Skip to main content
main-content
Top

Hint

Swipe to navigate through the articles of this issue

14-09-2022

ESIKE: An Efficient and Secure Internet Key Exchange Protocol

Authors: Marwa Ahmim, Ahmed Ahmim, Mohamed Amine Ferrag, Nacira Ghoualmi-Zine, Leandros Maglaras

Published in: Wireless Personal Communications

Login to get access
share
SHARE

Abstract

The use of Internet key exchange protocols in IP Security architecture and IoT environments has vulnerable to various malicious attacks and affects communication efficiency. To address these weaknesses, we propose a novel efficient and secure Internet key exchange protocol (ESIKE), which achieves a high level of security along with low computational cost and energy consumption. ESIKE achieves perfect forward secrecy, anonymity, known-key security, and untraceability properties. ESIKE can resist several attacks, such as, replay, DoS, eavesdropping, man-in-the-middle and modification. In addition, the formal security validation using AVISPA tools confirms the superiority of ESIKE in terms of security.
Literature
1.
go back to reference Glissa, G., & Meddeb, A. (2019). 6LowPSec: An end-to-end security protocol for 6LoWPAN. Ad Hoc Networks, 82, 100–112. CrossRef Glissa, G., & Meddeb, A. (2019). 6LowPSec: An end-to-end security protocol for 6LoWPAN. Ad Hoc Networks, 82, 100–112. CrossRef
2.
go back to reference Zhou, J. (2000). Further analysis of the internet key exchange protocol. Computer Communications, 23(17), 1606–1612. CrossRef Zhou, J. (2000). Further analysis of the internet key exchange protocol. Computer Communications, 23(17), 1606–1612. CrossRef
3.
go back to reference Chuang, Y. H., Lo, N. W., Yang, C. Y., & Tang, S. W. (2018). A lightweight continuous authentication protocol for the Internet of Things. Sensors, 18(4), 1–26. CrossRef Chuang, Y. H., Lo, N. W., Yang, C. Y., & Tang, S. W. (2018). A lightweight continuous authentication protocol for the Internet of Things. Sensors, 18(4), 1–26. CrossRef
4.
go back to reference Khemissa, H., & Tandjaoui, D. (2015). A lightweight authentication scheme for E-health applications in the context of Internet of things. In International Conference on Next Generation Mobile Applications, Services and Technologies, pp. 90-95. Khemissa, H., & Tandjaoui, D. (2015). A lightweight authentication scheme for E-health applications in the context of Internet of things. In International Conference on Next Generation Mobile Applications, Services and Technologies, pp. 90-95.
5.
go back to reference Alshahrani, M., Traore, I., & Woungang, I. (2019). Anonymous IoT mutual inter-device authentication scheme based on incremental counter (AIMIA-IC). In 7th International Conference on Future Internet of Things and Cloud (FiCloud), IEEE, pp. 31–41. Alshahrani, M., Traore, I., & Woungang, I. (2019). Anonymous IoT mutual inter-device authentication scheme based on incremental counter (AIMIA-IC). In 7th International Conference on Future Internet of Things and Cloud (FiCloud), IEEE, pp. 31–41.
6.
go back to reference Wang, K. H., Chen, C. M., Fang, W., & Wu, T. Y. (2017). A secure authentication scheme for Internet of things. Pervasive and Mobile Computing, 42, 15–26. CrossRef Wang, K. H., Chen, C. M., Fang, W., & Wu, T. Y. (2017). A secure authentication scheme for Internet of things. Pervasive and Mobile Computing, 42, 15–26. CrossRef
8.
go back to reference Jiang, Q., Zhang, X., Zhang, N., Tian, Y., Ma, X., & Ma, J. (2021). Three-factor authentication protocol using physical unclonable function for IoV. Computer Communications, 173, 45–55. CrossRef Jiang, Q., Zhang, X., Zhang, N., Tian, Y., Ma, X., & Ma, J. (2021). Three-factor authentication protocol using physical unclonable function for IoV. Computer Communications, 173, 45–55. CrossRef
9.
go back to reference Kent, S., & Atkinson, R. (1998). RFC 2402. IP authentication header (AH). http://​wwwfaqsorg/​rfcs/​rfc2402html.​ Kent, S., & Atkinson, R. (1998). RFC 2402. IP authentication header (AH). http://​wwwfaqsorg/​rfcs/​rfc2402html.​
11.
go back to reference Allard, F., & Bonnin, J. M. (2008). An application of the context transfer protocol: IPsec in a IPv6 mobility environment. Communication Networks and Distributed Systems, 1(1), 110–126. CrossRef Allard, F., & Bonnin, J. M. (2008). An application of the context transfer protocol: IPsec in a IPv6 mobility environment. Communication Networks and Distributed Systems, 1(1), 110–126. CrossRef
12.
go back to reference Thomas, J., & Elbirt, A. J. (2006). Understanding internet protocol security. Information Systems Security, 13(4), 39–43. CrossRef Thomas, J., & Elbirt, A. J. (2006). Understanding internet protocol security. Information Systems Security, 13(4), 39–43. CrossRef
