Skip to Main Content
In this paper we present the design, rationale, and implementation of a security architecture for protecting the secrecy and integrity of Internet traffic at the Internet Protocol (IP) layer. The design includes three components: (1) a security policy for determining when, where, and how security measures are to be applied; (2) a modular key management protocol, called MKMP, for establishing shared secrets between communicating parties and meta-information prescribed by the security policy; and (3) the IP Security Protocol, as it is being standardized by the Internet Engineering Task Force, for applying security measures using information provided through the key management protocol. Effectively, these three components together allow for the establishment of a secure channel between any two communicating systems over the Internet. This technology is a component of IBM's firewall product and is now being ported to other IBM computer platforms.
Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.