The need for scalable key management support for Mobile IP -especially, the route-optimized Mobile IP -is well known. In this paper, we present the design and the first implementation of a public hey management system that can be used with IETF Mobile IP. The system, called the Mobile IP Security (MoIPS) system, was built upon a DNS based X.509 Public Key Infastructure with innovation in certificate and CRL dispatch as well as light-weight hey generation. The system can be used to supply hey parameters for authenticating Mobile IPv.4 location management messages and to establish IPSec tunnels for Mobile IP redirected packets. It can also be used to augment emerging firewall traversal techniques for Mobile IP. A FreeBSD UNIX prototype with core@ctionality was completed at the time this paper was published 1. ~NTR~DU~~-I~N
As security devices and protocols become widely used on the Internet, the task of managing and processing communication security policies grows steeply in its complexity. This paper presents a scaleable, robust, secure distributed system that can manage communication security policies associated with multiple network domains and resolving the policies -esp. those that specify the use of IP-AH/ESP security protocols -into security requirements for inter-domain communication.Technology innovation includes a formal model for IPsec policy specification and resolution, a platform independent policy specification language and a distributed policy server system. The formal model consists of a hierarchical domain model for IPsec policy enforcement and a lattice model of IPsec policy semantics. The policy specification language enables users to specify IPsec policies using the formal model regardless of the make of the security devices. The policy servers maintain the security policies in a distributed database, and negotiate the security associations for protecting inter-domain communication. Both the policy database and the policy exchange protocol are protected from passive and active attacks. Several UNIX implementations are available for non-commercial uses.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.