13.
go back to reference Su, M., & Chang, J. F. (2007). An efficient and secured internet key exchange protocol design. In Proceedings of the fifth annual conference on Communication Networks and Services Research (CNSR’07), Fredericton, New Brunswick, Canada, pp. 184–192. Su, M., & Chang, J. F. (2007). An efficient and secured internet key exchange protocol design. In Proceedings of the fifth annual conference on Communication Networks and Services Research (CNSR’07), Fredericton, New Brunswick, Canada, pp. 184–192.
14.
go back to reference Zheng, L., & Zhang, Y. (2009). An enhanced IPSec security strategy. In Proceedings of International Forum on Information Technology and Applications, China, pp. 499–50. Zheng, L., & Zhang, Y. (2009). An enhanced IPSec security strategy. In Proceedings of International Forum on Information Technology and Applications, China, pp. 499–50.
15.
go back to reference Cheng, P. C. (2001). An architecture for internet key exchange protocol. IBM System Journal, 40(3), 721–746. CrossRef Cheng, P. C. (2001). An architecture for internet key exchange protocol. IBM System Journal, 40(3), 721–746. CrossRef
16.
go back to reference Raza, S., Voigt, T., & Jutvik, V. (2012). Lightweight IKEv2: a key management solution for both the compressed IPSec and the IEEE 802.15.4 security. In Proceedings of the IETF Workshop on Smart Object Security, Vol. 23. Raza, S., Voigt, T., & Jutvik, V. (2012). Lightweight IKEv2: a key management solution for both the compressed IPSec and the IEEE 802.15.4 security. In Proceedings of the IETF Workshop on Smart Object Security, Vol. 23.
17.
go back to reference Harkins, D., & Carrel, D. (1998). RFC2409: The internet key exchange (IKE). http://​wwwietforg/​rfc/​rfc2409txtl.​ Harkins, D., & Carrel, D. (1998). RFC2409: The internet key exchange (IKE). http://​wwwietforg/​rfc/​rfc2409txtl.​
18.
go back to reference Meadows, C. (1999). Analysis of the internet key exchange protocol using the NRL protocol analyzer. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, pp. 216–231. Meadows, C. (1999). Analysis of the internet key exchange protocol using the NRL protocol analyzer. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, pp. 216–231.
19.
go back to reference Perlma, R., & Kaufman, C. (2001). Analysis of the IPSec key exchange standard. In Proceedings of Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Cambridge, MA, USA, pp. 150–156. Perlma, R., & Kaufman, C. (2001). Analysis of the IPSec key exchange standard. In Proceedings of Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Cambridge, MA, USA, pp. 150–156.
20.
go back to reference Aiello, W., Bellovin, S. M., Blaze, M., Canetti, R., Ioannidis, J., & Keromytis, A. D. et al. (2002). Efficient, DoS resistant, secure key exchange for internet protocols. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, USA, pp. 48–58. Aiello, W., Bellovin, S. M., Blaze, M., Canetti, R., Ioannidis, J., & Keromytis, A. D. et al. (2002). Efficient, DoS resistant, secure key exchange for internet protocols. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, USA, pp. 48–58.
21.
go back to reference Haddad, H., Berenjkoub, M., & Gazor, S. (2004). A proposed protocol for internet key exchange (IKE). In Proceedings of Electrical and Computer Engineering, Niagara Falls, Canada, pp. 2017–2020. Haddad, H., Berenjkoub, M., & Gazor, S. (2004). A proposed protocol for internet key exchange (IKE). In Proceedings of Electrical and Computer Engineering, Niagara Falls, Canada, pp. 2017–2020.
22.
go back to reference Kaufman, C. (2005). RFC 5996: Internet Key Exchange Protocol Version 2 (IKEv2). IETF, RFC 4306: Internet Key Exchange (IKEV2) Protocol’, IETF, available at https://​toolsietforg/​html/​rfc4306.​ Kaufman, C. (2005). RFC 5996: Internet Key Exchange Protocol Version 2 (IKEv2). IETF, RFC 4306: Internet Key Exchange (IKEV2) Protocol’, IETF, available at https://​toolsietforg/​html/​rfc4306.​
23.
go back to reference Smith, J. N. G. M., & Boyd, C. (2006). Modeling denial of service attacks on JFK with Meadows’s cost-based framework. In Proceedings 4th Australasian Information Security Workshop (pp. 125–134). Australia: Hobart. Smith, J. N. G. M., & Boyd, C. (2006). Modeling denial of service attacks on JFK with Meadows’s cost-based framework. In Proceedings 4th Australasian Information Security Workshop (pp. 125–134). Australia: Hobart.
24.
go back to reference Team, T., & et al. (2006). AVISPA v1. 1 User manual. Information society technologies programme, http://​avispa-projectorg.​ Team, T., & et al. (2006). AVISPA v1. 1 User manual. Information society technologies programme, http://​avispa-projectorg.​
25.
