Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Study on WP-IBE compliant Mobile IPSec

WP-IBE 적용 Mobile IPSec 연구

  • Received : 2013.07.30
  • Accepted : 2013.09.05
  • Published : 2013.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In the wireless Internet, it is so restrictive to use the IPSec. The MIPv4 IPSec's path cannot include wireless links. That is, the IPSec of the wireless Internet cannot protect an entire path of Host-to-Host connection. Also wireless circumstance keeps a path static during the shorter time, nevertheless, the IKE for IPSec SA agreement requires relatively long delay. The certificate management of IPSec PKI security needs too much burden. This means that IPSec of the wireless Internet is so disadvantageous. Our paper is to construct the Mobile IPSec proper to the wireless Internet which provides the host-to-host transport mode service to protect even wireless links as applying excellent WP-IBE scheme. For this, Mobile IPSec requires a dynamic routing over a path with wireless links. FA Forwarding is a routing method for FA to extend the path to a newly formed wireless link. The FA IPSec SA for FA Forwarding is updated to comply the dynamically extended path using Source Routing based Bind Update. To improve the performance of IPSec, we apply efficient and strong future Identity based Weil Pairing Bilinear Elliptic Curve Cryptography called as WP-IBE scheme. Our paper proposes the modified protocols to apply 6 security-related algorithms of WP-IBE into the Mobile IPSec. Particularly we focus on the protocols to be applied to construct ESP Datagram.

무선 인터넷에서 IPSec의 사용은 제한이 많다. MIPv4 IPSec 경로는 동적 무선링크를 포함하지 못한다. 즉 무선 인터넷의 IPSec은 Host-to-Host 경로 전체를 보호할 수 없다. 또한 무선 환경은 고정경로가 유지될 시간을 줄이지만 IPSec SA 합의를 위한 IKE의 지연시간은 상대적으로 길고, IPSec PKI 보안의 인증서 관리는 수행부담이 크다. 이는 무선 인터넷에서 IPSec 사용은 매우 불리하다는 의미이다. 본 논문은 무선링크까지 보호하는 Host-to-Host Transport Mode를 제공하면서 성능이 우수한 WP-IBE 보호방식을 적용하여 무선 인터넷에 유리한 Mobile IPSec을 구축하는 것이 목표이다. 이를 위해 Mobile IPSec은 무선링크를 포함하는 동적경로에 대한 라우팅이 필요하다. FA (Foreign Agent) Forwarding 방안은 동적으로 변경되는 경로를 FA가 확장하는 라우팅 방안이다. FA Forwarding을 위한 FA IPSec SA는 Source Routing 기반 Bind Update를 통해서 동적경로 변경 정보로 갱신된다. IPSec의 수행성능을 높이기 위해 효율적이고 강력한 차세대 Identity Based Weil Pairing (WP) Bilinear Elliptic Curve Cryptography인 WP IBE 방식을 적용했다. 본 논문은 WP-IBE방식의 6개 암호 관련 알고리즘을 Mobile IPSec에 적용하는 변형 프로토콜을 제안하였다. 특별히 이 알고리즘을 ESP Datagram 구성에 적용하는 프로토콜에 집중하였다.

