Learn More
The design of the IP protocol makes it difficult to reliably identify the originator of an IP packet. Even in the absence of any deliberate attempt to disguise a packet's origin, widespread packet forwarding techniques such as NAT and encapsulation may obscure the packet's true source. Techniques have been developed to determine the source of large packet(More)
The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems, is an important component of the Internet's routing infrastructure. Secure BGP (S-BGP) addresses critical BGP vulnerabilities by providing a scalable means of verifying the authenticity and authorization of BGP control traffic. To facilitate(More)
Privacy Enhanced Mail (PEM) consists of extensions to existing message processing software plus a key management infrastructure. These combine to provide users with a facility in which message confidentiality, authenticity, and integrity can be effected. PEM is compatible with RFC 822 message processing conventions and is transparent to SMTP mail relays.(More)
The need for scalable key management support for Mobile IP – especially, the route-optimized Mobile IP – is well known. In this paper, we present the design and the first implementation of a public key management system that can be used with IETF Mobile IP. The system, called the Mobile IP Security (MoIPS) system, was built upon a DNS based X.509 Public Key(More)
The implications of adding security mechanisms to high-level network protocols operating in an open-system environment are analyzed. First the threats to security that may arise in such an environment are described, and then a set of goals for communications security measures is established. This is followed by a brief description of the two basic(More)
The Border Gateway Protocol (BGP) is a critical component of the Internet routing infrastructure, used to distribute routing information between autonomous systems (ASes). It is highly vulnerable to a variety of malicious attacks and benign operator errors. Under DARPA sponsorship, BBN has developed a secure version of BGP (S-BGP) that addresses most of(More)
The Source Path Isolation Engine (SPIE) is a system capable of tracing a single IP packet to its point of origin or point of ingress into a network. SPIE supports tracing by storing a few bits of unique information about each packet for a period of time as the packets traverse the network. Software implementations of SPIE can trace packets through networks(More)