![[ IBM Research ]](/research/newmast/projectmasts/masthead10.GIF)
Internet Security Group: Virtual Private Networking
IPSec (IP Security) is a set of Internet protocol standards being developed
by the IPSec working group (WG) of the Internet Engineering Task Force (IETF).
This set of protocols includes the protocols to encrypt and authenticate data
transmitted over the internet, the protocols to exchange and to manage
cryptographic keys, to authenticate identities of the remote entities, and to
negotiate Internet security policies. Recently, new efforts have been started to
better define the schema of Internet security policy and to use SNMP to manage
IPSec related systems/activities.
The Internet Security Group at IBM's Thomas J. Watson Research Center has
been involved in the IPSec WG and development of the standards from the very
beginning. We have designed new cryptographic algorithms, key management
protocols, and published numerous papers, internet drafts and RFC's. We have
also developed IBM's core IPSec technology which is being ported to all IBM
platforms, including AIX, AS/400, S/390, routers and firewalls.
The following list of publications provides more details on our work in the
IPSec arena:
1. Partha Bhattacharya, Rob Adams, William Dixon, Roy Pereira and Raju Rajan,
An LDAP Schema for Configuration and Administration of IPSec based Virtual Private
Networks (VPNs) IETF draft , Oct. 1998.
2. Ran Canetti, Pau-Chen Cheng and Hugo Krawczyk,
A DH-less encryption mode for IKE, IETF draft (draft-ietf-ipsec-dhless-enc-mode-00.txt), July 1998
3. Pau-Chen Cheng, Juan A. Garay, Amir Herzberg and Hugo Krawczyk,
A Security Architecture for the Internet Protocol, IBM System Journal, Vol. 37, No. 1, Feb. 1998.
4. Pau-Chen Cheng and Robert Glenn, ;Test Cases for HMAC-MD5 and HMAC-SHA1, Internet RFC 2202, Sep. 1997.
5. Ran Canetti, Pau-Chen Cheng, Hugo Krawczyk, A revised encryption mode for ISAKMP/Oakley, IETF draft
(draft-ietf-ipsec-revised-enc-mode-01.txt), July 1997. (incorporated into the Internet Key Exchange Protocol)
6. Hugo Krawczyk, Mihir Bellare and Ran Canetti, HMAC: Keyed-Hashing for Message Authentication, Internet RFC 2104, Feb. 1997.
7. Mihir Bellare, Ran Canetti and Hugo Krawczyk, Keyed Hash Functions and Message Authentication, In the Proceedings
of Crypto'96.
8. Mihir Bellare, Ran Canetti, and Hugo Krawczyk, Pseudorandom Functions Revisited: The Cascade Construction,
In the Proceedings of FOCS'96.
9. Hugo Krawczyk, SKEME: A Versatile Secure Key Exchange Mechanism for Internet, In the Proceedings of the
1996 Internet Society Symposium on Network and Distributed System Security, Feb. 1996.
10. Pau-Chen Cheng, Juan A. Garay, Amir Herzberg, Hugo Krawczyk, Design and Implementation of Modular Key Management Protocol and
IP Secure Tunnel on AIX, In the Proceedings of the 5th USENIX UNIX Security Symposium, June 1995.
![[ Find ]](http://www.ibm.com/i/v8/b/fi.gif){kind=small}
![[ News ]](http://www.ibm.com/i/v8/b/ne.gif){kind=small}
![[ Products ]](http://www.ibm.com/i/v8/b/pro.gif){kind=small}
![[ Support ]](http://www.ibm.com/i/v8/b/su.gif){kind=small}
![[ Business solutions ]](http://www.ibm.com/i/v8/b/so.gif){kind=small}
![[ Inside IBM ]](http://www.ibm.com/i/v8/b/ins_h.gif){kind=small}
![[ Interest groups ]](http://www.ibm.com/i/v8/b/int.gif){kind=small}
