Cryptographic Algorithm Invocation Based on Software-Defined Everything in IPsec

IPsec was initially developed for IPv6 to ensure the communication security. With the development of Internet of Things (IoT) and the mounting importance of network security, increasing numbers of applications require IPsec to support the customized definition of cryptographic algorithms and to provide flexible invocation of these algorithms. To address this issue, an invocation mechanism for cryptographic algorithms is proposed in this paper and applied to IPsec, entitled Free to Add (FTA), based on the concept of software-defined everything. Using the idea of interface opening, the addition of a new cryptographic algorithm and updating of the existing algorithms in the algorithm library both can be achieved through the opening interfaces provided by FTA. Switching the cryptographic algorithm to be used in the FTA framework can avoid the unnecessary consumption. Besides, using the subalgorithm interface and algorithm-control interface designed here, FTA provides several software-defined invocation modes (e.g., combination and switching according to the control instruction sent by the control program) to implement hybrid encryptions or change the cryptographic algorithms for communication. Finally, the feasibility and availability of the proposed FTA mechanism are evaluated by StrongSwan.

[1]  Zhili Sun,et al.  Integrating IPsec within OpenFlow Architecture for Secure Group Communication , 2014 .

[2]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[3]  Andrei V. Gurtov,et al.  Enabling Secure Mobility with OpenFlow , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[4]  Asif Qumer Gill,et al.  IoT enabled smart buildings: A systematic review , 2017, 2017 Intelligent Systems Conference (IntelliSys).

[5]  Santosh Kumar Majhi,et al.  Placement of Security Devices in Cloud Data Centre Network , 2016 .

[6]  Luís Henrique M. K. Costa,et al.  Assessing the impacts of IPsec cryptographic algorithms on a virtual network embedding problem , 2018, Comput. Electr. Eng..

[7]  John A. Stankovic,et al.  Research Directions for the Internet of Things , 2014, IEEE Internet of Things Journal.

[8]  Rosilah Hassan,et al.  Impact of IPSec Protocol on the Performance of Network Real-Time Applications: A Review , 2018, Int. J. Netw. Secur..

[9]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[10]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[11]  Thomas Newe,et al.  An FPGA based reconfigurable IPSec ESP core suitable for IoT applications , 2016, 2016 10th International Conference on Sensing Technology (ICST).

[12]  Mohammad S. Obaidat,et al.  Improved IPSec tunnel establishment for 3GPP–WLAN interworking , 2015, Int. J. Commun. Syst..

[13]  Mahdi H. Miraz,et al.  A review on Internet of Things (IoT), Internet of Everything (IoE) and Internet of Nano Things (IoNT) , 2015, 2015 Internet Technologies and Applications (ITA).

[14]  Xin-Wen Wu,et al.  Lightweight security protocols for the Internet of Things , 2017, 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[15]  Mohsen Guizani,et al.  Home M2M networks: Architectures, standards, and QoS improvement , 2011, IEEE Communications Magazine.

[16]  Mohammad Irshad,et al.  A Systematic Review of Information Security Frameworks in the Internet of Things (IoT) , 2016, 2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[17]  Min Chen,et al.  Software-Defined Mobile Networks Security , 2016, Mobile Networks and Applications.