The Use of HMAC-SHA-1-96 within ESP and AH

Madson, Cheryl; Glenn, Russell W.

doi:10.17487/rfc2404

Cited by 105 publications

(26 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The host registration request message is authenticated by the host signature, which also protects the AA from impersonation attacks. After verifying the host authenticity (by getting the host record from the HNR through the hostname resolution procedure as explained earlier), the AA selects an appropriate integrity-check algorithm, which may be HMAC-SHA1 [11]. The AA also assigns an access ID (accessID) and an accessKey (which has a definite lifetime) and replies the host with a host registration response, containing the accessKey encrypted by the host's PK and the whole message signed by the AA.…”

Section: Network Access Securitymentioning

confidence: 99%

Design and Implementation of Security for HIMALIS Architecture of Future Networks

Kafle

Inoue

et al. 2013

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYFor flexibility in supporting mobility and multihoming in edge networks and scalability of the backbone routing system, future Internet is expected to be based on the concept of ID/locator split. Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation (HIMALIS) has been designed as a generic future network architecture based on ID/locator split concept. It can natively support mobility, multihoming, scalable backbone routing and heterogeneous protocols in the network layer of the new generation network or future Internet. However, HIMALIS still lacks security functions to protect itself from various attacks during the procedures of storing, updating, and retrieving of ID/locator mappings, such as impersonation attacks. Therefore, in this paper, we address the issues of security functions design and implementation for the HIMALIS architecture. We present an integrated security scheme consisting of mapping registration and retrieval security, network access security, communication session security, and mobility security. Through the proposed scheme, the hostname to ID and locator mapping records can be securely stored and updated in two types of name registries, domain name registry and host name registry. Meanwhile, the mapping records retrieved securely from these registries are utilized for securing the network access process, communication sessions, and mobility management functions. The proposed scheme provides comprehensive protection of both control and data packets as well as the network infrastructure through an effective combination of asymmetric and symmetric cryptographic functions. key words: ID/locator split architecture, security, new generation network, future network

show abstract

Section: Network Access Securitymentioning

confidence: 99%

Design and Implementation of Security for HIMALIS Architecture of Future Networks

Kafle

Inoue

et al. 2013

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…The inter-FA ICMP messages (solicitations and advertisements) MUST be authenticated and integrity protected using ESP [10]. The default ESP authentication algorithm for use in this specification is HMAC-SHA1-96 [12]. The absence of this security would allow denial-of-service attacks from malicious nodes at any distance from the FA.…”

Section: Generalized Link Layer and Ipv4 Address (Lla) Extensionmentioning

confidence: 99%

Low-Latency Handoffs in Mobile IPv4

Malki¹

2007

View full text Add to dashboard Cite

“…For example, HMAC-MD5 specified in RFC 2085 (Oehler and Glenn, 1997) recommends the support of long key lengths. However, in RFC 2403 (Madson and Glenn, 1998a), RFC 2404 (Madson and Glenn, 1998b), and RFC 2857 (Keromytis and Provos, 2000), the key size is restricted to 128 bits for HMAC-MD5 and 160 bits for each of HMAC-SHA-1 and HMAC-RIPEMD-160. Therefore, we implemented another version of the HMAC unit using a key size of 160 bits.…”

Section: Hmac Implementation For Fixed Key Sizementioning

confidence: 99%

“…There exists a number of standardized authentication algorithms using HMAC. The most popular ones are HMAC-MD5 (Madson and Glenn, 1998a), HMAC-SHA-1 (Madson and Glenn, 1998b), and HMAC-RIPEMD-160 (Keromytis and Provos, 2000).…”

Section: Introductionmentioning

confidence: 99%