scispace - formally typeset
Search or ask a question

Showing papers on "IPsec published in 2000"


Book
17 Oct 2000
TL;DR: The Story So Far: Protecting Secrets in Memory, a Simple Secure Messaging System, and Coding with SSL, which describes the challenges of designing and implementing such a system.
Abstract: Preface. 1. Security Concepts. Introduction. The Internet Threat Model. The Players. The Goals of Security. Tools of the Trade. Putting It All Together. A Simple Secure Messaging System. A Simple Secure Channel. The Export Situation. Real Cryptographic Algorithms. Symmetric Encryption: Stream Ciphers. Symmetric Encryption: Block Ciphers. Digest Algorithms. Key Establishment. Digital Signature. MACs. Key Length. Summary. 2. Introduction to SSL. Introduction. Standards and Standards Bodies. SSL Over view. SSL/TLS Design Goals. SSL and the TCP/IP Suite. SSL History. SSL for the Web. Everything over SSL. Getting SSL. Summary. 3. Basic SSL. Introduction. SSL Over view. Handshake. SSL Record Protocol. Putting the Pieces Together. A Real Connection. Some More Connection Details. SSL Specification Language. Handshake Message Structure. Handshake Messages. Key Derivation. Record Protocol. Alerts and Closure. Summary. 4. Advanced SSL. Introduction. Session Resumption. Client Authentication. Ephemeral RSA. Rehandshake. Server Gated Cryptography. DSS and DH. Elliptic Curve Cipher Suites. Kerberos. FORTEZZA. The Story So Far. Session Resumption Details. Client Authentication Details. Ephemeral RSA Details. SGC Details. DH/DSS Details. FORTEZZA Details. Error Alerts. SSLv2 Backward Compatibility. Summary. 5. SSL Security. Introduction. What SSL Provides. Protect the master_secret. Protect the Server's Private Key. Use Good Randomness. Check the Certificate Chain. Algorithm Selection. The Story So Far. Compromise of the master_secret. Protecting Secrets in Memory. Securing the Server's Private Key. Random Number Generation. Certificate Chain Verification. Partial Compromise. Known Attacks. Timing Cryptanalysis. Million Message Attack. Small-Subgroup Attack. Downgrade to Export. Summary. 6. SSL Performance. Introduction. SSL Is Slow. Performance Principles. Cryptography Is Expensive. Session Resumption. Handshake Algorithm and Key Choice. Bulk Data Transfer. Basic SSL Performance Rules. The Story So Far. Handshake Time Allocation. Normal RSA Mode. RSA with Client Authentication. Ephemeral RSA. DSS/DHE. DSS/DHE with Client Authentication. Performance Improvements with DH. Record Processing. Java. SSL Servers under Load. Hardware Acceleration. Inline Hardware Accelerators. Network Latency. The Nagle Algorithm. Handshake Buffering. Advanced SSL Performance Rules. Summary. 7. Designing with SSL. Introduction. Know What You Want to Secure. Client Authentication Options. Reference Integrity. Inappropriate Tasks. Protocol Selection. Reducing Handshake Overhead. Design Strategy. The Story So Far. Separate Ports. Upward Negotiation. Downgrade Attacks. Reference Integrity. Username/Password Authentication. SSL Client Authentication. Mutual Username/Password Authentication. Rehandshake. Secondary Channels. Closure. Summary. 8. Coding with SSL. Introduction. SSL Implementations. Sample Programs. Context Initialization. Client Connect. Server Accept. Simple I/O Handling. Multiplexed I/O Using Threads. Multiplexed I/O with select(). Closure. Session Resumption. What's Missing? Summary. 9. HTTP over SSL. Introduction. Securing the Web. HTTP. HTML. URLs. HTTP Connection Behavior. Proxies. Virtual Hosts. Protocol Selection. Client Authentication. Reference Integrity. HTTPS. HTTPS Overview. URLs and Reference Integrity. Connection Closure. Proxies. Virtual Hosts. Client Authentication. Referrer. Substitution Attacks. Upgrade. Programming Issues. Proxy CONNECT. Handling Multiple Clients. Summary. 10. SMTP over TLS. Introduction. Internet Mail Security. Internet Messaging Overview. SMTP. RFC 822 and MIME. E-Mail Addresses. Mail Relaying. Virtual Hosts. MX Records. Client Mail Access. Protocol Selection. Client Authentication. Reference Integrity. Connection Semantics. STARTTLS. STARTTLS Overview. Connection Closure. Requiring TLS. Virtual Hosts. Security Indicators. Authenticated Relaying. Originator Authentication. Reference Integrity Details. Why Not CONNECT? What's STARTTLS Good For? Programming Issues. Implementing STARTTLS. Server Startup. Summary. 11. Contrasting Approaches. Introduction. The End-to-End Argument. The End-to-End Argument and SMTP. Other Protocols. IPsec. Security Associations. ISAKMP and IKE. AH and ESP. Putting It All Together: IPsec. IPsec versus SSL. Secure HTTP. CMS. Message Format. Cryptographic Options. Putting It All Together: S-HTTP. S-HTTP versus HTTPS. S/MIME. Basic S/MIME Formatting. Signing Only. Algorithm Choice. Putting It All Together: S/MIME. Implementation Barriers. S/MIME versus SMTP/TLS. Choosing the Appropriate Solution. Summary. Appendix A: Example Code. Chapter 8. Examples. Java Examples. Chapter 9. HTTPS Examples. mod_ssl Session Caching. Appendix B: SSLv2. Introduction. SSLv2 Overview. Missing Features. Security Problems. PCT. What about SSLv1? Bibliography. Index. 0201615983T04062001

