Key recovery in IPSec for improving robustness

• Published in: 2001 International Conferences on Info-Tech and Info-Net : proceedings : ICCII 2001-Beijing, October 29-November 1, 2001, Beijing, China Vol. 5; pp. 72 - 77 vol.5
• Main Authors: Yoon-Jung Rhee, Chang-Won Choi, Tae-Woo Kim, Tai-Yun Kim
• Format: Conference Proceeding
• Language: English
• Published: IEEE 2001
• Subjects: Authentication; Information security; IP networks; Large-scale systems; Proposals; Protocols; Public key cryptography; Robustness; Web and internet services; Writing
• ISBN: 0780370104; 9780780370104
• DOI: 10.1109/ICII.2001.983497

IPSec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the Internet. Key recovery has been the subject of a lot of discussion, of much controversy and of extensive research. The widespread opinion of the research community is that large-scale deployment of a key recovery system is essentially impossible. Despite this fact, key recovery might be needed at a corporate level, as a form of key management. The basic observation of the present paper is that cryptographic solutions that have been proposed so far; completely ignore the communication context. Static systems are put forward for key recovery at network layer and solutions that require connections with a server are proposed at application layer. We propose an example to provide key recovery capability by adding key recovery information to an IP datagram. It is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more efficient.