IKEv1 and IKEv2: A Quantitative Analyses
Authors: H.Soussi, M.Hussain, H.Afifi, D.Seret
Abstract:
Key management is a vital component in any modern security protocol. Due to scalability and practical implementation considerations automatic key management seems a natural choice in significantly large virtual private networks (VPNs). In this context IETF Internet Key Exchange (IKE) is the most promising protocol under permanent review. We have made a humble effort to pinpoint IKEv2 net gain over IKEv1 due to recent modifications in its original structure, along with a brief overview of salient improvements between the two versions. We have used US National Institute of Technology NIIST VPN simulator to get some comparisons of important performance metrics.
Keywords: Quantitative Analyses, IKEv1, IKEv2, NIIST.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1077177
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4596References:
[1] Ferguson, Niels, and Schneier, Bruce, "A Cryptographic Evaluation of IPSec", http://www.counterpane. com, April 1999.
[2] D. Harkins and D. Carrel, The Internet Key Exchange (IKE) , RFC 2409, November 1998.
[3] http://www.antd.nist.gov/niist/
[4] C. Kaufman, Editor, Internet Key Exchange (IKEv2) Protocol , draft-ietf ipsec-ikev2-17.txt, September 23, 2004
[5] http://www.ssfnet.org/homePage.html
[6] J Zhou, Kent Ridge, ÔÇÿFurther analysis of the Internet key exchange protocol- Digital Labs, 21 Heng Mui Keng Terrace, Singapore, Computer Communications 23 (2000) 1606-1612
[7] Catherine Meadows, ÔÇÿAnalysis of the Internet Key Exchange Protocol Using the NRLProtocol Analyzer 1999-Naval Research Laboratory Washington, DC 20375 Code 5543
[8] M. Hussain, I.Hajjeh, H. Afifi, D. Seret,"Tri-party IKEv2 in Home Networks", ICACT 07 Seoul, South Korea.
[9] K.Okhee,D.Montgomery,"Behavioral and Performance Characteristics of IPsec/IKE in Large-Scale VPNs",www.antd.nist.gov/niist
[10] Ran Canetti and Hugo Krawczyk ÔÇÿSecurity Analysis of IKE's Signaturebased Key- Exchange Protocol ÔÇÿCrypto'03 (LNCS Series, Vol. 2729)].
[11] RFCs 2401, 2402, 2403, 2406, 2409, 2411
[12] Michael S; Borella, ÔÇÿMethods and protocols for secure key negotiation using IKE- 3Com www.3com.com
[13] Perlman, R. and Kaufman, C. "Key Exchange in IPSec: Analysis of IKE", IEEE Ineternet Computing, Nov/Dec 2000.