| 密钥交换协议IKE实现的可扩展设计 |
| |
| 引用本文: | 董晓虎,徐明伟,徐恪.密钥交换协议IKE实现的可扩展设计[J].小型微型计算机系统,2004,25(6):1000-1004. |
| |
| 作者姓名: | 董晓虎 徐明伟 徐恪 |
| |
| 作者单位: | 清华大学,计算机科学与技术系,北京,100084 |
| |
| 基金项目: | 国家自然科学基金 ( 90 10 40 0 2 )资助,国家“863”计划 ( 863 -3 0 6-ZD-0 7-0 1)项目资助,教育部科学技术重点项目 ( 0 2 0 0 4)资助 |
| |
| 摘 要: | 利用IPSec进行安全通信的两个主机通过IKE来进行身份认证、协商安全策略和生成密钥,IKE是个较为复杂的协议,从可扩展的角度提出了一个设计框架,其优点在于充分考虑了协议特点,合理划分模块,为性能和功能上的扩展提供了有效的机制.这个框架不仅降低了实现的难度,而且具有较强的可扩展性。
|
| 关 键 词: | 网络安全 密钥交换 IKE 可扩展 |
| 文章编号: | 1000-1220(2004)06-1000-05 |
Extensible Design of IKE Implementation |
| |
| DONG Xiao-hu,XU Ming-wei,XU Ke.Extensible Design of IKE Implementation[J].Mini-micro Systems,2004,25(6):1000-1004. |
| |
| Authors: | DONG Xiao-hu XU Ming-wei XU Ke |
| |
| Abstract: | Internet Key Exchange protocol(IKE) is a key component of the IP Security architecture. IKE is invoked to authenticate peers, negotiate security policies and generate session keys when two hosts using ipsec need to communicate in security. IKE is complicated for its functions and design flaws. To overcome this complexity, we proposed a framework which emphasize the extensibility. Based on careful modularization of the protocol, this framework provides an efficient way to extend functionality and performance. Also, it makes protocol implementation easier. |
| |
| Keywords: | internet security Key exchange IKE extensibility |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
