VIPSec defined

Abstract

Secure end-to-end information exchange is a constant challenge in electronic communications. Novel security architectures and approaches are proposed constantly, to be followed by announcements of sophisticated attack methods that compromise them, while other more sophisticated attack methods never see the daylight. The traditional approach for securing the communication between two peers is through the use of secret key encryption combined with a public key approach for exchanging the common secret key to be used by the end-peers. The public key part of the communication is based on a trusted authority for providing the public keys, a service provided through a public key infrastructure (PKI). Public key infrastructures are vulnerable to man in the middle attacks, among other approaches that compromise their integrity. A fake certification authority (CA) or a malicious/compromised network between the user and the CA are typical weaknesses. There has been a lot of work for providing robust PKI; the proposed solutions are fairly demanding on network resources, hence public key solutions are not the security approach of choice in several applications that require light weight solutions. In this article we present voice interactive personalized Security (VIPSec) protocol, which is a protocol for media path key exchange to securely establish a session symmetric key for ensuring end-to-end secure communication, where it is possible to have biometric based authentication, exploiting the nature of the application; voice communication is the typical example that we use as our paradigm for describing the method. (C) 2008 Elsevier B.V. All rights reserved.