452 citations


Patent
20 Dec 2000
TL;DR: In this article, a system is provided for establishing a secure link among multiple users on a single machine with a remote machine, which includes a subsystem to filter traffic so that traffic from each user is separate.
Abstract: A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).

120 citations


01 Oct 2000
TL;DR: Two conceptual models for the interaction of diffserv with Internet Protocol (IP) tunnels are described and employs them to explore the resulting configurations and combinations of functionality.
Abstract: This document considers the interaction of Differentiated Services (diffserv) (RFC 2474, RFC 2475) with IP tunnels of various forms. The discussion of tunnels in the diffserv architecture (RFC 2475) provides insufficient guidance to tunnel designers and implementers. This document describes two conceptual models for the interaction of diffserv with Internet Protocol (IP) tunnels and employs them to explore the resulting configurations and combinations of functionality. An important consideration is how and where it is appropriate to perform diffserv traffic conditioning in the presence of tunnel encapsulation and decapsulation. A few simple mechanisms are also proposed that limit the complexity that tunnels would otherwise add to the diffserv traffic conditioning model. Security considerations for IPSec tunnels limit the possible functionality in some circumstances.

115 citations


Patent
02 Aug 2000
TL;DR: In this paper, a method and system for monitoring the status of an active secure tunnel between a pair of network elements in a communications network is presented, where the first network element originates and transmits an Internet Protocol Security (IPSec) test message to a second network element using a first unidirectional secure tunnel in response to the receipt of active tunnel monitor command.
Abstract: A method and system for monitoring the status of an active secure tunnel between a pair of network elements in a communications network. The first network element originates and transmits an Internet Protocol Security (IPSec) test message to a second network element using a first unidirectional secure tunnel in response to the receipt of an active tunnel monitor command. The second network element receives the IPSec test message and transmits a response back to the first network element using a second unidirectional secure tunnel. The number of times that second network element failed to return a response to an IPSec test message is accumulated during a predetermined time interval and then compared with a threshold value to determine if the active secure tunnel has become disabled.

101 citations


Proceedings ArticleDOI
17 Apr 2000
TL;DR: This paper proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures, and develops a compression technique that reduces the memory requirements of ACE without the need for dedicated hardware.
Abstract: Architectures that implement the Internet Protocol Security (IPSec) standard have to meet the enormous computing demands of cryptographic algorithms. In addition, IPSec architectures have to be flexible enough to adapt to diverse security parameters. This paper proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures. By taking advantage of FPGA technology, ACE can adapt to diverse security parameters on the fly while providing superior performance compared with software-based approaches. For example, for the final candidate algorithms of the Advanced Encryption Standard (AES), our techniques lead to throughput speed-up of 4-20 while the key-setup latency time is reduced by a factor of 20-700 compared with software-based approaches. We also develop a compression technique that reduces the memory requirements of ACE without the need for dedicated hardware. Though data compression has been extensively studied before, we are not aware of any prior work that addresses the compression problem of FPGA-based embedded systems with respect to the implementation cost. Using our technique, we demonstrate up to 40% savings in memory for various configuration bit-streams.

91 citations


Patent
12 Jan 2000
TL;DR: In this article, a system, method and program product for defining a Virtual Private Network (VPN) by the sum of a plurality of policy segments is presented, where each policy segment is composed of a policy segment name, policy segment type, a VPN device list, a policy template, a quality of service template and a connection type.
Abstract: A system, method and program product for defining a Virtual Private Network (VPN) by the sum of a plurality of policy segments. Each policy segment is composed of a policy segment name, a policy segment type, a VPN device list, a policy template, a quality of service template and a connection type. The policy segment type can include Internet Protocol Security (IPsec), Differential Services (DiffServ) or Reservation Protocol (RSVP). The group of devices in a policy segment are it specified in a device list which is a collection of other device lists and/or device interface profiles. The group of common policy components are specified in a policy template. Policy templates contain the condition and action references that are used to generate policies for the policy segment. The condition reference includes a validity period and a traffic profile. The action reference includes at least one of an IPsec action, a DiffServ action or an RSVP action. The device list, connection type, and policy template are combined to generate all of the policies for a policy segment.

83 citations


Patent
02 Aug 2000
TL;DR: In this article, a method and system for determining the connectivity of a virtual private network IP security (IPSec) tunnel between two network elements by originating a plurality of connection tests between the network elements is presented.
Abstract: A method and system for determining the connectivity of a virtual private network IP security (IPSec) tunnel between two network elements by originating a plurality of connection tests between the network elements. The first network element transmits a connectivity test message to the second network element over the secure tunnel upon receipt of an initiate connectivity test command. The secure tunnel includes two unidirectional tunnels. The second network element receives the connectivity test message over the first unidirectional secure tunnel and transmits a response back to the first network element over the second unidirectional secure tunnel. The number of successful responses received from the second network element are accumulated and the results are reported back to the source of the connectivity test command.

74 citations


Journal ArticleDOI
TL;DR: The authors explain how its Internet Key Exchange (IKE) mechanism works and suggest improvements.
Abstract: The IPSec (IP Security) protocol is a recently proposed standard of the Internet Engineering Task Force (IETF) for securing real-time communications on the Internet. The authors explain how its Internet Key Exchange (IKE) mechanism works and suggest improvements.

74 citations


Patent
05 Jun 2000
TL;DR: In this article, a hardware function performed in the data link control layer first determines if a received frame is an IP frame requiring IPSec processing, and if it is, places the IPSec frame on a separate receive queue for subsequent inbound processing.
Abstract: A hardware function performed in the data link control layer first determines if a received frame is an IP frame requiring IPSec processing, and if it is, places the IPSec frame on a separate receive queue for subsequent inbound processing. The hardware function further determines if a frame to be transmitted is an IP frame requiring IPSec outbound processing, and if it is, places the IPSec frame on a separate transmit queue for subsequent outbound processing. To determine if an IP frame is an IPSec frame, the hardware function examines both the type field in the Medium Access Control (MAC) header and the protocol field in the IP header, both at the data link control layer. Once IPSec and non-IPSec traffic are separated at the data link layer into different receive or transmit queues, a hardware assist component processes the IPSec data frames in parallel with the processing of non-IPSec data frames by the processor in the network device. The hardware assist component performs the IPSec functions of encryption and decryption, security association management, and key exchange.

61 citations


01 Sep 2000
TL;DR: Extensions to the Domain Name System (DNS) that can provide data origin and transaction integrity and authentication to security aware resolvers and applications through the use of cryptographic digital signatures are described in [RFC 2535].
Abstract: Extensions to the Domain Name System (DNS) are described in [RFC 2535] that can provide data origin and transaction integrity and authentication to security aware resolvers and applications through the use of cryptographic digital signatures.

58 citations


Patent
27 Nov 2000
TL;DR: An architecture for a high performance IPSEC accelerator is described in this paper, which includes components for scanning fields of packets, programming an IPSEC services device according to the scanned fields, and modifying the scanned packet with an output from the IPSEC security services device.
Abstract: An architecture for a high performance IPSEC accelerator. The architecture includes components for scanning fields of packets, programming an IPSEC services device according to the scanned fields, and modifying the scanned packet with an output from the IPSEC security services device. Preferably, the architecture is implemented in hardware, and attached to a host machine. Hardware devices, fast in comparison to software processing and network speeds, allows the computationally intensive IPSEC processes to be completed in real-time and reduce or eliminate bottlenecks in the path of a packet being sent or received to/from a network.

