Management of end-to-end security in collaborative IP network environments

Growth in popularity of the Internet has spawned a great interest in collaborative IP networks that support collaborative meetings between individuals or groups located at remote stations. The emphasis on security of information transfer during these meetings has made the management of end-to-end security in collaborative IP network environments, that may involve the creation of ad hoc communication networks that contain the Internet as an intermediate network, an important research issue. Addition of security features through standard methods gives rise to complex incompatibility problems resulting from the specific routing and address translation schemes that may be in place in these networks. The development of enhanced protocols that remove this incompatibility and ensure interoperability between security functions and address translation functions is discussed in this paper. Detailed steps in ensuring end-to-end security in various cases involving change of IP address, change of both IP address and the port, and the use of encapsulation security payload implemented in transport mode are described. The enhanced protocols presented here support generic implementation in the sense that the implementation of the security-related protocol is transparent to the use or not of the address translation scheme. For providing a proof of concept demonstration of the proposed solutions, the structure of a prototype collaborative network, which employs the Internet as an intermediate communication medium for supporting videoconferencing between remote stations, is outlined