Title :
A Proposal to Improve IKEv2 negotiation
Author :
Iso-Anttila, Lari ; Ylinen, Jorma ; Loula, Pekka
Author_Institution :
Tampere Univ. of Technol., Tampere
Abstract :
IKEv2 is a new key exchange protocol in the IPsec network and IKEv2 includes a method to detect when it is under denial-of-service (DoS) attack. In case IKEv2 is not under DoS attack it can use initial exchange, but when IKEv2 is under DoS attack cookie negotiation may be used. Cookie negotiation adds an extra round trip to the initial exchange, and protection that is easy to pass by. The resistance to DoS attacks is actually weaker in IKEv2 than in JFK or full-SIGMA in different networks. This paper presents improved cookie negotiation to remedy this weakness. The proposed cookie negotiation delays the responder´s calculation work to the last second and computational load is kept as low as possible.
Keywords :
IP networks; cryptographic protocols; security of data; telecommunication security; IPsec network; cookie negotiation; denial-of-service attack; key exchange protocol; Authentication; Computer crime; Cryptographic protocols; DH-HEMTs; Delay; Information security; Internet; Proposals; Protection; Virtual private networks;
Conference_Titel :
Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007. The International Conference on
Conference_Location :
Valencia
Print_ISBN :
978-0-7695-2989-9
DOI :
10.1109/SECUREWARE.2007.4385329
