scispace - formally typeset
Search or ask a question

Showing papers on "IPsec published in 2010"


01 Sep 2010
TL;DR: This document describes version 2 of the Internet Key Exchange (IKE) protocol, a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs).
Abstract: This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document replaces and updates RFC 4306, and includes all of the clarifications from RFC 4718. [STANDARDS-TRACK]

329 citations


Journal ArticleDOI
TL;DR: This paper provides a secrecy improvement over Das' protocol to ensure that a legal user can exercise a WSN in an insecure environment and the proposed protocol is shown to be suitable for higher security WSNs.
Abstract: Authentication is an important service in wireless sensor networks (WSNs) for an unattended environment. Recently, Das proposed a hash-based authentication protocol for WSNs, which provides more security against the masquerade, stolen-verifier, replay, and guessing attacks and avoids the threat which comes with having many logged-in users with the same login-id. In this paper, we point out one security weakness of Das' protocol in mutual authentication for WSN's preservation between users, gateway-node, and sensor nodes. To remedy the problem, this paper provides a secrecy improvement over Das' protocol to ensure that a legal user can exercise a WSN in an insecure environment. Furthermore, by presenting the comparisons of security, computation and communication costs, and performances with the related protocols, the proposed protocol is shown to be suitable for higher security WSNs.

235 citations



Proceedings ArticleDOI
04 Oct 2010
TL;DR: This paper provides the first construction of a PRG without alternating structure, that exploits the keying material to its full length and can be proven leakage-resilient in the standard model, and argues that such an assumption is not only realistic, but necessary for any leakage- Resilient primitive that grants adversaries with a (stateless) reinitialization capability.
Abstract: Cryptographic systems and protocols are the core of many Internet security procedures (such as SSL, SSH, IPSEC, DNSSEC, secure mail, etc.). At the heart of all cryptographic functions is a good source of randomness, and for efficiency, the primitive of pseudorandom generator (PRG). PRG can also be used in the design of stream ciphers, for secure communications. The Internet is nowadays composed of many types of devices with very different hardware and software characteristics. Hence, one of the concerns in such open environments is the information "leakage" and its exploitation via the so-called "side channel attacks".A very extensive and current research direction is designing basic cryptographic operations that are resistant to such attacks. Recent works on leakage-resilient PRG and stream ciphers did significant progresses in providing tools for the analysis of side-channel attacks in the standard cryptographic setting. But in the absence of a completely sound model for the leakages, the only constructions that can be proven secure require tweaks that do not correspond to the physical intuition. For example, constructions using an alternating structure, in which a key bit-size of $2n$ can only guarantee a security of at most $2^n$, have been designed for this purpose.In this paper, we provide two methodological contributions, allowing to get rid of these tweaks, or to reduce their impact towards negligible performance overheads. First, we show that the leakage-resilience of a natural, i.e. conform to engineering experience, stateful PRG can be proven under a random oracle based assumption. We then discuss the relevance of this assumption, and argue that it nicely captures the reality of actual side-channel attacks. Second, we provide the first construction of a PRG without alternating structure, that exploits the keying material to its full length and that can be proven leakage-resilient in the standard model. For this purpose, we only need to assume a non adaptive leakage function and a small public memory. We also argue that such an assumption is not only realistic, but necessary for any leakage-resilient primitive that grants adversaries with a (stateless) reinitialization capability. Together with weaker requirements for practical implementations, these contributions further reduce the gap between the theory and practice of physically observable cryptography.

99 citations


Journal ArticleDOI
TL;DR: A new user authentication and key exchange protocol using bilinear pairings for mobile client-server environment is presented and it is demonstrated that the protocol is provably secure against previous attacks.

