IPSec authentication using certificateless signature in heterogeneous IPv4/IPv6 network

This paper studies the incompatibilities issues on deploying IPSec Encapsulating Security Payload (ESP) in providing end to end security between heterogeneous IPv4 and IPv6 networks. The presence of IPv4/IPv6 translation gateway violates the TCP/UDP intrinsic functionalities due to the translation of the IP addresses in IP packets. We address these interoperability issues by modifying IKE negotiation with NAT-Traversal capability and some improvements on IPSec software. However, the implementation of the conventional IKE authentication mechanisms such as pre-shared key and Public Key Infrastructure (PKI) certificate-based requires both nodes either to be manually configured, or to exchange the certificates and the necessity to enrol to certain Certificate Authority (CA). This paper proposes a new Internet Key Exchange (IKE) authentication based on certificateless public key infrastructure in order to alleviate the limitation of the conventional IKE authentication. We also propose an efficient public and shared parameters distribution mechanism whereby the translation gateway acts as Key Generator Centre (KGC).