Host Identity Protocol (HIP):
|
|
- Raymond Chambers
- 5 years ago
- Views:
Transcription
1 Host Identity Protocol (HIP): Towards the Secure Mobile Internet Andrei Gurtov Helsinki Institute for Information Technology (HUT), Finland A John Wiley & Sons, Ltd, Publication
2 Contents About the Author Foreword Jan Arkko Foreword xi xii xv David Hutchison Preface Acknowledgments Abbreviations xvii xxi xxiii Part I Introduction 1 1 Overview Identifier-locator split HIP in the Internet architecture Brief historyof HIP Organization of the book 9 2 Introduction to network security Goals of cryptographic protocols Basics and terminology Attacktypes Eavesdropping Impersonation Man-In-The-Middle attacks Delay and replay attacks Denial-of-Service attacks Exhaustive key space search Cryptoanalysis Defense mechanisms Symmetrie cryptography 15
3 vi CONTENTS Public-key cryptography One-way cryptographic hash functions One-time signatures Sequence numbers Cryptographic nonces Client puzzles Security protocols Modular exponential Diffie-Hellman groups Keying material Transforms IP security architecture: IPsec IPsec modes IPsec security protocols SIGMA Internet Key Exchange: IKE Weak authentication techniques SecureDNS 40 Part II The Host Identity Protocol 43 3 Architectural overview Internet namespaces Methods of identifying a host Overlay Routable Cryptographic Hash Identiners The purpose of an IPv6 prefix Generating and routing an ORCHID ORCHID properties The roleof IPsec Related IETF activities 49 4 Base protocol Baseexchange II packet Rl packet packet R2 packet Other HIP control packets IPsec encapsulation ESP transforms ESP Bound End-to-End Tunnel 64 5 Main extensions Mobility and multihoming Mobility and multihoming architecture Multihoming as extension of mobility Effect of ESP anti-replay window 71
4 CONTENTS The LOCATOR parameter Locator states Credit-based authentication Interaction with transport protocols Rendezvous Server Registering with a rendezvous Server Rendezvous parameters DNS extensions HIP requirements to DNS Storing a RVS address DNSsecurity Registration protocol The process of registration Packet formats 82 6 Advanced extensions Opportunistic mode Initiating opportunistic base exchange Implementation using a TCP Option Piggybacking transport headers to base exchange Piggybacking to Security concerns HIP service discovery Overview of Service Discovery On-the-path Service Discovery Passive Service Discovery Regional Service Discovery Simultaneous multiaccess Flow binding extension Packet formats Disseminating HITs with a presence service HITs in the Presence Information Data Format Disseminating protocol Multicast Challenges for IP multicast Host Identity Specific multicast Authenticating multicast receivers Performance measurements HIP on Nokia Internet Tablet Experimental results Test environment Basic HIP characteristics Summary 114 vu
5 viii CONTENTS 8 Lightweight HIP Security functionalityof HIP Performance limitations of HIP Problem Statement ScopeofLHIP Threatmodel HIP high-level goals LHIP high-level goals Possible approaches LHIPdesign Hash chains for HIP authentication Time-based signatures Interactive signatures based on hash chains LHIP authentication layer LHIP integration LHIP associations Security considerations Association Upgrades: from LHIP to HIP LHIP Performance LHIP base exchange LHIP update Discussion LH1 -performance LH2 - protocol security LH3 - namespace security LH4 - compatibility 158 Part III Infrastructure Support Middlebox traversal Requirements for traversing legacy middleboxes NAT traversal Firewall traversal Strategies for legacy middlebox traversal Legacy NAT traversal NATdetection Header format Initiator behinda NAT Responder behinda NAT Initiator and Responder behind a NAT Multihoming and mobility with NATs Traversing firewalls Requirements for HIP-aware middleboxes HIP-aware firewall Flow identification 176
6 CONTENTS Advanced extensions Asymmetrie routing Security risks Name resolution Problem Statement of naming Distributed Hash Tables Overview of Distributed Hash Tables OpenDHT interface HIP interface to OpenDHT Overview of overlay networks Host Identity Indirection Infrastructure Separating control, data, and naming The data plane The control plane Discussion of the Hi3 design Micromobility Local rendezvous Servers Intra-domain mobility Inter-domain mobility Secure micromobility Hash chain authentication Secure network attachment Micromobility handover Network mobility Delegation of signaling Mobilerouter HarMoNy Communication privaey SPINAT BLIND Location and identity privaey Protecting host identity Protecting location privaey Anonymous identifiers Identifiers on protoeol layers Changing identifiers 223 Part IV Applications Possible HIP applications Virtual Private Networking P2P Internet Sharing Architecture Interoperating IPv4 and IPv6 230 ix
