... new valued-added IP services. As a consequence, IPsec is an especially important security mechanism in that ... mechanisms for IP packets. Moreover, in order for IPsec to work properly, security policies that describe how ... be provisioned on all network elements that offer IPsec protection. Since IPsec policies are quite complex, manually configuring them on ... is inefficient and therefore infeasible for large-scale IPsec deployment. Policy-based IPsec management strives to solve this problem: Policy-based ...
Tópico(s): Network Packet Processing and Optimization
2003 - Institute of Electrical and Electronics Engineers | IEEE Network
... at the network-layer, the IP security protocol (IPsec) has been available for years, but its usage ... The end-to-end security services provided by IPsec have not been widely used. To bring the IPsec services into wide usage, a standard IPsec API is a potential solution. However, the realization of a user-friendly IPsec API involves many modifications on the current IPsec and Internet key exchange (IKE) implementations. An alternative approach is to configure application-specific IPsec policies, but the current IPsec policy system lacks ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2007 - Institute of Electrical and Electronics Engineers | IEEE/ACM Transactions on Networking
Shahid Raza, Simon Duquennoy, Joel Höglund, Utz Roedig, Thiemo Voigt,
... IoT must be addressed. In the traditional Internet, IPsec is the established and tested way of securing ... therefore reasonable to explore the option of using IPsec as a security mechanism for the IoT. Smart ... the IoT based on the trusted and tested IPsec mechanism, it is necessary to define an IPsec extension of 6LoWPAN. In this paper, we present such a 6LoWPAN/IPsec extension and show the viability of this approach. We describe our 6LoWPAN/IPsec implementation, which we evaluate and compare with our ...
Tópico(s): Advanced Authentication Protocols Security
2012 - Hindawi Publishing Corporation | Security and Communication Networks
Frederik Hauser, Marco Häberle, Mark B. Schmidt, Michael Menth,
In this work, we present P4-IPsec, a concept for IPsec in software-defined networks (SDN) using P4 programmable data planes. The prototype implementation features ESP in tunnel mode ... P4-capable switches are programmed to serve as IPsec tunnel endpoints. We also provide a client agent ... to set up and renew tunnel endpoints, P4-IPsec benefits from an SDN controller to accomplish these ... experimental work is to investigate how well P4-IPsec can be implemented on existing P4 switches. We ... paper, we provide technological background of P4 and IPsec and give a comprehensive review of security applications ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2020 - Institute of Electrical and Electronics Engineers | IEEE Access
IPsec is the standard suite of protocols for network-layer confidentiality and authentication of Internet traffic. The IPsec protocols, however, do not address the policies for ... article introduces an efficient policy management scheme for IPsec, based on the principles of trust management. A compliance check is added to the IPsec architecture that tests packet filters proposed when new ... allowing very efficient packet-filtering for the actual IPsec traffic. We present a practical portable implementation of ...
Tópico(s): Mobile Agent-Based Network Management
2002 - Association for Computing Machinery | ACM Transactions on Information and System Security
Zhi Fu, S. Felix Wu, He Huang, Kung Loh, Fengmin Gong, Ilya Baldin, Chong Xu,
IPSec (Internet Security Protocol Suite) functions will be executed correctly only if its policies are correctly specified and configured. Manual IPSec policy configuration is inefficient and error-prone. An ... therefore, demanded to systematically manage and verify various IPSec policies in order to ensure an end-to- ... This paper contributes to the development of an IPSec policy management system in two aspects. First, we ... process of transforming from security requirements to specific IPSec policies but also can be used as criteria ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2001 - Springer Science+Business Media | Lecture notes in computer science
Gabriel López-Millán, Rafael Marín-López, Fernando Pereñíguez-García,
... the literature. In this sense, the IP Security (IPsec) protocol is the standard to protect IP traffic ... or Software-Defined WAN (SD-WAN). Traditionally, the IPsec operation is assisted by a key management protocol, ... the Internet Key Exchange (IKEv2), responsible for establishing IPsec Security Associations (IPsec SAs). Yet, manual configuration of IKEv2 is still ... which does not scale when the number of IPsec entities is high. In this paper we propose a solution to manage IPsec SAs using SDNs avoiding manual configuration in the ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2019 - Elsevier BV | Computer Standards & Interfaces
... It is either suggested to or required that IPsec is used to secure these functions. Furthermore, IPsec is used to protect a number of functions ... routing. Now, the currently prominent method for creating IPsec Security Associations, the Internet Key Exchange (IKE) protocol, ... result, the combination of the widened responsibility of IPsec and the relative heavy weight of IKE creates ... service attacks. Additionally, if we want to use IPsec to secure IPv6 autoconfiguration, a chicken-and-egg problem is created: fully configured IPsec is needed to configure IP, and fully configured ...
Tópico(s): Advanced Authentication Protocols Security
2002 - Springer Science+Business Media | Lecture notes in computer science
Kenneth G. Paterson, Arnold K. L. Yau,
... cryptography highlighting the vulnerabilities of unauthenticated encryption, the IPsec standards mandate its support. We present evidence that ... in fact still often selected by users of IPsec in practice, even with strong warnings advising against this in the IPsec standards. We then describe a variety of attacks ... the case of the Linux kernel implementation of IPsec. Our attacks are realistic in their requirements, highly efficient, and recover the complete contents of IPsec-protected datagrams. Our attacks still apply when integrity ...
Tópico(s): Advanced Malware Detection Techniques
2006 - Springer Science+Business Media | Lecture notes in computer science
Joshua D. Guttman, Amy L. Herzog, F. Javier Thayer,
The IP security protocols (IPsec) may be used via security gateways that apply cryptographic operations to provide security services to datagrams, and this mode of ... the types of authentication and confidentiality goal that IPsec is capable of achieving, and we provide criteria that entail that a network with particular IPsec processing achieves its security goals. This requires us to formalize the structure of networks using IPsec, and the state of packets relevant to IPsec processing. We can then prove confidentiality goals as ...
Tópico(s): Mobile Agent-Based Network Management
2000 - Springer Science+Business Media | Lecture notes in computer science
Antonio J. Jara, David Fernández, Pablo López, Miguel A. Zamora, Antonio Skármeta,
... for constrained environments based on Mobile IPv6 and IPSec. Compatibility with IPv6-existing protocols has been considered ... enabled dynamic ecosystems, and security support based on IPSec has been also considered, since dynamic ecosystems present ... one hand, analysed suitability of Mobile IPv6 and IPSec for constrained devices, and on the other hand, ... evaluated a lightweight version of Mobile IPv6 and IPSec. The proposed solution of lightweight Mobile IPv6 with IPSec is aware of the requirements of the IoT ...
Tópico(s): IoT and Edge/Fog Computing
2014 - IOS Press | Mobile Information Systems
... present the Plug-and-Play IP Security (PnP-IPsec) protocol. PnP-IPsec automatically establishes IPsec security associations between gateways, avoiding the need for ... and coordination between gateways, and the dependency on IPsec public key certificates - the two problems which are widely believed to have limited the use of IPsec mostly to intra-organization communication.PnP-IPsec builds on Self-validated Public Data Distribution (SvPDD), ... We provide an open-source implementation of PnP-IPsec and SvPDD, and show that the resulting system ...
Tópico(s): IPv6, Mobility, Handover, Networks, Security
2013 - Springer Science+Business Media | Lecture notes in computer science
Dae-Hyun Ryu, Jong Whoa Na, Seung-Jung Shin, Seung-Ju Jang, Jung‐Tae Kim,
A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented ... HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.
Tópico(s): Advanced Data Storage Technologies
2003 - Korea Institute of Information and Communication Engineering | Journal of information and communication convergence engineering
Nachiketh Potlapally, S. Ravi, Anand Raghunathan, R.B. Lee, Niraj K. Jha,
Security protocols, such as IPSec and SSL, are being increasingly deployed in the context of networked embedded systems. The resource-constrained nature of embedded systems ... we perform a comprehensive performance analysis of the IPSec protocol on a state-of-the-art configurable ... We present performance profiles of a lightweight embedded IPSec implementation running on the Xtensa processor, and examine ... processing. In order to improve the efficiency of IPSec processing on embedded devices, we then study the ...
Tópico(s): Parallel Computing and Optimization Techniques
2007 - Institute of Electrical and Electronics Engineers | IEEE Transactions on Very Large Scale Integration (VLSI) Systems
... Internet Engineering Task Force is standardizing security protocols (IPsec protocols) that are compatible with IPv6 and can ... they address, and touches on some implementation requirements. IPsec's major advantage is that it can provide ... applications and users. Also, the application programs using IPsec need not be modified in any way. This ... code, which is common today. This transparency sets IPsec apart from security protocols that operate above the Internet layer. At present, IPsec is likely to be used in conjunction with ...
Tópico(s): Advanced Authentication Protocols Security
1998 - IEEE Computer Society | Computer
... However, the existence of translation gateway between two IPSec nodes from disparate address realms imposes some incompatibility ... due to the violation of TCP/UDP and IPSec intrinsic functionalities by the gateway.In this work, ... study and explore the incompatibility issues of applying IPSec across the translation gateway and then propose a workable solution to implement end to end IPSec in heterogeneous IPv4 and IPv6 networks.Experimental results ... our mechanism is feasible to establish a successful IPSec connection across IPv4/IPv6 translation gateway.Moreover, the ...
Tópico(s): Advanced Authentication Protocols Security
2012 - | International journal of Computer Networks & Communications
Gouda I. Salama, Mohamed Shehab, Alaaeldin M. Hafez, Mohammed J. Zaki,
... to whom the person is speaking(by Authentication).IPsec can be used to achieve both of these ... packets leave the corporate intranet.The incorporation of IPsec with IPv4 increase the availability of encryption, VOIPsec (VOIP using IPsec) helps reduce the threat of man in the ... voice traffic analysis.Combined with the firewall implementations, IPsec makes VOIP more secure than a standard phone ... Tool). the results show that transmitting voice over IPsec increase the end to end delay,delay variation( ...
Tópico(s): Network Packet Processing and Optimization
2009 - Egyptian Ministry of Defense | International Conference on Aerospace Sciences and Aviation Technology
The original goal of Internet protocol security (IPSec) is to enable the protection of all types of Internet protocol (IP) communications by protecting multiple peers at the network layer, in both the IPv4 and IPv6 environments. IPSec is a standard for securing internet communication and ... implementing virtual private networks (VPNs). Most organisations deploy IPSec VPNs that provide enterprise-level secure remote access ... exchanged between remote networks or host and an IPSec gateway located at the edge of a private ...
Tópico(s): Mobile Agent-Based Network Management
2008 - Institute of Electrical and Electronics Engineers | Conference proceedings - Canadian Conference on Electrical and Computer Engineering
Muzaffar Rao, Thomas Newe, Ian Grout, Avijit Mathur,
... over the last decade. The Internet protocol security IPSec standard has been developed as one solution to the problem of end-to-end secure communications. IPSec implementation is computationally intensive and can significantly limit ... To overcome this speed issue, hardware implementations of IPSec offer the best solution. This work presents a field programmable gate array-based reconfigurable IPSec authentication header AH core. AH is one of the two main IPSec protocols, namely, AH and encapsulating security payload, and ...
Tópico(s): IPv6, Mobility, Handover, Networks, Security
2016 - Hindawi Publishing Corporation | Security and Communication Networks
Koichiro Homma, Masakatsu Sone, Daisuke Taura, Kenichi Yamahara, Yutaka Suzuki, Kazutoshi Takahashi, Takuhiro Sonoyama, Megumi Inuzuka, Yasutomo Fukunaga, Naohisa Tamura, Hiroshi Itoh, Shinya Yamanaka, Kazuwa Nakao,
... derived ECs (ESECs) and human iPS-derived ECs (iPSECs). Methods and results We compared the cell proliferative ... of these cell functions. The cell functions of iPSECs were comparable to those of ESECSs and also ... analyzed the gene expressions of HAECs, ESECs and iPSECs, and observed that the expression level of Sirt1, ... dependent histone deacetylase, is higher in ESECs and iPSECs than in HAECs. The inhibition of Sirt1 with ... in the high cellular function of ESECs and iPSECs. Although further in vivo investigations are required, this ...
Tópico(s): Adipose Tissue and Metabolism
2010 - Elsevier BV | Atherosclerosis
... However, this technique is conflicted with IP-security (IPsec)-a standard IP security protocol that will make ... develops a solution called multilayer IP-security (ML-IPsec). The basic principle is to use a multilayer ... we show that we can easily add ML-IPsec to existing IPsec software and the overhead is low. We conclude that ML-IPsec can help wireless networks provide both security and ...
