摘要
Internet密钥交换协议(IKE)是用于交换和管理在VPN中使用的加密密钥的。到目前为止,它依然存在安全缺陷。基于该协议的重要的现实意义,简单地介绍了它的工作机制,并对它进行了安全性分析;对于抵御中间人攻击和DoS攻击,给出了相应的修正方法;还对主模式下预共享密钥验证方法提出了新的建议;最后给出了它的两个发展趋势:JFK和IKEv2。
Internet key exchange (IKE) protocol is used to exchange and manage the encryption key in VPN. At present, there still are some security limitations in it. On the base of its important reality significance, the mechanism of IKE protocol was introduced and its security analysis was provided here. Some improvements were presented in defending man-in-middle attack and DoS attack. In addition, some suggestions were made in main mode which was authenticated with a pre-shared-key. Finally, JFK and IKEv2 were given as its two trends.
出处
《计算机工程与设计》
CSCD
北大核心
2005年第9期2473-2475,2481,共4页
Computer Engineering and Design