7 x CONTENTS 13.4 Secure Mobile Architecture ComponentsofSMA SMA testbed at Boeing Live application migration Network Operator viewpoint on HIP Application interface Using legacy applications with HIP Using IP addresses Using DNS resolution Directly using HIT API for native HIP applications Overview of the design Interface speciflcation Socketattributes Integrating HIP with other protocols GeneralizedHIP Classification ofproposals HIP implications The use of Session Initiation Protocol SIP as a rendezvous service Complementary mobility Securing SIP control traffic Session Description Protocol extensions Encapsulating HIP data using SRTP Replacing HIP base exchange with IKEv Mobile IP and HIP HIP proxy for legacy hosts Legacy mobile hosts Legacy correspondent hosts 276 Appendix A Installing and using HIP 279 A.l Overview of HIP implementations 279 A.2 HIPLtutorial 281 Bibliography 285 Index 291
Host Identity Protocol
Presentation outline Host Identity Protocol Slides by: Pekka Nikander Ericsson Research Nomadiclab and Helsinki Institute for Information Technology http://www.hip4inter.net 2 What is HIP? Motivation HIP
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationHost Identity Protocol, PLA, and PSIRP
Contents Host Identity Protocol, PLA, and PSIRP Prof. Sasu Tarkoma 23.02.2009 Introduction Current state Host Identity Protocol (HIP) Packet Level Authentication (PLA) Overlays (i3 and Hi3) Clean-slate
More informationOn Host Identity Protocol
On Host Identity Protocol Miika Komu Data Communications Software Group Dep. of Computer Science and Engineering School of Science Aalto University 17.10.2011 Table of Contents Introduction
More informationHost Identity Protocol. Miika Komu Helsinki Institute for Information Technology
Host Identity Protocol Miika Komu Helsinki Institute for Information Technology 16.11.2009 Table of Contents Introduction Naming and Layering Control Plane Data Plane Introduction Motivation
More informationT Computer Networks II. Mobility Issues Contents. Mobility. Mobility. Classifying Mobility Protocols. Routing vs.
T-0.50 Computer Networks II Mobility Issues 6.0.008 Overview Mobile IP NEMO Transport layer solutions i SIP mobility Contents Prof. Sasu Tarkoma Mobility What happens when network endpoints start to move?
More informationHost Identity Indirection Infrastructure Hi 3. Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research
Host Identity Indirection Infrastructure Hi 3 Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research Presentation outline Motivation Background Secure i 3 Hi 3 Summary 2 Hi 3 motivation Question:
More informationWhat is HIP? A brief introduction to the Host Identity Protocol. 5. Aug
What is HIP? A brief introduction to the Host Identity Protocol 5. Aug 2010 Holger.Zuleger@hnet.de 2001:10:2010:0729:07:02:10:18 Holger Zuleger 2001:db8::13:1 > c Host Identity Protocol (RFC 5201) Yet
More informationHost Identity Protocol. Host Identity Protocol. Outline. Outline (cont) Host Identity Protocol Why HIP? Host Identity Protocol
Outline Host Identity Protocol Petri Jokela (Editor) & Jukka Ylitalo Tik-79.5401 - October 3, 2005 Host Identity Protocol Idea behind Setting up associations Mobility and multihoming Host mobility Host
More informationCONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements
CONTENTS Preface Acknowledgements xiii xvii Chapter 1 TCP/IP Overview 1 1.1 Some History 2 1.2 TCP/IP Protocol Architecture 4 1.2.1 Data-link Layer 4 1.2.2 Network Layer 5 1.2.2.1 Internet Protocol 5 IPv4
More informationInternet Engineering Task Force (IETF) Request for Comments: Ericsson A. Johnston Avaya January 2011
Internet Engineering Task Force (IETF) Request for Comments: 6079 Category: Experimental ISSN: 2070-1721 G. Camarillo P. Nikander J. Hautakorpi A. Keranen Ericsson A. Johnston Avaya January 2011 HIP BONE:
More informationInformation Security: Principles and Practice Second Edition. Mark Stamp
