IKE context transfer in an IPv6 mobility environment
read more
Citations
Failure preventive mechanism for IPsec gateways
Applying IKE/IPsec context transfer to aeronautical networks
Performance analysis of signalling overhead in Host Identity Protocol-based secure mobile networks: Ultra Flat Architecture or end-to-end signalling?
Mobility and Radio Resource Management in Future Aeronautical Mobile Networks
High Availability for IPsec VPN Platforms: ClusterIP Evaluation
References
Security Architecture for the Internet Protocol
A security architecture for the Internet protocol
IP Encapsulating Security Payload (ESP)
The Internet Key Exchange (IKE)
Internet Key Exchange (IKEv2) Protocol
Related Papers (5)
IKEv2 authentication exchange model and performance analysis in mobile IPv6 networks
Frequently Asked Questions (13)
Q2. What contributions have the authors mentioned in the paper "Ike context transfer in an ipv6 mobility environment" ?
The context transfer mechanism provides an efficient way to re-establish security parameters. In this paper, the authors use context transfer in order to transfer the IPsec and IKE contexts related to a mobile node from a previous security gateway to a new one. The first purpose of this paper is to define the IKEv2 context and to provide a solution for handling SPIs collisions using MOBIKE. The second aim of this paper is to set out an implementation of the Context Transfer Protocol for IPsec/IKEv1 in an IPv6 mobility environment and to provide performance results of such an optimisation.
Q3. What are the future works in "Ike context transfer in an ipv6 mobility environment" ?
For this purpose, the authors plan to submit an IETF draft about the proposed solutions.
Q4. What are the aims of the context transfer mechanism?
The aims of the context transfer mechanism are to transfer the network states information relevant to a mobile node, and to follow it during its movements.
Q5. What is the purpose of the IKEv2 protocol?
The IKEv2 protocol mutually authenticates two peers - the initiator and the responder - in order to dynamically and securely establish IPsec SAs.
Q6. What is the purpose of this paper?
The purpose of this paper is to extend their works about the viability of the context transfer mechanism for IPsec/IKE in an IPv6 mobility environment.
Q7. What is the main reason why IKE protocols are so expensive?
IKE protocols (v1 or v2) are quite computationally intensive because of the DiffieHellman key exchange or the number of EAP roundtrips.
Q8. How long does it take to get the results?
7http://ipsec-tools.sourceforge.netIn order to get the following results, the authors used an UDP traffic generator with a delay of 50 ms between each packet.
Q9. What should the MN do when a handover occurs?
When a handover occurs, the MN should re-authenticate itself to regain access to the network since the new AR IPsec databases are not configured.
Q10. How long does it take to set up the security?
As the authors can see in table 1, with the IPsec/IKEv1 context transfer optimisation, the security set up takes only 20 ms while without this optimisation, it takes at least 1300 ms.
Q11. What is the purpose of the IKEv2 context?
The Peer Authentication Database identifies the peers that are authorized to communicate with the security gateway, specifies the protocol and method used to authenticate each peer, contains the authentication data for each peer and provides a link between IKEv2 and the SPD for the policy lookup.
Q12. How can IKEv2 be used to solve collisions?
By showing that collisions of SPIs can occur after an IKEv2 context transfer, the authors explain how these collisions can be solved by defining a new MOBIKE [3] extension.
Q13. What are some of the services that are known as context transfer candidates?
Such services are known as context transfer candidate services and examples include IEEE 802.11i, IPsec and AAA3 protocols [4], QoS4 policy, header compression, etc.