IPv6: The Next Generation Internet Protocol

Chapter 14: Security Management

14.1 INTRODUCTION

This chapter deals with several aspects regarding the security architecture. That security is then translated in to dealing with the IP Encapsulation Security Payload (ESP).

First, let us begin by discussing the Authentication Header. It is a method that can yield a powerful authentication mechanism for IP datagrams. In addition, it also yields non-repudiation. However, this is dependent on the type of cryptographic algorithm that is employed, as well as how keying is executed. This is best illustrated by using an asymmetric digital signature algorithm (e.g., RSA) which can supply non-repudiation. The authentication and security parameters index format is shown in Figure 14.1.

The ability to keep items secure and safeguard your traffic analysis (illustrated by Figure 14.2) is not given by the Authentication Header. Users who wish their information kept secure need to look at the IP Encapsulating Security Protocol (ESP) that may be used together with the Authentication Header.

Figure 14.1: Authentication Data Format
Figure 14.2: Traffic Analysis

14.2 NUTS AND BOLTS

The IP Authentication Header tries to yield security by calculating authentication information on an IP datagram. This authentication information is determined using all of the fields in the IP datagram that do not change during transport. The fields or options which are required to be changed in transit such as the hop count, time to live, ident, fragment offset, or routing pointer are believed to be 0 for the computation of the authentication data. This yields more security than exists in IPv4 and may...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Data Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.