Enterprise Network Packet Filtering for Mobile Cryptographic Identities

Authors:
Janne Lindqvist;Essi Vehmersalo;Miika Komu;Jukka Manner
Affiliations:
Helsinki University of Technology, Finland;Helsinki University of Technology, Finland;Helsinki Insitute for Information Technology, Finland;Helsinki University of Technology, Finland
Venue:
International Journal of Handheld Computing Research
Year:
2010

Citing 10
Cited 1

Implementing a distributed firewall

Proceedings of the 7th ACM conference on Computer and communications security
EasyVPN: IPsec Remote Access Made Easy

LISA '03 Proceedings of the 17th USENIX conference on System administration
OpenDHT: a public DHT service and its uses

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
SPINAT: Integrating IPsec into Overlay Routing

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Privacy management for secure mobility

Proceedings of the 5th ACM workshop on Privacy in electronic society
Middleboxes no longer considered harmful

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
SANE: a protection architecture for enterprise networks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Experiences with host-to-host IPsec

Proceedings of the 13th international conference on Security protocols
End-host authentication and authorization for middleboxes based on a cryptographic namespace

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Traversing middleboxes with the host identity protocol

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy

Adoption barriers of network layer protocols: The case of host identity protocol

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Firewalls are an essential component of the Internet and enterprise network security policy enforcement today. The configurations of enterprise firewalls are typically rather static. Even if client's IP addresses can be dynamically added to the packet filtering rules, the services allowed through the firewall are commonly still fixed. In this paper, we present a transparent firewall configuration solution based on mobile cryptographic identifiers of Host Identity Protocol HIP. HIP allows a client to protect the data transfer with IPsec ESP, and supports dynamic address changes for mobile clients. The HIP-based firewall learns the identity of a client when it communicates with the server over HIP. The firewall configures the necessary rules based on HIP control messages passing through the firewall. The solution is secure and flexible, and introduces only minimal latency to the initial HIP connection establishment.