Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
Patent•
30 Sep 2010TL;DR: In this article, the authors proposed a secure content distribution method for a configurable general-purpose electronic commercial transaction/distribution control system, which includes a process for encapsulating digital information in one or more digital containers, a process of encrypting at least a portion of digital information, a protocol for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container, and a process that delivering one or multiple digital containers to a digital information user.
Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI
7,643 citations
01 Jul 2003
TL;DR: RTP provides end-to-end network transport functions suitable for applications transmitting real-time data over multicast or unicast network services and is augmented by a control protocol (RTCP) to allow monitoring of the data delivery in a manner scalable to large multicast networks.
Abstract: This memorandum describes RTP, the real-time transport protocol. RTP provides end-to-end network transport functions suitable for applications transmitting real-time data, such as audio, video or simulation data, over multicast or unicast network services. RTP does not address resource reservation and does not guarantee quality-of-service for real-time services. The data transport is augmented by a control protocol (RTCP) to allow monitoring of the data delivery in a manner scalable to large multicast networks, and to provide minimal control and identification functionality. RTP and RTCP are designed to be independent of the underlying transport and network layers. The protocol supports the use of RTP-level translators and mixers.
7,183 citations
01 Jun 2002
TL;DR: Session Initiation Protocol (SIP) as discussed by the authors is an application layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants, such as Internet telephone calls, multimedia distribution, and multimedia conferences.
Abstract: This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences.
5,482 citations
18 Aug 1996
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Abstract: The use of cryptographic hash functions like MD5 or SHA-1 for message authentication has become a standard approach in many applications, particularly Internet security protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis.
We present new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitative way, that the schemes retain almost all the security of the underlying hash function. The performance of our schemes is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardwair can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.
1,815 citations
Cites background from "Security Architecture for the Inter..."
...This is motivated by the use of these functions in basic applications like IP (Internet Protocol) security [ At1 , At2] where the performance cost of such a function in∞uences the computational and network performance of many other applications....
[...]
TL;DR: It is argued that router mechanisms are needed to identify and restrict the bandwidth of selected high-bandwidth best-effort flows in times of congestion, and several general approaches are discussed for identifying those flows suitable for bandwidth regulation.
Abstract: This paper considers the potentially negative impacts of an increasing deployment of non-congestion-controlled best-effort traffic on the Internet. These negative impacts range from extreme unfairness against competing TCP traffic to the potential for congestion collapse. To promote the inclusion of end-to-end congestion control in the design of future protocols using best-effort traffic, we argue that router mechanisms are needed to identify and restrict the bandwidth of selected high-bandwidth best-effort flows in times of congestion. The paper discusses several general approaches for identifying those flows suitable for bandwidth regulation. These approaches are to identify a high-bandwidth flow in times of congestion as unresponsive, "not TCP-friendly", or simply using disproportionate bandwidth. A flow that is not "TCP-friendly" is one whose long-term arrival rate exceeds that of any conformant TCP in the same circumstances. An unresponsive flow is one failing to reduce its offered load at a router in response to an increased packet drop rate, and a disproportionate-bandwidth flow is one that uses considerably more bandwidth than other flows in a time of congestion.
1,787 citations
Cites methods from "Security Architecture for the Inter..."
...The use of encryption in the IP Security Protocol (IPsec) [15] could prevent routers from using source IP addresses and port numbers for identifying some flows; for this traffic, routers could use the triple in the packet header that defines the Security Association to identify individual flows or aggregates of flows....
[...]
References
More filters
01 Sep 1993
TL;DR: This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system, presently in production use at MIT's Project Athena, and at other Internet sites.
Abstract: This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system Version 4, described elsewhere [1,2], is presently in production use at MIT's Project Athena, and at other Internet sites
1,451 citations
01 Aug 1995
TL;DR: This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6.
Abstract: This document describes an updated version of the Encapsulating
Security Payload (ESP) protocol, which is designed to provide a mix of
security services in IPv4 and IPv6. ESP is used to provide
confidentiality, data origin authentication, connectionless integrity,
an anti-replay service (a form of partial sequence integrity), and
limited traffic flow confidentiality. This document obsoletes RFC 2406
(November 1998). [STANDARDS-TRACK]
1,422 citations
"Security Architecture for the Inter..." refers background in this paper
...Both protocols are described in more detail in their respective RFCs [KA98a, KA98b ]....
[...]
...The Encapsulating Security Payload (ESP) protocol [ KA98b ] may provide confidentiality (encryption), and limited traffic flow confidentiality....
[...]
...b. security protocols ‐ RFCs describing the Authentication Header (AH) [KA98a] and Encapsulating Security Payload (ESP) [ KA98b ] protocols....
[...]
01 Aug 1995
TL;DR: This document describes an updated version of the IP Authentication Header (AH), which is designed to provide authentication services in IPv4 and IPv6, and obsoletes RFC 2402 (November 1998).
Abstract: This document describes an updated version of the IP Authentication
Header (AH), which is designed to provide authentication services in
IPv4 and IPv6. This document obsoletes RFC 2402 (November 1998).
[STANDARDS-TRACK]
934 citations
TL;DR: A resource reservation protocol (RSVP), a flexible and scalable receiver-oriented simplex protocol, that provides receiver-initiated reservations to accommodate heterogeneity among receivers as well as dynamic membership changes and supports a dynamic and robust multipoint-to-multipoint communication model.
Abstract: A resource reservation protocol (RSVP), a flexible and scalable receiver-oriented simplex protocol, is described. RSVP provides receiver-initiated reservations to accommodate heterogeneity among receivers as well as dynamic membership changes; separates the filters from the reservation, thus allowing channel changing behavior; supports a dynamic and robust multipoint-to-multipoint communication model by taking a soft-state approach in maintaining resource reservations; and decouples the reservation and routing functions. A simple network configuration with five hosts connected by seven point-to-point links and three switches is presented to illustrate how RSVP works. Related work and unresolved issues are discussed. >
872 citations