Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: In this article, the authors provide an overview of cryptography and cryptographic key management as they are specified in IPsec, a popular suite of standards for providing communications security and network access control for Internet communications.
21 citations
TL;DR: This paper is believed to be the first comprehensive survey and classification of the coexistence architectures according to their features, deployment approach, deployment scenarios, addressed coexistence requirements and additional architecture or technology used and evaluation parameters and will finally fill the gap required for moving towards the design of the final coexistence architecture.
Abstract: In recent years, the usage model of the Internet has changed, pushing researchers towards the design of the Information-Centric Networking (ICN) paradigm as a possible replacement of the existing architecture. Even though both Academia and Industry have investigated the feasibility and effectiveness of ICN, achieving the complete replacement of the Internet Protocol (IP) is a challenging task: (i) the process involves multiple parties, such as Internet Service Providers (ISPs), that need to coordinate among each other; (ii) it requires an indefinite amount of time to update hardware and software of network components; and (iii) it is a high risk goal that might introduce unexpected complications. Thus, the process of replacing the current Internet will inevitably lead towards a period of coexistence between the old and the new architectures. Given the urgency of the problem, this transition phase will happen very soon and people should address it in a smooth way. Some research groups have already addressed the coexistence by designing their own architectures, but none of those is the final solution to move towards the future Internet considering the unaltered state of the networking. To design such architecture, the research community needs now a comprehensive overview of the existing solutions that have so far addressed the coexistence. The purpose of this paper is to reach this goal by providing the first comprehensive survey and classification of the coexistence architectures according to their features (i.e., deployment approach, deployment scenarios, addressed coexistence requirements and additional architecture or technology used) and evaluation parameters (i.e., challenges emerging during the deployment and the runtime behaviour of an architecture). We believe that this paper will finally fill the gap required for moving towards the design of the final coexistence architecture.
21 citations
Patent•
19 Apr 2012
TL;DR: In this article, the authors proposed a method for device resource sharing for network resource conservation. But the method can include, for example, detecting that multiple devices are attempting to access a same content source over a mobile network.
Abstract: Systems and methods for device resource sharing for network resource conservation are disclosed. In one embodiment, the method can include, for example: detecting that multiple devices are attempting to access a same content source over a mobile network. The same content source can then be polled once in a single poll event and the content received in response to the single poll event of the one same content source is transmitted to one device of the multiple devices. The other devices of the multiple devices can receive the content from the one device, over a non-cellular connection.
21 citations
03 Dec 2010
TL;DR: A secure system topology for the embedded network is proposed with regards to network and system constraints, service priorities and regulatory recommendations and the design of a new component called Security Manager (SecMan) is explained in details.
Abstract: This paper presents an original and adaptive security architecture for the future connected aircrafts. A secure system topology for the embedded network is proposed with regards to network and system constraints, service priorities and regulatory recommendations. The design of a new component called Security Manager (SecMan) is explained in details and all its processes are formalized for a better understanding of the proposal made in this paper. A performance study is done in order to assess the advantages of this adaptive security policy within some critical aircraft communication scenarios. The adaptive security architecture will be applied for a satellite-based system architecture of an industrial project titled “ FAST ” (Fiber-like Aircraft Satellite Telecommunications). The project is co-funded by the Aerospace Valley pole and the French government (Direction Generale de la Competitivite, de l'Industrie et des Services — DGCIS, Fonds Unique Interministeriel — FUI). The FAST satellite system aims at providing bi-directional satellite communication services on commercial aircraft worldwide. Many partners take part in the project, both from industry (EADS Astrium, Axess Europe, Vodea, and Medes) and academy (CNRS/LAAS, ISAE, ENAC, Telecom Bretagne).
21 citations
Cites methods from "Security Architecture for the Inter..."
...ISAKMP negotiation phase is also part of the IPSec [22] global framework; using it out of the protocol remains a difficult task....
[...]
01 Apr 2004
TL;DR: Existing and emerging wireless networks are examined through measurements and simulations and end-to-end transport of real-time and non-real-time data is studied.
Abstract: Wireless data access for nomadic users is predicted to be a major growth direction for the future Internet. However, no single existing wireless technology fits all user requirements at all times. Instead, several overlaying wireless networks can provide best possible data delivery service. Nomadic users can run interactive, conversational, streaming, and background applications that rely on end-to-end transport protocols to communicate over unreliable wireless links. Achieving efficient data transport in wireless overlay networks implies meeting Quality of Service requirements of applications while preserving radio resources, battery power, and friendliness to other flows on the Internet. Events such as delay spikes, bandwidth oscillation, and connectivity outages are difficult to prevent in the heterogeneous and dynamic wireless environment. For instance, delay spikes can be caused by handovers, higher priority voice calls, and link layer retransmissions. Furthermore, link characteristics can change by an order of magnitude when a handover is executed between overlay networks. Such disruptive events can cause delivery of duplicate, stale, aborted data, and low utilization of the wireless link. Achieving efficient data transport in this environment demands coordinated efforts from the link layer and from end-to-end transport protocols. In this dissertation, existing and emerging wireless networks are examined through measurements and simulations. We paid special attention to the models used in simulations. We studied end-to-end transport of real-time and non-real-time data. For non-real-time data, TCP is a highly suitable transport protocol when profiled with state-of-the-art features and when its robustness to delay spikes is improved. We measured the response of different TCP variants to delay spikes and developed mechanisms to alleviate negative effects of spurious timeouts in TCP. Delay spikes in the network can often make real-time data useless to the receiver. For streaming and conversational traffic we suggested using a transport protocol that incorporates an explicit lifetime into packet headers. The Lifetime Packet Discard eliminates stale and duplicate data delivery over the wireless link that preserves radio resources and battery power of wireless users. An inter-system handover can cause an abrupt change in the link bandwidth and latency. It is hard for end-to-end congestion control to adapt promptly to such changes. This is especially a concern for slowly responsive congestion control algorithms, such as TCP-Friendly Rate Control (TFRC), that are designed to provide a smooth transmission rate for real-time applications and therefore are less responsive to changes in network conditions than TCP. We measured the performance of TFRC and TCP flows during vertical handovers in overlay networks in a testbed and using a simulator. Overbuffering and an explicit handover notification are shown to improve transport performance during vertical handovers. Computing Reviews (1998)
21 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations