Proceedings of the IEEK Conference (대한전자공학회:학술대회논문집)
- 2006.06a
- /
- Pages.37-38
- /
- 2006
A security problem and its solution in Ipsec
IPsec의 보안상 문제점과 해결방안
- Kim, Jung-Hyun (Department of Electronics and Computer Engineering, Hanyang University) ;
-
Won, You-Jip
(Department of Electronics and Computer Engineering, Hanyang University)
;
-
Im, Eul-Gyu
(The College of Information and Communications, Hanyang University)
- Published : 2006.06.21
Abstract
In this paper, we describe a security problem of IPsec. And we propose a solution for this problem. The problem is a fragility of IPsec Gateway which is used in tunnel mode. The role of IPsec Gateway is encrypting or decrypting IPsec packets. Because of the role of IPsec Gateway, IPsec Gateway suffers overhead for decrypting numerous packets. Adversaries can easily attack IPsec Gateway using a DDoS attack. To solve this problem, we propose the "Priority based Random Packet Drop" method. In this method, the white list which is a list of normal users is created. After that, according to the frequency of uses, the method marks priorities of random drops to the white list. If anomalous traffic appeared, this method will drop many packets which consist of anomalous traffic. In simple experiment, we show our solution is proper to defend IPsec Gateway. For this experiment, we use empirical backbone traffic which includes DoS attacks.
Keywords