Abstract
The IP security protocols (IPsec) may be used via security gateways that apply cryptographic operations to provide security services to datagrams, and this mode of use is supported by an increasing number of commercial products. In this paper, we formalize the types of authentication and confidentiality goal that IPsec is capable of achieving, and we provide criteria that entail that a network with particular IPsec processing achieves its security goals.
This requires us to formalize the structure of networks using IPsec, and the state of packets relevant to IPsec processing. We can then prove confidentiality goals as invariants of the formalized systems. Authentication goals are formalized in the manner of [9], and a simple proof method using “unwinding sets” is introduced. We end the paper by explaining the network threats that are prevented by correct IPsec processing.
This work was supported by the National Security Agency through US Army CECOM contract DAAB07-99-C-C201.
Chapter PDF
References
Bellovin, S.: Problem areas for the IP security protocols. In: Proceedings of the Sixth USENIX UNIX Security Symposium (July 1996), Also at ftp://ftp.research.att.com/dist/smb/badesp.ps
Ferguson, N., Schneier, B.: A cryptographic evaluation of ipsec. Counterpane Internet Security, Inc. (1999), available at http://www.counterpane.com/ipsec.html
Guttman, J.D.: Filtering postures: Local enforcement for global policies. In: Proceedings, 1997 IEEE Symposium on Security and Privacy, pp. 120–129. IEEE Computer Society Press, Los Alamitos (1997)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). IETF Network Working Group RFC 2409 (November 1998)
Kent, S., Atkinson, R.: IP Authentication Header. IETF Network Working Group RFC 2402 (November 1998)
Kent, S., Atkinson, R.: IP Encapsulating Security Payload. IETF Network Working Group RFC 2406 (November 1998)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. IETF Network Working Group RFC 2401 (November 1998)
Maughan, D., Schertler, M., Schneider, M., Turner, J.: Internet Security Association and Key Management Protocol (ISAKMP). IETF Network Working Group RFC 2408 (November 1998)
Schneider, S.: Security properties and CSP. In: Proceedings, 1996 IEEE Symposium on Security and Privacy, pp. 174–187. IEEE Computer Society Press, Los Alamitos (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guttman, J.D., Herzog, A.L., Thayer, F.J. (2000). Authentication and Confidentiality via IPsec . In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_16
Download citation
DOI: https://doi.org/10.1007/10722599_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive