| IPSEC (IP Security) is a new security standard for the Internet, which is developed by Internet Engineering Task Force in 1998.It is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, protection against replays, confidentiality (encryption), and limited traffic flow confidentiality. IKE (Internet Key Exchange) protocol is a key component of IPSEC protocol family, it realizes an authenticated key exchange, and provides security services for IPSEC AH and ESP. It is the most promising key exchange protocol on the Internet.In this paper, the basic principle and process of the Internet Key Exchange Protocol are discussed in detail, and some kinds of attacks which the IKE protocol is often faced with are deeply researched such as the denial of service attack, transforming payload attack and reflecting attack. Furthermore, in order to prevent these attacks, I put forward some improving algorithms. On the basis of discussing above, the implementation of pre-shared key authentication of IKE on Vxworks embedded operating system platform is discussed especially, brought forward a brand-new architecture and a feasible implementation scheme of IKE, described the design approach and function partition, and displayed the main data structures and flow charts. Finally, I acquired the relevant test data by way of putting into effect on the router.
|
PDF Full Text Request