A service-oriented opproach on securing user plane traffic between NGN security domains

In today's Next Generation Networks (NGN) many services are residing that all make different security demands on the inter-domain communication. In this paper a concept will be presented that is based on Network Domain Security (NDS) specification and extends it in such a way, that multiple tunnels - depending on the security needs of the involved endpoints - can be established. The concept hereby focuses on the inter-domain interface between two security gateways (SEG) of different domains, where potential external attackers are expected. The proposed concept efficiently secures, besides control plane traffic, also user data with the existing NDS approach. Finally, the concept has been implemented as proof of concept.