论文信息 - NeoMAN: Negotiation Management Method for IKE Protocol Based on X.509

NeoMAN: Negotiation Management Method for IKE Protocol Based on X.509

The Internet key exchange (IKE) protocol is most widely used as a security key exchange protocol on the Internet. For example, IPSec protocol uses IKE protocol as its mandatory key exchange protocol. The various parameters of the IKE protocol must be configured in advance before establishing a connection. However, its complex options and manual settings diminish in usability. This paper proposes a negotiation management method for the IKE protocol based on X.509, called NeoMAN. We make use of the extension field of the X.509 certificate to carry IKE configuration profiles with and design a negotiation assistant module (NAM) to hold the management processes. Our proposed method reduces the complexity of the configuration process, improves the adaptability of the IKE protocol, and also provides a centralized IKE management approach.

Inhyuk Kim | Young Ik Eom | Zhen Zhao | Kwangsun Ko | Jung Han Kim

[1] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[2] Sangjoon Park,et al. Internet X.509 Public Key Infrastructure Subject Identification Method (SIM) , 2006, RFC.

[3] Angelos D. Keromytis,et al. Trust management for IPsec , 2002, TSEC.

[4] Carlton R. Davis. Ipsec: Securing Vpns , 2001 .

[5] Dan Harkins,et al. The Internet Key Exchange (IKE) , 1998, RFC.

[6] G. G. Stokes. "J." , 1890, The New Yale Book of Quotations.

[7] William Stallings,et al. Network security essentials - applications and standards (2. ed.) , 2003 .

[8] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[9] William Stallings,et al. Network Security Essentials: Applications and Standards , 1999 .