Research Article
SPINAT: Integrating IPsec into Overlay Routing
@INPROCEEDINGS{10.1109/SECURECOMM.2005.53, author={J. Ylitalo and P. Salmela and H. Tschofenig}, title={SPINAT: Integrating IPsec into Overlay Routing}, proceedings={1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2006}, month={3}, keywords={}, doi={10.1109/SECURECOMM.2005.53} }
- J. Ylitalo
P. Salmela
H. Tschofenig
Year: 2006
SPINAT: Integrating IPsec into Overlay Routing
SECURECOMM
IEEE
DOI: 10.1109/SECURECOMM.2005.53
Abstract
Tackling the major Internet security, scalability and mobility problems without essentially changing the existing Internet architecture has turned out to be a very challenging task. The overlay routing approaches fortunately seem to offer a sound way to mitigate most of these issues. Basically, they decouple the end-point identifiers from locators by defining a new namespace. Overlay routing is based on the dynamic binding, at middle-boxes, between the two namespaces. The approach is very close to Network Address Translation (NAT) principles. Therefore, the IPsec NAT traversal related problems apply also to overlay architectures. In this paper, we integrate IPsec into the overlay routing using Security Parameter Index (SPI) multiplexed NAT (SPINAT). Our approach reduces tunneling overhead and supports asymmetric communication paths. We believe that the SPINAT will be a key component in securing overlay routing infrastructures, like in the Internet Indirection Infrastructure (i^3).