Information Security: Principles and Practice Second Edition Mark Stamp August 10, 2009 Contents Preface Second Edition Preface About The Author Acknowledgments xvii xix xxiii xxv 1 Introduction 1 1.1
More informationHost Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6
Host Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6 by Pekka Nikander, Andrei Gurtov, and Thomas R. Henderson Johannes Bachhuber Jacobs University
More informationDesign and Evaluation of Host Identity Protocol (HIP) Simulation Framework for INET/OMNeT++
Design and Evaluation of Host Identity Protocol (HIP) Simulation Framework for INET/OMNeT++ The 12-th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems October
More informationInternet Research Task Force (IRTF) Category: Informational. March The Host Identity Protocol (HIP) Experiment Report
Internet Research Task Force (IRTF) Request for Comments: 6538 Category: Informational ISSN: 2070-1721 T. Henderson The Boeing Company A. Gurtov University of Oulu March 2012 The Host Identity Protocol
More informationINTRODUCTION TO HOST IDENTITY PROTOCOL (HIP) AND
INTRODUCTION TO HOST IDENTITY PROTOCOL (HIP) AND ITS APPLICATIONS Advanced topics on networking ANDREI GURTOV Helsinki Institute for Information Technology Slides jointly with Ekaterina Vorobyeva http://www.hiit.fi/
More informationForeword xxiii Preface xxvii IPv6 Rationale and Features
Contents Foreword Preface xxiii xxvii 1 IPv6 Rationale and Features 1 1.1 Internet Growth 1 1.1.1 IPv4 Addressing 1 1.1.2 IPv4 Address Space Utilization 3 1.1.3 Network Address Translation 5 1.1.4 HTTP
More informationHost Identity Protocol
Host Identity Protocol V.Gowri 1, M.Nirmala Kumari 2, R.Devendra Reddy 3 Associate Professor, Dept of CSE, Sri Venkatesa Perumal College of Engineering, Andhra Pradesh, India Assistant Professor, Dept
More informationTechnical Brief. Network Port & Routing Requirements Active Circle 4.5 May Page 1 sur 15
Technical Brief Network Port & Routing Requirements Active Circle 4.5 May 2017 Page 1 sur 15 INDEX 1. INTRODUCTION... 3 1.1. SCOPE OF THE DOCUMENT... 3 1.2. AUDIENCE... 3 1.3. ORGANIZATION OF THE INFORMATION...
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More informationDraft Recommendation X.sdnsec-3 Security guideline of Service Function Chain based on software defined network
Draft Recommendation X.sdnsec-3 Security guideline of Service Function Chain based on software defined network Summary This recommendation is to analyze the security threats of the SDN-based Service Function
More informationPerformance Evaluation and Experiments for Host Identity Protocol
www.ijcsi.org 74 Performance Evaluation and Experiments for Host Identity Protocol Leonardo ARRAEZ 1, Hakima CHAOUCHI 2 and Zeynep GURKAS AYDIN 3 1,2 Telecom SudParis, Dept. LOR, CNRS Samovar UMR 5157,
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationConfiguration of an IPSec VPN Server on RV130 and RV130W
Configuration of an IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote access to corporate resources by establishing an encrypted tunnel
More informationVirtual Private Networks
EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,
More informationVirtual Private Network
VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More informationNetwork Working Group Request for Comments: Nokia Research Center F. Dupont GET/ENST Bretagne June 2004
Network Working Group Request for Comments: 3776 Category: Standards Track J. Arkko Ericsson V. Devarapalli Nokia Research Center F. Dupont GET/ENST Bretagne June 2004 Using IPsec to Protect Mobile IPv6
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationPerformance of Host Identity Protocol on Lightweight Hardware
Performance of Host Identity Protocol on Lightweight Hardware Andrey Khurri Helsinki Institute for Information Technology Finland akhurri@hiit.fi Ekaterina Vorobyeva Helsinki Institute for Information
More informationTitle A Location Privacy Protection Frame Host Identity Protocol Author(s) MAEKAWA, Keiji Citation Kyoto University ( 京都大学 ) Issue Date 2009-03-23 URL http://hdl.handle.net/2433/71165 Right Type Thesis
More informationThe Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,
1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets
More informationTechological Advantages of Mobile IPv6
Techological Advantages of Mobile IPv6 Nokia Research Center Mountain View, CA USA Charles E. Perkins http://people.nokia.net/charliep charliep@iprg.nokia.com 1 NOKIA NERD2000.PPT/ 11/20/00 / HFl Outline
