Performance evaluation of IKEv2 authentication methods in next generation wireless networks

Faigl, Zoltán; Lindskog, Stefan; Brunström, Anna

doi:10.1002/sec.114

Cited by 6 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, with message sizes in the order of 10 KBytes and RTTs approaching 200 ms, the impact becomes quite significant. In fact, the figure predicts that some messages in a video flow (e.g., frames of size 30 KBytes that are transmitted at a frame rate of 30 frames/s) over a 3G wireless link with an RTT of 200 ms [25] experience delay penalties in the vicinity of 1 s.…”

Section: Predicting Startup Delays For Real-time Trafficmentioning

confidence: 98%

Impact of Slow Start on SCTP Handover Performance

Eklund

Grinnemo

Brunström

et al. 2011

2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN)

Self Cite

View full text Add to dashboard Cite

The rapidly growing interest in untethered Internet connections, especially in terms of WLAN and 3G/4G mobile connections, calls for intelligent session management: a mobile device should be able to provide a reasonable end-user experience despite location changes, disconnection periods and, not least, handovers. As part of an effort to develop a SCTP-based session management framework that meets these criteria, we are studying ways of improving the SCTP handover delay for real-time traffic; especially the startup delay on the connection between a mobile device and the target access point. To obtain an appreciation of the theoretically feasible gains of optimizing the startup delay on the handover-target path, we have developed a model that predicts the transfer times of SCTP messages during slow start. This paper experimentally validates our model and demonstrates that it could be used to predict the message transfer times in a variable bitrate flow by approximating the variable flow with a constant dito. It also employs our model to obtain an appreciation of the startup delay penalties incured by slow start during handovers in typical mobile, real-time traffic scenarios.

show abstract

Section: Predicting Startup Delays For Real-time Trafficmentioning

confidence: 98%

Impact of Slow Start on SCTP Handover Performance

Eklund

Grinnemo

Brunström

et al. 2011

2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN)

Self Cite

View full text Add to dashboard Cite

show abstract

“…At the hand of the optimization on IKEv2, Faigl et al [29] presented an experimental evaluation on the overhead of a wide variety of the authentication methods over IKEv2 in a practical and partly emulated scenario of the next generation wireless network. Cremers [8] used an adversary model to provide an extensive formal analysis of IKEv2 and found its several weaknesses.…”

Section: Related Workmentioning

confidence: 99%

VIKE: vehicular IKE for context-awareness

Liu

Wang

et al. 2014

Wireless Netw

View full text Add to dashboard Cite

Vehicular ad-hoc networks differ from the wired networks and behave in a highly dynamic context, e.g. frequently changing signal-to-noise ratio (SNR) and security risks, which undoubtedly affects the experienced quality-of-service (QoS) and security. In this paper, we propose to dynamically balance the anticipated QoS and security for adapting to the varying vehicular context and the served applications with aims to attain a satisfactory performance rating but without compromising any security. To this end, a variant of IKEv2 called Vehicular Internet Key Exchange (VIKE) is put forward to autonomously negotiate the optimal encryption and integrity algorithms and the related profile that particularly suit to the current context with respect to the confronted SNR, security risk and application requirements. We theoretically derive the relations between the QoS and security for analytical solutions in terms of four categories of vehicular applications. The extensive numerical calculations are conducted to comprehensively investigate how the proposed VIKE responses to the various combinations of the SNR, modulation scheme and key length. The results show that the VIKE is capable of self-adapting to the vehicular context, and of contributing to the quality of communication performance without compromising any security. The proposed VIKE is expected to port the mass-deployed IKE into securing the emerging numerous vehicular applications and services.

show abstract

“…IKE protocol is chosen as the target because it plays an important role in the network. For example, many researchers have been studying on security analysis , vulnerability detection , and performance evaluation of the IKE protocol. Furthermore, the statistical data extracted from the authoritative database National Vulnerability Database indicate that 82 IKE vulnerabilities have been released up to August 2011.…”

Section: Overviewmentioning

confidence: 99%

“…The vulnerabilities consist of 36 high‐risk vulnerabilities, 45 medium‐risk vulnerabilities, and one low‐risk vulnerability. Thus, many researchers have been studying on security analysis , vulnerability discovery , and performance evaluation of IKE protocol. This paper explores the prompt discovery of vulnerabilities so as to prevent damages efficiently.…”

Section: Introductionmentioning

confidence: 99%

IKE vulnerability discovery based on fuzzing

Yang

Zhang

et al. 2012

Security Comm Networks

View full text Add to dashboard Cite

Internet Key Exchange (IKE) protocol is widely applied on the Internet to protect confidentiality of the Internet communication. However, there are many high-risk security vulnerabilities in various IKE implementations. Traditional fuzzing approaches with the aim of discovering vulnerabilities have some blind spots, such as time-consuming, low efficiency, and low degree of automation. This paper introduces a new vulnerability discovering approach based on fuzzing and applies the approach to the IKE protocol. Through summarizing the most comprehensive vulnerable points of IKE protocol and proposing a two-stage test cases library, an IKE protocol vulnerability discovering tool called IKEProFuzzer is designed and implemented. It is a network protocol fuzzing framework with extensibility and automated Monitor/Debugger designed by ourselves. In the experiments, IKEProFuzzer has discovered 14 vulnerabilities, including nine released vulnerabilities and five unreleased ones, which affect many kinds of routers and applications. The evaluation results prove the feasibility, efficiency, and extensibility of the approach compared with the existing approaches.

show abstract

Performance evaluation of IKEv2 authentication methods in next generation wireless networks

Cited by 6 publications

References 24 publications

Impact of Slow Start on SCTP Handover Performance

Impact of Slow Start on SCTP Handover Performance

VIKE: vehicular IKE for context-awareness

IKE vulnerability discovery based on fuzzing

Contact Info

Product

Resources

About