Proceedings of Internet Society Symposium on Network and Distributed Systems Security

22-23 Feb. 1996

Filter Results

Displaying Results 1 - 15 of 15
  • Mixing E-mail with Babel

    Publication Year: 1996, Page(s):2 - 16
    Cited by:  Papers (84)  |  Patents (15)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1735 KB)

    Increasingly large numbers of people communicate today via electronic means such as email or news forums. One of the basic properties of the current electronic communication means is the identification of the end-points. However, at times it is desirable or even critical to hide the identity and/or whereabouts of the end-points (e.g., human users) involved. This paper discusses the goals and desir... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An integration of PGP and MIME

    Publication Year: 1996, Page(s):17 - 24
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (834 KB)

    Internet text mail has been developing to satisfy various user requests, such as transporting non-textual objects and privacy enhancements. While MIME redefined the mail body format to support non-textual objects and multipart structure, PGP provides encryption and digital signature features for text mail. MIME however does not provide privacy services whereas non-textual objects cannot be exchang... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scalability of security in distributed object systems

    Publication Year: 1996, Page(s):40 - 41
    Cited by:  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1301 KB)

    This paper addresses the problem of scalability in distributed object systems. It first describes the scaling problem and then uses several examples as discussion points for the participants. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A flexible distributed authorization protocol

    Publication Year: 1996, Page(s):43 - 52
    Cited by:  Papers (3)  |  Patents (25)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1159 KB)

    While there has been considerable effort in creating a single sign-on solution for interoperability among authentication methods, such interoperability across authorization methods has received little attention. This paper presents a flexible distributed authorization protocol that provides the full generality of restricted proxies while supporting the functionality of and interoperability with ex... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Preserving integrity in remote file location and retrieval

    Publication Year: 1996, Page(s):53 - 63
    Cited by:  Papers (1)  |  Patents (16)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1098 KB)

    We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in geographically remote locations to share files using an untrusted network. For example, distribution, of an organization's software to all the organization's sites can be accomplished using this service. Distributi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • C-HTTP-the development of a secure, closed HTTP-based network on the Internet

    Publication Year: 1996, Page(s):64 - 75
    Cited by:  Papers (1)  |  Patents (56)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1013 KB)

    We have designed "C-HTTP" which provides secure HTTP communication mechanisms within a closed group of institutions on the Internet, where each member is protected by its own firewall. C-HTTP-based communications are made possible by the following three components: a client-side proxy, a sewer-side proxy and a C-HTTP name server. A client-side proxy and server-side proxy communicate with each othe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Designing an academic firewall: policy, practice, and experience with SURF

    Publication Year: 1996, Page(s):79 - 92
    Cited by:  Papers (8)  |  Patents (104)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1727 KB)

    Corporate network firewalls are well-understood and are becoming commonplace. These firewalls establish a security perimeter that aims to block (or heavily restrict) both incoming and outgoing network communication. We argue that these firewalls are neither effective nor appropriate for academic or corporate research environments needing to maintain information security while still supporting the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Digital signature protection of the OSPF routing protocol

    Publication Year: 1996, Page(s):93 - 102
    Cited by:  Papers (43)  |  Patents (10)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1123 KB)

    The routing protocols used to disseminate routing information throughout the Internet are not protected from intruders or faulty router participants. This paper reports on work in progress to protect the OSPF routing protocol through the use of cryptography, specifically, digital signatures. The routing information is signed with an asymmetric cryptographic algorithm, allowing each router recipien... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A case study of secure ATM switch booting

    Publication Year: 1996, Page(s):103 - 112
    Cited by:  Patents (11)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (876 KB)

    This paper examines a few techniques for booting Asynchronous Transfer Mode (ATM) switches securely over an insecure network. Each of these techniques assume a different trust model. This work is being carried out in the context of the Fairisle ATM switch environment. In this environment we are envisaging an open multi-service network where ATM switches are booted with third party software, possib... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SKEME: a versatile secure key exchange mechanism for Internet

    Publication Year: 1996, Page(s):114 - 127
    Cited by:  Papers (53)  |  Patents (42)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1543 KB)

    A secure and versatile key exchange protocol for key management over Internet is presented. SKEME constitutes a compact protocol that supports a variety of realistic scenarios and security models over Internet. It provides clear tradeoffs between security and performance as required by the different scenarios without incurring in unnecessary system complexity. The protocol supports key exchange ba... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IDUP and SPKM: developing public-key-based APIs and mechanisms for communication security services

    Publication Year: 1996, Page(s):128 - 135
    Cited by:  Patents (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (837 KB)

    In this paper we discuss progress in the development of application program interfaces (APIs) and mechanisms which provide a comprehensive set of security services to application developers. The APIs, though similar, are designed for distinct environments: the session API ("GSS") is aimed at the on-line real-time messaging environment; the store-and-forward API ("IDUP") is particularly suited to e... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An empirical study of secure MPEG video transmissions

    Publication Year: 1996, Page(s):137 - 144
    Cited by:  Papers (85)  |  Patents (57)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1079 KB)

    MPEG (Moving Pictures Expert Group) is an industrial standard for video processing and is widely used in multimedia applications in the Internet. However, no security provision is specified in the standard. We conducted an experimental study of previously proposed selective encryption schemes for MPEG video security. This study showed that these methods are inadequate for sensitive applications. W... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Parallelized network security protocols

    Publication Year: 1996, Page(s):145 - 154
    Cited by:  Papers (7)  |  Patents (16)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (927 KB)

    Security and privacy are growing concerns in the Internet community, due to the Internet's rapid growth and the desire to conduct business over it safely. This desire has led to the advent of several proposals for security standards, such as secure IP, secure HTTP, and the Secure Socket Layer. All of these standards propose using cryptographic protocols such as DES and RSA. Thus, the need to use e... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A "bump in the stack" encryptor for MS-DOS systems

    Publication Year: 1996, Page(s):155 - 160
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (562 KB)

    Most implementations of IP security are deeply entwined in the source of the protocol stack. However, such source code is not readily available for MS-DOS systems. We implemented a version using the packet driver interface. Our module sits between the generic Ethernet driver and the hardware driver; it emulates each to the other. Most of the code is straightforward; in a few places, though, we wer... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 1996
    Request permission for reuse | PDF file iconPDF (29 KB)
    Freely Available from IEEE