摘要
IPSec是IP协议层的安全体系结构,是构筑虚拟专网(VirtualPrivateNetworks,VPNs)的基本规范;它是通过安全关联(SecurityAssociation,SA)的约定和协商来实现对通信实体间通信过程的保护.目前,在该领域中尚有诸如IPSec下安全关联的协商机制等问题有待进一步探讨.首先分析IPSec安全关联及其协商的实现条件和相应的保护环境,即ISAKMPSA,然后讨论在IKE协议中协商ISAKMPSA过程存在的安全关联载荷认证缺陷,并以主模式下预共享密钥方式交换过程为例,针对该缺陷对IKE协议交换过程中验证参数的计算提出了改进方案.
IP Sec is the protocol set in the IP layer and one of the basic specifications that are contributed to the virtual private networks(VPNs). The secure communications about two entities will be protected by the definition & negotiation of security associations (SAs). Nowadays, a lot of questions, the mechanism of negotiating SAs on IP Sec, will be further debated. The article discusses IP Sec's association and its negotiating condition, which will protect the negotiating procedure of IP Sec's association. Then, we point out an amendment on the security flaws, in which HASH-parameter definition is wrong, in the negotiating ISAKMP SA by the pre-shared key authentication under the main mode on IKE protocols.
出处
《安徽工程科技学院学报(自然科学版)》
CAS
2002年第2期20-23,共4页
Journal of Anhui University of Technology and Science
基金
安徽省教育厅自然科学基金资助项目(2002KJ3282C)
