摘要
IPSec协议能为网络中传输的数据提供安全保障,在我国关键基础设施领域应用广泛。但随着量子计算的发展及Shor、Grover等量子算法的提出,国密IPSec协议的安全受到一定的量子威胁。因此,识别国密IPSec协议中的量子风险密码功能及风险等级,对于国密IPSec协议的量子安全增强设计非常有必要。基于此背景提出了3种面向国密IPSec协议的量子安全设计模式,并对这3种模式在迁移属性和通信量方面进行了对比分析,为业界在国密IPSec协议的后量子迁移实践提供参考。
The IPSec protocol can provide security for the data transmitted in the network and is widely used in the field of critical infrastructure in China.However,with the development of quantum computing and the proposal of quantum algorithms such as Shor and Grover,the security of national secret IPSec protocol is subject to certain quantum threats.Therefore,it is very necessary to identify the quantum risk cryptographic functions and risk levels in the national secret IPSec protocol for the quantum security enhancement design of the national secret IPSec protocol.Based on this background,three quantum security design modes for national secret IPSec protocols are proposed,and the above three modes are compared and analyzed in terms of migration attributes and traffic,which can provide a reference for the industry in the post-quantum migration practice of national secret IPSec protocols.
作者
张小青
李文华
林琳
王良成
黄妙
黄锦
ZHANG Xiaoqing;LI Wenhua;LIN Lin;WANG Liangcheng;HUANG Miao;HUANG Jin(China Electronics Technology Network Security Technology Co.,Ltd.,Chengdu Sichuan 610095,China;Trusted Cloud Computing and Big Data Key Laboratory of Sichuan Province,Chengdu Sichuan 610095,China;No.30 Institute of CETC,Chengdu Sichuan 610041,China)
出处
《信息安全与通信保密》
2024年第10期53-65,共13页
Information Security and Communications Privacy
关键词
IPSEC协议
后量子密码
量子安全
后量子迁移
密码敏捷
IPSec protocol
post-quantum cryptography
quantum security
post-quantum migration
cryptography agility
