D. Estrin, J. C. Mogul, and G. Tsudik. "Visa Protocols for Controlling Inter-Organization Datagram Flow," IEEE Journal on Selected Areas in Communication 7(4), 486-498, May 1989.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....The work of Erich Rtsche was funded by the Schweizer Nationalfonds. Proceedings 2nd ACM Conference on Computer and Communications Security, Fairfax, Virgina, Nov. 2 4, 1994. control decisions is particularly hard or infeasible in most systems. The visa scheme introduced by Estrin and Tsudik [1] solves this problem in the context of internet access control. This solution does however not suit local area networks because of its requirement to perform cryptographic operations within the transmission time of each packet. The design proposed in this paper allows for the enforcement of ....

....the user data contained in the network packet. Thus neither the privacy, nor the integrity of the user data, nor the relationship between the header of a packet and its payload are assured by the ticket itself. This is the major difference between this design and other solutions based on visas [1] or message authentication codes. The tickets are not a function of the whole packet, yet the overall design accomplishes the objectives stated at the introduction of this paper, that is, when a network packet is accepted by the ACF the data contained therein is necessarily a result of an ....

Estrin, D., Mogul, J.C., Tsudik, G., Anand, K., "Visa Protocols for Controlling Inter-Organizational Datagram Flow: Extended Description," USC TR 8850, 1988.

....foreign domains only to concern the availability status and requires topology changes either to be within the scope of sophisticated semantic rules or to be installed by manual configuration. Re 2: If trust relations to entities in foreign domains exist, each datagram can be tagged with a visum [7] and be prevented from leaving its home domain by its home gateway. Alternatively, internal routers could prevent external packets from reaching the license server application by essentially removing all external routes to that application. If the application ports are served by the same physical ....

D. Estrin, J. C. Mogul, and G. Tsudik. "Visa protocols for controlling interorganizational datagram flow." IEEE Journal on Selected Areas in Communications, 7(4):486--497, May 1989.

....of destination address references in the future. A simple next hop routing cache is not the only possible exploitation of address locality in network infrastructure. Proposed protocols for interdomain routing [37] 38] soft state or adaptive Internet routing strategies [39] 40] policy routing [41] [42] 43] or flow based support for specific application requirements [44] 45] 46] 47] require detailed maintenance of flow state in intermediate switching nodes. Several new proposals involve queueing algorithms to control congestion [22] 48] 49] 50] 51] 52] 53] and thus assume ....

D. Estrin, J. Mogul, G. Tsudik, and K. Anand, "Visa protocols for controlling inter-organizational datagram flow," IEEE Journal on Selected Areas in Communications, vol. 7, no. 4, pp. 486--98, May 1989.

....that send out advisory messages to individual hosts, who in terms regulate the local network access it controls. Many Internet sites have already started filtering incoming and outgoing packets, but mostly for different reasons. Alternatively, ideas similar to those developed for the Visa protocol [7] can also be used. However, blocking misuse seems to require modifications to the existing multicast (and unicast) protocols and softwares. 3.4 Scalability and Trade off The task of assigning initial encryption keys for user or host authentication grows only linearly with the number of users and ....

.... IP Multicast [5, 6] Our trusted multicast facility can be based on IP Multicast and should not require modifications to IP Multicast or lower layers of the network architecture (except for preventing misuse of network resources) Prior efforts have addressed security issues in the Internet (e.g. [16, 7]) However, there were no architecture and protocols for secure multicasting. The Visa protocol controls the movement of datagrams (and thus the use of network resources) on a per user basis whereas in trusted multicast the granularity may need to be finer. Heterogeneous Multicast (HMC) 14] ....

D. Estrin, J.C. Mogul, and G. Tsudik. Visa Protocols for Controlling Interorganizational Datagram Flow. IEEE Journal on Selected Areas in Communications, 7(4):486--498, May 1989.

....the key distribution center may, at its option, decline to issue a key for a conversation deemed administratively prohibited. In fact, the Greyer mechanisms could simply be used for authorization without bothering with transmitting the encrypted text at all, as in the Visa protocols. [Estr89] There are obvious risks of address forgery here, of course. Encapsulation for Greyer There are two issues to consider when deciding how to encapsulate Greyer packets for transmission over the insecure network: how should session key information be distributed, and what transport mechanism ....

