Showing papers on "IPsec published in 1995"

Security Architecture for the Internet Protocol

Abstract: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK]

IP Encapsulating Security Payload (ESP)

Abstract: This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. This document obsoletes RFC 2406 (November 1998). [STANDARDS-TRACK]

IP Authentication Header

Abstract: This document describes an updated version of the IP Authentication Header (AH), which is designed to provide authentication services in IPv4 and IPv6. This document obsoletes RFC 2402 (November 1998). [STANDARDS-TRACK]

IP in IP Tunneling

Abstract: This document discusses implementation techniques for using IP Protocol/Payload number 4 Encapsulation for tunneling with IP Security and other protocols.

A user authentication protocol for digital mobile communication network

Abstract: A new public-key user authentication protocol for mobile communication network is presented based on Harn (see Electronics Letters, vol.30, no.5, p.396, 1994) proposed modified ElGa-mal signature system and Rabin cryptosystem. It overcomes the shortcomings of secret-key authentication protocol used in GSM and CT-2 systems, and a has lower computational complexity and a higher security.

Internet security enters the Middle Ages

Abstract: The Internet continues its triumphant advance. It is commonly seen as the first incarnation of an information superhighway, or a national information infrastructure (NII). Because the Internet is dynamic, it has already changed significantly. The initial, research-oriented Internet and its protocol suite were designed for a benign environment best described as collegial, where users and hosts were mutually trusting and interested in a free, open exchange of information. These days, the Internet environment is less collegial and trustworthy; it encompasses all the risks, dangerous situations, and human vices found in society as a whole. The Internet has just entered the Middle Ages. The simple security model of the Stone Age still works for single hosts and LANs. But it no longer works for WANs in general and the Internet in particular. As a first step, firewalls have been erected at the Internet gateways. Because they are capable of selectively dropping or forwarding IP datagrams, firewalls also restrict the connectivity of the Internet as a whole. The Internet's firewalls are thus comparable to the town walls and front gates of the Middle Ages. Screening routers correspond to general-purpose gates, while proxy servers and application-layer gateways correspond to specialized gates. >

Security for the Internet Protocol.

Abstract: : Lack of widely available security is hindering the growth of the Internet, particularly for commercial users. Two security mechanisms have been designed for use with IPv4 and IPv6. They are an integral component of the IPv6 design but can also optionally work with IPv4. The fff St mechanism provides source host authentication and information integrity protection without confidentiality and should be exportable and widely deployable. The second mechanism protects the confidentiality of packet contents through the use of encryption. Both mechanisms are designed to be independent of any particular cryptographic algorithm so that new algorithms can be supported in the future without any change to the basic protocols.

The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange (E.I.S.S.-Report 1995/4)

Abstract: This informational RFC describes the basic mechanisms and functions of an identity based system for the secure authenticated exchange of cryptographic keys, the generation of signatures, and the authentic distribution of public keys.

Protection boundary for internetwork security

Abstract: A new protection boundary model for internetwork security is presented, and a security protocol suitable for the model proposed. Intermediate systems of the model do not fulfill security of service or confidentiality but authentication and integrity. The system does not require that the intermediate systems be fully secure, thus it is practical and can be easily implemented. Data between destination hosts are also protected through the confidentiality service, for which session keys are distributed under the proposed protocol with peer entity authentication.