Analysis And Improvement And Realization Of IKE Protocol For IPSEC

IPSEC protocol is a kind of network security standard which is framed by IETF organization for safe communication, and it can be used to provide security protection for IP and higher layer protocols. IKE protocol is the default internet key exchange protocol for IPSEC, which is in charge of the negotiation and management of SA dynamically. The reliability of shared-key negotiated by the two communication sides and the security of communication are decided by the security of IKE protocol. Nevertheless, until now, whether the basic protocol edition IKEv1 or the revised protocol editions, e.g. IKEv2, JFK still have some shortcomings and security problems. Recently, analysis and improvement of IKE protocol has become a hotspot in network security area. In this paper, according to the revised schemes advanced by many scholars, the further improved schemes are brought up to solve the defects of IKEv1 main mode protocol based on pre-shared-key authentication and pre-shared-key authentication algorithm in IKEv2, and they are fulfilled on the platform of Linux. Firstly, the structure and principle of IPSEC protocol is discussed and the mechanism of internet key exchange protocol including IKEv1, IKEv2 and JFK is referred. Moreover, the mechanism of authentication and negotiation of IKEv1 main mode protocol based on pre-shared-key authentication is emphasized and the revised solutions of IKEv2 aiming at the security problems of IKEv1 are expounded. Secondly, the security problems of IKEv1, IKEv2 and JFK protocol are analyzed. Thirdly, the revised solution used in IKEv1 main mode protocol based on pre-shared-key authentication is introduced, the revised pre-shared-key authentication algorithm of IKEv2 is referred. At the same time, the feasibility and security of the revised solution as well as algorithm advanced by this paper is demonstrated. At last, C language is used on the platform of Linux with the open source code of Racoon to realize the revised solution of IKEv1 main mode protocol based on pre-shared-key authentication.In respect of protocol improvement, first, the way which uses the theory of interlock protocol and the revised SKEYID algorithm improves IKEv1 main mode protocol based on pre-shared-key authentication, so the revised scheme ulteriorly strengthens the security of the protocol, second, it uses the randomization process theory of black box and numbers-producing device in the pre-shared-key authentication algorithm of IKEv2 protocol, therefore, it further revises the algorithm and enhances the security of protocol. In respect of protocol realization, by establishing the LAN in the lab, it broadens the application of protocol. To more extent, it demonstrates the security of the revised IKEv1 main mode protocol based on pre-shared-key authentication inLAN.