Trust Management and Network Layer Security Protocols
read more
Citations
A survey of trust in internet applications
Implementing a distributed firewall
Trust management of services in cloud environments: Obstacles and solutions
A policy deployment model for the Ponder language
On the concept of trust
References
Security Architecture for the Internet Protocol
Using encryption for authentication in large networks of computers
Decentralized trust management
A security architecture for the Internet protocol
The Internet Key Exchange (IKE)
Related Papers (5)
Frequently Asked Questions (7)
Q2. What is the standard protocol technique used in IPSEC?
The standard protocol technique, employed in IPSEC [KA98], involves \\encapsulating" an encrypted network-layer packet inside a standard network packet, making the encryption transparent to intermediate nodes that must process packet headers for routing, etc.
Q3. What is the way to use a key-agreement protocol?
Two hosts can use any key-agreement protocol to negotiate keys with one another, and simply use those keys as part of the encapsulating and decapsulating packet transforms.
Q4. What is the common way to handle packets?
It may be forwarded to some network interface, dropped, or queued until an SA is made available, possibly after triggering some automated key management mechanism such as the IPSEC ISAKMP protocol[HC98].
Q5. What is the problem of network-layer security?
the design of encapsulation techniques for basic authentication and con dentiality services is not a conceptually di cult problem, and networklayer security protocols, such as IPSEC, have matured to the point of being standardized and implemented by commercial vendors.
Q6. How can lter-based policies be translated into trust management policies and credentials?
As the trust management mechanism is introduced, lter-based policies can be mechanically translated into trust-management policies and credentials.
Q7. What is the common approach to a packet-level security problem?
The obvious approach involves the use of a public-key or Needham-Schroeder [NS78] based key distribution scheme as the basis for a protocol that creates a new SA with whatever host attempts to communicate unsecured tra c in a manner that fails the packet-level security policy.