Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: An assessment of the communication overheads of IPsec and the feasibility of deploying it on handheld devices for the UMTS architecture is evaluated and a quantitive analysis based on a detailed simulation model of an IPsec enabled handheld device is conducted.
70 citations
Cites background from "Security Architecture for the Inter..."
...IPsec [5] is a developing standard for providing security at the network layer of the Internet....
[...]
TL;DR: The aim of the paper is to discuss the advantages and disadvantages of the DTN approach compared to more conventional solutions, and to assess DTN performance by using a testbed based on a cluster of Linux PCs running theDTNperf application.
Abstract: Satellite communications pose serious challenges to transport layer performance, mainly because of long propagation delays (especially in geosynchronous systems) and the possi ble presence of random errors on the satellite link. Solutions that cope with these impairments usually rely upon either the adoption of enhanced versions of transport protocols, or the insertion of intermediate agents, like PEPs (Performance Enhancing Proxies). An alternative approach is to adopt the DTN (Delay/Disruption Tolerant Networking) architecture based on the introduction of the new "bundle" layer in the protocol stack. The aim of the paper is to discuss the advantages and disadvantages of the DTN approach compared to the more conventional solutions mentioned. DTN performance is assessed by considering both fully connected networks and networks where continuous connectivity cannot be guaranteed during data transfer and/or at start-up. Performance is evaluated by using the TATPA testbed (Testbed for Advanced Transport Protocols and Architectures), which is based on a cluster of Linux PCs running the DTNperf application, developed to this end by the authors and now included in the official DTN package. Comparative results show that DTN, coupled with TCP Hybla, outperforms NewReno, offering a performance very close to PEPsal and end- to-end Hybla, which are among the most effective solutions on satellite channels. In addition to these encouraging results, DTN offers an intrinsic greater robustness in intermittent or disruptive environments.
69 citations
Patent•
19 Apr 2012
TL;DR: In this paper, the authors present a system that includes a local proxy which wirelessly accesses the physical storage of other devices via a wireless network to cache the response or content for the mobile device, in response to detecting commonalities between the mobile devices and the other devices.
Abstract: Systems and methods of social caching for device resource sharing and management are disclosed. In one embodiment, a system includes a local proxy which wirelessly accesses the physical storage of other device via a wireless network to cache the response or content for the mobile device, in response to detecting commonalities between the mobile device and the other device. The commonalities can include, for example, common interests in users of the mobile device and the other device
69 citations
06 Aug 2007
TL;DR: This paper examines how the vulnerabilities of SIP can be exploited to compromise the reliability and trustworthiness of the billing of the SIP-based VoIP systems and presents four billing attacks on VoIP subscribers that could result in charges on the calls the subscribers have not made or overcharges on the VoIP calls they have made.
Abstract: Billing is fundamental to any commercial VoIP services and it has direct impact on each individual VoIP subscriber. One of the most basic requirements of any VoIP billing function is that it must be reliable and trustworthy. From the VoIP subscriber's perspective, VoIP billing should only charge them for the calls they have really made and for the duration they have called.
Existing VoIP billing is based on VoIP signaling. Therefore, any vulnerability in VoIP signaling is a potential vulnerability of VoIP billing. In this paper, we examine how the vulnerabilities of SIP can be exploited to compromise the reliability and trustworthiness of the billing of SIP-based VoIP systems. Specifically, we focus on the billing attacks that will create inconsistencies between what the VoIP subscribers received and what the VoIP service providers have provided. We present four billing attacks on VoIP subscribers that could result in charges on the calls the subscribers have not made or overcharges on the VoIP calls the subscribers have made. Our experiments show that Vonage and AT&T VoIP subscribers are vulnerable to these billing attacks.
69 citations
Cites methods from "Security Architecture for the Inter..."
...The SIP specification [19] recommends using TLS [6] or IPSec [11] to protect the SIP signaling path in SIP networks....
[...]
Dissertation•
01 Jan 2000
TL;DR: While other file systems need key management to map file names to encryption keys, SFS file names effectively contain public keys, making them self-certifying pathnames, making SFS more versatile than any file system with built-in key management.
Abstract: No secure network file system has ever grown to span the Internet. Existing systems all lack adequate key management for security at a global scale. Given the diversity of the Internet, any particular mechanism a file system employs to manage keys will fail to support many types of use.
We propose separating key management from file system security, letting the world share a single global file system no matter how individuals manage keys. We present SFS, a secure file system that avoids internal key management. While other file systems need key management to map file names to encryption keys, SFS file names effectively contain public keys, making them self-certifying pathnames. Key management in SFS occurs outside of the file system, in whatever procedure users choose to generate file names.
Self-certifying pathnames free SFS clients from any notion of administrative realm, making inter-realm file sharing trivial. They let users authenticate servers through a number of different techniques. The file namespace doubles as a key certification namespace, so that people can realize many key management schemes using only standard file utilities. Finally, with self-certifying pathnames, people can bootstrap one key management mechanism using another. These properties make SFS more versatile than any file system with built-in key management. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)
69 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations