Extension of IPSec for Port Control

インターネットは現代社会において欠くことのできない存在となっている。最近では、外出先などからインターネットを使って安全に社内へアクセスしたり、特定のビジネスパートナーに対して安全に情報提供したりするニーズが高まっている。このようなニーズに対して専用線を用いる方法があるが、コストが高いという問題があった。インターネットを利用した場合にはコストの削減が可能であるが、データの盗聴・改ざんの危険が存在する。この両方の問題を改善するものとしてVPN (Virtual Private Network)が考えられた。VPNに使われる技術の１つにIPsecがある。本論文では、このIPsecについて、アプリケーションごとに制御できるように機能の追加を行う。修士論

An Analisys of Business VPN Case Studies

A VPN (Virtual Private Network) simulates a secure private network through a shared public insecure infrastructure like the Internet. The VPN protocol provides a secure and reliable access from home/office on any networking technology transporting IP packets. In this article we study the standards for VPN implementation and analyze two case studies regarding a VPN between two routers and two firewalls.VPN; Network; Protocol.

Enabling Practical IPsec authentication for the Internet

On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (First International Workshop on Information Security (IS'06), OTM Federated Conferences and workshops). Montpellier, Oct,/Nov. 2006There is a strong consensus about the need for IPsec, although its use is not widespread for end-to-end communications. One of the main reasons for this is the difficulty for authenticating two end-hosts that do not share a secret or do not rely on a common Certification Authority. In this paper we propose a modification to IKE to use reverse DNS and DNSSEC (named DNSSEC-to-IKE) to provide end-to-end authentication to Internet hosts that do not share any secret, without requiring the deployment of a new infrastructure. We perform a comparative analysis in terms of requirements, provided security and performance with state-of-the-art IKE authentication methods and with a recent proposal for IPv6 based on CGA. We conclude that DNSSEC-to-IKE enables the use of IPsec in a broad range of scenarios in which it was not applicable, at the price of offering slightly less security and incurring in higher performance costs.Universidad de Montpellier IIPublicad

Seguridad a nivel de IP : IPSEC

Peer Reviewe

IP Security

IP is stands for Internet Protocol. IP security is a set service which secures the documents by the unauthorized entity. IP Sec covers the three areas of functionality that is authentication, confidentiality, and key management. IP Sec encrypts and authenticates all the data traffic at the IP level security. The IP level security or firewall administrator, we got basically the same concerns (as plumber) the size of the pipe the contents of the pipe, making sure the correct traffic is in the correct pipes and keeping the pipes from splitting and leaking all over the places of course like plumbers. When the pipes do leak: we are the ones responsible for cleaning up the mess and we are the ones who come up smelling awful. Firewall is a device that is used to provide protection to a system from network-based security threats. Firewall uses service, behavior, user and direction control techniques

Performance Implications of IPSec Deployment

Virtual Private Networks (VPNs) use the Internet or other data network service as a backbone to provide a secure connection across a potentially hostile WAN. Such security guarantees provide the motivation for VPN deployment. This security does, however, come at a performance cost brought about by the increased processing overhead. This paper presents an investigation into these overheads. In particular, this investigation will consider different user resource availability in addition to router type and encryption algorithms

Overhead Issues for Local Access Points in IPSec enabled VPNs

Virtual Private Networks (VPNs) use the Internet or other network service as a backbone to provide a secure connection across a potentially hostile WAN. Such security guarantees provide the motivation for VPN deployment. This security does, however, come at a performance cost brought about by the increased processing overhead. This paper presents an investigation into these overheads. In particular, this investigation will consider the server side overhead for VPN deployments and seek to establish a relationship between this overhead and the number of clients being serviced

Security Mechanisms for the Internet

Security must be built into Internet Protocols for those protocols to offer their services securely. Many security problems can be traced to improper implementations. However, even a proper implementation will have security problems if the fundamental protocol is itself exploitable. Exactly how security should be implemented in a protocol will vary, because of the structure of the protocol itself. However, there are many protocols for which standard Internet security mechanisms, already developed, may be applicable. The precise one that is appropriate in any given situation can vary. We review a number of different choices, explaining the properties of each

An Analysis of IPsec Deployment Performance in High and Low Power Devices

Virtual Private Networks (VPNs) use the Internet or other network service as a backbone to provide a secure connection across a potentially hostile WAN. Such security guarantees provide the motivation for VPN deployment. This security does, however, come at a performance cost brought about by the increased processing overhead. This paper presents an investigation into these overheads. In particular, this investigation will consider different user resource availability based on the client platform in addition to router type and encryp- tion algorithms