Child-proof authentication for MIPv6 (CAM)
ACM SIGCOMM Computer Communication Review
Securing IPv6 neighbor and router discovery
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
Building an application-aware IPsec policy system
IEEE/ACM Transactions on Networking (TON)
CGA integration into IPsec/IKEv2 authentication
Proceedings of the 6th International Conference on Security of Information and Networks
| Hi-index | 0.00 |
IPsec, while widely implemented, is rarely used for end-to-end protection of application protocols. Instead, it is mainly used today as an “all or nothing” protection for VPNs. In this paper we discuss the structure and shortcomings of the IPsec security policy mechanisms as partial reasons for this situation. We describe our experiences in using IPsec in a number of situations, including IPv6 control protocols, mobility protocols, network management, and multimedia protocols. We conclude that more often than not, the existing policy mechanisms are inadequate. While IPsec is quite effective in authenticating the peer and establishing assurance about its identity, the lack of attention to authorization questions is a root cause of the existing inadequacies. We also claim that the problems are more fundamental than the lack of suitable APIs and management tools. Finally, we present some potential architectural modifications which could improve the situation, and discuss the practical challenges in achieving these modifications.