Arcanum: A Secure and Efficient
Key Exchange Protocol for the Internet
"Arcanum" is a Latin word meaning "sacred secret", "mystery" or just
"secret".
Abstract
A VPN (Virtual Private Network)
establishes a cryptographically
secure network using the existing insecure infra structure of the
Internet. A number
of protocols, IPSec (Internet Protocol Security) being the most well
known, have been designed to establish
VPNs. Keys must be shared between the communicating peers before a VPN
can be
established. IKE (Internet Key Exchage) protocol is used for exchanging
keys between authenticated
peers over the Internet. However, IKE protocol is vulnerable to DoS
(Denial of Service) attacks and
has security holes. A number of protocols have been proposed to replace
IKE but
these protocols also have vulnerabilities of their own. In this paper
we
present an analysis of the IKE protocol and identify its security holes
and
design weaknesses. We also propose a more secure and efficient key
exchange
protocol, Arcanum, and carry out its security analysis and comparison
with
existing protocols. Arcanum is secure, robust to DoS attacks and is
more
efficient in terms of CPU consumption and number of messages.
Source Code
A prototye of the Arcanum protocol was implemented in Java (using
JBuilder 5) for testing. Source code can be downloaded (4.5MB
zip file) for research and non-commercial use only. The code comes
with no warranties. Please cite the following paper if you use the code.
Ajmal S. Mian and A. Masood, "Arcanum: A Secure and Efficient Key
Exchange Protocol for the Internet", International Conference on
Information Technology Coding and Computing (ITCC), vol. 1, pp. 17--21,
2004. [pdf]
Copyright ©
IEEE.