go back to reference Kaufman, C., Homan, P., Nir, Y., & Eronen, P. (2010). RFC 5996: Internet key exchange protocol version 2 (IKEv2). IETF, http://​wwwrfc-editororg/​info/​rfc5996.​ Kaufman, C., Homan, P., Nir, Y., & Eronen, P. (2010). RFC 5996: Internet key exchange protocol version 2 (IKEv2). IETF, http://​wwwrfc-editororg/​info/​rfc5996.​
26.
go back to reference Zhu, X., Haigang, Z., & Jun, L. (2010). Analysis and improvement of IKEv2 against denial of service attack. In Proceedings of International Conference on Information, Networking and Automation (ICINA), Kunming, pp. 350–355. Zhu, X., Haigang, Z., & Jun, L. (2010). Analysis and improvement of IKEv2 against denial of service attack. In Proceedings of International Conference on Information, Networking and Automation (ICINA), Kunming, pp. 350–355.
27.
go back to reference Nagalakshmi, V., Rameshbabu, I., & Avadhani, P. S. (2011). Modified protocols for internet key exchange (IKE) using public encryption key and signature keys. In Proceedings of the Eighth International Conference on Information Technology: New Generations, Las Vegas, NV, pp. 376–381. Nagalakshmi, V., Rameshbabu, I., & Avadhani, P. S. (2011). Modified protocols for internet key exchange (IKE) using public encryption key and signature keys. In Proceedings of the Eighth International Conference on Information Technology: New Generations, Las Vegas, NV, pp. 376–381.
28.
go back to reference Cremers, C. (2011). Key exchange in IPsec revisited: Formal sanalysis of IKEv1 and IKEv2. In Proceedings of 16th European Symposium on Research in Computer Security, Leuven, Belgium, pp315–334. Cremers, C. (2011). Key exchange in IPsec revisited: Formal sanalysis of IKEv1 and IKEv2. In Proceedings of 16th European Symposium on Research in Computer Security, Leuven, Belgium, pp315–334.
29.
go back to reference Ray, S., Nandan, R., & Biswas, G. P. (2012). ECC based IKE protocol design for internet applications. Proceedings 2nd International Conference on Computer, Communication Control and Information Technology of Technology (Elsevier), pp. 522–529. Ray, S., Nandan, R., & Biswas, G. P. (2012). ECC based IKE protocol design for internet applications. Proceedings 2nd International Conference on Computer, Communication Control and Information Technology of Technology (Elsevier), pp. 522–529.
30.
go back to reference Ahmim, M., Babes, M., & Ghoualmi, N. (2015). Formal analysis of efficiency and safety in IPSec based on internet key exchange protocol. IJCNDS, 14(2), 202–218. CrossRef Ahmim, M., Babes, M., & Ghoualmi, N. (2015). Formal analysis of efficiency and safety in IPSec based on internet key exchange protocol. IJCNDS, 14(2), 202–218. CrossRef
31.
go back to reference Lavanya, M., & Natarajan, V. (2017). Lightweight key agreement protocol for IoT based on IKEv. Computers and Electrical Engineering, 64, 580–594. CrossRef Lavanya, M., & Natarajan, V. (2017). Lightweight key agreement protocol for IoT based on IKEv. Computers and Electrical Engineering, 64, 580–594. CrossRef
32.
go back to reference Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208. MathSciNetCrossRef Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208. MathSciNetCrossRef
33.
go back to reference Glouche, Y., Genet, T., Heen, O., & Courtay, O. (2006). A security protocol animator tool for AVISPA. In ARTIST2 Workshop on Security Specification and Verification of Embedded Systems, Pisa. Glouche, Y., Genet, T., Heen, O., & Courtay, O. (2006). A security protocol animator tool for AVISPA. In ARTIST2 Workshop on Security Specification and Verification of Embedded Systems, Pisa.
34.
go back to reference Farash, M. S., Attari, M. A., & Jami, M. (2013). A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Computers and Electrical Engineering, 39(2), 530–5. CrossRef Farash, M. S., Attari, M. A., & Jami, M. (2013). A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Computers and Electrical Engineering, 39(2), 530–5. CrossRef
35.
go back to reference Khelf, R., Ghoualmi-Zine, N., & Ahmim, M. (2020). TAKE-IoT: Tiny authenticated key exchange protocol for the internet of things. International Journal of Embedded and Real-Time Communication Systems (IJERTCS), 11(3), 1–21. CrossRef Khelf, R., Ghoualmi-Zine, N., & Ahmim, M. (2020). TAKE-IoT: Tiny authenticated key exchange protocol for the internet of things. International Journal of Embedded and Real-Time Communication Systems (IJERTCS), 11(3), 1–21. CrossRef
Metadata
Title
ESIKE: An Efficient and Secure Internet Key Exchange Protocol
Authors
Marwa Ahmim
Ahmed Ahmim
Mohamed Amine Ferrag
Nacira Ghoualmi-Zine
Leandros Maglaras
Publication date
14-09-2022
Publisher
Springer US
Published in
Wireless Personal Communications
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-022-10001-y