90 citations


Proceedings ArticleDOI
04 Oct 2010
TL;DR: Efficient, plaintext-recovering attacks against all configurations of IPsec in which integrity protection is applied prior to encryption -- so-called MAC-then-encrypt configurations are described.
Abstract: IPsec allows a huge amount of flexibility in the ways in which its component cryptographic mechanisms can be combined to build a secure communications service. This may be good for supporting different security requirements but is potentially bad for security. We demonstrate the reality of this by describing efficient, plaintext-recovering attacks against all configurations of IPsec in which integrity protection is applied {\em prior} to encryption -- so-called MAC-then-encrypt configurations. We report on the implementation of our attacks against a specific IPsec implementation, and reflect on the implications of our attacks for real-world IPsec deployments as well as for theoretical cryptography.

79 citations


Journal ArticleDOI
TL;DR: A series of vulnerabilities are demonstrated and two enhanced protocols with corresponding remedies are proposed to eliminate all identified security flaws in both schemes.

69 citations


Journal ArticleDOI
TL;DR: This paper analyses Ipv6 and I pv4 Threat Comparisons on two stage and focuses on the attacks with new considirations in IpV6.

50 citations


01 Jun 2010
TL;DR: This memo describes the Autokey security model for authenticating servers to clients using the Network Time Protocol (NTP) and public key cryptography, which is based on the premise that IPSEC schemes cannot be adopted intact.
Abstract: This memo describes the Autokey security model for authenticating servers to clients using the Network Time Protocol (NTP) and public key cryptography. Its design is based on the premise that IPSEC schemes cannot be adopted intact, since that would preclude stateless servers and severely compromise timekeeping accuracy. In addition, PKI schemes presume authenticated time values are always available to enforce certificate lifetimes; however, cryptographically verified timestamps require interaction between the timekeeping and authentication functions. This memo includes the Autokey requirements analysis, design principles and protocol specification. A detailed description of the protocol states, events and transition functions is included. A prototype of the Autokey design based on this memo has been implemented, tested and documented in the NTP Version 4 (NTPv4) software distribution for Unix, Windows and VMS at http://www.ntp.org.

44 citations


Book ChapterDOI
01 Jan 2010
TL;DR: The Advanced Encryption Standard is the most widely used symmetric cipher today and is also mandatory in several industry standards and is used in many commercial systems.
Abstract: The Advanced Encryption Standard (AES) is the most widely used symmetric cipher today. Even though the term “Standard” in its name only refers to US government applications, the AES block cipher is also mandatory in several industry standards and is used in many commercial systems. Among the commercial standards that include AES are the Internet security standard IPsec, TLS, the Wi-Fi encryption standard IEEE 802.11i, the secure shell network protocol SSH (Secure Shell), the Internet phone Skype and numerous security products around the world. To date, there are no attacks better than brute-force known against AES.

42 citations


Proceedings ArticleDOI
02 Sep 2010
TL;DR: It is shown that VoIP/non-VoIP classification can be used to dramatically improve VoIP QoS and may be usedto effectively block non- VoIP traffic in an IPSec tunnel and the usefulness of the technique and the desirability to find more discriminating VoIP identification algorithms for IPSec tunnels.
Abstract: Research in traffic classification has become more challenging with the emergence of new applications and new ways to hide the true nature of traffic. The accuracy of traffic identification methods has also become more important due to the greater use of delay sensitive applications such as VoIP and video over IP which need to be identified and given priority. Traditional techniques such as header and payload inspection are not providing sufficient information to identify traffic types due to the usage of non-standard ports, tunnelling and encryption. Promising methods have been proposed based around the statistical behaviour of traffic flow. Although these methods can achieve quite high accuracies in non-encrypted traffic flows, traffic identification of encrypted traffic flows is still in its early stages. In this paper, we will review the recent work done on encrypted traffic identification, particularly network layer encryption using statistical techniques and propose a remarkably simple technique for VoIP traffic identification in IPSec peer to peer tunnels. More importantly it is shown that VoIP/non-VoIP classification can be used to dramatically improve VoIP QoS and may be used to effectively block non-VoIP traffic in an IPSec tunnel. These results point to the usefulness of the technique and the desirability to find more discriminating VoIP identification algorithms for IPSec tunnels.

