| IKE2协议的安全性分析 |
| |
| 引用本文: | 沈海峰,薛锐,黄河燕.IKE2协议的安全性分析[J].计算机科学,2005,32(11):59-63. |
| |
| 作者姓名: | 沈海峰 薛锐 黄河燕 |
| |
| 作者单位: | 中国科学技术大学计算机科学系,合肥,230026;中科院软件所信息安全国家重点实验室,北京,100080;中国科学技术大学计算机科学系,合肥,230026;中科院计算机语言信息工程研究中心,北京,100083 |
| |
| 摘 要: | 本文首先扩展了串空间的理想理论,然后应用此扩展理论分析IKE2协议的核心安全:秘密性和认证性。通过分析,证明了IKE2协议的密钥交换和认证安全性,但同时发现它不能在主动攻击模式下保护发起者身份,对此我们提出了一个修改意见。对IKE2的分析也为扩展串空间理论在复杂协议分析中的应用提供了一个实践基础。
|
| 关 键 词: | 安全协议 扩展串空间 理想 IKE2 |
Security Analysis of IKE2 |
| |
| SHENG Hai-Feng,XUE Rui,HUANG He-Yan.Security Analysis of IKE2[J].Computer Science,2005,32(11):59-63. |
| |
| Authors: | SHENG Hai-Feng XUE Rui HUANG He-Yan |
| |
| Affiliation: | 1.Dept. of Computer Science , USTC, Hefei 230026;2.The State Key Laboratory of Information Security, ISCAS, Beijing 100080;3.Engineering Research Center of Computer Language Information, CAS, Beijing 100083 |
| |
| Abstract: | In this paper, we first extend the ideal theory of Strand Spaces, and then apply this extended theory to ana- lyzing a complex Internet key exchange protocol, LKE2. We focus on this protocol's core security: keys' secrecy and authentication correctness. Through our analysis we prove that IKE2 can achieve its security goals in keys' secrecy and entity authentication. But IKE2 can't protect initiator's identity against active attack. We propose a modified main ex- change of LKE2 for this bug. This analysis also gives a practical base for further application of extended Strand Spaces in analyzing complicated protocols which include plenty cryptographic primitives. |
| |
| Keywords: | Security protocols Extended strand spaces Ideal IKE2 |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
|
