Authors: Marwa Ahmim; Malika Babes; Nacira Ghoualmi-Zine
Addresses: Department of Computer Science, Badji Mokhtar-Annaba University, Annaba, Algeria ' Department of Computer Science, Badji Mokhtar-Annaba University, Annaba, Algeria ' Department of Computer Science, Badji Mokhtar-Annaba University, Annaba, Algeria
Abstract: IPSec is a framework of open standards for providing secure communications over internet protocol (IP) networks. The kernel of the IP security architecture is the internet key exchange protocol (IKE). IKE is an automatic method for key exchange and confidential parameters used in AH and ESP encapsulation. However, IKE protocol has a number of weaknesses; the two most important ones are the high complexity of the protocol and the vulnerability to passive and active attacks. To deal with these problems, several improvements have been proposed. In this paper, we propose a new IKE protocol based on elliptic curve cryptography, which aims to achieve a high-security level and efficiency. The security analysis and formal verification using automated validation of internet security protocols and applications (AVISPA) tools show that our contribution can resist to various attack types such as modification, reflection, replay, DoS and man-in-the-middle. The comparison between our proposed IKE protocol and other IKE protocols shows that our new protocol is more efficient with less computation complexity.
Keywords: internet protocol security; IP security; IPSec; security association; internet key exchange protocol; IKE; elliptic curve cryptosystem; ECC; security analysis; attacks; AVISPA; secure communications; network security.
International Journal of Communication Networks and Distributed Systems, 2015 Vol.14 No.2, pp.202 - 218
Received: 19 Feb 2014
Accepted: 26 Jun 2014
Published online: 15 Feb 2015 *