A security architecture for the internet protocol

IBM Systems Journal

Volumn 37, Issue 1, 1998, Pages 42-60

  Cheng, P C ^a,b,c,d   Garay, J A ^{a,e,f,g,h,i,j}   Herzberg, A ^a,h,k,l,m   Krawczyk, H ^a,l,n  

^a IBM T J WATSON RESEARCH CENTER   (United States)

^b Research Staff   (United States)

^c UNIVERSITY OF MARYLAND   (United States)

^d Network Security Group   (United States)

^e PENNSYLVANIA STATE UNIVERSITY   (United States)

^f UNIVERSIDAD NACIONAL DE ROSARIO   (Argentina)

^g EINDHOVEN UNIVERSITY OF TECHNOLOGY   (Netherlands)

^h IBM RESEARCH   (United States)

ⁱ WEIZMANN INSTITUTE OF SCIENCE   (Israel)

^j Ctr V Wiskunde Info Stichting M   (Netherlands)

^k IBM HAIFA RESEARCH LAB   (Israel)

^l TECHNION ISRAEL INSTITUTE OF TECHNOLOGY   (Israel)

^m Haifa Research Laboratory   (Israel)

ⁿ Princeton University   (United States)

more..

Author keywords

[No Author keywords available]

Indexed keywords

COMMUNICATION CHANNELS (INFORMATION THEORY); COMPUTER ARCHITECTURE; DATA ACQUISITION; INFORMATION RETRIEVAL; NETWORK PROTOCOLS; STANDARDS; WIDE AREA NETWORKS;

INTERNET PROTOCOL (IP); MODULAR KEY MANAGEMENT PROTOCOL (MKMP);

SECURITY OF DATA;

EID: 0031701524     PISSN: 00188670     EISSN: None     Source Type: Journal    
DOI: 10.1147/sj.371.0042     Document Type: Article

References (31)

1. J. Postel, Internet Protocol, Internet RFC 791 (September 1981).
2. S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, IETF(draft-ietf-ipsec-arch-sec-01.txt) (March 1997).
3. A preliminary version of this paper was presented in Salt Lake City by the authors: P.-C. Cheng, J. A. Garay, A. Herzberg, and H. Krawczyk, "Design and Implementation of Modular Key Management Protocol and IP Secure Tunnel on AIX," Proceedings of the 5th USENIX UNIX Security Symposium (June 1995), pp. 41-54.
4. S. Kent and R. Atkinson, IP Encapsulating Security Payload (ESP), IETF (draft-ietf-ipsec-esp-v2-00) (July 1997).
5. S. Kent and R. Atkinson, IP Authentication Header, IETF (July 1997).
6. D. Harkins and D. Carrel, The Resolution of ISAKMP with Oakley, IETF (draft-ietf-ipsec-isakmp-oakley-04.txt) (July 1997).
7. J. Ioannidis and M. Blaze, "The Architecture and Implementation of Network-Layer Security under UNIX," Proceedings of the 4th USENIX UNIX Security Symposium (1993), pp. 29-39.
8. J. Ioannidis and M. Blaze, The swIPe IP Security Protocol, IETF (draft-ietf-ipsec-swipe-01.txt) (June 1994).
9. A. O. Freier, P. Karlton, and P. C. Kocher, The SSL Protocol Version 3.0, IETF (draft-ietf-tls-ssl-version3-00.txt) (November 1996).
10. T. Dierks and C. Allen, The TLS Protocol Version 1.0, IETF (draft-ietf-tls-protocol-02.txt) (March 1997).
11. D. Maughan, M. Schertler, M. Schneide, and J. Turner, Internet Security Association and Key Management Protocol (ISAKMP), IETF (July 1997).
12. W. R. Cheswick and S. M. Bellovin, Firewalls and Internet Security, Repelling the Wily Hacker, Addison-Wesley Publishing Co., Reading, MA (1994).
13. J. Kohl and B. C. Neuman, The Kerberos Network Authentication Service (V5), Internet RFC 1510 (September 1993).
14. H. Krawczyk, "SKEME: A Versatile Secure Key Exchange Mechanism for Internet," Proceedings of the 1996 Internet Society Symposium on Network and Distributed Systems Security (February 1996), pp. 114-127.
15. W. Diffie, P. van Oorschot, and M. Wiener, "Authentication and Authenticated Key Exchanges," Designs, Codes and Cryptography 2, 107-125 (1992).
16. American Bankers Association, American National Standard for Financial Institution Message Authentication (Wholesale), ANSI X9.9 (1981, revised 1986).
17. G. Tsudik, "Message Authentication with One-Way Hash Functions," Proceedings Infocom 92 (1992), pp. 2055-2059.
18. M. Bellare, R. Canetti, and H. Krawczyk, "Keyed Hash Functions and Message Authentication,"Advances in Cryptology-Crypto '96, N. Koblitz, Editor, Lecture Notes in Computer Science No. 1109, Springer-Verlag, (1996), pp. 1-15.
19. O. Goldreich, S. Goldwasser, and S. Micali, "How to Construct Random functions "Journal of the ACM 33, No. 4,210-217 (1986).
20. R. Bird, I. Gopal, A. Herzberg, P. A. Janson, S. Kutten, R. Molva, and M. Yung, "Systematic Design of a Family of Attack-Resistant Authentication Protocols," IEEE Journal on Selected Areas in Communications 11, No. 5,679-693 (June 1993).
21. M. Bellare and P. Rogaway, "Entity Authentication and Key Distribution," Advances in Cryptography, Springer-Verlag, New York (August 1993), pp. 232-249.
22. Information on the development of this standard can be found in the IPSEC home page, http://www.ietf.org/html.charters/ipsec-charter.html and the IPSEC mailing list ipsec@tis.com.
23. M. Oehler and R. Glenn, HMAC-MD5-961P Authentication with Replay Prevention, IETF (March 1997).
24. H. Krawczyk, M. Bellare, and R. Canetti,HMAC: Keyed-Hashing for Message Authentication, Internet RFC 2104 (February 1997).
25. S. M. Bellovin, "Problem Areas for the IP Security Protocols," Proceedings of the 6th USENIX UNIX Security Symposium (July 1996), pp. 205-214.
26. In other words, in the scenario in the section about the secure tunnel, either A and X or B and Y are not the same.
27. D. B. Chapman, "Network (In)security Through IP Packet Filtering," UNIX Security Symposium III Proceedings (1992), pp. 63-76.
28. R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, "The KryptoKnight Family of Light-Weight Protocols for Authentication and Key Distribution," IEEE/ACM Transactions on Networking 3, No. 1,31-41 (February 1995).
29. W. Diffie and M. E. Hellman, "New Directions in Cryptography," IEEE Transactions on Information Theory IT-22, No. 6, 644-654 (November 1976).
30. S. J. Leffler, W. N. Joy, R. S. Farby, and M. J. Karel, "Networking Implementation Notes, 4.3BSD Edition," UNIX System Manager's Manual, 4.3 Berkeley Software Distribution, Virtual VAX-11 Edition, USENIX Association (April 1986).
31. H. Orman, The Oakley Key Determination Protocol, IETF (July 1997).