|
Search
CSRC
Search
Vulnerability
Archive
|
|
Computer
Scientist
National Institute of Standards and Technology
Computer Security Division
Phone: 301-975-3297
Fax: 301-948-0279
E-mail address
Projects:
The NIST IPsec
Project is concerned with providing authentication, integrity and confidentiality
security services at the Internet (IP) Layer, for both the current IP
protocol (IPv4) and the next generation IP protocol (IPv6). Current efforts
are concentrated on IPv4 because of the high level of interest in fielding
Internet security technology as rapidly as possible. Implementing IPsec
requires modifications to the system's communications routines and a new
systems process that conducts secret key negotiations. The main deliverables
of the NIST IPsec project are:
- Cerberus
- adds IP communications security to the system
-
PlutoPlus - conducts secret key negotiations and management
- IPsec-WIT
- an interactive Web-based interoperability tester that uses Cerberus
and PlutoPlus to enable developers and users to test the interoperability
of their systems or to demonstrate IPsec's functionality
I am responsible for the Key
Negotiation and Management aspects of the project, which involves the
following tasks:
- extend and enhance PlutoPlus
and ensure that it conforms to the latest Internet drafts
- extend IPsec-WIT to enable
negotiated keys, in addition to manually established keys
- add Key Negotiation test
cases to IPsec-WIT
- work with the Internet
Engineering Task Force (IETF) to further the development of the Internet
Security (IPsec) and Internet Key Exchange (IKE) protocols
Publications and Presentations:
- Sheila Frankel, Rob Glenn
and Scott Kelly, "The Candidate
AES Cipher Algorithms and Their Use With IPsec," draft-ietf-ipsec-ciph-aes-cbc-00.txt,
February 2000.
- "The
IKE (Internet Key Exchange) Protocol," NIST Key Management
Workshop, February 2000.
- "Implementing
and Testing IPsec: NIST's Contributions and Future Developments,"
RSA 2000 Conference, January 2000.
- "PlutoPlus:
Policy and PKI Plans for FY00," November 1999.
- "NIST's
IPsec Web-Based Interoperability Tester (IPsec-WIT)," IPsec99
Conference, October 1999.
- "Crossing
the Styx: Taming the Underworld Using Cerberus and PlutoPlus (ITL's
Contributions in the Area of Internet Security)," March 1998.
- "IPv6,"
October 1997.
- "Security
Tools - A "Try Before You Buy" Web-Based Approach," 20th National
Information Systems Security Conference (NISSC), October 1997.
(Word Version)
(Postscript Version)
|