Sciweavers

Share
ICC
2009
IEEE

End-Host Authentication and Authorization for Middleboxes Based on a Cryptographic Namespace

9 years 16 hour ago
End-Host Authentication and Authorization for Middleboxes Based on a Cryptographic Namespace
—Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are endhost authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely m...
Tobias Heer, René Hummen, Miika Komu, Stefa
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where ICC
Authors Tobias Heer, René Hummen, Miika Komu, Stefan Götz, Klaus Wehrle
Comments (0)
books