DOI QR코드

DOI QR Code

A Study on Lightweight IKEv2 protocol for IoT communication environments

IoT 통신 환경을 위한 경량 IKEv2 프로토콜 연구

  • Kim, Hong-Sung (National Security Research Institute) ;
  • Song, In-A (Dept. of Information & Telecommunication Engineering, Kunsan National University) ;
  • Lee, Young-Seok (Dept. of Information & Telecommunication Engineering, Kunsan National University)
  • Received : 2017.01.26
  • Accepted : 2017.02.10
  • Published : 2017.02.28

Abstract

As the IoT communication environment has been established, communications that utilize not only high-spec machines but also low-spec machines are increasing, but security threats are increasing, too. In recent times, a lot of papers have attempted to reduce the weight of IP layer security techniques such as IPsec and IKEv2 for low-spec machines. Typically, Smyslov proposed Lightweight IKEv2 protocol which is used in IoT environment. However, This proposed protocol had compatibility problem with IKEv2 protocol, So, It is hard to be expected to be used in IoT communication environment. Unlike the Smyslov's protocol, this paper proposed Lightweight IKEv2 protocol which can be compatible of IKEv2 protocol and applied lossless compression algorithm to payload. To suggest lightweight IKEv2 protocol, this paper analyzed IKEv2 protocol and existed lightweight IKEv2 protocol. Furthermore, This paper proved that proposed protocol is more efficient than existed lightweight IKEv2 protocol through performance evaluation as a method.

IoT 통신 환경이 구축되면서 고사양 기기뿐만 아니라 저사양기기를 사용하는 통신이 증가하였지만 그에 따른 보안 위협도 증가하고 있다. 최근 저사양 기기에 적용할 수 있는 효율적인 보안 기술을 위해 기존 IP 계층에서 쓰이고 있는 보안 기술인 IPsec와 IKEv2의 경량화 시도가 이루어 지고 있으며 대표적으로 Smyslov는 IoT 환경에서 사용 가능할 수 있도록 경량화 IKEv2 프로토콜을 제안하였다. 하지만 이 제안 방법은 기존 IKEv2와 같이 사용하기엔 호환성 문제가 발생하여 IoT 통신에서의 보안성 향상을 기대하기 힘들다. 본 논문에서는 Smyslov의 제안 방법과는 달리 기존 IKEv2와 호환이 가능하고 페이로드에 무손실 압축 알고리즘을 적용한 효율적인 경량 IKEv2 프로토콜을 제안한다. 제안 경량 IKEv2 프로토콜 연구를 위하여 IKEv2와 기존 경량화 IKEv2 프로토콜을 분석하며 성능 평가를 통하여 제안 프로토콜이 기존 경량 IKEv2 프로토콜에 비해 효율적임을 증명하였다.

Keywords

References

  1. D. Harking and D. Carrel, "The Internet Key Exchange", RFC 2409, 1998
  2. H. J. Um, R. H. Kim and H. Y. Yeom, "Design and Implementation about IKEv2", Journal of Korean Institute of Communication Sciences, Vol. 16, No. 3, June 2006
  3. V. Smyslov, "Compression in the Internet Key Exchange Protocol Version 2 (IKEv2) draft-compression-02", ELVIS-PLUS, Sep 2016
  4. G. Montenegro and N. Kushalnagar, J. Hui, D. Culler, "Transmission of IPv6 Packets over IEEE 802.15.4 Networks", RFC 4944, 2007.
  5. J. Hui and P. Thubert, "Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 2011.
  6. Y. H. Kim and K. S. Lee, "IKE version 2 Protocol Standard", Journal of Korea Institute of Information and Communication Engineering, July 2003.
  7. S. H. Lim and Y. J. Park, "A study of internet key management protocols : IKE & IKEv2", Conference of Computing Science and Engineering, Vol. 30, No 2, 2003.
  8. D. J. Ryu, G. H. Kim and B. N. Noh, "A study on Analysis of Performance in Mobile Security Network with IKEv2", Conference on Korean Institute of Communication Sciences, Nov 2005.
  9. William Stallings, "Network Security Essentials', Pearson, 2013.
  10. S. Kent, "Security Architecture for the Internet Protocol", RFC 4301, 2005.
  11. Zlib Homepage, "http://www.zlib.net"
  12. Strongswan, "https://www.strongswan.org"
  13. BlueZ, "http://www.bluez.org