作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (15): 126-128. doi: 10.3969/j.issn.1000-3428.2009.15.043

• 安全技术 • 上一篇    下一篇

IKEv2协议的分析与改进

邱司川,潘 进,刘丽明   

  1. (西安通信学院通信装备管理系,西安 710106)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-08-05 发布日期:2009-08-05

Analysis and Improvement on IKEv2 Protocol

QIU Si-chuan, PAN Jin, LIU Li-ming   

  1. (Department of Communicating Equipment Management, Xi’an Communications Institute, Xi’an 710106)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-08-05 Published:2009-08-05

摘要: IKEv2协议中的预共享密钥认证方式容易受到中间人攻击和离线字典攻击,从而泄漏发起方的身份信息和通信双方的预共享密钥。针对上述2种攻击,提出将数字签名认证方式与预共享密钥认证方式相结合的防御措施,引入公钥口令的思想,避免建立公钥基础设施带来的额外负担。分析结果表明,改进后的协议能够避免中间人攻击和离线字典攻击,防止通信双方身份的泄漏和预共享密钥的破解。

关键词: IKEv2协议, 中间人攻击, 离线字典攻击, 预共享密钥, 口令

Abstract: The pre-shared key authentication in IKEv2 protocol is susceptible to man-in-the-middle attack and off-line dictionary attack, which makes the identity of the initiator and the pre-shared key leak out. Focusing on the two attacks, this paper proposes a measure combining digital signature authentication and pre-shared key authentication, and introduces time public key to reduce the burden of building public key infrastructure. Analysis result indicates that the improved protocol can avoid man in the middle attack and off-line dictionary attack, and avoide the leak of identities and cracking of pre-shared key.

Key words: IKEv2 protocol, man-in-the-middle attack, off-line dictionary attack, pre-shared key, password

中图分类号: