Browse > Article

A Dynamic Key Lifetime Change Algorithm for Performance Improvement of Virtual Private Networks  

HAN, Jong-Hoon (Samsung Electronicsco. Telecommunication R&D Center)
LEE, Jung Woo (Samsung SDS SCM Business group)
PARK, Sung Han (Department of Computer Science and Engineering, Hanyang University)
Publication Information
Journal of the Institute of Electronics Engineers of Korea TC / v.42, no.10, 2005 , pp. 31-38 More about this Journal
Abstract
Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.
Keywords
IPSec; IKE;
Citations & Related Records
연도 인용수 순위
  • Reference
1 FreeS/WAN project, www.freeswan.org
2 IP Security Document Roadmap (RFC 2411)
3 Security Architecture for the Internet Protocol (RFC 2401)
4 IP Authentication Header (RFC 2402)
5 Carlton R. Davis, IPSec : Securing VPNs, McGraw-Hill, 2001
6 O. Elkeelany, M. Matalgah, K Sheikh, M. Thaker & D. Qaddour, 'Performance Analysis of IPSec Protocol: Encryption and Authentication,' IEEE International Conference on Communications, Vol. 2, pp. 1164-1168, 2002   DOI
7 R. Perlman, C. Kaufman, 'Key exchange in IPSec: analysis of IKE,' Internet Computing, IEEE, Vol 4, No.6, pp. 50-56, 2000   DOI   ScienceOn
8 IP Encapsulating Security Payload (ESP) (RFC 2406)
9 Roger Younglove, 'IP security: what makes it work?,' Computing & Control Engineering Journal, Vol 12, No.1, pp. 44-45, 2001   DOI