2003 | OriginalPaper | Chapter
New Mechanisms for End-to-End Security Using IPSec in NAT-Based Private Networks
Authors : Sung Yong Kim, Jin Wook Shin, Sun Young Sim, Dong Sun Park
Published in: Web and Communication Technologies and Internet-Related Social Issues — HSI 2003
Publisher: Springer Berlin Heidelberg
Included in: Professional Book Archive
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
While the transition from IPv4 to IPv6 has been considered to extend the IP address space, the NAT protocol is widely used as an interim solution. Using the NAT protocol with the end-to-end IPSec resulting a conflict due to the address transition operation of the NAT. In this paper, we design two mechanisms which provide the end-to-end security service even if a NAT is used for private networks. The first proposed mechanism defines a notification message to deliver the address translation information in advance. This mechanism uses already defined protocols and does not need additional protocol modification. The second proposed mechanism uses SSL and IPSec to protect user data and IP header. Although this mechanism needs chip redundancy on packet length, it can save duplicated encryptions caused by SSL and IPSec encryptions. Procedures and parameters to support the mechanisms are designed in this paper.