@inproceedings{583636aeeb874645be0797e7449a96ae,
title = "Convergence of IPsec in presence of resets",
abstract = "IPsec is the current security standard for the Internet Protocol IP. According to IPsec, a selected computer pair (p. q) in the Internet can be designated a {"}security association{"}. This designation guarantees that all sent IP messages whose original source is computer p and whose ultimate destination is computer q cannot be replayed in the future (by an adversary between p and q) and still be received by q as fresh messages from p. This guarantee is provided by adding increasing sequence numbers to all IP messages sent from p to q. Thus, p needs to always remember the sequence number of the last sent message, and q needs to always remember the sequence number of the last received message. Unfortunately, when computer p or q is reset these sequence numbers can be forgotten, and this leads to two bad possibilities: unbounded number of fresh messages from p can be discarded by q. and unbounded number qf replayed messages can be accepted by q. In this paper, we propose two operations, {"}SAVE{"}' and {"}FETCH{"}, to prevent these possibilities. The SAVE operation can be used to store the last sent sequence member in persistent memory of p once every K/sub p/ sent messages, and can be used to store the last received sequence number in persistent memory of q once every K/sub q/ received messages. The FETCH operation can be used to fetch the last stored sequence number for a computer when that computer wakes tip after a reset. We show that the following three conditions hold when SAVE and FETCH are adopted in both p and q. First, when p is reset, at most 2K/sub p/ sequence numbers will be lost but no fresh message sent from p to q will be discarded if no message reorder occurs. Second, when q is reset, the number of discarded fresh messages is bounded by 2K/sub q/, In either case, no replayed message will be accepted by q.",
keywords = "Authentication, Computer security, Convergence, Cryptography, Internet, Protocols, Software standards, System software",
author = "Huang, {Chin Tser} and Gouda, {M. G.} and Elnozahy, {E. N.}",
note = "Publisher Copyright: {\textcopyright} 2002 IEEE.; 23rd International Conference on Distributed Computing Systems Workshops, ICDCSW 2003 ; Conference date: 19-05-2003 Through 22-05-2003",
year = "2003",
doi = "10.1109/ICDCSW.2003.1203526",
language = "English (US)",
series = "Proceedings - 23rd International Conference on Distributed Computing Systems Workshops, ICDCSW 2003",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "22--27",
booktitle = "Proceedings - 23rd International Conference on Distributed Computing Systems Workshops, ICDCSW 2003",
address = "United States",
}