Authentication and Privacy in IPv4 and IPv6
نویسنده
چکیده
This paper describes the security mechanisms for IP version 4 (IPv4) and IP version 6 (IPv6) and the services that they provide. An overview of key management requirements for systems implementing those security mechanisms will also be discussed. There are two specific headers that are used to provide security services in IPv4 and IPv6. These headers are the IP Authentication Header (AH) and the IP Encapsulating Security Payload (ESP) header. The Authentication Header provides support for data integrity and authentication of IP packets as well as protection against replay attacks. The Encapsulating Security Payload header, like the Authentication Header, provides for data integrity, authentication, and replay protection but also provides for confidentiality through packet encryption. Depending on the application, both AH and ESP can be used to either protect either a transport layer segment or the entire IP packet (transport-mode versus tunnel-mode). Example applications of both the AH and the ESP will be discussed using the HMAC-MD5 algorithm to illustrate the AH and DES-CBC transform to illustrate the ESP. Descriptions will cover both AH and ESP used individually as well as in tandem. A key concept that appears in both the authentication and privacy mechanisms for IP is the security association. This security association is uniquely identified by the internet destination address, the security protocol and a Security Parameter Index (SPI). The SPI is enclosed in both the AH and the ESP header and is the method by which a key management mechanism is linked to the authentication and privacy mechanisms. This loose coupling of key management systems allows for the use of existing systems while allowing for the development of future key systems without modification of the security mechanisms. Current key management systems mandated by the Internet Engineering Task Force (IETF) draft standards include manual management as well as the ISAKMP/OAKLEY key management and exchange protocol. Note that many of the concepts described here have yet to be standardized and are to be considered as work in progress. Much of the available information upon which this paper is based is drawn from Internet Draft documents which are working documents of the IETF.
منابع مشابه
Authentication mechanisms in Next-generation Internet Layer mobile and distributed environments
Internet Protocol Version 6 (IPv6), also called the Next Generation Internet Protocol (IPng) is a natural increment to IPv4. IPv4 was never intended for the Internet that we have today, commonly used in mobile and distributed environments, either in terms of customer requirements or security concers. The changes from IPv4 to IPv6 include primarily expanded addressing capabilities, the header fo...
متن کاملRFC 5340 OSPF for IPv 6 July 2008 4 . 4 . 3
This document describes the modifications to OSPF to support version 6 of the Internet Protocol (IPv6). The fundamental mechanisms of OSPF (flooding, Designated Router (DR) election, area support, Short Path First (SPF) calculations, etc.) remain unchanged. However, some changes have been necessary, either due to changes in protocol semantics between IPv4 and IPv6, or simply to handle the incre...
متن کامل6930 RADIUS for 6 rd April
The IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) provides both IPv4 and IPv6 connectivity services simultaneously during the IPv4/IPv6 coexistence period. The Dynamic Host Configuration Protocol (DHCP) 6rd option has been defined to configure the 6rd Customer Edge (CE). However, in many networks, the configuration information may be stored in the Authentication Authorization and Accounti...
متن کاملPerformance Analysis of IPSec in IPv6 Transition Mechanisms
Internet Protocol version 6 (IPv6) is the next generation Internet Protocol proposed by the Internet Engineering Task Force (IETF) to supplant the current Internet Protocol version 4 (IPv4). Lack of security below the application layer in IPv4 is one of the reasons why there is a need for a new Internet Protocol. IPv6 has built-in support for the Internet Protocol Security protocol (IPSec). IPS...
متن کاملMobility Support in IPv6 Based on the VIP Mechanism
IPv6, the successor of current IP (IPv4), is now under development. Mobility support is one of the requirements for IPv6. This paper proposes a protocol for mobility support in IPv6. The proposed protocol is based on the mechanisms of Virtual Internet Protocol (VIP), which provides mobility in IPv4. Two Hop-by-Hop options are added to support mobility, one for user data and another for control....
متن کامل