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Photuris and SKIP PHASE 1 IKE PHASE 2 IKE How is SA established? How do parties negotiate
More informationIP Security IK2218/EP2120
IP Security IK2218/EP2120 Markus Hidell, mahidell@kth.se KTH School of ICT Based partly on material by Vitaly Shmatikov, Univ. of Texas Acknowledgements The presentation builds upon material from - Previous
More informationInternet security and privacy
Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create
More informationSlide 1. Slide 2. Slide 3. Technological Advantages of Mobile IPv6. Outline of Presentation. Earth with 2 Billion Mobile devices
Slide 1 Technological Advantages of Mobile IPv6 Nokia Research Center Mountain View, CA USA Charles E. Perkins http://people.nokia.net/charliep charliep@iprg.nokia.com 1 NOKIA NERD2000.PPT/ 11/20/00 /
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationIntroduction to IPsec. Charlie Kaufman
Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF standard for Network Layer security Popular for creating trusted link (VPN), either firewall-firewall, or machine
More informationFlexible Dynamic Mesh VPN draft-detienne-dmvpn-00
Flexible Dynamic Mesh VPN draft-detienne-dmvpn-00 Fred Detienne, Cisco Systems Manish Kumar, Cisco Systems Mike Sullenberger, Cisco Systems What is Dynamic Mesh VPN? DMVPN is a solution for building VPNs
More informationVirtual Tunnel Interface
This chapter describes how to configure a VTI tunnel. About s, on page 1 Guidelines for s, on page 1 Create a VTI Tunnel, on page 2 About s The ASA supports a logical interface called (VTI). As an alternative
More informationReal-time protocol. Chapter 16: Real-Time Communication Security
Chapter 16: Real-Time Communication Security Mohammad Almalag Dept. of Computer Science Old Dominion University Spring 2013 1 Real-time protocol Parties negotiate interactively (Mutual) Authentication
More informationExperimenting with early opportunistic key agreement
septembre 2002 SÉcurité des Communications sur Internet SECI02 Experimenting with early opportunistic key agreement Catharina Candolin ½ & Janne Lundberg ½ & Pekka Nikander ¾ 1: Laboratory for Theoretical
More informationSet Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers
Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually
More informationA Border Gateway Protocol 3 (BGP-3) DNS Extensions to Support IP version 6. Path MTU Discovery for IP version 6
IPv6 Standards and RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments RFC 1267 A Border Gateway Protocol 3 (BGP-3) RFC 1305 Network Time Protocol (Version 3) Specification, Implementation
More informationTABLE OF CONTENTS CHAPTER TITLE PAGE
vii TABLE OF CONTENTS CHAPTER TITLE PAGE DECLARATION ACKNOWLEDGMENT ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF APPENDICES ii iv v vi vii xiii xiv xvi 1 OVERVIEW 1 1.1 Introducation
More informationPractical IPv6 for Windows Administrators
Practical IPv6 for Windows Administrators Edward Horley Apress" Contents J Forward About the Author About the Technical Reviewers Acknowledgments Introduction xvii xix xxi xxiii xxv Chapter 1: IPv6 the
More informationHost Identity Protocol Version 2.5
Aalto University School of Science Degree Programme of Computer Science and Engineering Xin Gu Host Identity Protocol Version 2.5 Master s Thesis Espoo, June 28, 2012 Supervisors: Instructor: Professor
More informationVPN Auto Provisioning
VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds
More informationInternet Research Task Force (IRTF) Category: Experimental February 2012 ISSN: Host Identity Protocol Distributed Hash Table Interface
Internet Research Task Force (IRTF) J. Ahrenholz Request for Comments: 6537 The Boeing Company Category: Experimental February 2012 ISSN: 2070-1721 Abstract Host Identity Protocol Distributed Hash Table
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationVirtual Private Network. Network User Guide. Issue 05 Date
Issue 05 Date 2018-03-30 Contents Contents 1 Overview... 1 1.1 Concepts... 1 1.1.1 VPN... 1 1.1.2 IPsec VPN...1 1.2 Application Scenarios...2 1.3 Billing Standards... 3 1.4 VPN Reference Standards and
More informationSecurity Issues In Mobile IP
Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering 1 OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats 4.Open issues 2 OUTLINE 1.Introduction 2.Typical
