Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.4.127

Design of a Security System to Defeat Abnormal IPSec Traffic in IPv6 Networks  

Kim Ka-Eul (Sungkyunkwan University)
Ko Kwang-Sun (Sungkyunkwan University)
Gyeong Gye-Hyeon (Sungkyunkwan University)
Kang Seong-Goo (Sungkyunkwan University)
Eom Young-Ik (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.4, 2006 , pp. 127-138 More about this Journal
Abstract
The IPSec is a basic security mechanism of the IPv6 protocol, which can guarantee an integrity and confidentiality of data that transmit between two corresponding hosts. Also, both data and communication subjects can be authenticated using the IPSec mechanism. However, it is difficult that the IPSec mechanism protects major important network from attacks which transmit mass abnormal IPSec traffic in session-configuration or communication phases. In this paper, we present a design of the security system that can effectively detect and defeat abnormal IPSec traffic, which is encrypted by the ESP extension header, using the IPSec Session and Configuration table without any decryption. This security system is closely based on a multi-tier attack mitigation mechanism which is based on network bandwidth management and aims to counteract DDoS attacks and DoS effects of worm activity.
Keywords
IPSec; IPv6; Intrusion Prevention System; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Kent, and R. Atkinson, RFC2406: IP Encapsulating Security Payload (ESP), Nov. 1998
2 A. Triulzi, 'Intrusion Detection and IPv6,' Proc. of the Conference Security and Protection of Information 2003, Apr. 2003, pp. 15
3 K. Wehrle, et al, The Linux Network Architecture, Prentice Hall, 2005
4 조은경, 고광선, 이태근, 강용혁, 엄영익, '리눅스 Netfilter 프레임웍과 CBQ 라우팅 기능을 이용한 비정상 트래픽 제어 시스템 설계,' 정보보호학회논문지, 한국정보보호학회, Vol. 13, No. 6, Dec. 2003, pp. 129-140
5 K. Ko, E. Cho, T. Lee, Y. Kang, and Y. I. Eom, 'The Abnormal Traffic Control Framework based on QoS Mechanisms,' Lecture Notes in Computer Science, #3280, Oct. 2004
6 P. Loshin, IPv6 : Theory, Protocol, and Practice, Morgan Kaufmann, 2nd Ed., 2004
7 S. Floyd and V. Jacobson, 'Link sharing and Resource Management Models for Packet Networks,' IEEE/ ACM Transactions on Networking, Vol. 3, No. 4, 1995
8 S. Kent, and R. Atkinson, RFC2401: Security Architecture for Internet Protocol, Nov. 1998
9 W. Stallings, Network Security Essentials, Prentice Hall, 2nd Ed., 2003
10 N. Doraswamy and D. Harkins, IPSec The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Prentice Hall, 1999
11 A. Rubini and J. Corbet, Linux Device Driver, O'Reilly, 2nd Ed., 2002
12 S. Deering and B. Hinden , RFC2460: Internet Protocol, Version 6 (IPv6) Specification, Dec. 1998
13 D. Maughan, M.Schertler, M. Schneider, and J. Turner, RFC2408: Internet Security Association and Key Management Protocol (ISAKMP), Nov. 1998