Tópico(s): Software-Defined Networks and 5G
2004 - Institute of Electrical and Electronics Engineers | IEEE Journal on Selected Areas in Communications
Aniruddha Bhattacharjya, Xiaofeng Zhong, Jing Wang, Xing Li,
... model among application endpoints. The Internet Protocol Security (IPsec) can offer various security services like limited traffic ... and data origin authentication. One way to use IPSec to secure the CoAP transactions can be Encapsulating Security Payload Protocol [RFC 2406] (IPSec-ESP). It can be a special case, if ... Wireless Personal Area Networks) extension, for using the IPSec with Authentication Header (AH) [RFC 2402] and Encapsulation ...
Tópico(s): RFID technology advancements
2019 - Springer Science+Business Media | Internet of things
Mazen Juma, Azza Abdel Monem, Khaled Shaalan,
... issue in the End-to-End VPN approach. IPSec/IPv6 and OpenSSL are the most common VPN ... End VPN security approach achieved by combining the IPSec/IPv6 and OpenSSL security approaches that can secure ... achieves the best combinations of complementary advantages of IPSec/IPv6 VPN approach and OpenSSL VPN approach and ... the comparison outputs of the performance of both IPSec/IPv6 VPN and OpenSSL VPN approaches assessed in ... demonstrate the correlation with acceptance levels compared to IPSec/IPv6 VPN, and OpenSSL VPN approaches.
Tópico(s): Advanced Malware Detection Techniques
2020 - Elsevier BV | Journal of Network and Computer Applications
Jiaxing Guo, Chunxiang Gu, Xi Chen, Fushan Wei,
... Recently, some scholars have attempted to extend the IPSec protocol to IPv6 over Low-Power Wireless Personal ... it essential to analyze the vulnerability of the IPSec protocol to enhance the security of the IoT. ... model checking to analyze the dynamic vulnerability of IPSec protocol implementations. This method automatically infers the black- ... vulnerabilities. We first employ model learning on three IPSec implementations to infer state machine models; then, we ...
Tópico(s): Software Reliability and Analysis Research
2019 - Institute of Electrical and Electronics Engineers | IEEE Access
Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. .IPSec architecture requires the host to provide confidentiality using ... or Encapsulating Security Payload and anti-replay protection.IPSec has become the most common network layer security ... Private Networks (VPNs).This paper presents analysis of IPSec VPN for videoconference in real time traffic over a secure communication links by implementing an IPSec-based VPN technology.
Tópico(s): Network Packet Processing and Optimization
2010 - | International Journal of Computer Applications
Yun Niu, Liji Wu, Xiangmin Zhang,
The IP security protocol (IPSec) is an important and widely used security protocol in the IP layer. But the implementation of the IPSec is a computing intensive work which greatly limits ... speed network. In this paper, a high performance IPSec accelerator used in a 10Gbps in-line network ... IP-cores connected to the crossbar in the IPSec accelerator, the design gives a peak throughput for ...
Tópico(s): Embedded Systems Design Techniques
2013 - Academy Publisher | Journal of Computers
Gabriel López-Millán, Rafael Marín-López, Fernando Pereñíguez-García, Óscar Cánovas, José Antonio Parra-Espín,
... an interface and framework with which to manage IPsec SAs autonomously by using the Software Defined Networking ( ... centralized entity, the controller, sends configuration information to IPsec-enabled nodes in the network in order to create IPsec SAs. Two cases are presented: IKE-case, in ... IKE-less, in which the controller sends the IPsec SAs directly to the nodes, among other relevant ...
Tópico(s): Smart Grid Security and Resilience
2022 - Elsevier BV | Computer Standards & Interfaces
IPsec, while widely implemented, is rarely used for end-to-end protection of application protocols. Instead, it ... we discuss the structure and shortcomings of the IPsec security policy mechanisms as partial reasons for this situation. We describe our experiences in using IPsec in a number of situations, including IPv6 control ... not, the existing policy mechanisms are inadequate. While IPsec is quite effective in authenticating the peer and ...
Tópico(s): Advanced Authentication Protocols Security
2005 - Springer Science+Business Media | Lecture notes in computer science
... the computation overhead of the IP security protocol (IPSec) on a handheld device. We design experiments to ... the energy consumed by the individual components in IPSec. We then experiment with several measures which can ... the handheld device, the lossless compression used in IPSec can actually increase the energy consumption until the ... the compression option must be dynamically changed in IPSec between data transmission and reception.
Tópico(s): Smart Grid Security and Resilience
2004 - Elsevier BV | Microprocessors and Microsystems