摘要
在基于数字签名认证主模式IKE协议最新研究进展的基础上,针对其安全漏洞,提出了一种改进方案。该方案在遵循ISAKMP框架及IKE交互对称结构的基础上,采用分步认证的方法,能够及早发现并阻止中间人攻击,从而保护通信双方的身份。性能分析表明,该方案是安全、高效、可行的。
Based on the latest research of IKE protocol with digital signature authentication as main mode, this paper, in the light of the potential security flaws, proposes a modified scheme. Through step-by-step authentication, the proposed scheme, in conformity with the framework of ISAKMP and the symmetric structure of IKE, could quickly detect the man-in-the-middle attack, and protect the identities of the communicating parties. Analysis on its capability indicates that the modified scheme is secure, efficient and feasible.
出处
《通信技术》
2009年第5期238-240,268,共4页
Communications Technology
关键词
IKE协议
中间人攻击
数字签名认证
主模式
Internet Key Exchange(IKE) protocol
man-in-the-middle attack
digital signature authentication
main mode