30 Nov 2010
TL;DR: This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec on Contiki that supports both IPsec's Authentication Header and Encapsulation Security Payload and communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.
Abstract: Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. In some cases it may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between an IP enabled sensor nodes and a device on traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec on Contiki. Our extension supports both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.

Proceedings ArticleDOI
11 Jun 2010
TL;DR: The architecture is designed using Xen virtual machine management, SELinux at the operating system layer, labeled IPsec for networking and the own label-enforcing web browser, called FlowwolF, which is tested and finds that it performs well, supporting data intermixing while still providing end-to-end security guarantees.
Abstract: The web is now being used as a general platform for hosting distributed applications like wikis, bulletin board messaging systems and collaborative editing environments. Data from multiple applications originating at multiple sources all intermix in a single web browser, making sensitive data stored in the browser subject to a broad milieu of attacks (cross-site scripting, cross-site request forgery and others). The fundamental problem is that existing web infrastructure provides no means for enforcing end-to-end security on data. To solve this we design an architecture using mandatory access control (MAC) enforcement. We overcome the limitations of traditional MAC systems, implemented solely at the operating system layer, by unifying MAC enforcement across virtual machine, operating system, networking and application layers. We implement our architecture using Xen virtual machine management, SELinux at the operating system layer, labeled IPsec for networking and our own label-enforcing web browser, called FlowwolF. We tested our implementation and find that it performs well, supporting data intermixing while still providing end-to-end security guarantees.

Patent
02 Nov 2010
TL;DR: In this paper, methods, systems, and computer readable media for offloading IPsec processing from application hosts using an IPsec proxy mechanism are disclosed according to one method, at least one of unencrypted, IPsec, and Internet key exchange (IKE) packets transmitted between a first application host and a second application host are intercepted by a network gateway.
Abstract: Methods, systems, and computer readable media for offloading IPsec processing from application hosts using an IPsec proxy mechanism are disclosed According to one method, at least one of unencrypted, IPsec, and Internet key exchange (IKE) packets transmitted between a first application host and a second application host are intercepted by a network gateway The network gateway performs all IKE and IPsec-related processing for the at least one unencrypted, IPsec, and IKE packets on behalf of the first application host such that the second application host is unaware that IPsec processing is being performed by the network gateway

01 Jul 2010
TL;DR: This specification describes a family of Simple Authentication and Security Layer (SASL; RFC 4422) authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM), which addresses the security concerns and meets the deployability requirements.
Abstract: The secure authentication mechanism most widely deployed and used by Internet application protocols is the transmission of clear-text passwords over a channel protected by Transport Layer Security (TLS). There are some significant security concerns with that mechanism, which could be addressed by the use of a challenge response authentication mechanism protected by TLS. Unfortunately, the challenge response mechanisms presently on the standards track all fail to meet requirements necessary for widespread deployment, and have had success only in limited use. This specification describes a family of Simple Authentication and Security Layer (SASL; RFC 4422) authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM), which addresses the security concerns and meets the deployability requirements. When used in combination with TLS or an equivalent security layer, a mechanism from this family could improve the status quo for application protocol authentication and provide a suitable choice for a mandatory-to- implement mechanism for future application protocol standards. [STANDARDS-TRACK]

Patent
07 May 2010
TL;DR: In this article, a GW at termination of remote access is installed in the 3GPP system after an IPSec tunnel between a terminal and a GW is opened, whereby the data from the terminal is transferred via two tunnels between the terminal and the GW and between the VPN client and the corporate network.
Abstract: A GW (PDG) at the termination of remote access is installed in the 3GPP system After an IPSec tunnel between a terminal and the GW is opened, an IPSec tunnel between a VPN client and the corporate network GW is opened, whereby the data from the terminal is transferred via two tunnels between the terminal and the GW and between the VPN client and the corporate network GW to the corporate network Also, the GW checks if the destination network uses the global address from the destination IP address of a message received from the terminal making the remote VPN access If the global address is required, the source IP address of the message received from the terminal is translated from the private address for use within the corporate network to which the terminal is allocated to the global address to transfer the message

