Dynamic parameterization of IPSEC
01Dec_Agar.pdf (774.6Kb)Abstract
The Internet has become the medium of choice for communications between most Government and Military organizations. Unfortunately the key Internet protocols were not designed to provide security and their security vulnerabilities have become apparent. IPsec was developed to provide users with a range of security services, for both confidentiality and integrity, enabling them to securely pass information across networks. Automated security mechanisms are typically designed and/or calibrated to meet an organizationαs security policy. However, once the mechanism is in operation the implemented policy is in a static state, and cannot be adjusted according to dynamic environmental conditions. This means that security mechanisms fail to reflect the policy that is appropriate for the changing contexts. Dynamic parameterization enables security mechanisms to adjust the level of security service 'on-the- fly' to respond to changing conditions (i.e. INFOCON, THREATCON). This work includes the extension of the attributes encoded by the KeyNote Trust Management System and modification of the IPsec mechanism to incorporate dynamic parameters into the security service selection mechanism, and the construction of a graphical user interface, for demonstrating 'proofof- concept' of Dynamic Parameterization of OpenBSD 2.8 IPsec.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
An Editor for Adaptive XML-Based Policy Management of IPSEC
(Computer Security Applications Conference (ACSAC), 2003-12-08);The IPSec protocol provides a mechanism to enforce a range of security services for both confidentiality and integrity, enabling secure transmission of information across networks. Dynamic parameterization of IPSec, via ... -
Modeling and Simulation Tool to Enhance and Explore the ROE Design Space for NLW
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-M238-AThe goal of this research is to define an analytical tool, Workbench for refining Rules of Engagement against Crowd Hostiles (WRENCH), that will support operational planners and ground commanders in defining contextually ... -
Modeling and Simulation Tool to Enhance and Explore the ROE Design Space for NLW
(Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-M238-AThe goal of this research is to define an analytical tool, Workbench for refining Rules of Engagement against Crowd Hostiles (WRENCH), that will support operational planners and ground commanders in defining contextually ...
