IPsec Anti-Replay Algorithm without Bit Shifting
暂无分享,去创建一个
This document presents a new method to do anti-replay check and
update, which becomes one alternative to the anti-replay algorithm in
RFC 4302 and RFC4303. The new method will deem the bit-shifting
unnecessary. It will reduce the number of times to slide the window.
In addition, it makes bit-check and bit-update easier as it does not
depend on the low index of the sliding window. It is especially
beneficial when the window size is much bigger than 64 bits, for
example, 1024 bits. IPsec employs one anti-replay sliding window
protocol to secure against an adversary that can insert the messages
inside the network tunnel. This method still inherits the sliding
window protocol, but use one or more redundant bytes to ease the
update of sliding window. The bit-shifting is deemed unnecessary with
updating the high and low index of the window, which is especially
efficient in case of the big window size. Thus the method reduces the
number of times to update the window. In addition, the bit location
is fixed for one sequence number, thus makes the bit check easier and
faster.
[1] Stephen T. Kent,et al. IP Authentication Header , 1995, RFC.
[2] Randall J. Atkinson,et al. IP Encapsulating Security Payload (ESP) , 1995, RFC.