MIND (Mobility-oriented IPSec Daemon): a tool for integrated mobility and security support in the Ecumene network

First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities Pub Date : 2005-02-23 DOI:10.1109/TRIDNT.2005.24

C. Floridia, S. Giordano, S. Lucetti, G. Risi, A. Tomasi

{"title":"MIND (Mobility-oriented IPSec Daemon): a tool for integrated mobility and security support in the Ecumene network","authors":"C. Floridia, S. Giordano, S. Lucetti, G. Risi, A. Tomasi","doi":"10.1109/TRIDNT.2005.24","DOIUrl":null,"url":null,"abstract":"The IP protocol is stateless and connectionless, hence cannot guarantee a secure delivery of the information. IPSec offers stateful security introducing logical connections between couples of peers. The management of these IPSec Security Associations is often delegated to dynamic protocols, such as ISAKMP and IKE, because of the obvious scalability problem of a manual configuration approach. However, the address of each peer must be known in advance to the other one in order for the ISAKMP exchange to be completed successfully. This assumption cannot be always guaranteed, especially when mobility is taken into consideration. In such cases, a proper mechanism to retrieve the correspondent peer IPv6 address must be taken into account. The demo consists of an overview of the functionalities of the Ecumene Web Information System, developed in the groundwork of the Ecumene Project, focusing mainly on the enhancements developed (in the form of the MIPSD daemon) to allow automatic IPSec SA insaturation between hosts which wants to access the network and the appropriate Site Gateway.","PeriodicalId":299180,"journal":{"name":"First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TRIDNT.2005.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The IP protocol is stateless and connectionless, hence cannot guarantee a secure delivery of the information. IPSec offers stateful security introducing logical connections between couples of peers. The management of these IPSec Security Associations is often delegated to dynamic protocols, such as ISAKMP and IKE, because of the obvious scalability problem of a manual configuration approach. However, the address of each peer must be known in advance to the other one in order for the ISAKMP exchange to be completed successfully. This assumption cannot be always guaranteed, especially when mobility is taken into consideration. In such cases, a proper mechanism to retrieve the correspondent peer IPv6 address must be taken into account. The demo consists of an overview of the functionalities of the Ecumene Web Information System, developed in the groundwork of the Ecumene Project, focusing mainly on the enhancements developed (in the form of the MIPSD daemon) to allow automatic IPSec SA insaturation between hosts which wants to access the network and the appropriate Site Gateway.

查看原文本刊更多论文

MIND(面向移动的IPSec守护进程):在Ecumene网络中集成移动和安全支持的工具

IP协议是无状态和无连接的，因此不能保证信息的安全传递。IPSec提供有状态安全性，在对等体对之间引入逻辑连接。这些IPSec安全关联的管理通常委托给动态协议，如ISAKMP和IKE，因为手动配置方法存在明显的可伸缩性问题。但是，为了成功完成ISAKMP交换，必须事先知道对等体的地址。这种假设不能总是得到保证，特别是当考虑到流动性时。在这种情况下，必须考虑一种适当的机制来检索相应的对等IPv6地址。该演示包括Ecumene Web信息系统的功能概述，该系统是在Ecumene项目的基础上开发的，主要侧重于开发的增强功能(以MIPSD守护进程的形式)，以允许在想要访问网络的主机和适当的站点网关之间自动IPSec SA不饱和。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities

自引率

0.00%

发文量