Keywords

References

  1. Cheong H. Choi, "Study of Document Distribution System Architecture for Digital Secret Document Leakage Prevention," Journal of Korean Society for Internet Information, Vol.11, No4, Aug. 2010, pp 143-158
  2. Cheong H. Choi, "The Study on Design and Implementation of MSEC-based Group Key Management Protocol for Corporate Secret Distribution," Journal of Korean Society for Internet Information, Vol.11, No6, Dec. 2010, pp 87-110
  3. Cheong H, Choi, "Study on IBE-based Crypto- Module Functional Architecture," 2010 Proceedings of the Korean Society for Internet Information Conference, pp. 419-422, Jeju Habitchi Resort, Jesus, Jun-25, 2010
  4. Cheong H. Choi, "IBE based Mobile IP Security," Proceedings for ICONI & APIC-IST 2010, pp. 115-118, Mactan Island, Philippines, 2010-12-17
  5. Torsten Braun and Marc Danzelsen, "Secure Mobile IP Communication," LCN '01 Proceedings of the 26th Annual IEEE Conference on Local Computer Networks, p. 586, IEEE Computer Society, Washington DC, USA, 2001
  6. Wei Qu and Sampalli Srinivas, "IPSec-based secure wireless virtual private network," MILCOM 2002 Proceedings, Vol. 2, pp. 1107-1112, Oct. 7-10, 2002
  7. Daniel B. Faria, and David R. Cheriton, "Detecting Identity-based Attacks in Wireless Networks Using Signalprints," WiSe'06, September 29, 2006, Los Angeles, California, USA. pp. 43-52
  8. Craig A. Shue, Minaxi Gupta, Steven A. Myers, "IPSec: Performance Analysis and Enhancements," ICC 2007 Proceedings, IEEE 2007, pp. 1527-1532
  9. Salem Itani, "Use of IPSec in Mobile IP," Report ID#20011003, The American University of Beirut, May 21, 2001
  10. D. Harkins, and D. Carrel, "The Internet Key Exchange (IKE)," RFC 2409, Nov. 1998
  11. S. Kent and R. Atkinson, "IP Encapsulat- ing Security Payload (ESP)," RFC 2406, Nov. 1998
  12. C. Kaufman, Ed, "Internet Key Exchange (IKEv2) Protocol," RFC 4306, May 2005
  13. C. Perkins and P. Calhoun, "Authentication, Authorization, and Accounting (AAA) Registration Keys for Mobile IPv4, " RFC 3957, March 2005
  14. S. Vaarala and E. Klovning, "Mobile IPv4 Traversal across IPsec-Based VPN Gateways," RFC 5265, June 2008
  15. H. Choi, H. Song, G. Cao and T. F. La Porta, "Mobile multi-layered IPsec," Journal of Wireless Networks, Volume 14, Issue 6, pp. 895-913, December 2008 https://doi.org/10.1007/s11276-007-0031-z
  16. G. Appenzeller and B. Lynn, "Minimal-Overhead IP Security using Identity Based Encryption," http://citeseerx.ist.psu.edu/viewdoc/doi=10.1.1.10.3124
  17. K. G. Paterson, "ID-based signatures from Pairings on Elliptic Curves," http://eprint.iacr.org/2002/004.pdf
  18. A. Alshamsi and T. Saito, "A Technical Comparison of IPSec and SSL," 19th International Conference on AINA 2005, 28-30 March 2005, Vol. 2, pp. 395-398
  19. Anoop MS, "Elliptic Curve Cryptography," MS Anoop - An Implementation Guide, Jan. 2007, http://www.infosecwriters.com/text_resources/pdf/Elliptic_Curve_AnnopMS.pdf
  20. NCSA, "The Case for Elliptic Curve Cryptography," http://www.nsa.gov/business/prog-rams/elliptic_curve.shtml, Jan. 2013
  21. A. Menezes, "An introduction to pairing-based cryptography," Notes from lectures (2005) in http://www.cacr.math.uwaterloo.ca/-ajmeneze/public
  22. D. Boneh (1998), "The Decision Diffie- Hellman Problem". ANTS-III: Proceedings of the Third International Symposium on Al-gorithmic Number Theory (Springer-Verlag): pp. 48-63, 1998
  23. D. Boneh and Matthew Frankliny, "Identity-Based Encryption from the Weil Pairing", SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. https://doi.org/10.1137/S0097539701398521
  24. V. S. Miller, "The Weil Pairing, and Its Efficient Calculation," J. Cryptology (2004) 17: pp. 235-261, 2004
  25. M. Bellare and P. Rogaway, "Random oracles are practical: A paradigm for designing efficient protocols," Proc. First Annual Conf-erence on Computer and Communications Security, ACM, 1993
  26. M. Bellare, A. Desaiy, D. Pointchevalz, P. Rogaway, "Relations Among Notions of Security for Public-Key Encryption Schemes," Advances in Cryptology, CRYPTO '98, Lecture Notes in Computer Science, Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998
  27. F. Baker and P. Savola, "Ingress Filtering for Multihomed Networks," RFC 3704, March 2004
  28. NSA, "Suite B Implementer's Guide to NIST SP 800-56A," http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf, July 28, 2009