摘要
本文首先扩展了串空间的理想理论,然后应用此扩展理论分析IKE2协议的核心安全:秘密性和认证性。通过分析,证明了IKE2协议的密钥交换和认证安全性,但同时发现它不能在主动攻击模式下保护发起者身份,对此我们提出了一个修改意见。对IKE2的分析也为扩展串空间理论在复杂协议分析中的应用提供了一个实践基础。
In this paper, we first extend the ideal theory of Strand Spaces, and then apply this extended theory to analyzing a complex Internet key exchange protocol, IKE2. We focus on this protoeol's core security: keys' secrecy and authentication correctness. Through our analysis we prove that IKE2 can achieve its security goals in keys' secrecy and entity authentication. But IKE2 can't protect initiator's identity against active attack. We propose a modified main exchange of LKE2 for this bug. This analysis also gives a practical base for further application of extended Strand Spaces in analyzing complicated protocols which include plenty cryptographic primitives.
出处
《计算机科学》
CSCD
北大核心
2005年第11期59-63,123,共6页
Computer Science