An Enhanced IPSec Security Strategy

Author

Zheng, Liangbin ; Zhang, Yongbin

Author_Institution

Dept. of Comput. Sci., Beijing Inst. of Graphic Commun., Beijing, China

Volume

2

fYear

2009

fDate

15-17 May 2009

Firstpage

499

Lastpage

502

Abstract

This paper introduces the IPSec security architecture and its mechanism, and gives an in-depth analysis of the IPSec security. Due to the flaws of the pre-shared key authentication method and the fact that it is vulnerable to DoS attacks, this paper proposes a dynamic pre-shared key generation method to avoid the harm to the system caused by crack of the pre-shared key. The improved method generates the pre-shared key dynamically before the SA negotiation. Every time when the SA is created, new pre-shared key will be automatically generated, the drawbacks of fixed pre-shared key are avoided. In addition, the pre-shared key negotiation before the SA establishment has the function of two-way authentication. If the authentication is not successful, the SA establishment will not start. So the improved method can effectively resist the DoS attacks on Diffie-Hellman exchange.

Keywords

IP networks; telecommunication security; transport protocols; enhanced IPSec security strategy; identity authentication; pre-shared key generation method; Access protocols; Application software; Authentication; Computer security; Cryptography; Data security; Electrostatic precipitators; Information security; Information technology; Packaging; IKE; IPSec; identity authentication; security analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology and Applications, 2009. IFITA '09. International Forum on

Conference_Location

Chengdu

Print_ISBN

978-0-7695-3600-2

Type

conf

DOI

10.1109/IFITA.2009.203

Filename

5231384