|
The NIST IPsec Project is concerned with providing authentication, integrity and confidentiality security services at the Internet (IP) Layer, for both the current IP protocol (IPv4) and the next generation IP protocol (IPv6). Current efforts are concentrated on IPv4 because of the high level of interest in fielding Internet security technology as rapidly as possible. Implementing IPsec requires modifications to the system's communications routines and a new systems process that conducts secret key negotiations. The main deliverables of the NIST IPsec project are:
|
The NIST IPsec Project concerns itself with the emerging Internet protocols that provide increased services at the Internet level, in particular a larger address space and built-in security facilities. These security facilities (known as IPsec) are significant since they will be used to secure the infrastructure of the Internet (routing, DNS, etc.) and they can also be used to protect application-level Internet communications. They enable a centrally-controlled access policy, as well as a multi-level, layered approach to security. IPsec provides the following security services: data origin authentication, connectionless integrity, replay protection, data confidentiality, limited traffic flow confidentiality, and key negotiation and management. The IETF has mandated the use of IPsec wherever feasible; the standards documents are close to completion, and there are numerous implementations.
To expedite the development of this crucial technology, ITL staff designed and developed Cerberus, a reference implementation of the latest IPsec specifications, and PlutoPlus a reference implementation of the IPsec key negotiation and management specifications . Numerous organizations from all segments of the Internet industry have acquired these implementations as a platform for on-going research on advanced issues in IPsec technology.
To answer an industry call for more frequent and accessible interoperability testing for emerging commercial implementations of IPsec technology, ITL developed the NIST IPsec WWW-based Interoperability Tester, IPsec-WIT, which is built around the Cerberus and PlutoPlus prototype implementations. IPsec-WIT also serves as an experiment in test system architectures and technologies. The novel use of WWW technology allows IPsec-WIT to provide interoperability testing services anytime and anywhere without requiring any distribution of test system software, or relocation of the systems under test.
ITL staff also collaborated with key industry representatives to co-author protocol specifications and resolve
technical impasses that threatened the progress of the IPSec design and
standardization process.