End-Host Authentication and Authorization for Middleboxes Based on a Cryptographic Namespace

13 years 11 months ago

Download www.ds-group.info

—Today, middleboxes such as ﬁrewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and ﬁlter trafﬁc, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are endhost authentication and authorization. Using a cryptographic namespace for end-hosts simpliﬁes these tasks since it gives them an explicit and veriﬁable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity veriﬁcation is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufﬁcient because on-path middleboxes cannot securely m...

Tobias Heer, René Hummen, Miika Komu, Stefa

Real-time Traffic

Communications | Cryptographic Namespace | ICC 2009 | On-path Middleboxes | Replay Attacks |

claim paper

Post Info
More Details (n/a)

Added	21 May 2010
Updated	21 May 2010
Type	Conference
Year	2009
Where	ICC
Authors	Tobias Heer, René Hummen, Miika Komu, Stefan Götz, Klaus Wehrle

Comments (0)

Sciweavers

End-Host Authentication and Authorization for Middleboxes Based on a Cryptographic Namespace

Communications | Cryptographic Namespace | ICC 2009 | On-path Middleboxes | Replay Attacks |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers