Title :
An Enhanced IPSec Security Strategy
Author :
Zheng, Liangbin ; Zhang, Yongbin
Author_Institution :
Dept. of Comput. Sci., Beijing Inst. of Graphic Commun., Beijing, China
Abstract :
This paper introduces the IPSec security architecture and its mechanism, and gives an in-depth analysis of the IPSec security. Due to the flaws of the pre-shared key authentication method and the fact that it is vulnerable to DoS attacks, this paper proposes a dynamic pre-shared key generation method to avoid the harm to the system caused by crack of the pre-shared key. The improved method generates the pre-shared key dynamically before the SA negotiation. Every time when the SA is created, new pre-shared key will be automatically generated, the drawbacks of fixed pre-shared key are avoided. In addition, the pre-shared key negotiation before the SA establishment has the function of two-way authentication. If the authentication is not successful, the SA establishment will not start. So the improved method can effectively resist the DoS attacks on Diffie-Hellman exchange.
Keywords :
IP networks; telecommunication security; transport protocols; enhanced IPSec security strategy; identity authentication; pre-shared key generation method; Access protocols; Application software; Authentication; Computer security; Cryptography; Data security; Electrostatic precipitators; Information security; Information technology; Packaging; IKE; IPSec; identity authentication; security analysis;
Conference_Titel :
Information Technology and Applications, 2009. IFITA '09. International Forum on
Conference_Location :
Chengdu
Print_ISBN :
978-0-7695-3600-2
DOI :
10.1109/IFITA.2009.203
