Publication:
Enabling Practical IPsec authentication for the Internet

Loading...
Thumbnail Image
Identifiers
ISSN: 1611-3349 (Online)
ISBN: 9783-540482697
Publication date
2006-11
Defense date
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Springer-Verlag
Impact
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
There is a strong consensus about the need for IPsec, although its use is not widespread for end-to-end communications. One of the main reasons for this is the difficulty for authenticating two end-hosts that do not share a secret or do not rely on a common Certification Authority. In this paper we propose a modification to IKE to use reverse DNS and DNSSEC (named DNSSEC-to-IKE) to provide end-to-end authentication to Internet hosts that do not share any secret, without requiring the deployment of a new infrastructure. We perform a comparative analysis in terms of requirements, provided security and performance with state-of-the-art IKE authentication methods and with a recent proposal for IPv6 based on CGA. We conclude that DNSSEC-to-IKE enables the use of IPsec in a broad range of scenarios in which it was not applicable, at the price of offering slightly less security and incurring in higher performance costs.
Description
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (First International Workshop on Information Security (IS'06), OTM Federated Conferences and workshops). Montpellier, Oct,/Nov. 2006
Keywords
IPsec, Authentication, Internet
Bibliographic citation
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. Springer, 2006. P. 392-403 (Lecture Notes in Computer Science; 4277)