% 
% This file was created by the TYPO3 extension
% bib
% --- Timezone: CEST
% Creation date: 2024-05-15
% Creation time: 00-34-08
% --- Number of references
% 4
% 

@Techreport { 2011-heer-draft-middle-auth,
   title = {End-Host Authentication for HIP Middleboxes (Version 4)},
   year = {2011},
   number = {draft-heer-hip-middle-auth-04},
   abstract = {The Host Identity Protocol [RFC5201] is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace.  This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them.  This extension allows middleboxes to verify the liveness and freshness of a HIP association and, thus, to secure access control in middleboxes.},
   note = {Work in progress},
   tags = {ietf, mobile_access},
   url = {http://tools.ietf.org/html/draft-heer-hip-middle-auth-04},
   misc2 = {Online},
   institution = {Internet Engineering Task Force},
   type = {Internet-Draft},
   language = {en},
   author = {Heer, Tobias and Komu, Miika and Hummen, Ren{\'e} and Wehrle, Klaus}
}

@Inproceedings { 2009-icc-heer-middleboxes,
   title = {End-host Authentication and Authorization for Middleboxes based on a Cryptographic Namespace},
   year = {2009},
   volume = {1},
   pages = {791-796},
   abstract = {Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards.},
   tags = {mobile_access},
   url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf},
   misc2 = {Print},
   publisher = {Piscataway, NJ, USA},
   address = {Dresden, Germany},
   booktitle = {Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany},
   organization = {IEEE},
   event_place = {Dresden, Germany},
   event_name = {IEEE International Conference on Communications 2009 (ICC 2009)},
   language = {en},
   ISBN = {978-1-4244-3435-0},
   ISSN = {1938-1883},
   DOI = {10.1109/ICC.2009.5198984},
   reviewed = {1},
   author = {Heer, Tobias and Hummen, Ren{\'e} and Komu, Miika and G{\"o}tz, Stefan and Wehrle, Klaus}
}

@Techreport { 2009-heer-draft-midauth,
   title = {End-Host Authentication for HIP Middleboxes (Version 2)},
   year = {2009},
   number = {draft-heer-hip-midauth-02},
   abstract = {The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes.},
   note = {Work in progress},
   institution = {Internet Engineering Task Force},
   type = {Internet-Draft},
   author = {Heer, Tobias and Komu, Miika and Wehrle, Klaus}
}

@Techreport { 2008-heer-draft-midauth,
   title = {End-Host Authentication for HIP Middleboxes (Version 1)},
   year = {2008},
   number = {draft-heer-hip-midauth-01},
   abstract = {The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes.},
   note = {Work in progress},
   institution = {Internet Engineering Task Force},
   type = {Internet-Draft},
   author = {Heer, Tobias and Komu, Miika and Wehrle, Klaus}
}