| IKEv2协议安全性分析与改进 |
| |
| 引用本文: | 高翔,李亚敏,郭玉东,马红途. IKEv2协议安全性分析与改进[J]. 计算机应用, 2005, 25(3): 563-564. DOI: 10.3724/SP.J.1087.2005.0563 |
| |
| 作者姓名: | 高翔 李亚敏 郭玉东 马红途 |
| |
| 作者单位: | 信息工程大学,信息工程学院,河南,郑州,450002;信息工程大学,信息工程学院,河南,郑州,450002;信息工程大学,信息工程学院,河南,郑州,450002;信息工程大学,信息工程学院,河南,郑州,450002 |
| |
| 摘 要: | 简单介绍了新一版密钥交换协议草案IKEv2,对IKEv2密钥协商机制的安全性进行分析。通过分析,发现其EAP交换过程繁琐且身份信息不易隐藏;证书验证中可能受到假冒证书攻击;为避免安全隧道非授权访问而需要重新认证等几处安全问题。针对这几处安全问题提出了改进建议和解决方法。
|
| 关 键 词: | IKEv2 EAP 认证 |
| 文章编号: | 1001-9081(2005)03-0563-02 |
Security analysis and improvements of IKEv2 protocol |
| |
| GAO Xiang,LI Ya-min,GUO Yu-dong,MA Hong-tu. Security analysis and improvements of IKEv2 protocol[J]. Journal of Computer Applications, 2005, 25(3): 563-564. DOI: 10.3724/SP.J.1087.2005.0563 |
| |
| Authors: | GAO Xiang LI Ya-min GUO Yu-dong MA Hong-tu |
| |
| Affiliation: | ollege of Information Engineering, Information Engineering University |
| |
| Abstract: | IETF put forward a new version of IKE, IKEv2.Different from the old IKE,IKEv2 combines and redefines key exchange process. This paper introduced IKEv2, and analysed the security of key negotiation mechanism of IKEv2.Aiming at some security problems in EAP exchange, such as authentication with digital certificate and reauthentication to avoid accessing VPN tunnel with unauthorized identity, some improvement advice and solutions were given. |
| |
| Keywords: | IKEv2 EAP authentication |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
