Jeffrey H. Dunn

Authenticaiton Mechanisms for Call Control Message Integrity and Origin Verification

Methodologies developed in the Internet Engineering Task Force (IETF) Internet Protocol Security (IPSEC) Working Group can be incorporated into asynchronous transfer mode (ATM) and frame relay (FR) signaling to provide message integrity and origin authentication. In turn, these mechanisms can provide a virtual private network (VPN) infrastructure with call control message integrity, origin verification, and transit network filtering. In this paper, we describe a set of control messages based on the IPSEC authentication header (AH) methodology that provide these security mechanisms for ATM and FR network switching equipment and signaling protocols

Internet Protocol Version 6 (IPv6) Protocol Security Assessment

It is recognized that the introduction of Internet Protocol Version 6 (IPv6) into operational networks may pose additional security risks and introduce potential vulnerabilities in addition to those inherent in current Internet Protocol Version 4 (IPv4) networks. While existing vulnerability assessment techniques should provide a level of security equivalent to that of IPv4 networks, the issues regarding IPv6 security assessments must be analyzed. The purpose of this paper is to provide high-level protocol security assessment issues associated with the migration to IPv6.

Notional Security Architecture for the Department of Defense (DoD) Networks Transitioning to Internet Protocol Version 6 (IPv6)

The United States (US) Department of Defense (DoD) has been tasked by the DoD chief information officer (DoD CIO) to transition its networks from Internet protocol (IP) version 4 (IPv4) to IP version 6 (IPv6) by fiscal year 2008 (FY08). This will be a daunting task and presents significant challenges to DoD network architects, engineers and operators. One of the most difficult challenges will be to ensure that sensitive DoD information is not compromised by the introduction of IPv6. Currently, DoD information assurance (IA) professionals are studying this problem and architecting solutions to mitigate these risks. In this paper, we present a notional security architecture for DoD networks transitioning to IPv6

Multi-Level Security, Geographically Targeted Information Dissemination using Internet Protocol Version 6 (IPv6)

Information dissemination and information assurance (IA) are key programmatic elements in 21st century weapons systems programs, such as future combat system (FCS). The deployment of these systems depends on the availability, integrity and accuracy of information delivered by Department of Defense (DoD) operational networks, in specific the DoD global information grid (GIG). Internet protocol version 4 (IPv4) is the basis of information transport technology throughout the DoD GIG. The next generation of Internet protocol, Internet protocol version 6 (IPv6), provides numerous enhancements to IPv4 and its associated services, among them enhanced security mechanisms

Authentication mechanisms for call control message integrity and origin verification

Methodologies developed in the Internet Engineering Task Force (IETF) Internet Protocol Security (IPSEC) Working Group can be incorporated into asynchronous transfer mode (ATM) and frame relay (FR) signaling to provide message integrity and origin authentication. In turn, these mechanisms can provide a virtual private network (VPN) infrastructure with call control message integrity, origin verification, and transit network filtering. In this paper, we describe a set of control messages based on the IPSEC authentication header (AH) methodology that provide these security mechanisms for ATM and FR network switching equipment and signaling protocols.

The effect of physical and link layers on IP QoS

In the traditional Internet Engineering Task Force (IETF) network model, Internet protocol (IP) provided only an unreliable, best-effort delivery service. As a result, the effects of the physical and data-link layers on IP performance were ignored. In the current Internet service provider (ISP) environment, service-level agreements (SLA) require that IP-based services provide quality of service (QoS) guarantees. These guarantees (e.g., asynchronous transfer mode [ATM], connection admission control, and frame relay [FR] traffic policing) are often based on or enforced through physical and link-layer provisioning parameters. In this paper, we examine the effects of the ATM and FR physical and data-link layers and their interworking on IP performance. Specifically, we characterize the impact of ATM and FR impairments, traffic policing, and interworking on IP traffic.