Archivo Abierto Institucional de la Universidad Carlos III de Madrid: Enabling Practical IPsec authentication for the Internet

DSpace

e-Archivo

	Home

Browse
	Scientific Research
	Academic thesis
	Journals
	Digital collections
	Institutional Documentation
	Issue Date
	Author
	Title
	Subject

Login:
	My E-Archivo authorized users

	Help and guides
	Feedback

Archivo Abierto Institucional de la Universidad Carlos III de Madrid > Investigación > Departamentos > Departamento de Ingeniería Telemática > DIT - Comunicaciones en Conferencias Internacionales / International Conferences >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10016/4241

Google™ Scholar. Others By: Muñoz-Merino, Pedro J. - Muñoz-Organero, Mario - García-Martínez, Alberto - Delgado Kloos, Carlos

Files in This Item:

garcia_enabling_2006_ps.pdf

postprint

449,41 kB

Adobe PDF

formato pdf

Title:	Enabling Practical IPsec authentication for the Internet
Author(s):	Muñoz-Merino, Pedro J. Muñoz-Organero, Mario García-Martínez, Alberto Delgado Kloos, Carlos
Publisher:	Springer-Verlag
Issued date:	Nov-2006
Citation:	On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. Springer, 2006. P. 392-403 (Lecture Notes in Computer Science; 4277)
URI:	http://hdl.handle.net/10016/4241
ISBN:	9783-540482697
ISSN:	1611-3349 (Online)
DOI:	10.1007/11915034_63
Description:	On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (First International Workshop on Information Security (IS'06), OTM Federated Conferences and workshops). Montpellier, Oct,/Nov. 2006
Abstract:	There is a strong consensus about the need for IPsec, although its use is not widespread for end-to-end communications. One of the main reasons for this is the difficulty for authenticating two end-hosts that do not share a secret or do not rely on a common Certification Authority. In this paper we propose a modification to IKE to use reverse DNS and DNSSEC (named DNSSEC-to-IKE) to provide end-to-end authentication to Internet hosts that do not share any secret, without requiring the deployment of a new infrastructure. We perform a comparative analysis in terms of requirements, provided security and performance with state-of-the-art IKE authentication methods and with a recent proposal for IPv6 based on CGA. We conclude that DNSSEC-to-IKE enables the use of IPsec in a broad range of scenarios in which it was not applicable, at the price of offering slightly less security and incurring in higher performance costs.
Sponsor:	Universidad de Montpellier II
Review:	PeerReviewed
Publisher version:	http://dx.doi.org/10.1007/11915034_63
Keywords:	IPsec Authentication Internet
Rights:	© Springer
Appears in Collections:	DIT - Comunicaciones en Conferencias Internacionales / International Conferences

Items in E-Archivo are protected by copyright, with all rights reserved, unless otherwise indicated.

© Universidad Carlos III de Madrid - Software DSpace - Terms of use - Feedback