Trust Management and Network Layer Security Protocols
Proceedings of the 7th International Workshop on Security Protocols
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Cryptography in OpenBSD: an overview
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
ACM Transactions on Information and System Security (TISSEC)
A Study of the Relative Costs of Network Security Protocols
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Transparent network security policy enforcement
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Experience with the keynote trust management system: applications and future directions
iTrust'03 Proceedings of the 1st international conference on Trust management
Portable tunnel establishment with a strong authentication design for secure private cloud
Proceedings of the 2012 ACM Research in Applied Computation Symposium
Robust and flexible tunnel management for secure private cloud
ACM SIGAPP Applied Computing Review
Hi-index | 0.01 |
A key component of the IP Security architecture is the Internet Key Exchange protocol. IKE is invoked to establish session keys (and associated cryptographic and networking configuration) between two hosts across the network. IKE needs to authenticate and authorize the parties involved in an exchange, negotiate parameters to be used for the communication, and interact with the local IPsec stack. The number of tasks, along with the flexibility built into the protocol, as well as the need to allow future additions and modifications to the protocol, need to be taken into consideration when designing and implementing IKE. Another complicating factor is the need for security policy management. Although IKE can establish security associations with remote hosts, some method for determining what kinds of traffic can and should be exchanged with a remote host is necessary. As there is no standard specification yet, we are using a trust-management based approach using the KeyNote system as a basis for specifying policy. This paper discusses the design, architecture, and implementation details of the OpenBSD IKE daemon, with separate mention of the security policy mechanism.