The Implementation of IPsec-Based Internet Security System in IPv4/IPv6 Network

  • So-Hee Park
  • Jae-Hoon Nah
  • Kyo-Il Chung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3397)


IPsec has now become a standard information security technology throughout the Internet society. It provides a well-defined architecture that takes into account confidentiality, authentication, integrity, secure key exchange and protection mechanism against replay attack also. For the connectionless security services on packet basis, IETF IPsec Working Group has standardized two extension headers (AH&ESP), key exchange and authentication protocols. It is also working on lightweight key exchange protocol and MIB’s for security management. IPsec technology has been implemented on various platforms in IPv4 and IPv6, gradually replacing old application-specific security mechanisms. In this paper, we propose the design and implementation of controlled Internet security system, which is IPsec-based Internet information security system in IPv4/IPv6 network and also we show the data of performance measurement. The controlled Internet security system provides consistent security policy and integrated security management on IPsec-based Internet security system.


Security Policy Security Service Policy Negotiation Internet Draft Security Management System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ioannidis, J., Blaze, M.: The Architecture and Implementation of Network-Layer Security Under Unix. In: Fourth USENIX Security Symposium Proceedings (October 1993)Google Scholar
  2. 2.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (November 1998)Google Scholar
  3. 3.
    Kent, S., Atkinson, R.: IP Authentication Header, RFC 2402 (November 1998)Google Scholar
  4. 4.
    Madson, C., Glenn, R.: The use of HMAC-MD5-96 within ESP and AH, RFC 2403 (November 1998)Google Scholar
  5. 5.
    Madson, C., Glenn, R.: The use of HMAC-SHA-1-96 within ESP and AH, RFC 2404 (November 1998)Google Scholar
  6. 6.
    Madson, C., Doraswamy, N.: The ESP DES-CBC Cipher Algorithm With Explicit IV, RFC 2405 (November 1998)Google Scholar
  7. 7.
    Kent, S., Atkinson, R.: IP Encapsulating Security Payload(ESP), RFC 2406 (November 1998)Google Scholar
  8. 8.
    Harkins, D., Carrel, D.: Internet Key Exchange (IKE), RFC 2409 (November 1998)Google Scholar
  9. 9.
    FreeS/Wan, from
  10. 10.
  11. 11.
    McDonald, D., Metz, C., Phan, B.: PF_KEY Key Management API, Version 2, RFC 2367 (July 1998)Google Scholar
  12. 12.
    Blaze, M., Keromytis, A., Richardson, M., Sanchez, L.: IPsec Policy Architecture, Internet draft (July 2000)Google Scholar
  13. 13.
    Jenkins, T., Shriver, J.: IPsec Monitoring MIB, Internet draft (July 2000)Google Scholar
  14. 14.
    Jenkins, T., Shriver, J.: IKE Monitoring MIB, Internet draft (July 2000)Google Scholar
  15. 15.
    Jenkins, T., Shriver, J.: ISAKMP DOI-Independent Monitoring MIB, Internet draft (July 2000)Google Scholar
  16. 16.
    Shriver, J.: IPsec DOI Textual Conventions MIB, Internet draft (June 2000)Google Scholar
  17. 17.
    Sanchez, L., Condell, M.: Security Policy Protocol, Internet draft (July 2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • So-Hee Park
    • 1
  • Jae-Hoon Nah
    • 1
  • Kyo-Il Chung
    • 1
  1. 1.Electronics and Telecommunications Research InstituteInformation Security Infrastructure Research GroupDaejeonKorea

Personalised recommendations