W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols. In Proceedings of Global Internet (GlobeCom) '98, pages 59--65, November 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

No context found.

W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols. In Proceedings of Global Internet (GlobeCom) '98, pages 59--65, November 1998.

No context found.

W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols. In Proceedings of Global Internet (GlobeCom) '98, pages 59--65, November 1998.

....dependencies among them. Integrity demonstrates that components have not been modified. Thus integrity checking in a trustworthy system is about preserving an established trust or trust relationship. 2. 1 Threat Model An active network infrastructure is very different from the current Internet [AAKS98a] In the latter, the only resources consumed by a packet at a router are: 1. the memory needed to temporarily store it, and 2. the CPU cycles necessary to find the correct route. Even if IP [Pos81] option processing is needed, the CPU overhead is still quite small compared to the cost of ....

....of the host. As a result, a trustworthy operating system is started by an untrustworthy bootstrap This creates serious security problems since most Operating Systems require some lower level services, e.g. firmware, for trustworthy initialization and operation. A major design goal of SANE [AAKS98a] was to reduce the number and size of components that are assumed as trustworthy. A second major design goal of SANE was to provide a secure and reliable mechanism for establishing a security context for active networking. An application or node could then use that context in any manner it ....

[Article contains additional citation context not shown here]

W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols. In Proceedings of Global Internet (GlobeCom) '98, November 1998.

....can similarly define an encryption header similar to the IPsec ESP [Atk95b] protocol. SPI Packet Payload Packet Headers . Other Authenticators . Authenticators Authentication Data Replay Counter Figure 4: Authenticator Header 1 Some details were left out. For more details on the protocol, see [AKS98] 4.6 Link Keys When a SANE node boots, it attempts to establish shared keys with each of its neighbors. It does this by running the key establishment protocol already described. In the process, the identity of the neighbors is also verified. The administrator of an active network can ....

William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. Dhcp++: Applying an efficient implementation method for fail-stop cryptographic protocols. Technical report, Department of Computer Science, University of Pennsylvania, January 1998.

....for that secret (named Security Parameters Index, or SPI ) These exchange identifiers are used at the conclusion of the protocol to create SPI s for future use of the shared secret. The protocol is essentially a variation of the Station to Station protocol[15] more details may be found in [3, 5]. Once the protocol is completed, parties may use the shared secret to authenticate via HMAC SHA1 [22] in a way similar to that used in the IPsec [6] protocols. To prevent replay, each principal associates a monotonically increasing counter with the shared secret, also included in every ....

W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. DHCP++: Applying an Efficient Implementation Method for Fail-stop Cryptographic Protocols. In Proceedings of Global Internet (GlobeCom) '98, pages 59--65, November 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC