A flow-based approach to datagram security
- 1 October 1997
- conference paper
- Published by Association for Computing Machinery (ACM)
- Vol. 27 (4) , 221-234
- https://doi.org/10.1145/263105.263170
Abstract
Datagram services provide a simple, flexible, robust, and scalable communication abstraction; their usefulness has been well demonstrated by the success of IP, UDP, and RPC. Yet, the overwhelming majority of network security protocols that have been proposed are geared towards connection-oriented communications. The few that do cater to datagram communications tend to either rely on long term host-pair keying or impose a session-oriented (i.e., requiring connection setup) semantics.Separately, the concept of flows has received a great deal of attention recently, especially in the context of routing and QoS. A flow characterizes a sequence of datagrams sharing some pre-defined attributes. In this paper, we advocate the use of flows as a basis for structuring secure datagram communications. We support this by proposing a novel protocol for datagram security based on flows. Our protocol achieves zero-message keying, thus preserving the connectionless nature of datagram, and makes use of soft state, thus providing the per-packet processing efficiency of session-oriented schemes. We have implemented an instantiation for IP in the 4.4BSD kernel, and we provide a description of our implementation along with performance results.Keywords
This publication has 8 references indexed in Scilit:
- IP Authentication HeaderPublished by RFC Editor ,1995
- Security Architecture for the Internet ProtocolPublished by RFC Editor ,1995
- RSVP: a new resource ReSerVation ProtocolIEEE Network, 1993
- Secure hash standardPublished by National Institute of Standards and Technology (NIST) ,1993
- The MD5 Message-Digest AlgorithmPublished by RFC Editor ,1992
- A Simple Unpredictable Pseudo-Random Number GeneratorSIAM Journal on Computing, 1986
- Implementing remote procedure callsACM Transactions on Computer Systems, 1984
- User Datagram ProtocolPublished by RFC Editor ,1980