By Topic

Identity-Based Internet Protocol Networking

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

8 Author(s)
G. Nakamoto ; MITRE Corporation, McLean, VA, USA ; R. Durst ; C. Growney ; J. Andresen
more authors

The Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation, current role, and trust metric (associated with the user and host endpoints). Our motivation is to increase our security posture by leveraging identity, reducing our threat exposure, enhancing situational understanding of our environment, and simplifying network operations. In addition to authentication, we leverage strong anti-spoofing technology to improve accountability. We reduce our threat surface by “hiding” our client hosts and making all infrastructure devices inaccessible. Any attempt to access a hidden host or infrastructure device results in a policy violation attributable to the user/host that caused the violation and provides enhanced situational awareness of such activities. Our servers can also have a “permissible use” policy that ensures that the server only operates across the network per that policy. Finally, as users log in and servers are added to the network all dynamic configurations for access control initiated by such changes are automatically carried out without manual intervention, thereby reducing potential vulnerabilities caused by human errors.

Published in:

MILCOM 2012 - 2012 IEEE Military Communications Conference

Date of Conference:

Oct. 29 2012-Nov. 1 2012