users' identities and requirements transparently, and has the ability to aggregate multiple unicast besides the common multicast service. Then designed a practical scheme called MGSC-GDH, which is semantic secure and more efficient than other similar schemes in computational and communicational aspects. Copyright © 2009 John Wiley & Sons, Ltd.
24 citations
30 May 2006
TL;DR: The scope of this research is to determine the viability and need of a security mechanism, and the performance of different security architectures are focused on to determine their usability in the framework of an ADN.
Abstract: Internet connectivity, which was in experimental stages only a few years ago, is a reality today. Current implementations allow passengers to access the Internet for pleasure, and, in some cases, secure VPN access is provided to corporate networks. Several researchers are looking at the possibility of the existence a total of three networks: passenger network (PN), crew network (CRN), and the control network (CON). Researchers envision an architecture where these three networks will co-exist in an airplane. The available Internet connectivity can be utilized for transporting flight critical information like cockpit flight data recorder (CFDR) data, digital tight data recorder (DFDR) data, cockpit voice recorder (CVR) data and controller pilot data link communication. In addition, the internet connectivity could also be used for other safety mechanisms like video surveillance and remote control of the flight. Security is one of the major concerns that affect the successful deployment of aircraft data networks (ADN) and other safety features. Several studies have been carried out to secure the network using firewalls and intrusion detection systems but so far no study has focused on securing the communication channel (between the aircraft and the ground station) and its impact on the ADN. The scope of this research is to determine the viability and need of a security mechanism. The research will also focus on the performance of different security architectures and determine their usability in the framework of an ADN
24 citations
Patent•
25 Jul 2006TL;DR: In this article, the authors define the notion of an inventive networking environment, which includes clients called sending clients, who send network content through a network, and clients called receiving clients, which receive the network content from the sending clients through the network.
Abstract: One embodiment of an inventive networking environment includes clients called sending clients because they send network content through a network, and clients called receiving clients because they receive the network content from the sending clients through the network. Both sending clients and receiving clients are “clients” in that they rely on a management server to orchestrate the secure transfer of information from sending clients to receiving clients.
24 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations