Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Patent•
25 Feb 2005
TL;DR: In this paper, the authors present a system that applies a unique marking to RTM messages close to a point of message origination and then at a point close to message termination for the intended recipient examining a reputation store for information on the unique marking and using that information in conjunction with a set of policy rules to decide whether to pass, reject, pass on to an RTM store or otherwise filter the RTM message.
Abstract: A Voice over IP (VoIP) or Real Time Messaging (RTM) firewall device is claimed that protects VoIP or RTM network traffic by identifying and controlling the delivery of such network traffic that is unsolicited and undesired by the recipient (i.e. VoIP or RTM spam). The system involves applying a unique marking to RTM messages close to a point of message origination and then at a point close to message termination for the intended recipient examining a reputation store for information on the unique marking and using that information in conjunction with a set of policy rules to decide whether to pass, reject, pass on to an RTM store or otherwise filter the RTM message. The unique marking serves to identify a source characteristic of the message such as the message originator, a corporate affiliation for the originator, or a RTM network characteristic of the originator such as a transmission gateway.
57 citations
IBM1
TL;DR: This work describes the objectives and summarise the initial architecture of SEMPER, the first open and comprehensive solutions for secure commerce over the Internet and other public information networks.
Abstract: Backed by the European Commission, a consortium of partners from European industry, financial institutions, and academia has embarked on a research project to develop the fundamentals of secure electronic commerce. The goal of Project SEMPER (Secure Electronic Marketplace for Europe) is to provide the first open and comprehensive solutions for secure commerce over the Internet and other public information networks. We describe the objectives and summarise the initial architecture of SEMPER.
57 citations
31 Oct 2008
TL;DR: This paper presents an implementation of a security architecture for establishing Trusted Channels based on OpenSSL that provides the possibility to convey reliable integrity information of the involved endpoints and offers the high security standards of former approaches while being flexible, scalable and efficient to enable widespread deployment.
Abstract: Security breaches on the Internet rarely involve compromising secure channels - typically based on protocols like Transport Layer Security (TLS) or Internet Protocol Security (IPsec) - because communication endpoints are much easier to compromise. Recent approaches aiming to solve this problem rely on the TLS protocol to additionally provide integrity information of the involved endpoints. However, these solutions have shortcomings with regard to either security, functionality or compliance to the TLS specification. This prevents that those approaches are deployed in practice. In this paper, we present an implementation of a security architecture for establishing Trusted Channels based on OpenSSL that resolves the deficiencies of the previous solutions. It provides the possibility to convey reliable integrity information of the involved endpoints and offers the high security standards of former approaches while being flexible, scalable and efficient to enable widespread deployment.
57 citations
Cites background or methods from "Security Architecture for the Inter..."
...…of Trusted Channels based on OpenSSL* Frederik Armknecht, Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger Chair for System Security Ruhr University Bochum, Germany {frederik.armknecht, yacine.gasmi, ahmad.sadeghi, patrick.stewin, martin.unger}@trust.rub.de Gianluca…...
[...]
...However, they do not provide any protection from (maliciously) modi.ed software running on an endpoint....
[...]
01 Nov 2011
TL;DR: A smart way to apply dynamic wireless sensor networks (WSN) in logistics, where perishable goods like fruits and pharmaceuticals greatly benefit from real-time quality monitoring during storage and transport in order to avoid quality degradation and spoilage is described.
Abstract: In this paper we describe a smart way to apply dynamic wireless sensor networks (WSN) in logistics. Especially in the temperature controlled supply chain (cold chain), perishable goods like fruits and pharmaceuticals greatly benefit from real-time quality monitoring during storage and transport in order to avoid quality degradation and spoilage. In our system, wireless sensor nodes called SmartPoints monitor the environmental conditions and generate alarms when specific events are detected. Additionally, they calculate the remaining shelf life of the perishable goods they travel with. When there is an Internet-connected WSN available during travel, the shelf-life prediction and associated alarms are directly sent to a back-end server. Alternatively they are logged on the SmartPoints and flushed upon arrival, such that the remaining shelf-life and alarms are immediately clear and a full history will be available later. Our dynamic WSN supports a number of protocols that enable support for the dynamic processes in logistic processes. The Ambient middleware supports real-time monitoring and remote maintenance across the Internet via wired and mobile wireless network access technologies. Additionally, the middleware offers easy integration with third-party applications. Ambient Studio utilizes the middleware for remote WSN configuration and monitoring.
57 citations
20 May 2007
TL;DR: In this article, the authors describe new attacks which break any RFC-compliant implementation of IPsec making use of encryption-only ESP in tunnel mode, and report on their experiences in applying the attacks to a variety of implementations.
Abstract: We describe new attacks which break any RFC- compliant implementation of IPsec making use of encryption-only ESP in tunnel mode. The new attacks are both efficient and realistic: they are ciphertext-only and need only the capability to eavesdrop on ESP-encrypted traffic and to inject traffic into the network. We report on our experiences in applying the attacks to a variety of implementations of IPsec.
57 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations