Information Technology Reference
In-Depth Information
works previously published. This proposition has several advantages compared to
alternative solutions:
1. The integration of AC (Attribute Certificate) in IKE protocols for access control
will allow all IPsec entities to bypass NAT servers without any change in the cur-
rent IPsec functionalities. These ACs are always protected against identity spoof-
ing attacks under a secured tunnel.
2. Use the IKE standards UDP ports (500 or 4500 for IKE v2). Doing so, avoids pok-
ing new holes in firewall rules and packet filters.
3. Transparently to IPv4 or IPv6 networks.
A future direction of this research is to validate this proposition through the devel-
opment and the establishment of real scale tests.
References
1. Aboda. B., Dixon, W.: IPsec-Network Address Translation (NAT) Compatibility Re-
quirements, IETF, RFC 3715 (2004)
2. Berners-Lee, T., Fielding, R., Masinter, L.: Uniform Resource Identifiers (URI): Generic
Syntax, IETF, RFC 3986 (2005)
3. Borella, M., Lo., J., Grabelsky, D., Montenegro, G.: Realm Specific IP: Framework, IETF,
RFC 3102 (2001)
4. Borella, M., Lo., J., Grabelsky, D., Taniguchi, K.: Realm Specific IP: Protocol Specifica-
tion, IETF, RFC 3103 (2001)
5. Carpenter, B., Moore, K.: Connection of IPv6 Domains via IPv4 Clouds, IETF, RFC 3056
(2001)
6. Demerjian, J., Serhrouchni, A., Achemlal, M.: E-DHCP: Extended Dynamic Host
Configuration Protocol, IETF, Internet Draft (2004)
7. Demerjian, J., Serhrouchni, A., Achemlal, M.: Certificate-based Access Control and
Authentication for DHCP. In ACM/IEEE ICETE'04. International Conference on E-
Business and Telecommunication Networks. ICETE Conference, Setúbal, Portugal (2004)
8. Demerjian, J., Serhrouchni, A.: DHCP authentication using certificates. In SEC'04, 19th
IFIP International Information Security Conference. SEC Conference, Toulouse, France
(2004)
9. Droms, R.: Dynamic Host Configuration Protocol, IETF, RFC 2131 (1997)
10. Droms, R., Alexander, S.: DHCP Options and BOOTP Vendor Extensions, IETF, RFC
2132 (1997)
11. Droms, R.: Procedure for Defining New DHCP Options, IETF, RFC 2489 (1999)
12. Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization, IETF,
RFC 3281 (2002)
13. Hajjeh, I., Serhrouchni, A., Tastet, F.: New Key Management Protocol for SSL/TLS. In
IEEE-IFIP NETCOM'03. Network Control and Engineering for QoS, Security and Mobil-
ity. NETCOM Conference, Muscat, Oman (2003)
14. Harkins, D., Carrel, D.: The Internet Key Exchange (IKE), IETF, RFC 2409 (1998)
15. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Cer-
tificate and Certificate Revocation List (CRL) Profile, IETF, RFC 3280 (2002)
16. Huttunen & al.: UDP Encapsulation of IPsec ESP Packets, IETF, RFC 3948 (2005)
17. Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptogra-
phy Specifications Version 2.1, IETF, RFC 3447 (2003)
Search WWH ::




Custom Search