A simple unpredictable pseudo random number generator
SIAM Journal on Computing
Understanding DCE
TCP/IP illustrated (vol. 2): the implementation
TCP/IP illustrated (vol. 2): the implementation
Computer networks: a systems approach
Computer networks: a systems approach
The design and implementation of the 4.4BSD operating system
The design and implementation of the 4.4BSD operating system
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
Implementing remote procedure calls
ACM Transactions on Computer Systems (TOCS)
Problem areas for the IP security protocols
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Digital signatures for flows and multicasts
IEEE/ACM Transactions on Networking (TON)
Securing RSVP for multimedia applications
MULTIMEDIA '00 Proceedings of the 2000 ACM workshops on Multimedia
Block-Level Security for Network-Attached Disks
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Block-level security for network-attached disks
FAST'03 Proceedings of the 2nd USENIX conference on File and storage technologies
Hi-index | 0.00 |
Datagram services provide a simple, flexible, robust, and scalable communication abstraction; their usefulness has been well demonstrated by the success of IP, UDP, and RPC. Yet, the overwhelming majority of network security protocols that have been proposed are geared towards connection-oriented communications. The few that do cater to datagram communications tend to either rely on long term host-pair keying or impose a session-oriented (i.e., requiring connection setup) semantics.Separately, the concept of flows has received a great deal of attention recently, especially in the context of routing and QoS. A flow characterizes a sequence of datagrams sharing some pre-defined attributes. In this paper, we advocate the use of flows as a basis for structuring secure datagram communications. We support this by proposing a novel protocol for datagram security based on flows. Our protocol achieves zero-message keying, thus preserving the connectionless nature of datagram, and makes use of soft state, thus providing the per-packet processing efficiency of session-oriented schemes. We have implemented an instantiation for IP in the 4.4BSD kernel, and we provide a description of our implementation along with performance results.