Article: Formal analysis of efficiency and safety in IPSec based on internet key exchange protocol Journal: International Journal of Communication Networks and Distributed Systems (IJCNDS) 2015 Vol.14 No.2 pp.202 - 218 Abstract: IPSec is a framework of open standards for providing secure communications over internet protocol (IP) networks. The kernel of the IP security architecture is the internet key exchange protocol (IKE). IKE is an automatic method for key exchange and confidential parameters used in AH and ESP encapsulation. However, IKE protocol has a number of weaknesses; the two most important ones are the high complexity of the protocol and the vulnerability to passive and active attacks. To deal with these problems, several improvements have been proposed. In this paper, we propose a new IKE protocol based on elliptic curve cryptography, which aims to achieve a high-security level and efficiency. The security analysis and formal verification using automated validation of internet security protocols and applications (AVISPA) tools show that our contribution can resist to various attack types such as modification, reflection, replay, DoS and man-in-the-middle. The comparison between our proposed IKE protocol and other IKE protocols shows that our new protocol is more efficient with less computation complexity. Inderscience Publishers - linking academia, business and industry through research

Title: Formal analysis of efficiency and safety in IPSec based on internet key exchange protocol

Authors: Marwa Ahmim; Malika Babes; Nacira Ghoualmi-Zine

Addresses: Department of Computer Science, Badji Mokhtar-Annaba University, Annaba, Algeria ' Department of Computer Science, Badji Mokhtar-Annaba University, Annaba, Algeria ' Department of Computer Science, Badji Mokhtar-Annaba University, Annaba, Algeria

Abstract: IPSec is a framework of open standards for providing secure communications over internet protocol (IP) networks. The kernel of the IP security architecture is the internet key exchange protocol (IKE). IKE is an automatic method for key exchange and confidential parameters used in AH and ESP encapsulation. However, IKE protocol has a number of weaknesses; the two most important ones are the high complexity of the protocol and the vulnerability to passive and active attacks. To deal with these problems, several improvements have been proposed. In this paper, we propose a new IKE protocol based on elliptic curve cryptography, which aims to achieve a high-security level and efficiency. The security analysis and formal verification using automated validation of internet security protocols and applications (AVISPA) tools show that our contribution can resist to various attack types such as modification, reflection, replay, DoS and man-in-the-middle. The comparison between our proposed IKE protocol and other IKE protocols shows that our new protocol is more efficient with less computation complexity.

Keywords: internet protocol security; IP security; IPSec; security association; internet key exchange protocol; IKE; elliptic curve cryptosystem; ECC; security analysis; attacks; AVISPA; secure communications; network security.

DOI: 10.1504/IJCNDS.2015.067658

International Journal of Communication Networks and Distributed Systems, 2015 Vol.14 No.2, pp.202 - 218

Received: 19 Feb 2014
Accepted: 26 Jun 2014
Published online: 31 Mar 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Formal analysis of efficiency and safety in IPSec based on internet key exchange protocol

Keep up-to-date