The IP protocol is stateless and connectionless, hence cannot guarantee a secure delivery of the information. IPSec offers stateful security introducing logical connections between couples of peers. The management of these IPSec Security Associations is often delegated to dynamic protocols, such as ISAKMP and IKE, because of the obvious scalability problem of a manual configuration approach. However, the address of each peer must be known in advance to the other one in order for the ISAKMP exchange to be completed successfully. This assumption cannot be always guaranteed, especially when mobility is taken into consideration. In such cases, a proper mechanism to retrieve the correspondent peer IPv6 address must be taken into account. The demo consists of an overview of the functionalities of the Ecumene Web Information System, developed in the groundwork of the Ecumene Project, focusing mainly on the enhancements developed (in the form of the MIPSD daemon) to allow automatic IPSec SA insaturation between hosts which wants to access the network and the appropriate Site Gateway.

MIPSD (Mobility-oriented IPSec Daemon): a Tool for Integrated Mobility and Security Support in the Ecumene Network

GIORDANO, STEFANO;TOMASI, ANDREA
2005-01-01

Abstract

The IP protocol is stateless and connectionless, hence cannot guarantee a secure delivery of the information. IPSec offers stateful security introducing logical connections between couples of peers. The management of these IPSec Security Associations is often delegated to dynamic protocols, such as ISAKMP and IKE, because of the obvious scalability problem of a manual configuration approach. However, the address of each peer must be known in advance to the other one in order for the ISAKMP exchange to be completed successfully. This assumption cannot be always guaranteed, especially when mobility is taken into consideration. In such cases, a proper mechanism to retrieve the correspondent peer IPv6 address must be taken into account. The demo consists of an overview of the functionalities of the Ecumene Web Information System, developed in the groundwork of the Ecumene Project, focusing mainly on the enhancements developed (in the form of the MIPSD daemon) to allow automatic IPSec SA insaturation between hosts which wants to access the network and the appropriate Site Gateway.
2005
076952219X
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/204125
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact