Title :
IPSec/PHIL (packet header information list): design, implementation, and evaluation
Author :
Chien-Lung Wu ; Wu, S. ; Narayan, Ravindar
Author_Institution :
North Carolina State Univ., Raleigh, NC, USA
fDate :
6/23/1905 12:00:00 AM
Abstract :
For most TCP/UDP/IP applications, when a packet or a message arrives, usually only the payload portion of the original packet can be obtained by the application. For instance, if a packet has been delivered through some IPSec (IP security) tunnels along the route path, then the application, in general, does not know exactly which tunnels have been used to deliver this particular packet. The IPSec/PHIL (packet header information list) interface has been designed and implemented such that an "authorized" application is able to know which set of IPSec tunnels has been used to deliver a particular incoming packet. Furthermore, IPSec/PHIL enables controllability over which set of IPSec tunnels is used to send a particular outgoing packet. IPSec/PHIL is a key component in the Deciduous decentralized source tracing system to correlate the IPSec information with intrusion detection results. Other IPSec/PHIL applications we have built include a SNMPv3 security module using IPSec as well as an IPSec tunnel switching router
Keywords :
Internet; protocols; security of data; telecommunication security; Deciduous; IP; IP security; IPSec protocol suite; IPSec tunnels; SNMPv3 security module; TCP; UDP; decentralized source tracing system; intrusion detection results; packet header information list; tunnel switching router; Authentication; Communication system security; Data security; Electrostatic precipitators; Information security; Network address translation; Payloads; Protocols; TCPIP; Virtual private networks;
Conference_Titel :
Computer Communications and Networks, 2001. Proceedings. Tenth International Conference on
Conference_Location :
Scottsdale, AZ
Print_ISBN :
0-7803-7128-3
DOI :
10.1109/ICCCN.2001.956243
