| IKEv2协议的分析与改进 |
| |
| 引用本文: | 邱司川,潘进,刘丽明.IKEv2协议的分析与改进[J].计算机工程,2009,35(15):126-128. |
| |
| 作者姓名: | 邱司川 潘进 刘丽明 |
| |
| 作者单位: | 西安通信学院通信装备管理系,西安,710106 |
| |
| 基金项目: | 国家"863"计划基金资助项目 |
| |
| 摘 要: | IKEv2协议中的预共享密钥认证方式容易受到中间人攻击和离线字典攻击,从而泄漏发起方的身份信息和通信双方的预共享密钥。针对上述2种攻击,提出将数字签名认证方式与预共享密钥认证方式相结合的防御措施,引入公钥口令的思想,避免建立公钥基础设施带来的额外负担。分析结果表明,改进后的协议能够避免中间人攻击和离线字典攻击,防止通信双方身份的泄漏和预共享密钥的破解。
|
| 关 键 词: | IKEv2协议 中间人攻击 离线字典攻击 预共享密钥 口令 |
| 修稿时间: | |
Analysis and Improvement on IKEv2 Protocol |
| |
| QIU Si-chuan,PAN Jin,LIU Li-ming.Analysis and Improvement on IKEv2 Protocol[J].Computer Engineering,2009,35(15):126-128. |
| |
| Authors: | QIU Si-chuan PAN Jin LIU Li-ming |
| |
| Affiliation: | Department of Communicating Equipment Management;Xi'an Communications Institute;Xi'an 710106 |
| |
| Abstract: | The pre-shared key authentication in IKEv2 protocol is susceptible to man-in-the-middle attack and off-line dictionary attack,which makes the identity of the initiator and the pre-shared key leak out.Focusing on the two attacks,this paper proposes a measure combining digital signature authentication and pre-shared key authentication,and introduces time public key to reduce the burden of building public key infrastructure.Analysis result indicates that the improved protocol can avoid man in the middle attack... |
| |
| Keywords: | IKEv2 protocol man-in-the-middle attack off-line dictionary attack pre-shared key password |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