Proceedings Article
14 Aug 2000
TL;DR: A multi-layer security protection scheme for IPsec is proposed, which uses a finer-grain access control to allow trusted intermediate routers to read and write selected portions of IP datagrams in a secure and controlled manner.
Abstract: IPsec [KA98c] is a suite of standard protocols that provides security services for Internet communications. It protects the entire IP datagram in an "end-to-end" fashion; no intermediate network node in the public Internet can access or modify any information above the IP layer in an IPsec-protected packet. However, recent advances in internet technology introduce a rich new set of services and applications, like traffic engineering, TCP performance enhancements, or transparent proxying and caching, all of which require intermediate network nodes to access a certain part of an IP datagram, usually the upper layer protocol information, to perform flow classification, constraint-based routing, or other customized processing. This is in direct conflict with the IPsec mechanisms. In this research, we propose a multi-layer security protection scheme for IPsec, which uses a finer-grain access control to allow trusted intermediate routers to read and write selected portions of IP datagrams (usually the headers) in a secure and controlled manner.

Patent
Yasushi Murakawa1
01 Dec 2000
TL;DR: In this article, a method of Virtual Private Network (VPN) communication employed for a security gateway apparatus and the security gateway using the same, which allow a personal computer outside a local area network (LAN) to access, via a WAN, to a terminal on the LAN, virtually regarding the outside PC as a terminal in the LAN.
Abstract: A method of the Virtual Private Network (VPN) communication employed for a security gateway apparatus and the security gateway apparatus using the same, which allow a personal computer outside a local area network (LAN) to access, via a WAN, to a terminal on the LAN, virtually regarding the outside PC as a terminal on the LAN. The communication method is employed for a security gateway apparatus to connect, through concentration and conversion process, between a LAN and a WAN including a public network. Security Architecture for the Internet Protocol (IPsec) establishes VPN with an outside PC having a dialup connection to the WAN. During an Internet Key Exchange (IKE) communication that is performed prior to the IPsec communication, the security gateway apparatus integrates a Dynamic Host Configuration Protocol (DHCP) communication option into an IKE data, and designates the IP address of the outside PC from a tunneled IP packet.

Journal ArticleDOI
TL;DR: This paper examines some security issues on the Internet Key Exchange (IKE) protocol specified in RFC 2409 for clarifying some specification ambiguities inRFC 2409 and facilitating a correct implementation of the IKE protocol.

Patent
09 Jun 2000
TL;DR: In this article, a finite state machine (FSM) is used to maintain the security policy information of the network client, where policy information may originate in a remote source such as a directory storage as well as locally in cache and local store locations.
Abstract: A method of network security policy administration for a network client uses a finite state machine to maintain the security policy information of the network client. Security policy information may originate in a remote source such a directory storage as well as, or alternatively, locally in cache and local store locations. The finite state machine has four states, Initial, DS, Cache, and Local, and transitions between states responsive to the availability of security policy information from the various policy information sources. Furthermore, security policy updates occur via a differencing mechanism, wherein only filters that have changed are updated, minimizing impact on unchanged policy filters and the traffic protected by them, and minimizing lulls in policy coverage.

09 Mar 2000
TL;DR: The Security Policy Specification Language (SPSL) as discussed by the authors is a language designed to express security policies, security domains, and entities that manage the policies and domains, as well as their entities.
Abstract: This document describes the Security Policy Specification Language (SPSL), a language designed to express security policies, security domains, and the entities that manage the policies and domains. The syntax and semantics of the language are presented here. SPSL currently supports policies for packet filtering, IP Security (IPsec), and IKE exchanges. However, it may easily be extended to express other types of policies.

01 Jun 2000
TL;DR: This memo describes the use of the HMAC algorithm in conjunction with the RIPEMD-160 algorithm as an authentication mechanism within the revised IPSEC Encapsulating Security Payload [ESP] and the revisedIPSEC Authentication Header [AH].
Abstract: This memo describes the use of the HMAC algorithm [RFC 2104] in conjunction with the RIPEMD-160 algorithm [RIPEMD-160] as an authentication mechanism within the revised IPSEC Encapsulating Security Payload [ESP] and the revised IPSEC Authentication Header [AH]. HMAC with RIPEMD-160 provides data origin authentication and integrity protection.

