| 一种改进的基于PKI/ECC的IKE协议设计 |
| |
| 引用本文: | 杜春燕,黄宪,陆建德.一种改进的基于PKI/ECC的IKE协议设计[J].微电子学与计算机,2006,23(5):72-75. |
| |
| 作者姓名: | 杜春燕 黄宪 陆建德 |
| |
| 作者单位: | 苏州大学计算机学院,江苏,苏州,215006 |
| |
| 摘 要: | IKE协议是IPsec协议簇的重要组成部分,用来动态地建立和维护安全关联SA,是IPsec VPN安全传输的先决条件和保证.文章在研究现有IKE协议的基础上,将公钥基础设施PKI体系引入其中,提出将ECC技术、X 509数字证书、访问控制技术同IKE协议相结合,设计了一个基于PKI身份认证和访问控制的增强型IKE协议,从而提高了IPsec VPN网关的安全性和可扩展性,有效保护了VPN网络资源的安全.最后给出了基于最新Linux2.6内核的实现方案,并对由此构建的IPsec VPN安全网关原型系统的工作过程作了说明.
|
| 关 键 词: | X.509证书 |
| 文章编号: | 1000-7180(2006)05-004 |
| 收稿时间: | 2005-07-28 |
| 修稿时间: | 2005-07-28 |
An Improved Design of IKE Protocol Based on PKI/ECC |
| |
| DU Chun-yan,HUANG Xian,LU Jian-de.An Improved Design of IKE Protocol Based on PKI/ECC[J].Microelectronics & Computer,2006,23(5):72-75. |
| |
| Authors: | DU Chun-yan HUANG Xian LU Jian-de |
| |
| Affiliation: | School of Computer, Soochow University, Suzhou 215006 China |
| |
| Abstract: | Internet Key Exchange (IKE) is one of the important protocols in IPsec protocol suite. As used to dynamically establish and maintain security associations (SAs), IKE is the prerequisite and guarantee for secure communication with IPsec VPN. This paper has researched on current IKE protocol, and proposed to introduce the public key infrastructure and to combine the techniques of ECC, X.509 digital certificate and access control with IKE, so as to design an enhanced IKE protocol based on authentication and access control with PKI, improving the security and extensibility of IPsec VPN gateway and protecting VPN network resources effectively. In the end, the paper has given out an implementing scheme based on the latest Linux kernel 2.6 and some explanations for processing on this IPsec VPN security gateway prototype. |
| |
| Keywords: | IKE PKI ECC |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
