Toward A Practical Scheme for IPSec Management

Author

Li, Qi ; Xu, Mingwei ; Xu, Ke

Author_Institution

Tsinghua Univ., Beijing

fYear

2008

fDate

23-25 Jan. 2008

Firstpage

1

Lastpage

5

Abstract

IP Security (IPSec) is an important protection mechanism for securing the Internet communication. However, IPSec is a complex security protocol family, and the management issue is still a challenge for mass deployment. Many researchers have investigated the IPSec management issue with various approaches, the policy configuration and distribution issue remain to be efficiently resolved. A certificate-based scheme to manage IPSec endpoints is proposed in this paper. A Role-based Access Control (RBAC) model is introduced to simplify the process of policy configuration, and policy control mechanism is proposed to check whether new security association conforms to local security policies. The analysis of the scheme shows the flexibility and efficiency of our approach. Based on our proposed scheme, we implement a prototype system with the proof-of-concept and conduct experimental studies to demonstrate the feasibility and performance of our approach.

Keywords

IP networks; Internet; telecommunication security; IP Security; IPSec management; Internet communication; policy control mechanism; role-based access control; security protocol; Authentication; Communication system security; Data security; Information security; Internet; National security; Protection; Prototypes; Public key; Virtual private networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Networking, 2008. ICOIN 2008. International Conference on

Conference_Location

Busan

ISSN

1976-7684

Print_ISBN

978-89-960761-1-7

Electronic_ISBN

1976-7684

Type

conf

DOI

10.1109/ICOIN.2008.4472762

Filename

4472762