IKE Protocol And Its Policies Resistant To The DoS Attack

At first,this thesis describes the secure characteristics and mechanisms on the Internet Protocol Security (IP Sec),also introduces the Internet Security Association and Key Management Protocol (ISAKMP) specified in RFC 2408 and the Internet Key Exchange (IKE) protocol specified in RFC 2409 for IP Sec. Secondly,it thoroughly analyzes the validities of the secure characteristics of the IKE protocol based on the former formal analysis. Finally,it examines some security issues,such as authentication of security association (SA),protection of identity,use of certificate and support for nomadic user,on the IKE protocol. It gives the new amendment on the authentication of security association. Further more,it also gives two new improvement suggests that are proved by the secure evaluation for the IKE protocol resistant to the two denial-of-service (DoS) attacks. It investigates the authentication mechanism on Diffie-Hellman (DH),which is why the IKE protocol can' t avoid meeting denial-of-service attacks. The weak key confirmation and its key protocol are investigated.