Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
01 Apr 2007
TL;DR: In this article, the current set of mandatory-to-implement algorithms for ESP and AH is defined as well as algorithms that should be implemented because they may be promoted to mandatory at some future time.
Abstract: The IPsec series of protocols makes use of various cryptographic
algorithms in order to provide security services. The Encapsulating
Security Payload (ESP) and the Authentication Header (AH) provide two
mechanisms for protecting data being sent over an IPsec Security
Association (SA). To ensure interoperability between disparate
implementations, it is necessary to specify a set of mandatory-to-
implement algorithms to ensure that there is at least one algorithm
that all implementations will have available. This document defines
the current set of mandatory-to-implement algorithms for ESP and AH as
well as specifying algorithms that should be implemented because they
may be promoted to mandatory at some future time. [STANDARDS-TRACK]
95 citations
•
27 May 2011TL;DR: In this paper, a vehicular access network (VAN) comprising cooperative communication between a plurality of on-board units (OBUs) in respective vehicles, scanning the VAN to pick up a coverage of at least one infrastructure access point (IAP) is described.
Abstract: A method includes joining a vehicular access network (VAN) comprising cooperative communication between a plurality of on-board units (OBU) in respective vehicles, scanning the VAN to pick up a coverage of at least one infrastructure access point (IAP), which operates on a control channel in a radio access tree (RAT) comprising a plurality of cells, listening to a channel allocation information from the IAP that includes a request for a mobile cell gateway (MCG) at a nominal location in the RAT, and sending a candidacy message to the at least one IAP to become an MCG. Certain embodiments include establishing the VAN in a highway, and in urban areas, aggregating traffic in a cell and transmitting to the IAP via the MCG, and other features.
95 citations
•
26 Jun 2008
TL;DR: In this article, a user may request an application and a request concerning the application is sent to a provisioning device, which includes information concerning the mobile device and/or the user of the mobile devices.
Abstract: Methods and systems for provisioning an application for a mobile device are provided. A user may request an application. A request concerning the application is sent to a provisioning device. The request includes information concerning the mobile device and/or the user of the mobile device. The information is used to determine the requirements for operating the requested application on the mobile device. A hyperlink for downloading the requirements information is sent to the user of the mobile device via text messaging and/or email. The requirements information may be provided directly to the mobile device, to a personal computing device associated with the user of the mobile device, or a combination.
95 citations
••
TL;DR: This paper provides a detailed overview of the security challenges related to the deployment of smart objects, including security protocols at network, transport, and application layers, together with lightweight cryptographic algorithms proposed to be used instead of conventional and demanding ones, in terms of computational resources.
Abstract: The Internet of Things (IoT) refers to the Internet-like structure of billions of interconnected constrained devices, denoted as “smart objects”. Smart objects have limited capabilities, in terms of computational power and memory, and might be battery-powered devices, thus raising the need to adopt particularly energy efficient technologies. Among the most notable challenges that building interconnected smart objects brings about, there are standardization and interoperability. The use of IP has been foreseen as the standard for interoperability for smart objects. As billions of smart objects are expected to come to life and IPv4 addresses have eventually reached depletion, IPv6 has been identified as a candidate for smart-object communication. The deployment of the IoT raises many security issues coming from (i) the very nature of smart objects, e.g., the adoption of lightweight cryptographic algorithms, in terms of processing and memory requirements; and (ii) the use of standard protocols, e.g., the need to minimize the amount of data exchanged between nodes. This paper provides a detailed overview of the security challenges related to the deployment of smart objects. Security protocols at network, transport, and application layers are discussed, together with lightweight cryptographic algorithms proposed to be used instead of conventional and demanding ones, in terms of computational resources. Security aspects, such as key distribution and security bootstrapping, and application scenarios, such as secure data aggregation and service authorization, are also discussed.
95 citations
•
20 Oct 1997TL;DR: In this article, a packet processing and packet transfer scheme capable of reducing packet processing overhead by eliminating a need to decrypt and re-encrypt the entire packet at a time of relaying encrypted packets is proposed.
Abstract: A packet processing and packet transfer scheme capable of reducing the packet processing overhead by eliminating a need to decrypt and re-encrypt the entire packet at a time of relaying encrypted packets In a packet processing device for relaying encrypted packets, a packet transferred to the packet processing device is received, where the packet has a packet processing key to be used in a prescribed packet processing with respect to a data portion of the packet, and the packet processing key is encrypted by using a first master key shared between a last device that applied a cipher communication related processing to the packet and the packet processing device Then, the packet processing key in the received packet is decrypted, without carrying out the prescribed packet processing with respect to the data portion of the packet, and the decrypted packet processing key is re-encrypted by using a second master key shared between a next device to apply the cipher communication related processing to the packet and the packet processing device Then, the packet with the re-encrypted packet processing key encoded therein is transmitted toward a destination of the received packet
94 citations
References
More filters
••
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
••
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations