摘要
为解决现有密钥协商协议在云计算环境下的适应性问题,深入分析云计算场景对密钥协商协议的安全需求,结合现有IKEv2协议的安全性能缺陷,采用puzzle机制、密钥材料及身份信息推迟传递等手段对IKEv2进行改进,提出了一种适应云计算网络环境的密钥协商协议IKE-C,有效提升了协议中响应者的抗拒绝服务(DoS)攻击能力,同时解决了中间人攻击导致发起者身份泄露的问题。还对两种协议的收敛时间进行了比较,仿真结果表明,在相同的网络规模下,IKE-C协议的收敛时间低于IKEv2,并且随着客户端数量的增加,其优势逐渐明显。
By analyzing security requirement of key agreement in cloud computation environment and the defect of security performance for IKEv2, an improved key agreement protocol IKE-C was proposed in order to solve the problem of adaptability of the existing key agreement protocols in cloud computation environment. Puzzle, key material and delaying the transmission of ID were adopted in order to promote the ability of anti-DoS ( Denial of Service) attack and overcome the problem that sender identity would be leaked because of man-in-the-middle attack. Performance comparison was conducted in the paper. The simulation result indicates that IKE-C gets shorter convergence time than IKEv2 with the same network scale, and performance superiority is more obvious as clients are increasing.
出处
《计算机应用》
CSCD
北大核心
2013年第10期2835-2837,2864,共4页
journal of Computer Applications
关键词
云计算
密钥交换
IKEV2
拒绝服务
发起者身份隐藏
cloud computing
key exchange
Internet Key Exchange version 2 (IKEv2)
Denial of Service (DoS)
initiator ID privacy