119 Hits in 7.6 sec

Model Checking the IKEv2 Protocol Using Spin

Tristan Ninet, Axel Legay, Romaric Maillard, Louis-Marie Traonouez, Olivier Zendra
2019 2019 17th International Conference on Privacy, Security and Trust (PST)  
In this paper we analyze the IKEv2 protocol specification using the Spin model checker. To do so we extend and improve an existing modeling method that allows analyzing security protocols using Spin.  ...  Previous analyses of IKEv2 concluded that the protocol was suffering from two authentication vulnerabilities: the penultimate authentication flaw and a vulnerability that leads to a reflection attack.  ...  In addition, the authors would like to thank the ANSSI 1 for their technical review of an early version of this paper.  ... 
doi:10.1109/pst47121.2019.8949057 dblp:conf/pst/NinetLMTZ19 fatcat:nejckudjdnda7aqsqhe4vf6qa4

Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2 [chapter]

Cas Cremers
2011 Lecture Notes in Computer Science  
The security properties of IPsec critically depend on the underlying key exchange protocols, known as IKE (Internet Key Exchange).  ...  The IPsec standard aims to provide application-transparent end-to-end security for the Internet Protocol.  ...  The protocol suite responsible for this key establishment phase is known as IKE (Internet Key Exchange).  ... 
doi:10.1007/978-3-642-23822-2_18 fatcat:gll3d33uobd2thzsnn3bs3daba

OpenIKEv2: Design and Implementation of an IKEv2 Solution

2008 IEICE transactions on information and systems  
This paper describes the IKEv2 protocol and presents how an open-source IKEv2 implementation, in particular OpenIKEv2 has been designed and implemented.  ...  All the issues found during this process and how they were solved are also described. Finally, a comparison between existing open-source implementations is presented .  ...  Introduction The Internet Key Exchange (IKE) protocol was designed in order to automate the IPsec Security Association (SA) establishment.  ... 
doi:10.1093/ietisy/e91-d.5.1319 fatcat:vwdeqghzxjclhmr6s2ukqwbbom

Performance Analysis of Internet Key Exchange Algorithms on IPSec Security Association Initiation

Supriyanto Praptodiyono, Moh. Furqon, Alief Maulana, Iznan H. Hasbullah, Shafiq Ul Rehman, W. Martiningsih, R. Wiryadinata, S. Praptodiyono, M.I. Santoso, I. Saraswati
2018 MATEC Web of Conferences  
The key process behind the IP Security is a Security Association that is identified by Security Parameter Index.  ...  Naturally, the Internet as an open network allows millions of users to interact each other.  ...  Internet Key Exchange Version 2 (IKEv2) IKEv2 (Internet Key exchange version 2) is an updated of the old IKE protocol and a standard defined in RFC 7296.  ... 
doi:10.1051/matecconf/201821803001 fatcat:z6p3pptlwffizpoukc5up54chm

Performance Evaluations of Cryptographic Protocols Verification Tools Dealing with Algebraic Properties [chapter]

Pascal Lafourcade, Maxime Puys
2016 Lecture Notes in Computer Science  
Finally, for Exclusive-Or and Diffie-Hellman properties, we construct two families of protocols P xori and P dhi that allow us to clearly see for the first time the impact of the number of operators and  ...  We also discover and understand for the protocol IKEv2-DS a difference of modelling by the authors of different tools, which leads to different security results.  ...  This work has been partially supported by the LabEx PERSYVAL-Lab (ANR-11-LABX-0025). Acknowledgments: We deeply thank all the tools authors for their helpful advises.  ... 
doi:10.1007/978-3-319-30303-1_9 fatcat:525nfmg5fbezjnkrhmhsofirue

Enhancing IPsec Performance in Mobile IPv6 Using Elliptic Curve Cryptography

Supriyanto Praptodiyono, M. Iman Santoso, Teguh Firmansyah, Ali Abdurrazaq, Iznan H. Hasbullah, Azlan Osman
2019 Proceeding of the Electrical Engineering Computer Science and Informatics  
This paper aims to enhance the IPsec performance by substituting the existing key exchange algorithm with a lightweight elliptic curve algorithm.  ...  Internet has become indispensable to the modern society nowadays.  ...  The latest standardized algorithm on the key exchange is IKEv2 that is used to establish an SA. The IKEv2 uses Diffie Helman Group algorithm to do the key exchange.  ... 
doi:10.11591/eecsi.v6i0.2004 fatcat:sfs7kp5czrc6dc67bhoxo3hyn4

5G wireless P2MP backhaul security protocol: an adaptive approach

Jiyoon Kim, Gaurav Choudhary, Jaejun Heo, Daniel Gerbi Duguma, Ilsun You
2019 EURASIP Journal on Wireless Communications and Networking  
), Internet Key Exchange version 1 (IKEv1), IKEv2, Host Identity Protocol (HIP), and Authentication and Key Agreement (AKA).  ...  The proposed protocol is designed to be 5G-aware, and provides mutual authentication, perfect forward secrecy, confidentiality, integrity, secure key exchange, security policy update, key update, and balancing  ...  The IPSec tunnel mode includes Internet Key Exchange version 2 (IKEv2) [17] and IKEv2 Mobility and Multihoming (MOBIKE) [18] protocols for secure connections.  ... 
doi:10.1186/s13638-019-1592-0 fatcat:3iuyajqrmbhw3mlhqflldt7i2y