Patent
31 Aug 2000
TL;DR: A system and method for interconnecting multiple virtual private networks (VPNs) using multiple service providers (120, 130) while offering a minimum standard of end-to-end connection quality and reliability is presented in this paper.
Abstract: A system and method for interconnecting multiple VPNs (122, 124, 126, 132), each using multiple service providers (120, 130), while offering a minimum standard of end-to-end connection quality and reliability The system and method utilizes an overseer that resolves end-to-end issues across multiple interconnected virtual private networks (122, 124, 126, 132) When connecting multiple virtual private networks (122, 124, 126, 132) multiple interconnect providers (120, 130) are interconnected so that the end-to-end service quality standard The certification of service providers, exchange points, transit service providers and IPSec devices permits interoperability for encryption, integrity and authentication across the product of all IPSec vendors When two subscribers both use certified IPSec equipment then they can provide each other with controlled access to each other's networks

Proceedings ArticleDOI
08 Nov 2000
TL;DR: This work uses a system model for IPsec transactions to derive an inequality that specifies the conditions required for data compression to improve performance, and generates performance results for many combinations of network types, data types, packet sizes, and encryption, authentication and compression algorithms.
Abstract: Virtual private networks (VPNs) allow two or more parties to communicate securely over a public network. Using cryptographic algorithms and protocols, VPNs provide security services such as confidentiality, host authentication and data integrity. The computation required to provide adequate security, however, can significantly degrade the performance. We characterize the extent to which data compression can alleviate this performance problem in a VPN implemented with the IP Security Protocol (IPsec). We use a system model for IPsec transactions to derive an inequality that specifies the conditions required for data compression to improve performance. We generate performance results for many combinations of network types, data types, packet sizes, and encryption, authentication and compression algorithms. We find that compression usually improves the performance when using 10 Mbps or slower networks, but compression only improves the performance in systems with 100 Mbps or 1 Gbps networks when using computationally intensive encryption algorithms.

Patent
Chun Ye1
27 Apr 2000
TL;DR: In this article, a caching mechanism is used to enhance the speed of retrieving the security data for secure transmission of network packets using a plurality of security policy filters, and each filter may have multiple security data entries associated with different communication streams.
Abstract: A system and method for retrieving security data, such as Security Associations (“SAs”) of the IPSec protocols, required for secured transmission of network packets uses a caching mechanism to significantly enhance the speed of retrieving the security data. The system has a plurality of security policy filters, and each filter may have multiple security data entries associated with different communication streams. To enable fast retrieval of security data for network communication packets, the system maintains cache table. Each entry of the cache table contains data identifying a communication stream and negotiated SA data or an exempt filter for that stream. When a packet passes through the system, a security driver derives an index value from the communication stream data of the packet, and the cache table entry corresponding to the derived index value is then retrieved. If the retrieved security data in the cache table entry matches the packet, the security data therein are used for secured delivery of the packet.

Journal ArticleDOI
TL;DR: This paperribes serious attacks against IP control and management protocols with an accent on the ICMP protocol, as well as some of the well-known vulnerabilities of the inter-domain routing protocols.

Book
11 Dec 2000
TL;DR: A Technical Guide to IPSec Virtual Private Networks provides a single point of information that represents hundreds or resources and years of experience with IPSec VPN solutions and cuts through the complexity surrounding IPSec and the idiosyncrasies of design, implementation, operations, and security.
Abstract: From the Publisher: What is IPSec? What's a VPN? Why do the need each other? Virtual Private Network (VPN) has become one of the most recognized terms in our industry, yet there continuously seems to be different impressions of what VPNs really are and can become. A Technical Guide to IPSec Virtual Private Networks provides a single point of information that represents hundreds or resources and years of experience with IPSec VPN solutions. It cuts through the complexity surrounding IPSec and the idiosyncrasies of design, implementation, operations, and security.Starting with a primer on the IP protocol suite, the book travels layer by layer through the protocols and the technologies that make VPNs possible. It includes security theory, cryptography, RAS, authentication, IKE, IPSec, encapsulation, keys, and policies. After explaining the technologies and their interrelationships, the book provides sections on implementation and product evaluation. A Technical Guide to IPSec Virtual Private Networks arms information security, network, and system engineers and administrators with the knowledge and the methodologies to design and deploy VPNs in the real world for real companies.

20 Mar 2000
TL;DR: This paper introduces the motivation behind RSIP, the RSIP architecture, and provides a basic overview of theRSIP protocol.
Abstract: Realm Specific IP (RSIP) is a new architecture under consideration in the Internet Engineering Task Force (IETF) that can potentially alleviate some of the problems associated with partitioning of the Internet address space due to, for example, the shortage of IPv4 addresses. It is being positioned as a replacement for Network Address Translation (NAT), because, among other things, it can support end-to-end security via IPsec, which NAT cannot. This paper introduces the motivation behind RSIP, the RSIP architecture, and provides a basic overview of the RSIP protocol.

