Transport layer proxy for stateful UDP packet filtering

Kow Chuen Chang; King P. Fung

doi:10.1109/ISCC.2002.1021735

Transport layer proxy for stateful UDP packet filtering

Kow Chuen Chang
, King P. Fung

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

5 Citations (Scopus)

Abstract

Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.

Original language	English
Title of host publication	Proceedings - ISCC 2002
Subtitle of host publication	7th International Symposium on Computers and Communications
Pages	595-600
Number of pages	6
DOIs	https://doi.org/10.1109/ISCC.2002.1021735
Publication status	Published - 1 Dec 2002
Event	7th International Symposium on Computers and Communications, ISCC 2002 - Taormina-Giardini Naxos, Italy Duration: 1 Jul 2002 → 4 Jul 2002

Conference

Conference	7th International Symposium on Computers and Communications, ISCC 2002
Country/Territory	Italy
City	Taormina-Giardini Naxos
Period	1/07/02 → 4/07/02

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Software
General Mathematics
Signal Processing

More information

10.1109/ISCC.2002.1021735

Cite this

@inproceedings{83c59981d08a4db889a2ad347605e8ff,

title = "Transport layer proxy for stateful UDP packet filtering",

abstract = "Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.",

author = "Chang, \{Kow Chuen\} and Fung, \{King P.\}",

year = "2002",

month = dec,

day = "1",

doi = "10.1109/ISCC.2002.1021735",

language = "English",

isbn = "0769516718",

pages = "595--600",

booktitle = "Proceedings - ISCC 2002",

note = "7th International Symposium on Computers and Communications, ISCC 2002 ; Conference date: 01-07-2002 Through 04-07-2002",

}

TY - GEN

T1 - Transport layer proxy for stateful UDP packet filtering

AU - Chang, Kow Chuen

AU - Fung, King P.

PY - 2002/12/1

Y1 - 2002/12/1

N2 - Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.

AB - Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a transport layer proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs user-level or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other security-related functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.

UR - https://www.scopus.com/pages/publications/84883850615

U2 - 10.1109/ISCC.2002.1021735

DO - 10.1109/ISCC.2002.1021735

M3 - Conference article published in proceeding or book

SN - 0769516718

SN - 9780769516714

SP - 595

EP - 600

BT - Proceedings - ISCC 2002

T2 - 7th International Symposium on Computers and Communications, ISCC 2002

Y2 - 1 July 2002 through 4 July 2002

ER -

Transport layer proxy for stateful UDP packet filtering

Abstract

Conference

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this