| IKE协议防止中间人攻击性能分析及改进 |
| |
| 引用本文: | 赵锐,马云霞,赵国亮,刘山杉.IKE协议防止中间人攻击性能分析及改进[J].通信技术,2009,42(5):238-240. |
| |
| 作者姓名: | 赵锐 马云霞 赵国亮 刘山杉 |
| |
| 作者单位: | 军事交通学院,天津,300161 |
| |
| 摘 要: | 在基于数字签名认证主模式IKE协议最新研究进展的基础上,针对其安全漏洞,提出了一种改进方案。该方案在遵循ISAKMP框架及IKE交互对称结构的基础上,采用分步认证的方法,能够及早发现并阻止中间人攻击,从而保护通信双方的身份。性能分析表明,该方案是安全、高效、可行的。
|
| 关 键 词: | IKE协议 中间人攻击 数字签名认证 主模式 |
Capability Analysis and Improvement of IKE Protocol in Defence of Man-in-the-Middle Attack |
| |
| ZHAO Rui,MA Yun-xia,ZHAO Guo-liang,LIU Shan-shan.Capability Analysis and Improvement of IKE Protocol in Defence of Man-in-the-Middle Attack[J].Communications Technology,2009,42(5):238-240. |
| |
| Authors: | ZHAO Rui MA Yun-xia ZHAO Guo-liang LIU Shan-shan |
| |
| Institution: | (PLA Academy of Military Transportation, Tianjin 300161, China) |
| |
| Abstract: | Based on the latest research of IKE protocol with digital signature authentication as main mode, this paper, in the light of the potential security flaws, proposes a modified scheme. Through step-by-step authentication, the proposed scheme, in conformity with the framework of ISAKMP and the symmetric structure of IKE, could quickly detect the man-in-the-middle attack, and protect the identities of the communicating parties. Analysis on its capability indicates that the modified scheme is secure, efficient and feasible. |
| |
| Keywords: | Internet Key Exchange(IKE) protocol man-in-the-middle attack digital signature authentication main mode |
| 本文献已被 维普 万方数据 等数据库收录! |
|