Proceedings Article
01 Jul 2010
TL;DR: Advantages of the method are that it requires no secret key, which plays an essential role in IPsec, and moreover, it can be used in conjunction with IPsec to reinforce the security of VoIP.
Abstract: A technique to enhance the security of vocal communication over an open network is proposed in this paper. This technique combines a secret sharing scheme and a multipath routing technique on network communication. The secret sharing scheme, originally proposed to convey information securely from one person to another, divides original information into sets of partial data. Each set of partial data is designated as shared data. In principle, nobody can obtain any information of the original from a subset of the shared data. Only a person who collects all shared data can reconstruct the original information. Furthermore, a multipath routing technique, by which a single set of data is transferred from one host to another through multiple network paths, was developed originally for load sharing and high reliability. The proposed method therefore divides speech data using the secret sharing scheme and transfers the shared data using the multipath routing technique to realize secure voice communication over the network. Advantages of the method are that it requires no secret key, which plays an essential role in IPsec, and moreover, it can be used in conjunction with IPsec to reinforce the security of VoIP.

01 Jan 2010
TL;DR: This document proposes an extension to IKEv2 that allows a client to re-establish an Ike SA with a gateway in a highly efficient manner, utilizing a previously established IKE SA, and a client can reconnect to a gateway from which it was disconnected.
Abstract: The Internet Key Exchange version 2 (IKEv2) protocol has a certain computational and communication overhead with respect to the number of round-trips required and the cryptographic operations involved. In remote access situations, the Extensible Authentication Protocol (EAP) is used for authentication, which adds several more round trips and consequently latency. To re-establish security associations (SA) upon a failure recovery condition is time consuming, especially when an IPsec peer, such as a VPN gateway, needs to re-establish a large number of SAs with various end points. A high number of concurrent sessions might cause additional problems for an IPsec peer during SA re-establishment. In order to avoid the need to re-run the key exchange protocol from scratch it would be useful to provide an efficient way to resume an IKE/IPsec session. This document proposes an extension to IKEv2 that allows a client to re-establish an IKE SA with a gateway in a highly efficient manner, utilizing a previously established IKE SA. A client can reconnect to a gateway from which it was disconnected. The proposed approach uses a IKEv2 state (or a reference into a state store). to store state information that is later made available to the IKEv2 responder for re-authentication. Restoring state information by utilizing a ticket is one possible way. This document does not specify the format of the ticket but recommendations are provided.

Proceedings Article
01 Jan 2010
TL;DR: This work defines a new family of adversaries, the stealth denial and degradation of service (DoS) adversaries, weaker than the classical MITM adversary, and suggests a fix to TCP in IPsec gateway designed to prevent the above attacks, and to provide secure channel immune to degradation and other DoS attacks.
Abstract: We initiate study of the use of ‘secure tunnel’ protocols, specifically IPsec, and its availability and performance guarantees to higher-layer protocols, in particular TCP, against Denial/Degradation of Service (DoS) attacks IPsec is designed to provide privacy and authentication against MITM attackers, and employs an anti-replay mechanism to ensure performance For our analysis, we define a new family of adversaries, the stealth denial and degradation of service (DoS) adversaries These adversaries are weaker than the classical MITM adversary, and may be of interest in other works We analyse their ability to launch (DoS) attacks on secure channels, and show realistic amplification attacks, disrupting TCP communication over secure VPNs using IPsec In particular, we show that antireplay mechanism is critical for performance by launching a DoS attack on communication over IPsec without antireplay window We present attacks exploiting insufficient IPsec anti-replay window size, and show how to calculate correct window size Finally we present attacks on IPsec with correctly adjusted anti-replay window size thus showing that even large anti-replay window does not ensure performance to TCP flows We then suggest a fix to TCP in IPsec gateway designed to prevent the above attacks, and to provide secure channel immune to degradation and other DoS attacks Our solution involves changes (only) to the sending gateway machines running IPsec In addition to their practical importance, our results also raise the challenge of formally defining secure channels immune to DoS and degradation attacks, and providing provably-secure implementations ∗AmirHerzberg@gmailcom †HayaShulman@gmailcom

