Hossein Fereidooni, Hassan Taheri, Mehran Mahramian
Electrical Engineering Department, Amirkabir University of Technology, Tehran, Iran.
Informatics Services Corporation, Tehran, Iran.
DOI: 10.4236/ijcns.2012.54030   PDF    HTML     6,828 Downloads   11,235 Views   Citations

Abstract

Accelerating methods are used to enhance TCP performance over satellite links by employing Performance Enhancement Proxies (PEPs). However, providing a secure connection through the PEPs seems to be impossible. In this paper an appropriate method is proposed in order to provide an accelerated secure E2E connection. We show an efficient secure three-party protocol, based on public key infrastructure (PKI), which provides security against spiteful adversaries. Our construction is based on applying asymmetric cryptography techniques to the original IKE protocol. Security protocols use cryptography to set up private communication channels on an insecure network. Many protocols contain flaws, and because security goals are seldom specified in detail, we cannot be certain what constitute a flaw. Proofing security properties is essential for the development of secure protocol. We give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange. Based on the results of this preliminary analysis, we have implemented a prototype of our security protocol and evaluated its performance and checked safety properties of security protocol, and the results show that the protocol is robust and safe against major security threats.

Keywords

Virtual Private Networks (VPNs); Public Key Infrastructure; Authentication; Internet Key Exchange (IKE); BAN-Logic

Share and Cite:

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	P. E. Olechna and P. Feighery, “Virtual Private Network Issue Using satellite Based Networks,” IEEE Military Communication Conference, Reston, Vol. 2, 28-31 October 2001, pp. 785-789.
[2]	D. Demirel, F. Alagoz and M. Ufuk, “IPsec over Satellite Links: A New Flow Identification Method,” 7th IEEE International Symposium on Computer Network, Cambridge, 24-26 July 2006, pp. 140-145.
[3]	Y. Zhang, “A Multilayer IP Security Protocol for TCP Performance Enhancement in Wireless Network,” IEEE Journal on Selected Areas in Communications, Vol. 22, No. 4, 2004, pp. 767-776. doi:10.1109/JSAC.2004.825993
[4]	D. Harkins and D. Carrel, “The Internet Key Exchange (IKE). [R] RFC2409,” 1998
[5]	R. Housley, W. Ford, W. Polk and D. Solo, “Internet Public Key Infrastructure, Part I: X. 509 Certificate and CRL Profile, [R],” IETF PKIX Working Group, 1997.
[6]	H. Fereidooni, H. Taheri and M. Mahramian, “A New Authentication and Key Exchange Protocol for Insecure Networks,” The 5th International Conference on Wireless Communications, Networking and Mobile Computing, Beijing, 24-26 September 2009, pp. 1-4.
[7]	H. Fereidooni, A. Parichehreh, H. Taheri, M. Mahramian and B. Eliasi, “ML-IPSec+: An End to End Accelerated VPN for Satellite Links,” International Journal of Computer Science and Network Security, Vol. 9, No. 1, 2009.
[8]	J.-M. Zhu and J.-F. Ma, “An Internet Key Exchange Protocol Based on Public Key Infrastructure,” Journal of Shanghai University, Vol. 8, No. 1, 2004, pp. 51-56. doi:10.1007/s11741-004-0012-8
[9]	M. Burrows, M. Abadi and R. Needham, “A Logic of Authentication: ACM Operating Systems Review,” DEC System Research Center Report Number 39, Palo Alto, 1989.
[10]	T. Kyntaja, “A Logic of Authentication by Burrows, Abadi and Needham,” Science Helsinki University of Technology, Tehran. http://www.tml.tkk.fi/Opinnot/Tik-110.501/1995/ban.html
[11]	W. Teepe, “BAN Logic and Hash Functions,” Autonomous Agents and Multi-Agent Systems, Vol. 19, No. 1, 2009, pp. 76-88. doi:10.1007/s10458-008-9063-8
[12]	Jan Wessels, “Application of BAN-Logic,” Technical Report, CMG Public Sector B.V., 19 April 2001.