Publication: Analysis and practical validation of a standard SDN-based framework for IPsec management
Authors
Marín-López, Rafael ; Cánovas, Óscar ; Parra-Espín, José Antonio ; López Millán, Gabriel ; Pereñíguez García, Fernando
item.page.secondaryauthor
item.page.director
Publisher
Elsevier
publication.page.editor
publication.page.department
DOI
https://doi.org/10.1016/j.csi.2022.103665
item.page.type
info:eu-repo/semantics/article
Description
©2023. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/
This document is the Accepted, version of a Published Work that appeared in final form in Computer Standards & Interfaces. To access the final edited and published work see https://doi.org/10.1016/j.csi.2022.103665
Abstract
The Internet Engineering Task Force (IETF), the international standardization organism for the Internet, has recently approved a standard, RFC 9061, which defines an interface and framework with which to manage IPsec SAs autonomously by using the Software Defined Networking (SDN) paradigm. In this framework, a centralized entity, the controller, sends configuration information to IPsec-enabled nodes in the network in order to create IPsec SAs. Two cases are presented: IKE-case, in which the nodes ship an IKE implementation that is configured by the controller or IKE-less, in which the controller sends the IPsec SAs directly to the nodes, among other relevant security information. This paper analyzes both cases in depth, provides a design for the controller’s operation based on Mealy state machines and obtains experimental results from a virtualized testbed so as to compare these cases, which are missing parts in the standard.
publication.page.subject
Citation
Computer Standards & Interfaces, Volume 83, January 2023
item.page.embargo
Collections
Ir a Estadísticas
Este ítem está sujeto a una licencia Creative Commons. http://creativecommons.org/licenses/by-nc-nd/4.0/