A security architecture for the internet protocol

P. C. Cheng, J. A. Garay, A. Herzberg, H. Krawczyk

Research output: Contribution to journalArticlepeer-review

22 Scopus citations


In this paper we present the design, rationale, and implementation of a security architecture for protecting the secrecy and integrity of Internet traffic at the Internet Protocol (IP) layer. The design includes three components: (1) a security policy for determining when, where, and how security measures are to be applied; (2) a modular key management protocol, called MKMP, for establishing shared secrets between communicating parties and meta-information prescribed by the security policy; and (3) the IP Security Protocol, as it is being standardized by the Internet Engineering Task Force, for applying security measures using information provided through the key management protocol. Effectively, these three components together allow for the establishment of a secure channel between any two communicating systems over the Internet. This technology is a component of IBM's firewall product and is now being ported to other IBM computer platforms.

Original languageEnglish
Pages (from-to)42-60
Number of pages19
JournalIBM Systems Journal
Issue number1
StatePublished - 1998
Externally publishedYes


Dive into the research topics of 'A security architecture for the internet protocol'. Together they form a unique fingerprint.

Cite this