IP Encapsulating Security Payload (ESP)

Kent, Stephen; Atkinson, Robert

doi:10.17487/rfc2406

Cited by 366 publications

(198 citation statements)

References 4 publications

Supporting

Mentioning

191

Contrasting

Unclassified

Order By: Relevance

“…Both the mobile nodes and the home agents MUST support and SHOULD use the Encapsulating Security Payload (ESP) [6] header in transport mode and MUST use a non-NULL payload authentication algorithm to provide data origin authentication, connectionless integrity and optional anti-replay protection. Note that Authentication Header (AH) [5] is also possible but for brevity not discussed in this specification.…”

Section: Binding Updates To Home Agentsmentioning

confidence: 99%

“…The type 2 routing header has the following format: In addition, the general procedures defined by IPv6 for routing headers suggest that a received routing header MAY be automatically "reversed" to construct a routing header for use in any response packets sent by upper-layer protocols, if the received packet is authenticated [6]. This MUST NOT be done automatically for type 2 routing headers.…”

Section: Formatmentioning

confidence: 99%

“…The Destination Options header in which the Home Address destination option is inserted MUST appear in the packet after the routing header, if present, and before the IPsec (AH [5] or ESP [6]) header, so that the Home Address destination option is processed by the destination node before the IPsec header is processed.…”

Section: Interaction With Outbound Ipsec Processingmentioning

confidence: 99%

See 2 more Smart Citations

Mobility Support in IPv6

Johnson¹,

Perkins²,

Arkko³

2004

2,254

2,236

View full text Add to dashboard Cite

Section: Binding Updates To Home Agentsmentioning

confidence: 99%

Section: Formatmentioning

confidence: 99%

Section: Interaction With Outbound Ipsec Processingmentioning

confidence: 99%

See 1 more Smart Citation

Mobility Support in IPv6

Johnson¹,

Perkins²,

Arkko³

2004

2,254

2,236

View full text Add to dashboard Cite

“…In this case application level encryption is not sufficient; IPSEC ESP [24] SHOULD be used instead. Regardless of which level performs the encryption, the IPSEC ISAKMP [25] service SHOULD be used for key management.…”

Section: Protecting Confidentialitymentioning

confidence: 99%

Signaling System 7 (SS7) Message Transfer Part 3 (MTP3) - User Adaptation Layer (M3UA)

Sidebottom¹,

Morneault²,

Pastor-Balbas³

2002

View full text Add to dashboard Cite

“…IPsec is the current security standard for the Internet Protocol IP [4][5][6]8,9]. According to this standard, a selected computer pair (p, q) in the Internet has to establish a unidirectional "security association", or SA for short, before computer p can start sending messages to computer q.…”

Section: Introductionmentioning

confidence: 99%

Convergence of IPsec in presence of resets

Huang

Gouda

Elnozahy

23rd International Conference on Distributed Computing Systems Workshops, 2003. Proceedings.

View full text Add to dashboard Cite

Abstract. IPsec is the current security standard for the Internet Protocol IP. According to this standard, a selected computer pair (p, q) in the Internet can be designated a "security association". This designation guarantees that all sent IP messages whose original source is computer p and whose ultimate destination is computer q cannot be replayed in the future (by an adversary between p and q) and still be received by computer q as fresh messages from p. This guarantee is provided by adding increasing sequence numbers to all IP messages sent from p to q. Thus, p needs to always remember the sequence number of the last sent message, and q needs to always remember the sequence number of the last received message. Unfortunately, when computer p or q is reset these sequence numbers can be forgotten, and this leads to two bad possibilities: unbounded number of fresh messages from p can be discarded by q, and unbounded number of replayed messages can be accepted by q. In this paper, we propose two operations, "SAVE" and "FETCH", to prevent these possibilities. The SAVE operation can be used to store the last sent sequence number in persistent memory of p once every Kp sent messages, and can be used to store the last received sequence number in persistent memory of q once every Kq received messages. The FETCH operation can be used to fetch the last stored sequence number for a computer when that computer wakes up after a reset. We show that the following three conditions hold when SAVE and FETCH are adopted in both p and q. First, when p is reset, at most 2Kp sequence numbers will be lost but no fresh message sent from p to q will be discarded if no message reorder occurs. Second, when q is reset, the number of discarded fresh messages is bounded by 2Kq. In either case, no replayed message will be accepted by q.

show abstract

IP Encapsulating Security Payload (ESP)

Cited by 366 publications

References 4 publications

Mobility Support in IPv6

Mobility Support in IPv6

Signaling System 7 (SS7) Message Transfer Part 3 (MTP3) - User Adaptation Layer (M3UA)

Convergence of IPsec in presence of resets

Contact Info

Product

Resources

About