NeoMAN: A Negotiation Management System for IKE Protocol Based on X.509 Certificate in Cross Domain Application

Abstract

IPSec VPN is widely used to protect remote data access. IKE protocol is the mandatory key management protocol of IPSec protocol, it provides a manual configuration method for IPSec VPN. But manual configuration is complex, unreliable, unmanageable, and especially less of support for cross-domain management. This paper proposes an IKE negotiation management system based on X.509, called NeoMAN. The NeoMAN system is designed to analysis the security requirements in intra-/cross- domain, provides cross-domain security requirement negotiation, security policy generation, and automatic IKE client configuration. The proposed method reduces the complexity of the IKE configuration process, improves the adaptability of the IKE protocol in cross-domain application, and also provides the management approach for IPSec VPN application.