| Nowadays, Internet Key Exchange Protocol (IKE/IKEv2) has become the preferred internet key exchange protocol in the realization of IPSec. However, because it is a kind of mixed protocol, its complexity brings some unavoidable limitations, such as in security and dissatisfising performance. This paper trys to sum up the previous studies based on the related existing works, and aims at sheding lights on the shortage of lacking of security and identity secrecy of IKE. The main contents of this paper include the analysis and improvement of internet key exchange protocol and its realization. This paper's contributions are:1) To introduce the method of BAN logic and to explain the significance of logic for key analysis of security. Some possible improvements are raised in SVO logic which are proposed to analyze IKEv2 protocol's core security: confidentiality and authentication. Through the analysis above, we can find that the responder could not confirm whether the connection is built up or not. Finally, A new amendment is provided to the protocol to solve this problem.2) To analyse the Security flaw in the internet key exchange protocol based on the identification protection. Some improvement advices and solutions are proposed to protect the initiator's identity. Compares with some previous works.3) To finish the design the module of IKEv2 which is already amended, and to present struts and some important functions associated with it. These important conclusions are based on several sets of controlled group experiments about the realization of IKEv2 in racoon2. |
PDF Full Text Request