Abstract:
The pre-shared key authentication in IKEv2 protocol is susceptible to man-in-the-middle attack and off-line dictionary attack, which makes the identity of the initiator and the pre-shared key leak out. Focusing on the two attacks, this paper proposes a measure combining digital signature authentication and pre-shared key authentication, and introduces time public key to reduce the burden of building public key infrastructure. Analysis result indicates that the improved protocol can avoid man in the middle attack and off-line dictionary attack, and avoide the leak of identities and cracking of pre-shared key.
Key words:
IKEv2 protocol,
man-in-the-middle attack,
off-line dictionary attack,
pre-shared key,
password
摘要: IKEv2协议中的预共享密钥认证方式容易受到中间人攻击和离线字典攻击,从而泄漏发起方的身份信息和通信双方的预共享密钥。针对上述2种攻击,提出将数字签名认证方式与预共享密钥认证方式相结合的防御措施,引入公钥口令的思想,避免建立公钥基础设施带来的额外负担。分析结果表明,改进后的协议能够避免中间人攻击和离线字典攻击,防止通信双方身份的泄漏和预共享密钥的破解。
关键词:
IKEv2协议,
中间人攻击,
离线字典攻击,
预共享密钥,
口令
CLC Number:
QIU Si-chuan; PAN Jin; LIU Li-ming. Analysis and Improvement on IKEv2 Protocol[J]. Computer Engineering, 2009, 35(15): 126-128.
邱司川;潘 进;刘丽明. IKEv2协议的分析与改进[J]. 计算机工程, 2009, 35(15): 126-128.