计算机工程 ›› 2008, Vol. 34 ›› Issue (8): 147-149.doi: 10.3969/j.issn.1000-3428.2008.08.051

• 安全技术 • 上一篇    下一篇

基于预共享密钥认证的IKE协议分析与改进

武 涛,郑雪峰,姚宣霞,李明祥   

  1. (北京科技大学信息工程学院,北京 100083)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-04-20 发布日期:2008-04-20

Analysis and Modification of Internet Key Exchange Protocol Based on Pre-shared Key Authentication

WU Tao, ZHENG Xue-feng, YAO Xuan-xia, LI Ming-xiang   

  1. (School of Information and Engineering, University of Science and Technology Beijing, Beijing 100083)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-04-20 Published:2008-04-20

摘要: 对基于预共享密钥认证的主模式IKE协议进行研究,针对其安全漏洞以及不支持移动用户的缺陷,提出相应的改进建议。该方案能及时发现并阻止中间人攻击和拒绝服务攻击,同时保护双方的身份,没有固定IP地址的限制。性能分析表明,该方案是安全、高效的。

关键词: IKE协议, 预共享密钥认证, 主模式交换, IPSec协议

Abstract: The paper elaborates on IKE protocol with pre-shared Key authentication in main mode and puts forward corresponding advises to the potential secure flaws and the disadvantage of not supporting road warrior users. The proposed scheme can detect the attack quickly by authenticating the messages at once and prevent the identity of senders and receivers from being got by others, with no limitation to fixed IP address. It is secure, efficient and feasible.

Key words: Internet Key Exchange(IKE) protocol, pre-shared key authentication, main mode exchange, IPSec protocol

中图分类号: