A Unix Streams Implementation of the Internet Protocol Security

نویسندگان

  • Timo Aalto
  • Pekka Nikander
چکیده

Master's thesis submitted for approval Septemper 17, 1996 for the degree of Master of Science. Current Internet Protocol (IP) implementations provide no protection against eavesdropping of connections , spoofing of IP datagrams and TCP connection hijacking. Rapid advances in communication technology and expanding use of the Internet have accentuated the need for security in the Internet. Internet Protocol Security (IPSEC) is the Internet Engineering Task Force (IETF) standard for the network layer security. IPSEC provides cryptographic security services that support combinations of authentication, integrity and confidentiality. It provides security services to protect client protocols of IP and supports host-to-host, subnet-to-subnet and host-to-subnet security topologies. The IP security offers a system level security component available on all platforms. It does not provide non-repudiation security service; protection against traffic analysis or every possible denial of service attack are not provided either. The use of the IP security services increases IP protocol processing cost and communication latency due to computationally intensive cryptographic algorithms. In this study IP Security specifications and architecture are examined using a semi-formal model. IPSEC is described using the concepts of security variables, security management, security mechanisms and security control logic. Security variables are divided into security policy variables and security associations. Security policy variables control the enforcement of host security policy at the IP layer and the selection of security associations for datagrams. A security association is a relationship between two or more entities; it describes how the entities will utilize security services. The security management is responsible for establishing and updating the security variables. Authentication Header (AH) security mechanism provides integrity and authentication for IP data-grams by computing a cryptographic authentication function over the IP datagram and using a secret authentication key in this computation. Encapsulating Security Payload (ESP) provides integrity and confidentiality and optionally authentication for datagrams by encapsulating either an entire datagram or only the upper-layer protocol data inside, encrypting most of the ESP contents. The control logic of the AH and ESP security mechanisms is based on the security variables. The control reads the security variables and behaves accordingly. The focus of this study is in the implementation of an IPSEC prototype with manual key management in the Solaris 2.5 operating system. The IPSEC specification process is in progress and the prototype is based on the specifications such as they were at the beginning of this study. The objectives of the implementation are security, modularity …

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

STREAMS-based vs. Legacy Pipe Performance Comparison

With the objective of contrasting performance between STREAMS and legacy approaches to system facilities, a comparison is made between the tested performance of the Linux legacy pipe implementation and the STREAMS-based pipe implementation using the Linux Fast-STREAMS package [? ]. 1 Background Pipes have a rich history in the UNIX operating system. Present on early Bell Laboratories UNIX Versi...

متن کامل

Implementing POSIX Sockets for Linux Fast-STREAMS Design for Linux

UNIX networking has a rich history. The TCP/IP protocol suite was first implemented by BBN using Sockets under a DARPA research project on 4.1aBSD and then incorporated by the CSRG into 4.2BSD [? ]. Lachmann and Associates (Legent) subsequently implemented one of the first TCP/IP protocol suite based on the Transport Layer Interface (TLI) [? ] and STREAMS [? ]. Two other predominant TCP/IP impl...

متن کامل

A Mutual Authentication Method for Internet of Things

Today, we are witnessing the expansion of various Internet of Things (IoT) applications and services such as surveillance and health. These services are delivered to users via smart devices anywhere and anytime. Forecasts show that the IoT, which is controlled online in the user environment, will reach 25 billion devices worldwide by 2020. Data security is one of the main concerns in the IoT. ...

متن کامل

Game-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags

The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and ...

متن کامل

Implementing SIGTRAN for Linux Fast-STREAMS Design for Linux

1 Background UNIX networking has a rich history. The TCP/IP protocol suite was first implemented by BBN using Sockets under a DARPA research project on 4.1aBSD and then incorporated by the CSRG into 4.2BSD [? ]. Lachmann and Associates (Legent) subsequently implemented one of the first TCP/IP protocol suite based on the Transport Layer Interface (TLI) [? ] and STREAMS [? ]. Two other predominan...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1996