IPsec Technology Project
The NIST IPsec Project is concerned with providing authentication, integrity and confidentiality security services at the Internet (IP) Layer, for both the current IP protocol (IPv4) and the next generation IP protocol (IPv6). Current efforts are concentrated on IPv4 because of the high level of interest in fielding Internet security technology as rapidly as possible. Implementing IPsec requires modifications to the system's communications routines and a new systems process that conducts secret key negotiations. The main deliverables of the NIST IPsec project are:
Cerberus - adds IP communications security to the system
PlutoPlus - conducts secret key negotiations and management
IPsec-WIT - an interactive Web-based interoperability tester that uses Cerberus and PlutoPlus to enable developers and users to test the interoperability of their systems or to demonstrate IPsec's functionality
I am responsible for the Key Negotiation and Management aspects of the project, which involves the following tasks:
- extend and enhance PlutoPlus and ensure that it conforms to the latest Internet drafts
- extend IPsec-WIT to enable negotiated keys, in addition to manually established keys
- add Key Negotiation test cases to IPsec-WIT
- work with the Internet Engineering Task Force (IETF) to further the development of the Internet Security (IPsec) and Internet Key Exchange (IKE) protocols
- Computer Security Tools
Publications and Presentations:
- Sheila Frankel, Rob Glenn and Scott Kelly, "The Candidate AES Cipher Algorithms and Their Use With IPsec," February 2000.
- "The IKE (Internet Key Exchange) Protocol," NIST Key Management Workshop, February 2000.
- "Implementing and Testing IPsec: NIST's Contributions and Future Developments," RSA 2000 Conference, January 2000.
- "PlutoPlus: Policy and PKI Plans for FY00," November 1999.
- "NIST's IPsec Web-Based Interoperability Tester (IPsec-WIT)," IPsec99 Conference, October 1999.
- "Crossing the Styx: Taming the Underworld Using Cerberus and PlutoPlus (ITL's Contributions in the Area of Internet Security)," March 1998.
- "IPv6," October 1997.
- "Security Tools - A "Try Before You Buy" Web-Based Approach," 20th National Information Systems Security Conference (NISSC), October 1997. (Word Version) (Postscript Version)