By Topic

The Improving of IKE with PSK for Using in Mobile Computing Environments

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Dingguo Yu ; Coll. of Inf., Shaoxing Univ., Shaoxing, China ; Nan Chen

The rapid increase in using mobile communication networks for transmitting confidential data and conducting commercial transactions such as mobile e-commerce is creating large demands in designing secure mobile business systems. However, the mobile devices and mobile communication network have some weakness. It can cause some problems using traditional VPN technologies in mobile computing environments immediately. Currently, mobile users' authentication in IKE is being done using certificates or PSK with aggressive mode commonly. They have serious security related issues (for PSK with aggressive mode) and need high deployment and maintain cost (for certificates). In this paper, we propose a new approach that is based on PSK where the IKE negotiation phase is modified for using in mobile computing environments. The modified IKE consists of four messages, and the responder doesn't need to store any state while receiving message 1. It uses strong cookies and pre-calculated DHpp stack, etc technologies to counter IP flooding attacks and man-in-the-middle DoS attacks, because it does not require the responder to perform heavy computations before the initiator has authenticated itself. Otherwise, for one mobile user, it has a group of PSKs to be random selected, and the initiator and responder exchange identity info and agree on PSK with Hash (PSK-ID|IDi) or Hash (PSK-ID|IDr) info. Therefore, it provides the initiator and responder's identity protection and prevention of passive dictionary based attacks on pre-shared keys.

Published in:

Information Assurance and Security, 2009. IAS '09. Fifth International Conference on  (Volume:1 )

Date of Conference:

18-20 Aug. 2009