| IKE协议安全隐患分析与验证 |
| |
| 引用本文: | 张卫乐,余洋,汤隽,郭玉东. IKE协议安全隐患分析与验证[J]. 计算机工程与设计, 2007, 28(12): 2811-2813 |
| |
| 作者姓名: | 张卫乐 余洋 汤隽 郭玉东 |
| |
| 作者单位: | 信息工程大学,信息工程学院,河南,郑州,450002;信息工程大学,信息工程学院,河南,郑州,450002;信息工程大学,信息工程学院,河南,郑州,450002;信息工程大学,信息工程学院,河南,郑州,450002 |
| |
| 摘 要: | 介绍了IKE的实现,论述它的几个主要认证方式,然后分析预共享密钥认证可能产生的安全隐患和可能的导致的就结果.研究重点是采用野蛮模式和预共享密钥认证的IKE第1阶段协商的安全隐患,利用Linux内核在Netfilter框架的基础上提供了IP Queue机制或者ARP欺骗实施中间人攻击对隐患进行验证.最后对验证结果总结,提出一些合理的建议.
|
| 关 键 词: | IPSec协议 Internet密钥交换协议 虚拟专用网 ARP欺骗 身份认证 |
| 文章编号: | 1000-7024(2007)12-2811-03 |
| 修稿时间: | 2006-05-29 |
Analyses of security flaws of IKE and test |
| |
| ZHANG Wei-le,YU Yang,TANG Jun,GUO Yu-dong. Analyses of security flaws of IKE and test[J]. Computer Engineering and Design, 2007, 28(12): 2811-2813 |
| |
| Authors: | ZHANG Wei-le YU Yang TANG Jun GUO Yu-dong |
| |
| Affiliation: | Institute of Information Engineering, Information Engineering University, Zhengzhou 450002, China |
| |
| Abstract: | The realization of IKE is introduced,and several main authenticated modes of IKE are dissertated,then the security flaws of authentication with pre-shared key and wrong results are analysed by those flaws leading to.The main content is the security flaws of IKE adopting aggressive mode with pre-shared key,and tests its security flaw using of man-in-middle attack through IP queue mechanism which Netfilter framework provides in Linux kernel or ARP cache poisoning.At last according to testing results,some reasonable pro-posals are put forward. |
| |
| Keywords: | IPSec protocol Internet key exchange virtual private network ARP cache poisoning identity authentication |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