D. Estrin, J.C. Mogul, and G. Tsudik, "Visa Protocols for Controlling InterOrganization Datagram Flow," IEEE Journal on Selected Areas in Communications 7(4), pp. 486-498, (Special Issue on Secure Communications) (May 1989).

....are responsible for enforcing the selected policy. In practice, the main problem is that it requires wide deployment of both end systems and routers capable of creating and enforcing policy routes. Therefore we could not build a system based on policy routing. 7. 3 Visa Protocols Visa protocols [5] are another approach to managing the flow of packets between organizations. A visa is an unforgeable cryptographic stamp attached to a packet. In the same way that a passport visa grants permission to visit a country, a packet s visa grants it permission to enter or leave an organization. ....

Deborah Estrin, Jeffrey C. Mogul, and Gene Tsudik. Visa protocols for controlling inter-organization datagram flow. IEEE Journal on Selected Areas in Communication, 1989.

....warning posts that send out advisory messages to individual hosts, who in turn regulate local network access. Many Internet sites have already started filtering incoming and outgoing packets, but usually for different reasons. Alternatively, ideas similar to those developed for the Visa protocol [15] can also be used. However, blocking misuse seems to require modifications to the commonly used multicast (and unicast) protocols and software. For example, user processes need to obtain authorization for sending multicast packets, possibly in the form of certificates, and network gateways have to ....

.... [11, 12] Our trusted multicast facility can be based on IP multicast and should not require modifications to IP multicast or lower layers of the network architecture (except for preventing misuse of network resources) There are prior efforts addressing security issues in the Internet (e.g. [43, 15, 23, 25, 29]) However, there were no coherent architecture and protocols for secure multicast. The Visa protocol controls the movement of datagrams (and thus the use of network resources) on a per user basis, whereas in trusted multicast the granularity may need to be finer. Heterogeneous Multicast (HMC) ....

D. Estrin, J.C. Mogul, and G. Tsudik. Visa Protocols for Controlling Interorganizational Datagram Flow. IEEE Journal on Selected Areas in Communications, 7(4):486--498, May 1989.

No context found.

D. Estrin, J. Mogul and G. Tsudik, Visa Protocols for Controlling Inter-Organizational Datagram Flow, To appear in IEEE Journal on Selected Areas in Communications, Spring 1989.

No context found.

D. Estrin, J. Mogul, G. Tsudik, Visa Protocols for Controlling Inter-Organizational Datagram Flow, IEEE Journal on Selected Areas in Communications, May 1989.

....a single administrative authority. In the absence of special mechanisms, network interconnection using DOD IP[20] or OSI[11] internetworking protocols attempts to achieve full connectivity. However, ADs should be able to interconnect without exposing their internal resources to unrestricted access[4, 6]. Moreover, ADs should be able to control the incoming and outgoing data by specifying or constraining the ADs to, and through, which the data travels[5] In this paper we address the subject of access control in the interconnected AD environment. We begin in Section 2 by defining the three ....

....resources independently of the end system access control. 2.1 End systems and Applications End system security is a requirement for all stub ADs. Much previous work has addressed the design of secure applications, operating systems, as well as the adaptation of secure systems to a network context [28, 17, 29, 28, 14, 6]. Modern distributed operating systems, e.g. Andrew [25] and Amoeba [18] illustrate methods for efficient implementation of security features in a distributed computing environment with high availability of services. In the realm of secure applications, Privacy Enhanced Electronic Mail [17] for ....

[Article contains additional citation context not shown here]

D. Estrin, J. Mogul, G. Tsudik, Visa Protocols for Controlling Inter-Organizational Datagram Flow, IEEE Journal on Selected Areas in Communications, May 1989.

....complex policy without fear of overwhelming the gateway. In spite of the advantages DATAGRAM ACCESS CONTROLS FOR UNIX BASED GATEWAYS of visa protocols, they require explicit support from host implementations and increase the perpacket effort at gateways, so they are only in experimental use [9]. The kernel resident mechanism described in section 3 owes an intellectual debt to the packet filter mechanism [21] used to give user processes efficient access to arbitrary datagrams. In the packet filter, the kernel applies user specified criteria to received packets before demultiplexing the ....

