This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-05-13 Creation time: 23-10-16 --- Number of references 4 techreport 2011-heer-draft-middle-auth 2011 draft-heer-hip-middle-auth-04 The Host Identity Protocol [RFC5201] is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension allows middleboxes to verify the liveness and freshness of a HIP association and, thus, to secure access control in middleboxes. Work in progress ietf, mobile_access http://tools.ietf.org/html/draft-heer-hip-middle-auth-04 Online Internet Engineering Task Force Internet-Draft en TobiasHeer MiikaKomu RenéHummen KlausWehrle inproceedings 2009-icc-heer-middleboxes 2009 1 791-796 Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards. mobile_access http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf Print Piscataway, NJ, USA

Dresden, Germany

Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany IEEE Dresden, Germany IEEE International Conference on Communications 2009 (ICC 2009) en 978-1-4244-3435-0 1938-1883 10.1109/ICC.2009.5198984 1 TobiasHeer RenéHummen MiikaKomu StefanGötz KlausWehrle techreport 2009-heer-draft-midauth 2009 draft-heer-hip-midauth-02 The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes. Work in progress Internet Engineering Task Force Internet-Draft TobiasHeer MiikaKomu KlausWehrle techreport 2008-heer-draft-midauth 2008 draft-heer-hip-midauth-01 The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes. Work in progress Internet Engineering Task Force Internet-Draft TobiasHeer MiikaKomu KlausWehrle