This file was created by the TYPO3 extension
bib
--- Timezone: CEST
Creation date: 2024-05-13
Creation time: 23-10-16
--- Number of references
4
techreport
2011-heer-draft-middle-auth
End-Host Authentication for HIP Middleboxes (Version 4)
2011
draft-heer-hip-middle-auth-04
The Host Identity Protocol [RFC5201] is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension allows middleboxes to verify the liveness and freshness of a HIP association and, thus, to secure access control in middleboxes.
Work in progress
ietf, mobile_access
http://tools.ietf.org/html/draft-heer-hip-middle-auth-04
Online
Internet Engineering Task Force
Internet-Draft
en
TobiasHeer
MiikaKomu
RenéHummen
KlausWehrle
inproceedings
2009-icc-heer-middleboxes
End-host Authentication and Authorization for Middleboxes based on a Cryptographic Namespace
2009
1
791-796
Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards.
mobile_access
http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf
Print
Piscataway, NJ, USA
Dresden, Germany
Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany
IEEE
Dresden, Germany
IEEE International Conference on Communications 2009 (ICC 2009)
en
978-1-4244-3435-0
1938-1883
10.1109/ICC.2009.5198984
1
TobiasHeer
RenéHummen
MiikaKomu
StefanGötz
KlausWehrle
techreport
2009-heer-draft-midauth
End-Host Authentication for HIP Middleboxes (Version 2)
2009
draft-heer-hip-midauth-02
The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes.
Work in progress
Internet Engineering Task Force
Internet-Draft
TobiasHeer
MiikaKomu
KlausWehrle
techreport
2008-heer-draft-midauth
End-Host Authentication for HIP Middleboxes (Version 1)
2008
draft-heer-hip-midauth-01
The Host Identity Protocol is a signaling protocol for secure communication, mobility, and multihoming. It achieves these properties by introducing a new cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension enables middleboxes to verify the liveness and freshness of a HIP association and, thus, enables reliable and secure access control in middleboxes.
Work in progress
Internet Engineering Task Force
Internet-Draft
TobiasHeer
MiikaKomu
KlausWehrle