Implementation of Certificate Based Authentication in IKEv2 Protocol

Ana Kukec, Stjepan Gros, Vlado Glavinic
2007 Information Technology Interfaces  
IPsec is a security architecture for Internet, which is directly positioned on the top of the IP layer. The major part of IPsec consists of the Internet Key Exchange protocol, now in its version 2. IKEv2 offers authentication, authorization and key agreement services. One of the possible authentication mechanisms in this protocol is based on X509 certificates and the PKI infrastructure. As we are in the process of the IKEv2 protocol implementation, in this paper we describe experiences and
more » ... n decisions taken during the implementation of the X509 certificate based authentication in the IKEv2 daemon. IPsec is a security architecture for Internet, which is directly positioned on the top of the IP layer. The major part of IPsec consists of the Internet Key Exchange protocol, now in its version 2. IKEv2 offers authentication, authorization and key agreement services. One of the possible authentication mechanisms in this protocol is based on X509 certificates and the PKI infrastructure. As we are in the process of the IKEv2 protocol implementation, in this paper we describe experiences and design decisions taken during the implementation of the X509 certificate based authentication in the IKEv2 daemon.
doi:10.1109/iti.2007.4283856 fatcat:b5oxcr7vvbd6pf72cn5tpnjq4a