Cryptographic Algorithm Invocation Based on Software-Defined Everything in IPsec

Abstract

IPsec was initially developed for IPv6 to ensure the communication security. With the development of Internet of Things (IoT) and the mounting importance of network security, increasing numbers of applications require IPsec to support the customized definition of cryptographic algorithms and to provide flexible invocation of these algorithms. To address this issue, an invocation mechanism for cryptographic algorithms is proposed in this paper and applied to IPsec, entitled Free to Add (FTA), based on the concept of software-defined everything. Using the idea of interface opening, the addition of a new cryptographic algorithm and updating of the existing algorithms in the algorithm library both can be achieved through the opening interfaces provided by FTA. Switching the cryptographic algorithm to be used in the FTA framework can avoid the unnecessary consumption. Besides, using the subalgorithm interface and algorithm-control interface designed here, FTA provides several software-defined invocation modes (e.g., combination and switching according to the control instruction sent by the control program) to implement hybrid encryptions or change the cryptographic algorithms for communication. Finally, the feasibility and availability of the proposed FTA mechanism are evaluated by StrongSwan.