摘要
在IPSec大规模部署应用下,分析了IKEv2和JFK两种现有协议安全及性能缺陷,提出了一种轻量级密钥交换协议LKE,该协议能有效减少报文交互数量,降低计算资源开销。通过经典Puzzle机制和两轮异步DiffieHellman交换,解决了抗DoS攻击与完美前向安全特性难以共存的问题。仿真结果表明,LKE对低带宽通信环境具有较强的适应性,在低于384kbps的无线链路条件下,LKE协议的收敛时间相比IKEv2和JFK分别减少了20%和10%。
By analyzing security and performance deficiencies of IKEv2 and JFK in the large-scale deployment of IPSec ap-plications ,the paper proposes a lightweight key exchange protocol (LKE) in order to reduce the number of messages and the cost of computing resources effectively .LKE solves the coexistence of both anti-DoS attack and perfect forward secrecy by classical puzzle and two round asynchronous exchanges .It is shown by simulation that LKE strongly accommodates communication with limited bandwidth and exceeds IKEv2 and JFK in performance .LKE acquires less convergence time by 20% and 10% respectively while the wireless bandwidth decreases to less than 384kbps .
出处
《软件导刊》
2014年第11期158-162,共5页
Software Guide
