Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: An overview of FIRE is presented, focusing particularly on FIRE's novel aspects with respect to traditional routing protocols, and the Java-based implementation is described.
Abstract: Current routing protocols are monolithic, specifying the algorithm used to construct forwarding tables, the metric used by the algorithm (generally some form of hop count), and the protocol used to distribute these metrics as an integrated package. The flexible intra-AS routing environment (FIRE) is a link-state, intradomain routing protocol that decouples these components. FIRE supports run-time-programmable algorithms and metrics over a secure link-state distribution protocol. By allowing the network operator to dynamically reprogram both the properties being advertised and the routing algorithms used to construct forwarding tables, FIRE enables the development and deployment of novel routing algorithms without the need for a new protocol to distribute state. FIRE supports multiple concurrent routing algorithms and metrics, each constructing separate forwarding tables. By using operator-specified packet filters, separate classes of traffic may be routed using completely different routing algorithms, all supported by a single routing protocol. This paper presents an overview of FIRE, focusing particularly on FIRE's novel aspects with respect to traditional routing protocols. We consider deploying several current unicast and multicast routing algorithms in FIRE, and describe our Java-based implementation.
22 citations
Patent•
IBM1
TL;DR: In this article, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection, thereby avoiding a possibility of a duplicate source.
Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.
22 citations
TL;DR: This paper summarizes and analyzes the state-of-the-art research based on standardization activities for smart transportation systems, protocols, applications, and security in terms of advantages, disadvantages, analysis, simulation, implementation, and complexity to provide a trend of overall technologies.
21 citations
20 Apr 2005
TL;DR: A mechanism is proposed, which is called to allow the communicating parties to continuously change the identifiers they use, without any signalling and without adverse affects on realibility or security.
Abstract: Protecting users' privacy is essential for turning networks and services into trustworthy friends. Many privacy enhancing techniques, such as anonymous e-cash and mix-nets, have been proposed to make users more comfortable in their network usage. These techniques, in turn, usually rely on very basic security mechanisms, e.g., confidentiality protection, for their realization. But these mechanisms are also used for other security related reasons.
In this paper, we make some new observations on how security can degrade privacy. For example, using security as a component of an advanced privacy enhancing technique may not have the effect we expect; i.e., too careless application of security may defeat the assumed privacy gains. In particular, introducing new identifiers may make it easier to track users. This effect is especially harmful to mobile users. Even in cases when privacy is not the main driver for the use of security, we believe that identifiers require special attention in some circumstances.
We propose a mechanism, which we call to allow the communicating parties to continuously change the identifiers they use, without any signalling and without adverse affects on realibility or security.
21 citations
26 Mar 2000
TL;DR: Novel protection technologies are described, developed by the MarketNet project at Columbia University, that shifts power from attackers to defenders, giving the defenders control over the exposure to attacks and over detectability and accountability of attackers.
Abstract: This paper describes novel protection technologies, developed by the MarketNet project at Columbia University, that shifts power from attackers to defenders, giving the defenders control over the exposure to attacks and over detectability and accountability of attackers. MarketNet uses market-based techniques to regulate access to resources. Access to a resource must be paid-for with currency issued by its domain. Domains can control the power of attackers by limiting the budgets allocated to them, and control the exposure of resources by setting their prices, effectively providing a quantifiable access control mechanism. Domains can monitor currency flows and use uniform resource-independent statistical algorithms to correlate and detect access anomalies indicating potential attacks. Currency is marked with unique identifiers that permit domains to establish verifiable accountability in accessing their resources. Domains control and fine tune their exposure to attacks; adjust this exposure in response to emerging risks; detect intrusion attacks through automated, uniform statistical analysis of currency flows; and establish coordinated response to attacks. MarketNet mechanisms unify and kernelize global information systems protection by containing all protection logic in a small core of software components. The paper presents the architecture and operation of MarketNet along with the design and implementation of the main architectural components. The paper illustrates the application of MarketNet to the protection of the simple network management protocol (SNMP) and compares it with the security features offered by SNMPv3.
21 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations