| IP protocol is the foundation of the most network in the world. But the IP protocol is not safe enough for the network. The IPSec protocol encrypts and authenticates the IP packet to protect the IP packet. The Internet Exchange Key protocol (IKE) is an essential part of the IPSec protocol. Its function is to negociate and manage each other's SA. The IKEv1 consist of the ISAKMP, OAkey and Skeme protocol. IETF published IKEv2 in October, 2005. IKEv2 improves the IKEv1 but it has its own drawback.Firstly, the IPSec protocol was analysed and the analysis focues on the the function of IKE in the whole IPsec. Then this paper analyses the IKEv1 protocol and figures out the drawback of the IKEv1. In case of the drawback of the IKEv1, this paper analyses the JFK, Arcanum prococol and Hossin Haddad's proposal. The IKEv2 is the emphasis of this paper. According to the drawback of IKEv2, this paper proposes the client puzzle and Diffie-Hellman stack to improve the IKEv2. And a new way to defense the IP fragmentation is proposed in this paper.This paper introduces the client puzzle's concept and at what condition the client puzzle can be used .The paper also introduces the the sorts of "puzzle ". After the client puzzle be used to improve the IKEv2, a test is made to compare the performance of the IKEv2.At last, this paper talks about the programming of the IKEv2.The IKEv2 progess is made of five modules: management module, negociation module, processing module, encryption module and core module. At the last chapter, this paper focuses on the function of the modules and how the modules is working. |
PDF Full Text Request