Some IP Security Issues


Dr. Zoran Bojkovic
Full Prof. of Electrical Engineering,
Senior Member IEEE, WSEAS member, EURASIP member
University of Belgrade
SERBIA
E-mail: z.bojkovic@yahoo.com
 

Abstract: IP security (IPsec) is a suite of protocols for searing Internet Protocol (IP) communications by authenticating and or encrypting each IP packet in a data stream. IP packets do not have any inherent security. As a result there is no guarantee that a received IP packet is from the claimed sender contains original data that the sender put in it or was not sniffed during transit. IPsec provides a method to protect IP datagrams and is commonly used in Virtual Private Networks (VPNs). It defines a method for specifying the traffic to protect, how that traffic is to be protected and to whom the traffic is sent. From thee point of view of multimedia networks, security is important to be recognized for current and future users and implements. In response to IP security issues, Internet Architecture Board (IAB) included authentication and encryption as necessary security features in the next-generation IP, which has been used as IPv6. Fortunately, these security capabilities were designed to be usable both with the current IPv4 and the IPv6.
Following an introduction, this presentation begins by introducing Internet Key Exchange (IKE) protocol. The goal of thus protocol is to establish and maintain shared security parameters and authenticable keys between the two IPsec end points. For both IPv4 and IPv6 the choice of Encapsulating Security Payload (ESP) protocol and Authentication Header (AH) is offered. The IP ESP provides confidentiality, along with optional (but strongly recommended) authentication and integrity protection. The IP AH provides integrity and authentication and integrity protection.
The next parts of this lecture cover frameworks for basic security concepts and security technology. The IP security architecture uses the concept of a security association as the basis for building security function into IP. A security association is simply the bundle of algorithms and parameters (such as keys) that is being used to encrypt and authenticate a parameter flow in one direction. In bi-directional traffic, the flows are secured by a pair of security associations. Security technology is a term that relates to the technical methods used to realize security requirements (cryptographic mechanisms, hash schemes, key management methods).
Next part of this presentation covers infrastructure for future mobile networks because they will be open to different services and service providers. Also, five seacurity features groups (network access security, network domain security, user domain security, application domain security, visibility and configurability of security) are analyzed. Finally, infrastructure security definitions, requirements and security context together with network operator’s security requirements, requirements from user’s, network’s as well as service’s perspective are enclosed.

Brief Biography of the Speaker: Zoran S. Bojkovic received the Diploma in electrical engineering and the M.S. and Ph.D. degree all from the Faculty of electrical engineering, University of Belgrade, Serbia. He is a professor of Electrical Engineering at the University of Belgrade. He is the co-author of the books “Introduction to Multimedia Communications” (Wiley 2006), “Multimedia Communications Systems” (Prentice-Hall 2002) and “Packet Video Communications over ATM Networks” (Prentice-Hall 2000), all with prof. K. R. Rao from the University of Texas at Arlington, USA. He has published in international peer-reviewed journals and participated in many scientific and industrial projects. He is Editor-in-chief for the WSEAS Transactions on Communications and WSEAS Transaction Science and Applications. He is IEEE Senior member and EURASIP member.