A multi-layer ipsec protocol (2000) [9 citations — 0 self]
|
Abstract:
IPsec [KA98c] is a suite of standard protocols that provides security services for Internet communications. It protects the entire IP datagram in an \end-to-end " fashion; no intermediate network node in the public Internet can access or modify any information above the IP layer in an IPsec-protected packet. However, recent advances in internet technology introduce a rich new set of services and applications, like trac engineering, TCP performance enhancements, or transparent proxying and caching, all of which require intermediate network nodes to access a certain part of an IP datagram, usually the upper layer protocol information, to perform ow classication, constraint-based routing, or other customized processing. This is in direct con-ict with the IPsec mechanisms. In this research, we propose a multi-layer security protection scheme for IPsec, which uses a ner-grain access control to allow trusted intermediate routers to read and write selected portions of IP datagrams (usually the headers) in a secure and controlled manner. 1