Proceedings ArticleDOI
04 Jun 2000
TL;DR: It is shown that IV attacks can be a serious threat for IPsec if IPsec is not used carefully, and the defense methods against these attacks are discussed.
Abstract: In this paper, we analyze the security of IPsec against a class of attacks known as the IV attacks, which are based on modifying the initialization vector (IV) of a CBC-encrypted packet during transmission. We show that IV attacks can be a serious threat for IPsec if IPsec is not used carefully. We also discuss the defense methods against these attacks.

Journal ArticleDOI
TL;DR: The algorithms and protocols of IPsec's Internet Key Exchange (IKE) are explained and the types of security that the various IKE modes provide are discussed.
Abstract: The IETF has advanced the IPsec protocols to draft standard status. These protocols include mechanisms for the establishment of a secure channel, via cryptographic key exchange, over an insecure medium. Such a channel can then be used for ensuring the confidentiality, authentication, and/or integrity of the communications between two parties. We explain the algorithms and protocols of IPsec's Internet Key Exchange (IKE) and discuss the types of security that the various IKE modes provide.

Proceedings ArticleDOI
21 Aug 2000
TL;DR: This work performs comparative research on the existing tunneling protocols including GRE, L2TP, IPSec and IP/IP and proposes an integrated scheme of tunneling mechanism that supports VPN under the current condition.
Abstract: It is a trend of virtual private networks (VPN) to be used for information exchange between enterprises, between branches of enterprises and between enterprises and their employees instead of traditional dial networks and leased lines. The tunneling technique is the key technique to implement VPN. With the VPN implementation requirements in mind, we perform comparative research on the existing tunneling protocols including GRE, L2TP, IPSec and IP/IP. We also propose an integrated scheme of tunneling mechanism that supports VPN under the current condition.

Patent
Rajeev Koodli1, Senthil Sengodan1
26 Dec 2000
TL;DR: In this article, the authors present a method and apparatus which permits access, by intermediate nodes between source and destination nodes, to selected information such as transport level information, normally included in a payload of a packet upon which encrypting security processing has been performed according to an encryption security protocol.
Abstract: A method and apparatus which permits access, by intermediate nodes between source and destination nodes, to selected information such as transport level information, normally included in a payload of a packet upon which encrypting security processing has been performed according to an encrypting security protocol. In the present invention, prior to performing encrypting security processing on the packet, according to the security protocol, information related to selected information normally included in a payload of the packet is stored in a field in the header of the packet where the field is not subject to the encrypting security processing. Thereafter, encrypting security processing according to the security protocol is performed on the packet. The packet including the header having stored therein information corresponding to the selected information normally included in the payload and the payload upon which encrypting security processing has been performed is then transmitted on the packet switched network to its destination. Since the information related to the selected information normally included in the payload of the packet is stored in the header of the packet, access to the selected information by the intermediate nodes between source and destination nodes in a packet switched network is possible.

Proceedings ArticleDOI
21 Aug 2000
TL;DR: This paper analyses the most prominent current approaches for improving the functionality of Mobile IP from a security point of view, focussing on the criteria of efficiency, scalability, transparency, and manageability which are crucial for application in real world networks.
Abstract: The upcoming protocol architecture for mobile communications in the Internet, Mobile IP, inhibits various potential vulnerabilities to malicious attacks and, therefore, requires the integration of appropriate security services. This paper analyses the most prominent current approaches for improving the functionality of Mobile IP from a security point of view, focussing on the criteria of efficiency, scalability, transparency, and manageability which are crucial for application in real world networks. The three big topics covered are authentication and key management, confidentiality and integrity, and efficient micro-mobility support. The paper concludes with an outlook to ongoing research efforts addressing the problems identified before.

