An Intelligent Internet Key Exchange Protocol Resistant to Denial-of-Service Attacks
2010
IPsec provides encryption and authentication for data packets, and protects them from eavesdropping and falsification. Prior to performing IPsec functions, authentication must be mutually assured between the two parties in communication, usually two security gateways, and shared session keys between them must be safely generated. Internet Key Exchange (IKE) protocol is the most common mechanism for two security gateways to negotiate. Haddad et al. proposed a simplified DoS-resistant protocol for such negotiation. Besides, the new version of IKE, named IKEv2 as defined in RFC 4306, can also achieve limited DoS prevention. This paper proposes a simplified, but intelligent design for an internet key exchange protocol, which has greater DoS-resistant than the protocol by Haddad et al. or IKEv2, while maintaining important security properties.
Keywords:
- Internet layer
- Oakley protocol
- Challenge-Handshake Authentication Protocol
- Computer network
- IPsec
- Computer security
- Group Domain of Interpretation
- Computer science
- Internet Security Association and Key Management Protocol
- Otway–Rees protocol
- Kerberized Internet Negotiation of Keys
- Security association
- Internet Key Exchange
- Authentication protocol
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
1
Citations
NaN
KQI