Proceedings ArticleDOI
25 Jul 2010
TL;DR: This paper presents a communication system using general packet radio service (GPRS) and code division multiple access (CDMA) wireless communication networks in SCADA system and it is eventually revealed that, although being a little slower in response to sudden faults in power networks if compared with wired communication networks, this wireless communication system is still of great significance to many practical uses inSCADA system.
Abstract: A communication system plays an important role in SCADA system, and various communication media have been applied to meet the SCADA system's objective. Wireless communication becomes an attractive option as communication network in some cases, such as small amount of data communication for extremely remote substation, remote debugging temporarily for newly-built generation plants and backup communication. This paper presents a communication system using general packet radio service(GPRS) and code division multiple access (CDMA) wireless communication networks in SCADA system. Several technologies for GPRS and CDMA networks such as Access Point Name(APN), IP security protocol(IPSec), Virtual Private Network(VPN), packet assembly disassembly and dual-network online synchronously have been newly developed. Pilot project as proof-of-concept in Henan province of China was done, before going for large scale deployment. It is eventually revealed that, although being a little slower in response to sudden faults in power networks if compared with wired communication networks, this wireless communication system is still of great significance to many practical uses in SCADA system.

Proceedings ArticleDOI
01 Dec 2010
TL;DR: This paper presented how performance of VPN affected by choosing different encryption algorithms used by VPN devices was evaluated on a test-bed setup with combinations of encryption algorithms, different file sizes, and different protocols.
Abstract: Virtual Private Network or VPN provide secure communication for remote users to access private data over public network. Although security is the main priority, the performance of VPN must also be considered. This paper presented how performance of VPN affected by choosing different encryption algorithms used by VPN devices. Analysis on performance of Windows Vista operating system was evaluated on a test-bed setup with combinations of encryption algorithms, different file sizes, and different protocols. Two encryption algorithms were used that are the AES 256 and 3DES and two hash algorithms that are MD5 and SHA-1 were used in the paper. Performance of the VPN is determined by the throughput parameter. Assessment task has found that different algorithms give different throughput readings. AES 256 — MD5 provide faster and more throughputs compared to other algorithm combination. Analysis also found that larger file size will reduce throughput of VPN, thus FTP performs faster than HTTP protocol.

Proceedings ArticleDOI
25 Oct 2010
TL;DR: This paper analyzes the usage of IPsec security mechanisms to protect the IEEE 1588 clock synchronization protocol and, in particular, its impact on the precision of clock synchronization.
Abstract: IPsec is one of the most widespread protocols to establish secure communication for the Internet Protocol. Besides the fact that this protocol is fully integrated in the Internet Protocol suite, the main advantage of using secure tunnels for IEEE 1588 clock synchronization is the reduced maintenance effort. Instead of requiring, e.g., different key management or connection setup protocols for each application a single tunnel can be used to protect underlying services such as clock synchronization by IEEE 1588 and many other applications. This paper analyzes the usage of IPsec security mechanisms to protect the IEEE 1588 clock synchronization protocol and, in particular, its impact on the precision of clock synchronization. Straightforward application as well as dedicated designs to integrate high-precision, hardware-supported clock synchronization are investigated. Measurements show that for lower precision IPsec can be applied straightforward, for high precision dedicated modification on hardware and algorithms are required.

Patent
30 Jul 2010
TL;DR: In this article, a real-time reservation transport protocol (RRTP) is proposed for data transport in homogeneous and heterogeneous communication networks consisting of one or more communication interface types.
Abstract: System and method for providing data transport Quality of Service (QoS) assurances in homogeneous and heterogeneous communication networks consisting of one or more communication interface types. The system includes Subnet Managers for managing the resources of nodes within the subnets and Flow Managers for managing the communication flows between the nodes. A Real-time Reservation Transport Protocol (RRTP) establishes the resource reservations and QoS transport services for the communication flow payload over the reserved paths. The communication flows are protected against topological variations in the network, such as from node mobility. QoS assurances are also provided to secure communication flows through interoperation with security protocols, such as Internet Protocol Security (IPsec), or encryption devices, such as High Assurance Internet Protocol Encryptor (HAIPE).