Book
24 Jul 2000
TL;DR: This chapter discusses the development of the Diffie-Hellman Idea, which led to the creation of the RSA, and its applications, including PPP, ECP, TLS, EAP, DESE-bis, and 3DESE.
Abstract: (NOTE: Each chapter concludes with a Summary.) 1. Introduction. Security Problems. How Pervasive Are Security Attacks? Types of Security Services. Introduction to the Firewall. The Security Policy. Trusted and Untrusted Networks. Security and Risk Management. Virtual Private Networks (VPNs). The Modern VPN. VPNs and SLAs. The Debate of Privacy vs. Law Enforcement. 2. Types of Security Violations. Types of Security Problems. Denial of Service: Attacks and Counter-Attacks. Virus. Worm. Clogging or Flooding. Trojan Horse. Bomb. Trap Door. Salami. Replay Violations. Cookies. Applets and Sandboxes. Other Problems. 3. Basic Security Concepts. How Secure Is Secure? Definitions. Encryption and Decryption. Basic Encryption and Decryption Methods. The German Enigma Machine. Substitution and Transposition. One-Way Functions and Modular Arithmetic. Example of a One-Way Function. The Diffie-Hellman Idea Using Modular Arithmetic. The Hash Function. Use of a One-Way Hash Function. Randomness of Keys. Randomness or Lack Thereof Equals the Demise of a Crypto System. Key Problem: Exchanging Keys. Awkwardness of Key Distribution. The Asymmetric Key. Use of the Asymmetric Keys in Reverse Order. Asymmetric Keys for Privacy. Asymmetric Keys for Authentication: The Digital Signature. The Next Step: RSA. The RSA Key Pairs. Key Transport and Key Generation. Message Authentication Code (MAC) and Key Hashing. Putting Together the Security Functions. Paul Zimmerman and Pretty Good Privacy (PGP). PGP's Use of Key Certificates. Example of a PGP Public Key. OpenPGP. Perfect Forward Secrecy (PFS). Man-in-the-Middle Attack. Certification. The Certification Procedure. Anti-Replay Measures. Security in a Mobile Network. Authentication. Privacy Operations. 4. Firewalls. What Is a Firewall? Protection from Untrusted Networks. Permitting and Denying Services. What Firewalls Can Do and Cannot Do. Packet Filtering. Proxy or Application Firewalls. NCSA Guidance. Managed Firewall Services (MFWS). Evaluating a Firewall Service Provider. Firewalls with Internet Security Protocols (IPSec). SOCKS. 5. Prominent Internet Security Procedures. Diffie-Hellman. Diffie-Hellman and RFC 2631. Rivest, Shamir, and Adleman (RSA). RSA in RFC 2437. MD5. MD5 Vulnerabilities? RFC 2537: RSA, MD5, and DNS. RSA Public KEY Resource Records. RSA/MD5 SIG Resource Records. Performance Considerations. The Secure Hash Standard (SHA-1) and The Secure Hash Algorithm (SHA). RIPEMD-160. Comparisons of MD5, SHA-1, RIPEMD-160, and MD5-HMAC. HMAC. Performance and Security of HMAC. HMAC with IPSec. The OAKLEY Key Determination Protocol. Beyond Diffie-Hellman and STS. OAKLEY Key Exchange Processing. The Essential Key Exchange Message Fields. 6. PPP, ECP, TLS, EAP, DESE-bis, and 3DESE. PPP and HDLC. LCP. General Example of PPP Operations. PPP Phase Diagram. Link Dead (Physical Layer Not Ready). Link Establishment Phase. Authentication Phase. Network Layer Protocol Phase. Link Termination Phase. LCP Packets. Configure-Request. Configure-Ack. Configure-Nak. Configure-Reject. Terminate-Request and Terminate-Ack. Code-Reject. Protocol-Reject. Echo-Request and Echo-Reply. Discard-Request. Other Supporting Cast Members for PPP Security Services. Transport Layer Security Protocol (TLS). Goals of TLS. PPP Encryption Control Protocol (ECP). PPP Extensible Authentication Protocol (EAP). PPP DES Encryption Protocol, Version 2 (DESE-bis). Configuration Option for ECP. Packet Format for DESE. PPP Triple-DES Encryption Protocol (3DESE). The Algorithm. Keys. 3DESE Configuration Option for ECP. Packet Format for 3DESE. 7. Dial-in Operations with PAP, CHAP, RADIUS and DIAMETER. PAP and CHAP. PAP. Key Aspects of PAP. CHAP. CHAP Messages. RADIUS. RADIUS Configuration. Example of a RADIUS Message Exchange. Use of UDP. RADIUS Message Format. RADIUS Attributes. Examples of RADIUS Operations. Problems with RADIUS. DIAMETER. DIAMETER Message Formats. Message Header. Message Body for the AVP. DIAMETER-Command AVP. Message-Reject-Ind Command. Approach to the Remainder of Message Descriptions. Basic Operations. DIAMETER Support of Dial-Ins To/From SS7. Session Setup Messages Signaling Gateway/ NAS Controller Interaction. Message Exchanges Examples. 