Security Analysis of Multicast/Unicast Router Key Management Protocols

Yiqi Huang, J. William Atwood
2018 2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE)  
For routing protocols, there are new KMPs proposed by the Keying and Authentication for Routing Protocols (KARP) working group of the Internet Engineering Task Force: RKMP, MRKM, and MaRK.  ...  In the Internet, routing protocols have different requirements on their KMPs, which are not met by the existing IPsec KMPs, such as IKE, IKEv2, and GDOI.  ...  For instance, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) between two peers in the IPsec protocol suite (Internet  ... 
doi:10.1109/ccece.2018.8447684 dblp:conf/ccece/HuangA18 fatcat:hoyw53gwbrgxpj3t3wqh5hjbzm

A Systematic Analysis of the Juniper Dual EC Incident

Stephen Checkoway, Hovav Shacham, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
In this paper, we describe the results of a full independent analysis of the ScreenOS randomness and VPN key establishment protocol subsystems, which we carried out in response to this incident.  ...  In December 2015, Juniper Networks announced multiple security vulnerabilities stemming from unauthorized code in ScreenOS, the operating system for their NetScreen VPN routers.  ...  Acknowledgments This material is based in part upon work supported by the U.S.  ... 
doi:10.1145/2976749.2978395 dblp:conf/ccs/CheckowayMGFC0H16 fatcat:vgx7xgnjh5bnro5kryr6qbaqi4

A cryptographic tour of the IPsec standards

Kenneth G. Paterson
2006 Information Security Technical Report  
We focus on the latest generation of the IPsec standards, recently published as Request for Comments 4301-4309 by the Internet Engineering Task Force, and how they have evolved from earlier versions of  ...  control for Internet communications.  ...  Diffie-Hellman (DH) values.  ... 
doi:10.1016/j.istr.2006.03.004 fatcat:admii3uxgzepdk5kjjrune3hru

Key Exchange Protocol Supporting Mobility and Multihoming

Mohammed A. Tawfiq, Sufyan T. Faraj Al-janabi, Abdul-Karim A. R. Kadhim
2006 i-manager's Journal on Software Engineering  
In these tests, it is found that the required time for rekeying is about 27% of the total required time for exchanging the keys.  ...  In this work, a new key exchange protocol for IP-based mobile networks is introduced. This protocol is called KEPSOM (Key Exchange Protocol Supporting Mobility and Multihoming).  ...  Kaufman, "Internet Key Exchange (IKEv2) Protocol", Internet draft, draft-ietfipsec-ikev2-12.txt, IETF, Work in Progress, Jan. 2004.  ... 
doi:10.26634/jse.1.2.824 fatcat:mqe2fzozv5efve66r3r3psnj3e

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

Ramon Sanchez-Iborra, Jesús Sánchez-Gómez, Salvador Pérez, Pedro Fernández, José Santa, José Hernández-Ramos, Antonio Skarmeta
2018 Sensors  
Concretely, the application of an approach based on the recently specified Ephemeral Diffie-Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys  ...  , its low computational cost and the limited message exchanges needed.  ...  IKEv2 mechanisms make use of the Diffie-Hellman algorithm, so they achieve Perfect Forward Secrecy (PFS) protection. The Diffie-Hellman algorithm performance cost depends on the chosen cipher-suite.  ... 
doi:10.3390/s18061833 pmid:29874839 pmcid:PMC6021899 fatcat:4qlqqszelvbyrbzh7mld4ekqs4

IKE context transfer in an IPv6 mobility environment

Fabien Allard, Jean-Michel Combes, Jean-Marie Bonnin, Julien Bournelle
2008 Proceedings of the 3rd international workshop on Mobility in the evolving internet architecture - MobiArch '08  
The first purpose of this paper is to define the IKEv2 context and to provide a solution for handling SPIs 2 collisions using MOBIKE.  ...  The second aim of this paper is to set out an implementation of the Context Transfer Protocol for IPsec/IKEv1 in an IPv6 mobility environment and to provide performance results of such an optimisation.  ...  of our works, we quickly present the IPsec protocol suite (RFC 4301 [10] ) and the Internet Key Exchange version 2 (RFC 4306 [6] ) designed by IETF.  ... 
doi:10.1145/1403007.1403020 fatcat:ek2wsqzsvjdxrdncjn2na5qxry

Efficient Hardware Accelerator for IPSec Based on Partial Reconfiguration on Xilinx FPGAs

Ahmad Salman, Marcin Rogawski, Jens-Peter Kaps
2011 2011 International Conference on Reconfigurable Computing and FPGAs  
The proposed solution supports the three main IPSec protocols: Encapsulating Security Payload (ESP), Authentication Header (AH) and Internet Key Exchange (IKE).  ...  In this paper we present a practical low-end embedded system solution for Internet Protocol Security (IPSec) implemented on the smallest Xilinx Field Programmable Gate Array (FPGA) device in the Virtex  ...  This analysis is interesting because our AES core is comparatively large and AES is used by ESP, AH, and IKEv2.  ... 
doi:10.1109/reconfig.2011.33 dblp:conf/reconfig/SalmanRK11 fatcat:sivvupi2fjcr3pns5unrfgcyue

A Security Architecture for Mobility-Related Services

Robert C. Chalmers, Kevin C. Almeroth
2004 Wireless personal communications  
Moreover, the security solution must be flexible and highly configurable in order to meet the demands of inter-domain roaming agreements.  ...  In order for these services to be realized, however, their particular security concerns must be addressed.  ...  The Internet Key Exchange (IKE) protocol [10] is currently the standard key negotiation protocol for IP-based services.  ... 
doi:10.1023/b:wire.0000047073.45752.12 fatcat:mcu5y7gj55bflpymjifd7ohcym
« Previous Showing results 1 — 15 out of 119 results