01 Jan 2010
TL;DR: This paper presents an implementation and evaluation of the approach proposed in Goh et al. (2009), based on Shamir's secret-sharing scheme, which allows a NIDS to function normally in a VPN without any modifications and without compromising the confidentiality afforded by the VPN.
Abstract: Network-based Intrusion Detection Systems (NIDSs) analyse network traffic to detect instances of malicious activity. Typically, this is only possible when the network traffic is accessible for analysis. With the growing use of Virtual Private Networks (VPNs) that encrypt network traffic, the NIDS can no longer access this crucial audit data. In this paper, we present an implementation and evaluation of our approach proposed in Goh et al. (2009). It is based on Shamir's secret-sharing scheme and allows a NIDS to function normally in a VPN without any modifications and without compromising the confidentiality afforded by the VPN.

Journal ArticleDOI
TL;DR: This article presents a fully automated approach for the distributed configuration of IPsec domains, utilizing peer-to-peer technology, and shows that the distribution of security policy configuration does not impair security of transmitted user data in the resulting virtual private network (VPN).
Abstract: The Internet Protocol Security Architecture IPsec is hard to deploy in large, nested, or dynamic scenarios. The major reason for this is the need for manual configuration of the cryptographic tunnels, which grows quadratically with the total amount of IPsec gateways. This way of configuration is error-prone, cost-intensive and rather static. When private addresses are used in the protected subnetworks, the problem becomes even worse as the routing cannot rely on public infrastructures. In this article, we present a fully automated approach for the distributed configuration of IPsec domains. Utilizing peer-to-peer technology, our approach scales well with respect to the number of managed IPsec gateways, reacts robust to network failures, and supports the configuration of nested networks with private address spaces. We analyze the security requirements and further desirable properties of IPsec policy negotiation, and show that the distribution of security policy configuration does not impair security of transmitted user data in the resulting virtual private network (VPN). Results of a prototype implementation and simulation study reveal that the approach offers good characteristics for example with respect to quick reconfiguration of all gateways after a central power failure (robustness), or after insertion of new gateways (scalability and agility).

Proceedings ArticleDOI
Jiun-Hau Liew1, Shirly Lee1, Ivy Ong1, Hoon-Jae Lee1, Hyotaek Lim1 
22 Jun 2010
TL;DR: An improved scheme over the existing Port-Knocking and Single Packet Authorization by employing One-Time Password to generate the authorization tokens for the server to verify the authenticity of client before allowing the deployment of dynamic firewall rules.
Abstract: This paper presents an improved scheme over the existing Port-Knocking and Single Packet Authorization by employing One-Time Password to generate the authorization tokens for the server to verify the authenticity of client before allowing the deployment of dynamic firewall rules. This One-Time Knocking framework utilizes mobile networks such as GSM or CDMA network as an out-out-band channel to create a 2-factor authentication. Our improved scheme protects against off-line and on-line dictionary and brute-force password attack. It also provides a strong association between Port-Knocking or Single Packet Authorization and the post-authentication connectivity between the client and server thus stopping adversaries from hijacking the session by Man-In-The-Middle attacks.

Journal ArticleDOI
01 Mar 2010
TL;DR: A high performance Network Security Processor (NSP) system architecture implementation intended for both Internet Protocol Security (IPSec) and Secure Socket Layer (SSL) protocol acceleration, which are widely employed in Virtual Private Network (VPN) and e-commerce applications.
Abstract: This paper presents a high performance Network Security Processor (NSP) system architecture implementation intended for both Internet Protocol Security (IPSec) and Secure Socket Layer (SSL) protocol acceleration, which are widely employed in Virtual Private Network (VPN) and e-commerce applications. The efficient data transfer skeleton and optimized integration scheme of the parallel crypto engine arrays lead to a Gbps rate NSP, which is programmable with domain specific descriptor-based instructions for Gbps throughput IPSec and SSL applications. The descriptor-based control flow fragments large data packets and distributes them to the parallel crypto engine arrays, which fully utilizes the computation resources and improves the overall system data throughput. A prototyping platform for this NSP design is implemented with Xilinx XC3S5000 based FPGA chip set. Results show that the design gives a peak throughput for the IPSec ESP tunnel mode of 1.851 Gbps with over 1600 full SSL handshakes per second at a clock rate of 150 MHz.

