The Improving of IKE with PSK for Using in Mobile Computing Environments
The rapid increase in using mobile communication networks for transmitting confidential data and conducting commercial transactions such as mobile e-commerce is creating large demands in designing secure mobile business systems. However, the mobile devices and mobile communication network have some weakness. It can cause some problems using traditional VPN technologies in mobile computing environments immediately. Currently, mobile usersauthentication in IKE is being done using certificates or PSK with aggressive mode commonly. They have serious security related issues (for PSK with aggressive mode) and need high deployment and maintain cost (for certificates). In this paper, we propose a new approach that is based on PSK where the IKE negotiation phase is modified for using in mobile computing environments. The modified IKE consists of four messages, and the responder doesnt need to store any state while receiving message 1.It uses strong cookies and precalculated DHpp stack, etc technologies to counter IP flooding attacks and Man-in-the-Middle DoS attacks, because it does not require the responder to perform heavy computations before the initiator has authenticated itself. Otherwise, for one mobile user, it has a group of PSKs to be random selected, and the initiator and responder exchange identity info and agree on PSK with Hash (PSK-ID|IDi) or Hash (PSK-ID|IDr) info. Therefore, it provides the initiator and responders identity protection and prevention of passive dictionary based attacks on pre-shared keys.
Mobile Computing Security and Protection Virtual Private Networks (VPN) Internet Key Ezchange (IKE)
Dingguo Yu Nan Chen
College of Information Shaoxing University Shaoxing,312000 China College of Qiangjiang Hangzhou Normal University Hangzhou,310012,China
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
331-334
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)