10-08-2011, 01:54 PM
Implementation of IPv6 Security in Linux
The TCP/IP protocol suite has a number of security loopholes of serious concern. Efforts are on by the IETF to address security issues in both IP and IPv6 protocols and to standardize the security mechanisms. Two security extension headers, AH for authentication and ESP for confidentiality, have been proposed. Support for security headers is a mandatory part of every IPv6 implementation. In this thesis we describe an experimental implementation of these security protocols for IPv6 in Linux. An implementation of PF_KEY interface for key management applications and a simple extension of BSD Socket API for security are also described. A conceptual description of the security protocols are presented in the form of a small tutorial.
The TCP/IP protocol suite has a number of security loopholes of serious concern. Efforts are on by the IETF to address security issues in both IP and IPv6 protocols and to standardize the security mechanisms. Two security extension headers, AH for authentication and ESP for confidentiality, have been proposed. Support for security headers is a mandatory part of every IPv6 implementation. In this thesis we describe an experimental implementation of these security protocols for IPv6 in Linux. An implementation of PF_KEY interface for key management applications and a simple extension of BSD Socket API for security are also described. A conceptual description of the security protocols are presented in the form of a small tutorial.