Browse > Article

Security Gateway Extension Mechanism for Session Recovery in Virtual Private Network  

Kim, Jeong-Beom (Dept.of Computer Sceince, Korea University)
Lee, Yun-Jung (Dept.of Computer Sceince, Korea University)
Park, Nam-Sub (Dept.of Computer Sceince, Korea University)
Kim, Tai-Yun (Dept.of Computer Sceince, Korea University)
Publication Information
Journal of KIISE:Information Networking / v.29, no.1, 2002 , pp. 77-85 More about this Journal
Abstract
The surge in use of networks has recently increased demands for cryptography. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. They have suggested many key recovery techniques up to the present. we propose a mechanism as a solution, which are employed to reduce the time needed to reconnect SG and the host in Host-to-Gateway in VPNs supporting IPsec, in case they are disconnected. This new mechanism using KRFSH stores information at each session in advance so that users can recall the session information when needed to rebuild the tunnel between SG and the host in a VPN. As a result, the mechanism built into SG will solve the problems above in host-to-gateway VPNs using IPsec.
Keywords
IPSec; KRFSH;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Dave Kosiur, 'Building and Managing Virtual Private Networks?,' John Wiley & Sons, 1998
2 Atkinson, R., 'Security Architecture for the Internet Protocol,' RFC 2401, NRL, November 1998
3 Matt Blaze, 'Protocol Failure in the Escrowed Encryption Standard,' the 2nd ACM Conference on computer and Communications Security, pp. 59-67, 1994   DOI
4 Yair Frankel and Moti Yung, 'Escrow Encryption System Visited : Attacks. Analysis and Designs,' Cryto'95. Springer-Verlag, Lecture Notes in Computer Science, LNCS 963, pp.223-235, 1995
5 Ross Anderson and Micheal Roe, 'The GCHQ Protocol and its Problems,' Eurocrypt'97. Springer-Verlag, Lecture Notes in Computer Science, LNCS 1233, pp. 134-148, 1997
6 Adi Shamir, 'Partial key escrow : A new approach to software key escrow,' Key Escrow conference, 1995
7 S. J. Kim, I. S. Lee, M. Mambo and S. J. Park, 'On the Difficulty of Key Recovery System,' Proc. of ISW'99 Information Security Workshop, Springer-Verlag, 1999
8 D. Harkins, D. Carrel, 'The Internet Key Exchange (IKE),' RFC 2409, Cisco Systems, November 1998
9 Tom Markham, Charles Williams, Key Recovery Header for IPSec, Draft Key Recovery Alliance Recommendation 2, April, 1998
10 Atkinson, R., 'IP Authentication Header,' RFC 2402, NRL, November 1998
11 Atkinson, R., 'IP Encapsulation Security Payload,' RFC 2406, NRL, November 1998
12 Sabari Gupta, A Common Key Recovery Block Format: promoting Interoperability between dissimilar key recovery schemes, KRA white-paper, 1998
13 Michael J.Markowitz and roge S.Schlafly, Key Recovery in SecretAgent Digital Signiture draft 5, June 11, 1997
14 FreeS/WAN, http://www.freeswan.org/freeswan_trees/freeswan-1.8/doc/index.html
15 Christoper B. McCubbin, Ali Aydin Seluck, Deepinder Sidhu, 'Initialization Vector Attack on the IPsec Protocol Sutie', IEEE, Baltmore, 2000   DOI
16 Adi Shamir, 'Partial key escrow : A new approach to software key escrow,' Key escrow conference, 1995
17 Brigit Pfizmann and Micheal Waidner, 'How to Break Fraud Detectable Key Recovery,' ACM Operationg Systems Review 32, 1998   DOI