Some concerns on key management protocols for IPsec implementation

The concept of IPsec security is a very appealing one for network communications. All the necessary encryption, decryption, and authentication are done at one level in the network and completely transparent to users [1]. IPsec involves structures called security associations (SA) and two databases which reside in the kernel and are available to supply information for security services. When the kernel processes a packet for transmission out over the network, it first consults the Security Policy Database, to see if this is a type of packet that needs to have security processes applied to it. The organization's policies regarding security services are encapsulated into a set of criteria and recorded in this database. Generally, these criteria depend on the content and destination of the packets. With the help of information attached to each packet, the kernel can determine if security processing is necessary. In this paper, we will exam the critical issues with IPsec protocols, and conclude with the future evolvement of IPsec security and IPsec key management.