An Efficient and Secured Internet Key Exchange Protocol Design

Abstract

IPSec provides encryption and authentication on data packets protecting them from being eavesdropped or falsified. Prior to performing IPSec functions, shared session keys must be safely and secretly established between the two communication parties, usually two security gateways. Internet Key Exchange (IKE) protocol is the most common mechanism for two security gateways to exchange key materials. However, the original IKE is too flexible, complex, and vulnerable to DoS attack. Several enhanced IKE versions have been proposed to replace the original one. In this paper, we propose a new IKE version and analyze it extensively. The latest and most related version proposed in 2004 is used to compare with our version. Simulation results have shown that our protocol is more efficient and DoS resistant than the other, in addition to possessing more security merits.