Mr. Ahmad Al-Sadeh (HPI, Germany)
Price: 1,000 Euro sponsored by Bitkom
In an IPv6 network, two security mechanisms are available at the network-layer: SEcure Neighbor Discovery (SEND) and IP security (IPsec). Both SEND and IPsec mechanisms should be deployed together for protecting IPv6 networks. However, when a node uses both SEND and IPsec, the authentication has to be done twice. This duplicate authentication increases the burden on the node and decreases its performance. I propose an approach to share the authentication information between SEND and IPsec to reduce the node's overhead and to provide a faster IPsec authentication. Authenticating a node through SEND, make it possible that a part of IPsec authentication can be skipped. I implement and evaluate my approach using ipsec-tools and DoCoMo SEND implementations. My experiments show speedup factor between 8 and 17 of IPsec authentication time.