8. IPSec Architecture. Basics of IPSec. IPSec Services. IPSec Traffic Security Protocols. Security Association (SA) Databases. The IPSec Tunnel. The Security Association (SA). Cases of Security Associations: A General View. Types of SAs: Transport Mode and Tunnel Mode. Combining Security Associations: A More Detailed View. Placements of IPSec. The IPSec Databases. Selectors and SAD/SPD Operations. Destination IP Address. Source IP Address. Name. Transport Layer Protocol. Source and Destination Ports. Selectors and SAD/SPD Entries. Looking Up the SA in the SAD. Examples of IPSec Sending and Receiving Operations. Selecting and Using an SA or SA Bundle. 9. The IPSec AH and ESP Protocols. Services of the IPSec Protocols. Integrity Check Value (ICV). Relationships of AH, ESP, and the Transport and Tunnel Modes. Handling Mutable Fields. Protection Coverage of the AH and ESP Packets. AH Protection. Services and Operations of AH. RFC 1826. RFC 2402. Integrity Check Value (ICV) for Outbound Packets. Integrity Check Value (ICV) for Inbound Packets. Services and Operations of ESP. ESP Protection. RFC 1827. RFC 2406. Outbound Packet Processing. Inbound Packet Processing. AH and ESP and the "Cases." IP Addressing in the Headers. Construction of the ESP Packet. Header Construction for Tunnel Mode. HMAC Applied to AH and ESP. MD5-HMAC-96 within ESP and AH. MHAC-SHA-1-96 within ESP and AH. IPSec and NAT. 10. The Internet Key Distribution, Certification, and Management. What Is Public Key Infrastructure (PKI)? Certificates and Certification Authorities (CAs). Support for Non-Repudiation. Key Backup and Recovery. Using Two Key Pairs. Key Update and Management of Key Histories. Certificate Repositories and Certificate Distribution. Cross-Certification. ISAKMP, ISAKMP DOI, and IKE. ISAKMP. The "Protection Suite." Other Thoughts on Key Exchange. ISAKMP Negotiation Phases. Messages. The Generic Header. Data Attributes. The Payloads. OAKLEY and ISAKMP. Examples of ISAKMP Negotiations. The Base Exchange. The Identity Protection Exchange. Authentication Only Exchange. The Aggressive Exchange. ISAKMP Domain of Interpretation (DOI). IPSec/ISAKMP Payloads. 11. Internet Key Exchange (IKE). IKE Basics. Definitions. Perfect Forward Secrecy. Aspects of IKE and ISAKMP. Modes to Establish Authenticated Key Exchange. Main Mode. Aggressive Mode. Quick Mode and New Group Mode. Four Methods Used with Main or Aggressive Mode. Examples of IKE Message Exchanges. Phase One: Authenticated with Signatures. Phase One: Authenticated with Public Key Encryption. Phase One: Authenticated with a Revised Mode of Public Key Encryption. Phase One: Authenticated with a Pre-Shared Key. Phase Two: Quick Mode. New Group Mode. ISAKMP Informational Exchanges. Oakley Groups. Messages for a Complete IKE Exchange. Phase Two Using Quick Mode. IPSec, NAT, and IKE. Examples of PKI Vendors. 12. Security Operations in a Mobile Network. The IS-41-C Specification. The IS-41-C Model. The Five Security/Privacy Operations. Authentication Parameters. Authentication of Mobile Station Registration Procedures. The Parameters. At the Air Interface. On the Network Side. Unique Challenge-Response Procedures. The Parameters. At the Air Interface. On the Network Side. Authentication of Mobile Station Originating a Call. The Parameters. At the Air Interface. On the Network Side. Authentication of Call to a Terminating Mobile Station. The Parameters. At the Air Interface. On the Network Side. Updating the Shared Secret Data (SSD). The Parameters. At the Air Interface and on the Network Side. Chapter13Follow-Ups to This Book. Appendix A: Coding for Prominant Security Functions. Appendix B: Network Address Translation (NAT). Abbreviations. Index.

Journal Article
TL;DR: This paper formalizes the types of authentication and confidentiality goal that IPsec is capable of achieving, and provides criteria that entail that a network with particular IPsec processing achieves its security goals.
Abstract: The IP security protocols (IPsEC) may be used via security gateways that apply cryptographic operations to provide security services to datagrams, and this mode of use is supported by an increasing number of commercial products. In this paper, we formalize the types of authentication and confidentiality goal that IPSEC is capable of achieving, and we provide criteria that entail that a network with particular IPsEC processing achieves its security goals. This requires us to formalize the structure of networks using IPSEC, and the state of packets relevant to IPSEC processing. We can then prove confidentiality goals as invariants of the formalized systems. Authentication goals are formalized in the manner of [9], and a simple proof method using unwinding sets is introduced. We end the paper by explaining the network threats that are prevented by correct IPsEC processing.