The list below is by no means exhaustive. It contains papers that are reasonably recent (post-2000) and that we believe may be useful to implementers. It does not contain papers that are primarily of historical value, e.g. much of the protocol work that led to IKEv2.
Readers are encouraged to add relevant papers, subject to the above criteria. The list is ordered by the primary author's name.
- J. Arkko and P. Nikander. Limitations of IPsec Policy Mechanisms. Security Protocols Workshop, Cambridge, UK, April 2003.
- Tuomas Aura, Moritz Becker, Michael Roe, Piotr Zielinski, Reconciling multiple IPsec and firewall policies , In proceedings of Security Protocols Workshop 2007, Brno, Chek Republic, April 2007.
- Matt Blaze, John Ioannidis, and Angelos D. Keromytis. Trust management for IPsec. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security (SNDSS) 2001, pp. 139 - 151. February 2001, San Diego, CA.
- Ran Canetti, Hugo Krawczyk, Security Analysis of IKE's Signature-Based Key-Exchange Protocol. CRYPTO 2002: 143-161.
- P.C. Cheng. An architecture for the Internet Key Exchange Protocol. IBM Systems Journal, Volume 40, Number 3, 2001.
- J.P. Degabriele and K.G. Paterson (2007). Attacking the IPsec Standards in Encryption-only Configurations. IEEE Symposium on Security and Privacy, IEEE Computer Society: 335-349.
- Elkeelany O, Matalgah M M, Sheikh K P et al. Performance analysis of IPSec protocol: Encryption and authentication. In Proc. IEEE International Conference on Communications (ICC 2002}, New York, USA, April-May, 2002, pp.1164-1168.
- Zoltán Faigl, Péter Fazekas, Stefan Lindskog, and Anna Brunstrom. Analytical Analysis of the Performance Overheads of IPsec in Mobile IPv6 Scenarios. In István Frigyes, Janos Bito, and Péter Bakki, editors, Advances in Mobile and Wireless Communications: Views of the 16th IST Mobile and Wireless Communication Summit, pages 365–385. Lecture Notes in Electrical Engineering (LNEE), volume 16, Springer-Verlag, Germany, June 2008.
- Ferguson, N. and B. Schneier, A Cryptographic Evaluation of IPsec. Counterpane Internet Security, Inc., January 2000.
- Hamed, H. Al-Shaer, E. Marrero, W., Modeling and verification of IPSec and VPN security policies. In Network Protocols, 2005. ICNP 2005.
- Shigeaki Harayama , S. Felix Wu , Mei-wai Au , Edward Chan , Kam-yiu Lam , Dima Grigoriev , Edward A. Hirsch, IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution. In Proc. 2nd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), volume 1995 of LNCS.
- Lari Iso-Anttila and Jorma Ylinen and Pekka Loula. A Proposal to Improve IKEv2 negotiation. SECURWARE, page169-174. IEEE, (2007) .
- C. Kaufman, R. Perlman, and B. Sommerfeld, DoS protection for UDP-based protocols, ACM Conference on Computer and Communications Security , October 2003.
- Hugo Krawczyk. SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols. CRYPTO 2003: 400-425.
- Perlman, R. J. and Kaufman, C. 2001. Analysis of the IPSec Key Exchange Standard. In Proceedings of the 10th IEEE international Workshops on Enabling Technologies: infrastructure For Collaborative Enterprises (June 20 - 22, 2001). WETICE. IEEE Computer Society, Washington, DC, 150-156.
- Steffen Schulz, Ahmad-Reza Sadeghi: Secure VPNs for Trusted Computing Environments. TRUST 2009: 197-216
- Vaudenay, S. 2002. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS... In Proceedings of the international Conference on the theory and Applications of Cryptographic Techniques: Advances in Cryptology L. R. Knudsen, Ed. Lecture Notes In Computer Science, vol. 2332. Springer-Verlag, London, 534-546.
- Xenakis, C., Laoutaris, N., Merakos, L., and Stavrakakis, I. 2006. A generic characterization of the overheads imposed by IPsec and associated cryptographic algorithms. Comput. Netw. 50, 17 (Dec. 2006), 3225-3241.
- Yin, H. and Wang, H. 2005. Building an application-aware IPsec policy system. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14 (Baltimore, MD, July 31 - August 05, 2005). USENIX Security Symposium. USENIX Association, Berkeley, CA, 21-21.
- Zhao, F. and Wu, S.F., Analysis and improvement on IPsec anti-replay window protocol, Proceedings of IEEE International Conference on Computer Communications and Networks (ICCCN), Dallas, TX, October 2003.
- Degabriele, J. P. and Paterson, K. G., Attacking the IPsec Standards in Encryption-only Configurations, in IEEE Symposium on Security and Privacy, 2007.
- Degabriele, J. P. and Paterson, K. G., On the (In)Security of IPsec in MAC-then-Encrypt Configurations, Proceedings of the 17th ACM conference on Computer and communications security, 2010.
The content of this page was last updated on 2011-05-09. It was migrated from the old Trac wiki on 2022-12-15.