....a different kind of mechanism for implementing datagram access controls. This section sketches the design of visa protocol support based on the gateway screen mechanism of section 3. This design has not been implemented; an entirely kernelresident implementation of the visa protocol already exists [9]. 5.1. Overview of visa protocols In a visa protocol, each inter organization datagram carries an unforgeable mark that proves to a gateway that transmission of the datagram is properly authorized. These marks are called visas, by analogy to the stamp made on a passport that allows a bearer to ....

[Article contains additional citation context not shown here]

Deborah Estrin, Jeffrey C. Mogul, and Gene Tsudik. Visa Protocols for Controlling Inter-Organization Datagram Flow. IEEE Journal on Selected Areas in Communication , 1989. In press (Special Issue on Secure Communications).

No context found.

D. Estrin, J. Mogul, G. Tsudik, K. Anand, Visa Protocols for Controlling Inter-Organization Datagram Flow: Extended Description, University of Southern California, Computer Science Department, Technical Report TR 88-50, December 1988.

....of certain security services prohibitively expensive, e.g. packetized voice and video applications. SNMP, as stated above, already implements the secret prefix method. Also, network layer and routing protocols, e.g. SDNS SP3 [14] Inter Domain Policy Routing (IDPR) 15] and Visa Protocol [4], can benefit substantially from inexpensive, encryption free message authentication. 9 Conclusions In summary, fast one way hash functions such as MD4 5 can be used as a foundation for some relatively novel implementations of security services. In particular, simple and inexpensive secret prefix ....

D. Estrin, J. Mogul, G. Tsudik, Visa Protocols for Controlling Inter-Organizational Datagram Flow, IEEE Journal on Selected Areas in Communications, May 1989.

....communication services they provide, stub and transit domains require different mechanisms for policing inter domain traffic. This paper addresses the design of a policy enforcement mechanism geared specifically towards stub domains. With the aid of some basic concepts borrowed from Visa protocol[5], a much more powerful mechanism is developed and analyzed. Protocol implementation and experimental results are discussed. Keywords: inter domain communication, authentication protocols, data integrity, communication security, network protocols, internetworking. 1 Introduction Increasing use of ....

....task of a router is thus reduced to ensuring that a visa is valid and is being used correctly; the expensive part of the policy enforcement is done once per connection, by the ACSs of the end point ADs, rather than once per packet, by the border routers. 1. 2 History Previous work, in particular [5], resulted in the development of two Visa protocol models based on different philosophies with regard to state in visa routers. The original stateful model requires that participating border routers maintain reliable tables of active visas. In it, ACSs explicitly distribute visas to visa routers. ....

[Article contains additional citation context not shown here]

D. Estrin, J. Mogul, G. Tsudik, Visa Protocols for Controlling Inter-Organizational Datagram Flow, IEEE Journal on Selected Areas in Communications, May 1989.

....but not as devistating as highly dynamic PR contingencies. Here the caution is less specific. Very fine grain policies, which restrict access to particular hosts, or are contingent upon very fine grain user class identification, may be achieved more efficiently with network level access control[11] or end system controls instead of burdening the inter AD routing mechanism. ffl Security is expensive, as always. Routing protocols are subject to fraud through impersonation, data substitution, and denial of service. Some of the proposed mechanisms provide some means for detection and ....

D. Estrin, J. Mogul and G. Tsudik, Visa Protocols for Controlling Inter-Organizational Datagram Flow, To appear in IEEE Journal on Selected Areas in Communications, Spring 1989.

No context found.

D. Estrin, J. C. Mogul, and G. Tsudik. "Visa Protocols for Controlling Inter-Organization Datagram Flow," IEEE Journal on Selected Areas in Communication 7(4), 486-498, May 1989.

No context found.

D. Estrin, J. C. Mogul, and G. Tsudik. Visa protocols for controlling interorganizational datagram flow. IEEE J. SAC, 7(4), May 1989.

No context found.

D. Estrin, J. Mogul, G. Tsudik, Visa Protocols for Controlling Inter-Organizational Datagram Flow, IEEE Journal on Selected Areas in Communications, May 1989.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC