Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579220
S. Bellovin
The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encryption and authentication (IPSEC). We describe how "probable plaintext" can be used to aid in cryptanalytic attacks, and analyze the protocol to show how much probable plaintext is available. We also show how traffic analysis is a powerful aid to the cryptanalyst. We conclude by outlining some likely changes to the underlying protocols that may strengthen them against these attacks.
{"title":"Probable plaintext cryptanalysis of the IP security protocols","authors":"S. Bellovin","doi":"10.1109/NDSS.1997.579220","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579220","url":null,"abstract":"The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encryption and authentication (IPSEC). We describe how \"probable plaintext\" can be used to aid in cryptanalytic attacks, and analyze the protocol to show how much probable plaintext is available. We also show how traffic analysis is a powerful aid to the cryptanalyst. We conclude by outlining some likely changes to the underlying protocols that may strengthen them against these attacks.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126637311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579230
A. Young, Nada Kapidzic Cicovic, D. Chadwick
Public key certification provides mechanisms that can be used to build truly scaleable security services, such as allowing people who have never met to have assurance of each other's identity. Authentication involves syntactic verification of a certificate chain followed by a semantic look at the policies under which the certificates were issued. This results in a level of assurance that the identity of the person to be authenticated is an accurate description of the person involved, and requires verifiers to specify who they trust and what they trust them to do. Two widely discussed mechanisms for specifying this trust, the PEM and PGP trust models, approach the problem from fundamentally different directions. The EC funded ICE-TEL project, which is deploying a security infrastructure and application set for the European research community, has described a new trust model that attempts to be equally applicable to organisation-centric PEM users and user-centric PGP users.
{"title":"Trust models in ICE-TEL","authors":"A. Young, Nada Kapidzic Cicovic, D. Chadwick","doi":"10.1109/NDSS.1997.579230","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579230","url":null,"abstract":"Public key certification provides mechanisms that can be used to build truly scaleable security services, such as allowing people who have never met to have assurance of each other's identity. Authentication involves syntactic verification of a certificate chain followed by a semantic look at the policies under which the certificates were issued. This results in a level of assurance that the identity of the person to be authenticated is an accurate description of the person involved, and requires verifiers to specify who they trust and what they trust them to do. Two widely discussed mechanisms for specifying this trust, the PEM and PGP trust models, approach the problem from fundamentally different directions. The EC funded ICE-TEL project, which is deploying a security infrastructure and application set for the European research community, has described a new trust model that attempts to be equally applicable to organisation-centric PEM users and user-centric PGP users.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115090505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579225
Bradley R. Smith, S. Murthy, J. Garcia-Luna-Aceves
We analyze the security requirements of distance-vector routing protocols, identify their vulnerabilities, and propose countermeasures to these vulnerabilities. The innovation we propose involves the use of mechanisms from the path-finding class of distance-vector protocols as a solution to the security problems of distance-vector protocols. The result is a proposal that effectively and efficiently secures distance-vector protocols in constant space.
{"title":"Securing distance-vector routing protocols","authors":"Bradley R. Smith, S. Murthy, J. Garcia-Luna-Aceves","doi":"10.1109/NDSS.1997.579225","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579225","url":null,"abstract":"We analyze the security requirements of distance-vector routing protocols, identify their vulnerabilities, and propose countermeasures to these vulnerabilities. The innovation we propose involves the use of mechanisms from the path-finding class of distance-vector protocols as a solution to the security problems of distance-vector protocols. The result is a proposal that effectively and efficiently secures distance-vector protocols in constant space.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124126337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: