Stephen T. Kent

Learn More
The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, widespread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet(More)
The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems, is an important component of the Internet’s routing infrastructure. Secure BGP (S-BGP) addresses critical BGP vulnerabilities by providing a scalable means of verifying the authenticity and authorization of BGP control traffic. To facilitate(More)
Privacy Enhanced Mail (PEM) consists of extensions to existing message processing software plus a key management infrastructure. These combine to provide users with a facility in which message confidentiality, authenticity, and integrity can be effected. PEM is compatible with RFC 822 message processing conventions and is transparent to SMTP mail relays.(More)
The Border Gateway Protocol (BGP) is a critical component of the Internet routing infrastructure, used to distribute routing information between autonomous systems (ASes). It is highly vulnerable to a variety of malicious attacks and benign operator errors. Under DARPA sponsorship, BBN has developed a secure version of BGP (S-BGP) that addresses most of(More)
1 This work reported in this paper was sponsored by Defense Advanced Research Project Agency (DARPA) and Air Force Material Command (AFMC) of the Department of Defense under contract number F19628-95-C-0150. Abstract The need for scalable key management support for Mobile IP – especially, the route-optimized Mobile IP – is well known. In this paper, we(More)
The Source Path Isolation Engine (SPIE) is a system capable of tracing a single IP packet to its point of origin or point of ingress into a network. SPIE supports tracing by storing a few bits of unique information about each packet for a period of time as the packets traverse the network. Software implementations of SPIE can trace packets through networks(More)