Title :
NeoMAN: A Negotiation Management System for IKE Protocol Based on X.509 Certificate in Cross Domain Application
Author :
Zhao, Zhen ; Kim, Taehyoung ; Kim, Junghan ; Kim, Inhyuk ; Eom, YoungIK
Author_Institution :
Sch. of Inf. & Commun. Eng., Sungkyunkwan Univ., China
Abstract :
IPSec VPN is widely used to protect remote data access. IKE protocol is the mandatory key management protocol of IPSec protocol, it provides a manual configuration method for IPSec VPN. But manual configuration is complex, unreliable, unmanageable, and especially less of support for cross-domain management. This paper proposes an IKE negotiation management system based on X.509, called NeoMAN. The NeoMAN system is designed to analysis the security requirements in intra-/cross- domain, provides cross-domain security requirement negotiation, security policy generation, and automatic IKE client configuration. The proposed method reduces the complexity of the IKE configuration process, improves the adaptability of the IKE protocol in cross-domain application, and also provides the management approach for IPSec VPN application.
Keywords :
IP networks; Internet; cryptographic protocols; IKE protocol; IPSec VPN; Internet key exchange protocol; NeoMAN; X.509 certificate; automatic IKE client configuration; cross-domain security requirement negotiation; key management protocol; negotiation management system; remote data access; security policy generation; Access control; Access protocols; Communication system security; Communication system traffic control; Conference management; Data security; Engineering management; Information security; Technology management; Virtual private networks; Cross domain; IKE; IPSec; Negotiation; NeoMAN; Security policy; VPN; X.509; management;
Conference_Titel :
Security Technology, 2008. SECTECH '08. International Conference on
Conference_Location :
Hainan Island
Print_ISBN :
978-0-7695-3486-2
DOI :
10.1109/SecTech.2008.13
