Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Towards a Policy System for IPsec: Issues and an Experimental Implementation
ICON '01 Proceedings of the 9th IEEE International Conference on Networks
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
ZAL: Zero-Maintenance Address Allocation in Mobile Wireless Ad Hoc Networks
ICDCS '05 Proceedings of the 25th IEEE International Conference on Distributed Computing Systems
Ariadne: a secure on-demand routing protocol for ad hoc networks
Wireless Networks
Decentralized Bootstrapping in Pervasive Applications
PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
Integrating Overlay and Social Networks for Seamless P2P Networking
WETICE '08 Proceedings of the 2008 IEEE 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
Network Security Technologies and Solutions
Network Security Technologies and Solutions
Towards a denial-of-service resilient design of complex IPsec overlays
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Proactive multicast-based IPsec discovery protocol and multicast extension
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Automatic creation of VPN backup paths for improved resilience against BGP-attackers
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Resilient and underlay-aware P2P live-streaming
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
The Internet Protocol Security Architecture IPsec is hard to deploy in large, nested, or dynamic scenarios. The major reason for this is the need for manual configuration of the cryptographic tunnels, which grows quadratically with the total amount of IPsec gateways. This way of configuration is error-prone, cost-intensive and rather static. When private addresses are used in the protected subnetworks, the problem becomes even worse as the routing cannot rely on public infrastructures. In this article, we present a fully automated approach for the distributed configuration of IPsec domains. Utilizing peer-to-peer technology, our approach scales well with respect to the number of managed IPsec gateways, reacts robust to network failures, and supports the configuration of nested networks with private address spaces. We analyze the security requirements and further desirable properties of IPsec policy negotiation, and show that the distribution of security policy configuration does not impair security of transmitted user data in the resulting virtual private network (VPN). Results of a prototype implementation and simulation study reveal that the approach offers good characteristics for example with respect to quick reconfiguration of all gateways after a central power failure (robustness), or after insertion of new gateways (scalability and agility).