Title :
Transport layer proxy for stateful UDP packet filtering
Author :
Chang, Rocky K C ; Fung, King P.
Author_Institution :
Dept. of Comput., Hong Kong Polytech. Univ., Kowloon, China
Abstract :
Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.
Keywords :
Internet; authorisation; client-server systems; packet switching; protocols; telecommunication security; Active UDP Open; Firewall support; Passive UDP Open; Source-Specific UDP Open; TLP; TLP client; TLP server; UDP socket; UDP traffic; host-level authentication; idle association; optional network address translation; packet filtering; packet relaying; secure UDP firewall traversal service; security-related functions; session logging; stateful UDP packet filtering; timing-out; transport layer proxy; two-step TLP binding procedure; user-level authentication; Authentication; Information filtering; Information filters; Internet; Network servers; Relays; Sockets; Streaming media; TCPIP; Transport protocols;
Conference_Titel :
Computers and Communications, 2002. Proceedings. ISCC 2002. Seventh International Symposium on
Print_ISBN :
0-7695-1671-8
DOI :
10.1109/ISCC.2002.1021735
