Learn More
When deploying firewalls in an organization, it is essential to verify that the firewalls are configured properly. The problem of finding out what a given firewall configuration does occurs, for instance, when a new network administrator takes over, or a third party performs a technical security audit for the organization. While the problem can be(More)
Always-on applications, such as push email and voice-over-IP, are characterized by the need to be constantly reachable for incoming communications. In the presence of stateful firewalls or NATs, such applications require “keep-alive” messages to maintain up-to-date connection state in the firewall or NAT, and thus preserve reachability. In this paper, we(More)
This specification defines a new EAP method, EAP-AKA’, a small revision of the EAP-AKA method. The change is a new key derivation function that binds the keys derived within the method to the name of the access network. The new key derivation mechanism has been defined in the 3rd Generation Partnership Project (3GPP). This specification allows its use in(More)
Among the different approaches to distributed computing, the Jini technology provides a number of very promising methods for attacking the fundamental problems involved. Programs built according to the Jini principles will be able to function and survive in highly dynamic network environments, allowing applications to adapt their behaviour to the(More)
Enterprise users require mobility and secure connectivity when they roam and connect to the services offered in the enterprise. Secure connectivity is required when the user connects to the enterprise from an untrusted network. Mobility is beneficial when the user moves, either inside or outside the enterprise network, and acquires a new IP address. This(More)
Disconnection of an SSH shell or a secure application session due to network outages or travel is a familiar problem to many Internet users today. In this paper, we extend the SSH and TLS protocols to support resilient connections that can span several sequential TCP connections. The extensions allow sessions to survive both changes in IP addresses and long(More)
This specification defines a new EAP method, EAP-AKA’, which is a small revision of the EAP-AKA (Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement) method. The change is a new key derivation function that binds the keys derived within the method to the name of the access network. The new key derivation mechanism(More)
Network denial of service attacks have become a widespread problem on the Internet. However, denial of service is often considered to be an implementation issue by protocol designers. In this paper I present a survey of the literature on designing denial of service resistant communication protocols. I consider several different types of resources vulnerable(More)