Book ChapterDOI
25 Jan 2010
TL;DR: The extension is fully backwards compatible and mostly independent of the employed low-level attestation protocol, which has much less overhead than the TCG TNC design, however, the also discusses integration with TNC deployments.
Abstract: When establishing a VPN to connect different sites of a network, the integrity of the involved VPN endpoints is often a major security concern. Based on the Trusted Platform Module (TPM), available in many computing platforms today, remote attestation mechanisms can be used to evaluate the internal state of remote endpoints automatically. However, existing protocols and extensions are either unsuited for use with IPsec or impose considerable additional implementation complexity and protocol overhead. In this work, we propose an extension to the IPsec key exchange protocol IKEv2. Our extension (i) allows for continuous exchange of attestation data while the IPsec connection is running, (ii) supports highly efficient exchange of attestation data and (iii) requires minimal changes to the IKEv2 protocol logic. The extension is fully backwards compatible and mostly independent of the employed low-level attestation protocol. Our solution has much less overhead than the TCG TNC design, however, we also discuss integration with TNC deployments.

Proceedings ArticleDOI
20 Apr 2010
TL;DR: The formal model proposed by Hamed for IPSec policy analysis is extended and novel and efficient algorithms which can dynamically detect and also resolve the policy conflicts are proposed.
Abstract: Today IPSec virtual private networks are widely used to establish secure network connections between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. The complexity and variety of rules in an IPSec policy may result in a combination of rules which not only do not provide the required security services, but also compromise the security of communication. Efficiency has not been a major concern for existing IPSec policy conflict detection methods since they process the IPSec rules in an offline way. These methods could be inefficient in dynamic conditions that rules are being updated frequently. The performance of the conflict detection is important in environments where network administrator needs to frequently add or delete rules to existing policy and also he/she needs to know of the possible conflicts which may arise due to policy changes. In this paper we extend the formal model proposed by Hamed [6] for IPSec policy analysis and propose novel and efficient algorithms which can dynamically detect and also resolve the policy conflicts. The results of the implementation and evaluation of our proposed algorithms show significantly better performance for detection and resolution of IPSec policy conflicts, comparing to current work.

Proceedings ArticleDOI
26 May 2010
TL;DR: This paper presents a new delegation-based UFA signaling framework using HIP, IEEE 802.21 and the context transfer protocol that is able to support legacy Internet applications in an operator based environment, it is stronger in security, but its deployment requires more additional modules in the architecture.
Abstract: The Ultra Flat Architecture is a new concept of fixed-mobile convergent networks that aims to scale well with the mobile Internet traffic explosion prognosticated for the next 5–10 years. This paper presents a new delegation-based UFA signaling framework using HIP, IEEE 802.21 and the context transfer protocol. The main procedures contributed by this signaling framework are terminal attachment, session establishment, proactive handover preparation and handover execution services. The paper introduces several novel Host Identity Protocol extensions, i.e., two different HIP delegation service types for optimized message exchange in HIP-based UFA mobility and multihoming operations, a context transfer scheme for HIP and IPsec associations supporting and extending the mechanisms of the delegation-based UFA functions, and a fast operator-centric method for HIP-level access authorization. The proposed UFA signaling framework is compared with the existing SIP-based UFA signaling solution. The comparison shows that our scheme is able to support legacy Internet applications in an operator based environment, it is stronger in security, but its deployment requires more additional modules in the architecture. For IMS applications, the SIP-based alternative is a better choice.