Security Protocols

In the IPv6 world, the IP protocol itself, i.e., IPv6, is used for a number of functions that currently fall beyond the scope of the IPv4 protocol. These functions include address configuration, neighbour detection, router discovery, and others. It is either suggested to or required that IPsec is used to secure these functions. Furthermore, IPsec is used to protect a number of functions that are considered dangerous in the IPv4 world, including mobility management and source routing. Now, the currently prominent method for creating IPsec Security Associations, the Internet Key Exchange (IKE) protocol, is both relatively heavy and requires that the underlying IP stacks are already fully functional, at least to the point that UDP may be used. As a result, the combination of the widened responsibility of IPsec and the relative heavy weight of IKE creates a vicious cycle that is a potential source of various denial-of-service attacks. Additionally, if we want to use IPsec to secure IPv6 autoconfiguration, a chicken-and-egg problem is created: fully configured IPsec is needed to configure IP, and fully configured IP is needed to configure IPsec. In this paper, we describe these problems in detail.

[1]  I. G. BONNER CLAPPISON Editor , 1960, The Electric Power Engineering Handbook - Five Volume Set.

[2]  Martn Abadi,et al.  Security Protocols and their Properties , 2000 .

[3]  Jan Jürjens Secure Java Development with UML , 2001, Network Security.

[4]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[5]  Jan Jürjens,et al.  Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications , 2001, I3E.

[6]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[7]  Lawrence C. Paulson Inductive Analysis of the Internet Protocol TLS (Transcript of Discussion) , 1998, Security Protocols Workshop.

[8]  Rob Pooley,et al.  The unified modelling language , 1999, IEE Proc. Softw..

[9]  Jan Jürjens,et al.  Specification-Based Testing of Firewalls , 2001, Ershov Memorial Conference.

[10]  Jan Jürjens Modelling Audit Security for Smart-Cart Payment Schemes with UML-SEC , 2001, SEC.

[11]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[12]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[13]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[14]  Dieter Gollmann On the Verification of Cryptographic Protocols - A Tale of Two Committees , 2000, Electron. Notes Theor. Comput. Sci..

[15]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[16]  Jan Jürjens,et al.  Developing Secure Systems with UMLsec — From Business Processes to Implementation , 2001 .

[17]  Li Gong Java Security Architecture (JDK1.2) , 1997 .