Design and implementation of the Node Identity Internetworking Architecture
Computer Networks: The International Journal of Computer and Telecommunications Networking
An experimental evaluation of a HIP based network mobility scheme
WWIC'08 Proceedings of the 6th international conference on Wired/wireless internet communications
End-host authentication and authorization for middleboxes based on a cryptographic namespace
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Enterprise Network Packet Filtering for Mobile Cryptographic Identities
International Journal of Handheld Computing Research
| Hi-index | 0.01 |
Tackling the major Internet security, scalability and mobility problems without essentially changing the existing Internet architecture has turned out to be a very challenging task. The overlay routing approaches fortunately seem to offer a sound way to mitigate most of these issues. Basically, they decouple the end-point identifiers from locators by defining a new namespace. Overlay routing is based on the dynamic binding, at middle-boxes, between the two namespaces. The approach is very close to Network Address Translation (NAT) principles. Therefore, the IPsec NAT traversal related problems apply also to overlay architectures. In this paper, we integrate IPsec into the overlay routing using Security Parameter Index (SPI) multiplexed NAT (SPINAT). Our approach reduces tunneling overhead and supports asymmetric communication paths. We believe that the SPINAT will be a key component in securing overlay routing infrastructures, like in the Internet IndirectionInfrastructure (i^3).