HIP_IKEv2: A Proposal to Improve Internet Key Exchange Protocol-based on Host Identity Protocol

S. Smaoui, F. Zarai, M. S. Obaidat, K. F. Hsiao, L. Kamoun

2013

Abstract

IKEv2 offers authentication, authorization and key agreement services to establish a security association between two peers bound to IP addresses, but it is still vulnerable to some security problems such as denial of service (Dos) and man-in-the-middle attack. Host Identity Protocol (HIP) is also a security protocol that defines host identifiers for naming the endpoints and performs authentication and creation of IPsec security associations between them bound to identifiers. The purpose of HIP is to support trust systems, enhance mobility and greatly reduce the Denial of Service (Dos) attacks. We focus on an extension to IKEv2 in order to enhance authentication, eliminate man-in-the-middle attack and guarantee denial of service to provide better security between the two peers. In this paper, we describe our proposal that consists of combining the IKEv2 with the HIP to set up a security association based on two parameters which are location and Identity. This combination can provide better security properties than each protocol used alone. This scheme, named (HIP_IKEv2) couples location and identity to define a security association between two peers. We have used the Automated Validation of Internet Security Protocols and Applications (AVISPA) and its Security Protocol Animator (SPAN), and two powerful automated tools in order to formally specify and validate the HIP_IKEv2 protocol.

References

1. Gurtov, A., 2008. Host Identity Protocol (HIP): Towards the Secure Mobile Internet. Helsinki Institute for Information Technology (HIIT), Finland, Wiley
2. Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., 2010. Internet Key Exchange Protocol Version 2 (IKEv2), IETF RFC5996; www.rfc-editor.org/info/rfc5996
3. Henderson, T., Gurtov, A., 2012. The Host Identity Protocol (HIP) Experiment Report, IETF RFC6538; www.rfc-editor.org/info/rfc6538
4. Arraez, L., Chaouchi, H., G.Ayadin, Z., 2011. “Performance Evaluation and Experiments for Host Identity Protocol”, IJCSI International Journal of Computer Science Issues, Vol 8, Issue 2, pp 74 - 83
5. Iso-Anttila, L., Ylinen, J., Loula, P., 2007. “A Proposal to Improve IKEv2 negotiation”, International Conference on Emerging Security Information Systems and Technologies (IEEE ICESIST), pp 169 - 174.
6. Xiaowei, Z., Zhou, H., Jun, L., 2010. “Analysis and improvement of IKEv2 against denial of service attack”, International Conference on Information Networking and Automation (IEEE ICINA), pp 350 - 355.
7. Zhou, P., Qin, Y., Xu, C., Guan, J., Zhang, H., 2010. “Security investigation and enhancement of IKEV2 protocol”, 3rd International Conference on Broadband Network and Multimedia Technology (IEEE IC-BNMT), pp 65 - 69.
8. Cheminod, M., Bertolotti, I., Durante, L., Sisto, R., Valenzano, A., 2009. “Tools for cryptographic protocols analysis: A technical and experimental comparison”, Elsevier Computer Standards & Interfaces, Vol 31, Issue 5, pp 954 - 961
9. Lafourcade, P., Terrade, V., Vigier, S., 2010. “Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties”, Springer Formal Aspects in Security and Trust(FAST), Vol 5983, pp 173-185.
10. Armando, A., Basin, D., Cuellar, J., Rusinowitch, M., Viganò, L., 2005. “The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications”, Springer Computer Aided Verification(CAV), Vol 3576, pp 281- 285.
11. Lim, S., Bang, K., Yi, O., Lim, J., 2007. "A Secure Handover Protocol Design in Wireless Networks with Formal Verification", Springer Wired/Wireless Internet Communications(WWIC), Vol 4517, pp 67 - 78.

Paper Citation

in Harvard Style

Smaoui S., Zarai F., S. Obaidat M., F. Hsiao K. and Kamoun L. (2013). HIP_IKEv2: A Proposal to Improve Internet Key Exchange Protocol-based on Host Identity Protocol . In Proceedings of the 3rd International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH, ISBN 978-989-8565-69-3, pages 404-411. DOI: 10.5220/0004630804040411

in Bibtex Style

@conference{simultech13,
author={S. Smaoui and F. Zarai and M. S. Obaidat and K. F. Hsiao and L. Kamoun},
title={HIP_IKEv2: A Proposal to Improve Internet Key Exchange Protocol-based on Host Identity Protocol},
booktitle={Proceedings of the 3rd International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH,},
year={2013},
pages={404-411},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004630804040411},
isbn={978-989-8565-69-3},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Simulation and Modeling Methodologies, Technologies and Applications - Volume 1: SIMULTECH,
TI - HIP_IKEv2: A Proposal to Improve Internet Key Exchange Protocol-based on Host Identity Protocol
SN - 978-989-8565-69-3
AU - Smaoui S.
AU - Zarai F.
AU - S. Obaidat M.
AU - F. Hsiao K.
AU - Kamoun L.
PY - 2013
SP - 404
EP - 411
DO - 10.5220/0004630804040411