1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks

Research Article

SPINAT: Integrating IPsec into Overlay Routing

  • @INPROCEEDINGS{10.1109/SECURECOMM.2005.53,
        author={J.  Ylitalo and  P. Salmela and H.  Tschofenig},
        title={SPINAT: Integrating IPsec into Overlay Routing},
        proceedings={1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2006},
        month={3},
        keywords={},
        doi={10.1109/SECURECOMM.2005.53}
    }
    
  • J. Ylitalo
    P. Salmela
    H. Tschofenig
    Year: 2006
    SPINAT: Integrating IPsec into Overlay Routing
    SECURECOMM
    IEEE
    DOI: 10.1109/SECURECOMM.2005.53
J. Ylitalo1, P. Salmela1, H. Tschofenig1
  • 1: Ericsson Research NomadicLab, Finland

Abstract

Tackling the major Internet security, scalability and mobility problems without essentially changing the existing Internet architecture has turned out to be a very challenging task. The overlay routing approaches fortunately seem to offer a sound way to mitigate most of these issues. Basically, they decouple the end-point identifiers from locators by defining a new namespace. Overlay routing is based on the dynamic binding, at middle-boxes, between the two namespaces. The approach is very close to Network Address Translation (NAT) principles. Therefore, the IPsec NAT traversal related problems apply also to overlay architectures. In this paper, we integrate IPsec into the overlay routing using Security Parameter Index (SPI) multiplexed NAT (SPINAT). Our approach reduces tunneling overhead and supports asymmetric communication paths. We believe that the SPINAT will be a key component in securing overlay routing infrastructures, like in the Internet Indirection Infrastructure (i^3).