More informationMobile IP. Mobile Computing. Mobility versus Portability
Mobile IP Mobile Computing Introduction Amount of mobile/nomadic computing expected to increase dramatically in near future. By looking at the great acceptance of mobile telephony, one can foresee a similar
More informationThe EN-4000 in Virtual Private Networks
EN-4000 Reference Manual Document 8 The EN-4000 in Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationDistributed User Authentication in Wireless LANs
Distributed User Authentication in Wireless LANs Dmitriy Kuptsov, Andrey Khurri, and Andrei Gurtov Helsinki Institute for Information Technology Helsinki University of Technology {dmitriy.kuptsov, andrey.khurri,
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with
More informationInternet Engineering Task Force (IETF) January 2014
Internet Engineering Task Force (IETF) Request for Comments: 7086 Category: Experimental ISSN: 2070-1721 A. Keranen G. Camarillo J. Maenpaa Ericsson January 2014 Host Identity Protocol-Based Overlay Networking
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More informationHost Identity Protocol (HIP)
Host Identity Protocol (HIP) WILEY SERIES IN COMMUNICATIONS NETWORKING & DISTRIBUTED SYSTEMS Series Editors: David Hutchison, Lancaster University, Lancaster, UK Serge Fdida, Université Pierre et Marie
More informationIPV6 SIMPLE SECURITY CAPABILITIES.
IPV6 SIMPLE SECURITY CAPABILITIES. 50 issues from RFC 6092 edited by J. Woodyatt, Apple Presentation by Olle E. Johansson, Edvina AB. ABSTRACT The RFC which this presentation is based upon is focused on
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationKey Management in IP Multicast
Key Management in IP Multicast Petri Jokela Helsinki University of Technology petri.jokela@nomadiclab.com ABSTRACT The IP networking was originally designed to operate in point topoint way. However, when
More informationInternet Engineering Task Force (IETF) Ericsson July 2011
Internet Engineering Task Force (IETF) Request for Comments: 6275 Obsoletes: 3775 Category: Standards Track ISSN: 2070-1721 C. Perkins, Ed. Tellabs, Inc. D. Johnson Rice University J. Arkko Ericsson July
More informationPerformance of Host Identity Protocol on Lightweight Hardware
Performance of Host Identity Protocol on Lightweight Hardware Andrey Khurri, Ekaterina Vorobyeva, Andrei Gurtov Helsinki Institute for Information Technology MobiArch'07 Kyoto,
More informationNetwork Security: IPsec. Tuomas Aura
Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationCisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6
IP6FD v6 Fundamentals, Design, and Deployment v3.0 Cisco IOS IPv6 Cisco IOS IPv6 IPv6 IPv6 service provider IPv6 IP IPv6 IPv6 data link IPv6 Cisco IOS IPv6 IPv6 IPv6 DHCP DNS DHCP DNS IPv6 IPv4 IPv6 multicast
More informationCSE 123b Communications Software
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Stefan Savage Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to
More informationQuick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to be part of the
More informationNetwork Address Translators (NATs) and NAT Traversal
Network Address Translators (NATs) and NAT Traversal Ari Keränen ari.keranen@ericsson.com Ericsson Research Finland, NomadicLab Outline Introduction to NATs NAT Behavior UDP TCP NAT Traversal STUN TURN
More informationVPN Ports and LAN-to-LAN Tunnels
CHAPTER 6 A VPN port is a virtual port which handles tunneled traffic. Tunnels are virtual point-to-point connections through a public network such as the Internet. All packets sent through a VPN tunnel
More informationCategory: Standards Track June Mobile IPv6 Support for Dual Stack Hosts and Routers
Network Working Group H. Soliman, Ed. Request for Comments: 5555 Elevate Technologies Category: Standards Track June 2009 Status of This Memo Mobile IPv6 Support for Dual Stack Hosts and Routers This document
More information2009/10/01. Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Obsoleted by RFC3596 [7] RFC 1887
六 年度 路 IPv6 RFC 年 871 872 六 IPv6 RFC IPv6 RFC 2009/10/01 RFC 狀 [1] RFC 1809 Using the Flow Label Field in IPv6 1995/06 [2] RFC 1881 IPv6 Address Allocation Management. 1995/12 [3] RFC 1883 Internet Protocol,
More informationSample excerpt. Virtual Private Networks. Contents
Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................
