Open Access
Subscription Access
An Intelligent Internet Key Exchange Protocol Resistant to Denial-of-Service Attacks
Abstract
IPsec provides encryption and authentication for data packets, and protects them from eavesdropping and falsification. Prior to performing IPsec functions, authentication must be mutually assured between the two parties in communication, usually two security gateways, and shared session keys between them must be safely generated. Internet Key Exchange (IKE) protocol is the most common mechanism for two security gateways to negotiate. Haddad et al. proposed a simplified DoS-resistant protocol for such negotiation. Besides, the new version of IKE, named IKEv2 as defined in RFC 4306, can also achieve limited DoS prevention. This paper proposes a simplified, but intelligent design for an internet key exchange protocol, which has greater DoS-resistant than the protocol by Haddad et al. or IKEv2, while maintaining important security properties.
Keywords
IPsec IP Security; Internet Key Exchange IKE protocol; Denial-of-Service DoS attacks; Network security
Citation Format:
Ming-Yang Su, "An Intelligent Internet Key Exchange Protocol Resistant to Denial-of-Service Attacks," Journal of Internet Technology, vol. 11, no. 5 , pp. 681-690, Sep. 2010.
Ming-Yang Su, "An Intelligent Internet Key Exchange Protocol Resistant to Denial-of-Service Attacks," Journal of Internet Technology, vol. 11, no. 5 , pp. 681-690, Sep. 2010.
Refbacks
- There are currently no refbacks.
Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314 E-mail: jit.editorial@gmail.com