An approach for measuring IP security performance in a distributed environment
The Navy needs to use Multi Level Security (MLS) techniques in an environment with increasing amount of real time computation brough about by increased automation requirements and new more complex operations. NSWC-DD has initiated testing of a security protocol based on the commercial standard, IPSEC, which is becoming available in Commercial Off The Shelf (COTS) computing products. IPSEC is viewed as a critical component towards providing MLS capabilities. Current implementations of IPSEC are implemented in software as part of the kernel system software. The system engineer must carefully develop security policies versus applying this technology in a brute force way. This paper describes the security issues, the IPSEC standard, testing performed at NSWC-DD and provides an approach to using this technology in the current resource constrained environment using today’s COTS products.
KeywordsNaval Research Laboratory Authentication Service Security Association Internet Protocol Packet Network Time Protocol
Unable to display preview. Download preview PDF.
- 1.Kent, S., and Atkinson, R., RFC2401, Security Architecture for the Internet Protocol, November, 1998.Google Scholar
- 2.Kent, S., and Atkinson, R., RFC2402, IP Authentication Header, November, 1998.Google Scholar
- 3.Kent, S., and Atkinson, R.,RFC2406, IP Encapsulated Security Payload, November, 1998. or4. Gilmore, J., Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, Electronic Frontier Foundation, July, 1998.Google Scholar
- 6.Mills, D., RFC-1305, Network Time Protocol (Version 3) Specification, Implementation, and Analysis, March, 1992.Google Scholar
- 7.Maughan, D., Schertler, M., Schneider, M., and Turner, J., RFC2408, Internet Security Association and Key Management Protocol, November9, 1998.Google Scholar