摘要： TCP连接迁移技术使网络可以在主服务器发生故障的情况下稳定地提供服务。该文分析基于椭圆曲线Diffie-Hellman密钥协商的连接迁移安全机制中存在的中间人攻击问题，利用改进的Helsinki协议进行连接密钥的协商，提出一种新的安全机制。该机制有效地保证了迁移选项的安全，利用安全哈希算法的抗碰撞性和安全性使攻击者难以猜测出连接标志和请求。

关键词: TCP连接迁移, 迁移选项, Helsinki协议, 安全性

Abstract: The service can be provided steadily when primary server goes wrong by using TCP connection migratory technology. This paper analyzes the problem of man-in-the-middle attack existing in secure mechanism of the connection migratory based on ellipse curve Diffie-Hellman key negotiation. With the improved Helsinki protocol which is applied to negotiate the connection key, a novel secure mechanism is presented. This mechanism can protect the migratory options effectively. The function of resisting collision and the security of hash-algorithm make it hard for attackers to guess the connection symbol and request.

Key words: TCP connection migratory, migrate options, Helsinki protocol, security

中图分类号: 

• TP391.9