MIND (Mobility-oriented IPSec Daemon): a tool for integrated mobility and security support in the Ecumene network

The IP protocol is stateless and connectionless, hence cannot guarantee a secure delivery of the information. IPSec offers stateful security introducing logical connections between couples of peers. The management of these IPSec Security Associations is often delegated to dynamic protocols, such as ISAKMP and IKE, because of the obvious scalability problem of a manual configuration approach. However, the address of each peer must be known in advance to the other one in order for the ISAKMP exchange to be completed successfully. This assumption cannot be always guaranteed, especially when mobility is taken into consideration. In such cases, a proper mechanism to retrieve the correspondent peer IPv6 address must be taken into account. The demo consists of an overview of the functionalities of the Ecumene Web Information System, developed in the groundwork of the Ecumene Project, focusing mainly on the enhancements developed (in the form of the MIPSD daemon) to allow automatic IPSec SA insaturation between hosts which wants to access the network and the appropriate Site Gateway.