Title :
Contribution to enhance IPSec security by a safe and efficient internet key exchange protocol
Author :
Marwa, Ahmim ; Malika, Babes ; Nacira, Ghoualmi
Author_Institution :
Networks & Syst. Lab., Badji Mokhtar Univ., Annaba, Algeria
Abstract :
IPSec is a suite of protocols that provides security for internet communications at the IP layer. The security properties of IPSec mainly depend on the key exchange protocols where the efficiency and security of the key management are important parts of IPSec. Internet Key Exchange (IKE) protocol is the most common mechanism for the two hosts to exchange key materials. However, IKE is complex and vulnerable due to attacks such as (DOS,...). In this paper, we propose a new IKE protocol based on D-H. This protocol uses three round-trips the exchange message. The advantages of our contribution are: one phase (vs. two phases on standard IKE), Best efficiency ie. optimizes transmission time (vs. longer negotiation time). The security analysis and formal verification using Automated Validation of Internet Security Protocols and Applications (AVISPA) show that our contribution can resist to various attack types such as ( Replay, DOS, man in the middle).
Keywords :
IP networks; Internet; computer network security; cryptographic protocols; formal verification; message authentication; AVISPA; D-H; IKE protocol; IP layer; IPSec security; Internet communication security; Internet key exchange protocol; automated validation of Internet security protocols and application; formal verification; key management; message exchange; transmission time optimization; Authentication; Encryption; IP networks; Internet; Protocols; Attacks; Internet Protocol Security (IPSec); Internet key Exchange protocol (IKE); Security Analysis; Security Association (SA);
Conference_Titel :
Computer and Information Technology (WCCIT), 2013 World Congress on
Conference_Location :
Sousse
Print_ISBN :
978-1-4799-0460-0
DOI :
10.1109/WCCIT.2013.6618745
