Internet Key Exchange Protocol Using ECC-Based Public Key Certificate

  • Sangram Ray
  • G. P. Biswas
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 229)


Internet Key Exchange (IKE) protocol helps to exchange cryptographic techniques and keying materials as prior security association (SA) between two IP hosts. Similar to the several enhancements, the present paper proposes an efficient implementation of IKE using ECC-based public-key certificate that provides required security properties with much reduction in computation complexity and communication cost. The proposed method addresses both the Phase I and Phase II of IKE, where the main mode of the former instead of six, requires four rounds of message exchange. The formats specified in ISAKMP have been used for message exchanges in our implementation, thus the cookies of initiator-responder have been used to protect attacks like DoS, parallel session etc. The security analysis of the proposed method and comparison with other techniques are given and satisfactory performance is found.


Certificate authority (CA) Elliptic Curve Cryptography (ECC) Internet Key Exchange (IKE) protocol Internet Security Association and Key Management Protocol (ISAKMP) IP Security (IPSec) Public Key Infrastructure (PKI) Security Association (SA) 


  1. 1.
    Zhou J (2000) Further analysis of the Internet key exchange protocol. Comput Commun 23:1606–1612CrossRefGoogle Scholar
  2. 2.
    Forouzan BA (2007) Cryptography and network security. Special Indian edition 2007, TMH, pp 563–588Google Scholar
  3. 3.
    Zhu J-m, Ma J-f (2004) An internet key exchange protocol based on public key infrastructure. J Shanghai Uni (English Ed). Article ID: 1007-6417(2004)01-0051-06Google Scholar
  4. 4.
    Kaufman C (2004) The internet key exchange (IKEv2) protocol. IETF draft-ietf-ipsec-ikev2-17, Sept 2004Google Scholar
  5. 5.
    Haddad H, Berenjkoub M, Gazor S (2004) A proposed protocol for internet key exchange (IKE). Electrical and computer engineering, Canadian conference, May 2004Google Scholar
  6. 6.
    Orman H (1998) The OAKLEY key determination protocol, RFC 2412Google Scholar
  7. 7.
    Maughan D et al (1998) Internet security association and key management protocol (ISAKMP), RFC 2408Google Scholar
  8. 8.
    Su M-Y, Chang J-F (2007) An efficient and secured internet key exchange protocol design. Proceedings of the fifth annual conference on communication networks and services research (CNSR’07), pp 184–192Google Scholar
  9. 9.
    Fereidooni H, Taheri H, Mahramian M (2009) A new authentication and key exchange protocol for insecure networks. In: Proceedings of the fifth international conference on wireless communication, networking and mobile computing (WiCom’09), pp 1–4Google Scholar
  10. 10.
    Nagalakshmi V, Rameshbabu I (July 2007) A protocol for internet key exchange (IKE) using public encryption key and public signature key. Int J Comput Sci Netw Secur 7(7):342–346Google Scholar
  11. 11.
    Nagalakshmi V, Rameshbabu I, Avadhani PS (2011) Modified protocols for internet key exchange using public encryption key and signature keys. In: Proceedings of the \(8^{\rm {th}}\) international conference on information technology: new generations 2011, pp 376–381Google Scholar
  12. 12.
    Ray S, Nandan R, Biswas GP (2012) ECC based IKE protocol design for internet applications, Procedia Technology, Elsevier: Proceedings of 2\(^{\rm {nd}}\) international conference on computer, communication, control and information technology (2012) C3IT 2012, Hooghly, WB, India, 25–26 Feb 2012, pp 522–529Google Scholar
  13. 13.
    Ray S, Biswas GP (2012) Establishment of ECC-based initial secrecy usable for IKE implementation. Lecture notes in engineering and computer science: proceedings of the world congress on engineering 2012, WCE 2012, London, UK, 4–6 July 2012, pp 530–535Google Scholar
  14. 14.
    Koblitz N (1987) Elliptic curve cryptosystem. J Math Comput 48(177):203–209Google Scholar
  15. 15.
    Miller V (1985) Use of elliptic curves in cryptography. In: Williams HC (ed) Advances in cryptology-CRYPTO 85, LNCS 218. Springer, Berlin, pp 417–426Google Scholar
  16. 16.
    Dang Q, Santesson S, Moriarty K, Brown D, Polk T (2010) Internet X.509 public key infrastructure: additional algorithms and identifiers for DSA and ECDSA, RFC 5758, Jan 2010Google Scholar
  17. 17.
    Weise J (2001) Public key infrastructure overview, Sun PSSM global security practice. Sun Blue Prints™ Online, Aug 2001Google Scholar
  18. 18.
    National Institute of Standards and Technology (2001) Introduction to public key technology and the federal PKI infrastructure. National Institute of Standards and Technology, 26 Feb 2001Google Scholar
  19. 19.
    Schaad J, Kaliski B, Housley R (2005) Additional algorithms and identifiers for RSA cryptography for use in the internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, RFC 4055, June 2005Google Scholar
  20. 20.
    Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654Google Scholar
  21. 21.
    Biswas GP (2011) Establishment of authenticated secret session keys using digital signature standard. Inf Secur J: A Glob Prosp 20(1):09–16CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringIndian School of MinesDhanbad India

Personalised recommendations