Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Journal Article•
TL;DR: This paper proposes an anonymous geographic routing algorithm which includes three components to avoid the explicit exposure of identity and location in communication without compromising the efficiency guaranteed by geographic routing.
Abstract: Due to the utilization of location information, geographic ad hoc routing presents superiority in scalability compared with traditional topology-based routing in mobile ad hoc networks. However, the consequent solicitation for location presence incurs severe concerns of location privacy, which has not been properly studied. In this paper, we attempt to preserve location privacy based on the idea of dissociating user's location information with its identity. We propose an anonymous geographic routing algorithm which includes three components to avoid the explicit exposure of identity and location in communication without compromising the efficiency guaranteed by geographic routing.
58 citations
Additional excerpts
...as IPSec [ 9 ] are not applicable in our context either since routing information is not within the scope of protection....
[...]
TL;DR: This paper offers a preliminary taxonomy that unifies many proposed m-commerce usage scenarios into a single framework, and then uses this framework to analyze security issues.
Abstract: M-commerce is a new area arising from the marriage of electronic commerce with emerging mobile and pervasive computing technology. The newness of this area--and the rapidness with which it is emerging--makes it diffcult to analyze the technological problems that m-commerce introduces--and, in particular, the security and privacy issues. This situation is not good, since history has shown that security is very diffcult to retro-fit into deployed technology, and pervasive m-commerce promises (threatens?) to permeate and transform even more aspects of life than e-commerce and the Internet has. In this paper, we try to begin to rectify this situation: we offer a preliminary taxonomy that unifies many proposed m-commerce usage scenarios into a single framework, and then use this framework to analyze security issues.
58 citations
Cites background from "Security Architecture for the Inter..."
...E{commerce has heightened the focus on security both of systems and also for messaging and transactions [7, 11 ]....
[...]
...E{commerce has heightened the focus on security both of systems and also for messaging and transactions [ 7 ,11]....
[...]
07 Nov 2002
TL;DR: This work presents a polynomial-time approximation algorithm that guarantees a solution which is at most 16 times of the optimum in the recently proposed VPN hose model and designs an optimal restoration algorithm to minimize the total bandwidth reserved on the backup edges.
Abstract: A virtual private network (VPN) aims to emulate the services provided by a private network over the shared Internet. The endpoints of a VPN are connected using abstractions such as virtual channels (VCs) of ATM or label switched paths (LSPs) of MPLS technologies. Reliability of an end-to-end VPN connection depends on the reliability of the links and nodes in the fixed path that it traverses in the network. In order to ensure service quality and availability in a VPN, seamless recovery from failures is essential. This work considers the problem of fast recovery in the recently proposed VPN hose model. In the hose model, bandwidth is reserved for traffic aggregates instead of pairwise specifications to allow any traffic pattern among the VPN endpoints. This work assumes that the VPN endpoints are connected using a tree structure and, at any time, at most one tree link can fail (i.e., single link failure model). A restoration algorithm must select a set of backup edges and allocate necessary bandwidth on them in advance, so that the traffic disrupted by failure of a primary edge can be re-routed via backup paths. We aim at designing an optimal restoration algorithm to minimize the total bandwidth reserved on the backup edges. This problem is a variant of optimal graph augmentation problem which is NP-complete. Thus, we present a polynomial-time approximation algorithm that guarantees a solution which is at most 16 times of the optimum. The algorithm is based on designing two reductions to convert the original problem to one of adding minimum cost edges to the VPN tree so that the resulting graph is 2-connected, which can be solved in polynomial time using known algorithms. The two reductions introduce approximation factors of 8 and 2, respectively, thus resulting in a 16-approximation algorithm with polynomial time complexity.
58 citations
Cites background from "Security Architecture for the Inter..."
..., IPSEC [1], and tunneling based routing (e....
[...]
TL;DR: The proposed conceptual model will enable companies in a supply chain to better understand how their confidential information may be leaked through inferences and devise a quantitative approach to evaluating the risk of information leakage caused by inferences when a given amount of information is shared.
58 citations
Proceedings Article•
06 Jun 1999
TL;DR: An overview of the cryptography employed in OpenBSD is given, including the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network).
Abstract: Cryptographic mechanisms are an important security component of an operating system in securing the system itself and its communication paths. Indeed, in many situations, cryptography is the only tool that can solve a particular problem, e.g., network-level security. While cryptography by itself does not guarantee security, when applied correctly, it can significantly improve overall security. Since one of the main foci of the OpenBSD system is security, various cryptographic mechanisms are employed in a number of different roles.
This paper gives an overview of the cryptography employed in OpenBSD. We discuss the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network).
57 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations