1st International Conference on Integrated Internet Ad hoc and Sensor Networks

Research Article

MIND (Mobility-oriented IPSec Daemon): a tool for integrated mobility and security support in the Ecumene network

  • @INPROCEEDINGS{10.1109/TRIDNT.2005.24,
        author={C.  Floridia and S.  Giordano and S.  Lucetti and G.  Risi and A.  Tomasi},
        title={MIND (Mobility-oriented IPSec Daemon): a tool for integrated mobility and security support in the Ecumene network},
        proceedings={1st International Conference on Integrated Internet Ad hoc and Sensor Networks},
        publisher={IEEE},
        proceedings_a={TRIDENTCOM},
        year={2005},
        month={3},
        keywords={},
        doi={10.1109/TRIDNT.2005.24}
    }
    
  • C. Floridia
    S. Giordano
    S. Lucetti
    G. Risi
    A. Tomasi
    Year: 2005
    MIND (Mobility-oriented IPSec Daemon): a tool for integrated mobility and security support in the Ecumene network
    TRIDENTCOM
    IEEE
    DOI: 10.1109/TRIDNT.2005.24
C. Floridia1,*, S. Giordano2,*, S. Lucetti2,*, G. Risi2,*, A. Tomasi2,*
  • 1: I.D.S. Informatica Distribuita e Software, Messina, Navacchio (PI), Italy
  • 2: Dept. of Information Engineering, University of Pisa, Italy
*Contact email: c.floridia@glauco.it, s.giordano@iet.unipi.it, s.lucetti@iet.unipi.it, g.risi@iet.unipi.it, a.tomasi@iet.unipi.it

Abstract

The IP protocol is stateless and connectionless, hence cannot guarantee a secure delivery of the information. IPSec offers stateful security introducing logical connections between couples of peers. The management of these IPSec Security Associations is often delegated to dynamic protocols, such as ISAKMP and IKE, because of the obvious scalability problem of a manual configuration approach. However, the address of each peer must be known in advance to the other one in order for the ISAKMP exchange to be completed successfully. This assumption cannot be always guaranteed, especially when mobility is taken into consideration. In such cases, a proper mechanism to retrieve the correspondent peer IPv6 address must be taken into account. The demo consists of an overview of the functionalities of the Ecumene Web Information System, developed in the groundwork of the Ecumene Project, focusing mainly on the enhancements developed (in the form of the MIPSD daemon) to allow automatic IPSec SA insaturation between hosts which wants to access the network and the appropriate Site Gateway.