| Internet密钥交换协议的安全缺陷分析 |
| |
| 引用本文: | 张勇,冯东雷,陈涵生,白英彩.Internet密钥交换协议的安全缺陷分析[J].软件学报,2002,13(6):1173-1177. |
| |
| 作者姓名: | 张勇 冯东雷 陈涵生 白英彩 |
| |
| 作者单位: | 1. 上海交通大学,计算机科学与工程系,上海,200030
2. 华东计算技术研究所,上海,201800 |
| |
| 摘 要: | IKE(Internet key exchange,RFC2409)提供了一组Internet密钥交换协议,目的是在IPSec(IP security)通信双方之间建立安全联盟和经过认证的密钥材料.随后有学者发现IKE协议存在一个安全缺陷,并给出相应的修改建议.指出了修改后的IKE协议仍然存在类似的安全缺陷,并描述了一个成功的攻击.在给出修改建议的同时,成功地利用BAN逻辑分析了导致这两个安全缺陷的原因.
|
| 关 键 词: | Internet密钥交换协议 安全联盟 认证 主模式 认证者 |
| 收稿时间: | 2000/8/15 0:00:00 |
| 修稿时间: | 3/1/2001 12:00:00 AM |
Analyzing the Security Flaws of Internet Key Exchange Protocols |
| |
| ZHANG Yong,FENG Dong-lei,CHEN Han-sheng and BAI Ying-cai.Analyzing the Security Flaws of Internet Key Exchange Protocols[J].Journal of Software,2002,13(6):1173-1177. |
| |
| Authors: | ZHANG Yong FENG Dong-lei CHEN Han-sheng and BAI Ying-cai |
| |
| Abstract: | IKE (Internet key exchange, RFC2409) describes a suite of Internet key exchange protocols for establishing security associations and obtaining authenticated keying material. A security flaw in these IKE protocols is observed and a simple modification is proposed. In this paper, it is pointed out that there is a neglected security flaw in the amended IKE protocols. And a successful attack on the amended IKE protocols is also provided. A new amendment to IKE protocols is proposed, and the reasons which cause the two security flaws are analyzed by using BAN logic successfully. |
| |
| Keywords: | Internet key exchange protocols security association authenticate main mode authenticators |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
