Fourth European Symposium on Research in Computer Security (ESORICS 96)
Sleepy Network-Layer Authentification Service
Shyhtsun F. Wu
Abstract : Network-layer authentication security services are typically pessimistic and static. A conservative IP security gateway checks/verifies the authentication information for every packet it forwards. This implies that, even there is no bad guy in the network, the authentication check is still performed for every packet. In this paper, we examine a sleepy approach, where the gateways normally do not authenticate or verify the packets unless security attacks are detected. We propose a security protocol, SSGP (Sleepy Security Gateway Protocol), residing on top of the IPSEC (Internet Security Protocol). One important feature of SSGP is the collaboration model between network and application layer security mechanisms.
Proceedings table of contents