| With the development of information technology and internet, there comes a lot of new techniques for network communication. VPN(Virtual Private Network) is one of these techniques, which implement the transportation of private data on the open network by tunneling technology and security configuration. Because of its security and reliability, VPN has attached more and more attention of people. IPSec(IP Security) is a group of security protocols, presented by IETF(Internet Engineering Task Force). IPSec can provide strong encryption and authentication for VPN communication. IKE(Internet Key Exchange) is the core of IPSec protocols. It is responsible for dynamic key negotiation and SA(Security Association) management.This research starts with discussion on basic theories and technology of VPN and IPSec and then analyzes in details the IKE Protocol. IKE Protocol's basic functions, exchange modes of different stages as well as the tools are analyzed, which are used in the exchange process of IKE Protocol. The research analyzes the security of IKE, discusses the flaws of the current methods against the man in the middle attacks and designs an improvement on cookie generation arithmetic against the man in the middle attacks. As for the pre-share keys identification scheme, the security flaw of it is its vulnerability to the man in the middle attacks at the stage of ID authentication. Improvement is made in response to the disadvantages. A password authentication IKE Protocol with no encrypting for the third-party is designed on the basis of the former two improvements.Meanwhile, the research makes reasonable partition of the functional modules of IKE, designs an improved IKE Protocol system model and realizes these modules'functions under Windows 2000 in C language. |
PDF Full Text Request