Browse > Article

An Implementation of Security Key Management System by LDAP  

Yoon, Sung-Jung (목포해양대학교)
Kim, Geon-Ung (목포해양대학교)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.10, no.3, 2006 , pp. 437-445 More about this Journal
Abstract
The security key management function is a key element to secure network environment, and many protocols include IPSec, HIP, etc. demand this function. There are two solutions to provide the key management function in the network layer, one is a method for storing security key material in the directory, and the other is a method for storing security key material in DNS. In this paper we present an implementation of key management system by LDAP. We deployed the open source solutions for directory service(OpenLDAP), cryptographic algorithm (FLINT/C), IPSec(FreeS/WAN), and verified the key management system by the encrypted message exchange and the interoperability test by un daemon.
Keywords
IPSec;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Partridge, F. Kastenholz, 'Technical Criteria for Choosing IP The Next Generation (IPng)', IETF RFC 1726, Dec. 1994
2 D.Harkins, D.carrel, 'The Internet Key Exchange (IKE)', IETF RFC 2409, Nov. 1998
3 Mockapetris, P., 'Domain names - concepts and facilities', SID 13, RFC 1034, November 1987
4 Mockapetris, P., 'Domain names - implementation and specification', SID 13, RFC 1035, November 1987
5 Eastlake 3rd, D., 'Domain Name System Security Extensions', RFC 2535, March 1999
6 Kaufman, C., 'Internet Key Exchange (IKEv2) Protocol', draft-ietf- ipsec-ikev2-17 (work in progress), October 2004
7 http://www.pki-page.org/
8 Hodges, J. and R. Morgan, 'Lightweight Directory Access Protocol (v3): Technical Specification', RFC 3377, September 2002
9 http://archive.dante.net/np/ds/osi.html
10 P. Vixie, 'Extension Mechanisms for DNS (EDNSO)', IETF RFC 2671, Aug. 1999
11 S. Deering, R. Hinden, 'Internet Protocol, Version 6 (IPv6) Specification', IETF RFC 2460, Dec. 1998
12 http://www.microsoft.com/windowsxp/pro/techinfo/administration/ ipv6
13 http://www.ietf.org/html.charters/pkix-charter
14 R. Arends, R. Austein, M. Larson, D. Massey, S. Rose, 'DNS Security Introduction and Requirements', IETF RFC 4033, March 2005
15 http://www.ietf.org/html.charters/hip-charter.html
16 S. Kent, R. Atkinson, 'IP Encapsulating Security Payload (ESP)', IETF RFC 2406, Nov. 1998
17 Finlayson, Mann, Mogul, Theimer, 'A Reverse Address Resolution Protocol', IETF RFC 903, June, 1984
18 Joan Daemen and Vincent Rijmen, 'AES submission document on Rijndael', June 1998
19 http://www.sun.com
20 S. Kent, R. Atkinson, 'IP Authentication Header', IETF RFC 2402, Nov. 1998
21 ANSI X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry, 1998
22 http://www.freeswan.org
23 S. Kent, K. Seo, 'Security Architecture for the Internet Protocol', draft-ietf-ipsec-rfc2401bis-D6.txt, March, 2005
24 H. Orman, 'The OAKLEY Key Determination Protocol', IETF RFC 2412, Nov. 1998
25 D. Maughan, M. Schertler, M. Schneider, J. Turner, 'Internet Security Association and Key Management Protocol(ISAKMP), IETF RFC 2408, Nov. 1998
26 Radia Perlman, Charlie Kaufman, 'Key Exchanges in IPSec: Analysis of IKE', IEEE Internet Computing Vol. 4, No.6, Nov. 2000
27 Secure Electronic Transactiont(SET) Specification Book 1: 'Business Description', 1997.5
28 http://www.tahi.org
29 ISO 9594-1, X.500, 'The Directory Part1: Overview of Concepts, Models, and Services', 1993
30 http://www.software.hp.com
31 http://www.openldap.org
32 http://www.strongsec.com/freeswan
33 S. Kent, R. Atkinson, 'Security Architecture for the Internet Protocol', IETF RFC 2401, Nov. 1998
34 http://www.isc.org
35 http://www.ipv6.org
36 R. Droms, 'Dynamic Host Configuration Protocol', IETF RFC 1541, Oct. 1993
37 Welchenbach, Michael, 'Cryptography in C and C++', Springer-Verlag New York Inc, 2001