DocumentCode
2018515
Title
Transport layer proxy for stateful UDP packet filtering
Author
Chang, Rocky K C ; Fung, King P.
Author_Institution
Dept. of Comput., Hong Kong Polytech. Univ., Kowloon, China
fYear
2002
fDate
2002
Firstpage
595
Lastpage
600
Abstract
Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.
Keywords
Internet; authorisation; client-server systems; packet switching; protocols; telecommunication security; Active UDP Open; Firewall support; Passive UDP Open; Source-Specific UDP Open; TLP; TLP client; TLP server; UDP socket; UDP traffic; host-level authentication; idle association; optional network address translation; packet filtering; packet relaying; secure UDP firewall traversal service; security-related functions; session logging; stateful UDP packet filtering; timing-out; transport layer proxy; two-step TLP binding procedure; user-level authentication; Authentication; Information filtering; Information filters; Internet; Network servers; Relays; Sockets; Streaming media; TCPIP; Transport protocols;
fLanguage
English
Publisher
ieee
Conference_Titel
Computers and Communications, 2002. Proceedings. ISCC 2002. Seventh International Symposium on
ISSN
1530-1346
Print_ISBN
0-7695-1671-8
Type
conf
DOI
10.1109/ISCC.2002.1021735
Filename
1021735
Link To Document