Sciweavers

JNSM
2010

Distributed Automatic Configuration of Complex IPsec-Infrastructures

13 years 6 months ago
Distributed Automatic Configuration of Complex IPsec-Infrastructures
The Internet Protocol Security Architecture IPsec is hard to deploy in large, nested, or dynamic scenarios. The major reason for this is the need for manual configuration of the cryptographic tunnels, which grows quadratically with the total amount of IPsec gateways. This way of configuration is error-prone, cost-intensive and rather static. When private addresses are used in the protected subnetworks, the problem becomes even worse as the routing cannot rely on public infrastructures. In this article, we present a fully automated approach for the distributed configuration of IPsec domains. Utilizing peer-to-peer technology, our approach scales well with respect to the number of managed IPsec gateways, reacts robust to network failures, and supports the configuration of nested networks with private address spaces. We analyze the security requirements and further desirable properties of IPsec policy negotiation, and show that the distribution of security policy configuration does not im...
Michael Rossberg, Guenter Schaefer, Thorsten Struf
Added 19 May 2011
Updated 19 May 2011
Type Journal
Year 2010
Where JNSM
Authors Michael Rossberg, Guenter Schaefer, Thorsten Strufe
Comments (0)