More informationFirepower Threat Defense Site-to-site VPNs
About, on page 1 Managing, on page 3 Configuring, on page 3 Monitoring Firepower Threat Defense VPNs, on page 11 About Firepower Threat Defense site-to-site VPN supports the following features: Both IPsec
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationNetwork Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: IPsec Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 2 IPsec: Architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects
More informationIPsec NAT Transparency
The feature introduces support for IP Security (IPsec) traffic to travel through Network Address Translation (NAT) or Port Address Translation (PAT) points in the network by addressing many known incompatibilities
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCryptography and Network Security Chapter 16. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,
More informationInternet Indirection Infrastructure. Karthik Lakshminarayanan UC Berkeley
Internet Indirection Infrastructure Karthik Lakshminarayanan UC Berkeley Contrasting LNA, HIP, and i3 LNA = Layered Naming Architecture LNA, HIP, i3: All network architecture proposals Separate location
More informationCommunications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage
CSE 123b CSE 123b Communications Software Spring 2003 Lecture 10: Mobile Networking Stefan Savage Quick announcement My office hours tomorrow are moved to 12pm May 6, 2003 CSE 123b -- Lecture 10 Mobile
More informationQuick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003
CSE 123b Communications Software Quick announcement My office hours tomorrow are moved to 12pm Spring 2003 Lecture 10: Mobile Networking Stefan Savage May 6, 2003 CSE 123b -- Lecture 10 Mobile IP 2 Last
More informationUpdate on Future Internet Research
Update on Future Internet Research Prof. Sasu Tarkoma 13.10.2009 Part of the material is based on lecture slides by Dr. Pekka Nikander (HIP) and Dmitrij Lagutin (PLA) Contents Introduction Current state
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationSiemens August Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
Network Working Group Request for Comments: 4621 Category: Informational T. Kivinen Safenet, Inc. H. Tschofenig Siemens August 2006 Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol Status
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationSAVAH: Source Address Validation with Host Identity Protocol
SAVAH: Source Address Validation with Host Identity Protocol Dmitriy Kuptsov and Andrei Gurtov Helsinki Institute for Information Technology Helsinki University of Technology {dmitriy.kuptsov,gurtov}@hiit.fi
More informationInternet Engineering Task Force (IETF) Category: Standards Track. J. Arkko Ericsson February Host Multihoming with the Host Identity Protocol
Internet Engineering Task Force (IETF) Request for Comments: 8047 Category: Standards Track ISSN: 2070-1721 T. Henderson, Ed. University of Washington C. Vogt Independent J. Arkko Ericsson February 2017
More informationgenerated, it must be associated with a new nonce index, e.g., j. CN keeps both the current value of N j and a small set of previous nonce values, N j
Authenticated Binding Update in Mobile IPv6 Networks Qiu Ying Institute for Infocomm Research Singapore qiuying@i2r.a-star.edu.sg Bao Feng Institute for Infocomm Research Singapore baofeng@i2r.a-star.edu.sg
More informationNETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple
NETWORKING 3.0 Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING Highly Available Remarkably Simple Radically Secure IP complexity is holding your business back As
More informationIPSec. Dr.Talal Alkharobi. IPsec (IP security)
IPSec IPsec (IP security) 2 A suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for
More informationA New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks
A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks Jung Doo Koo 1, Jungsook Koo 2, Dong Chun Lee 3 1 Dept. of Computer Science and Eng., Hanyang Univ., Korea jdkoo@cse.hanyang.ac.kr
More information