| With the development of Internet, network security issues for further more using of the Internet has become a key issue. Information transmitted over the network is the key to a security risk to develop TCP/IP protocol does not take into account when the safety of information transmission. Later, to solve network security problems, using a variety of filtering mechanisms to prevent invaders, and these methods are either not very effective, or seriously reduce the transmission efficiency. Studies have shown that in order to effectively improve network security, access control need to provide greater and more comprehensive security protection. IPSec protocols at the network layer provide a stronger and more comprehensive access control security. IPSec protocols "seamless" introduce of security features for IP, while providing authentication, data integrity, confidentiality and anti-aggressive. IKE (Internet Key Exchage) protocol IPSec protocol suite is one of the important agreement, is responsible for dynamic negotiation and management of security associations. However, the current shortcomings of IKE protocol hasvea bad effect on IPSec protocols'security features. Improving the IKE protocol to improve network security is the content and purpose of this study.First, a brief description of the network security situation, there are security risks, security technology and cryptography, the basic content, and by comparing the TCP/IP layers of the advantages and disadvantages of the implementation of network security measures that provide security services at the network level of superiority. Then, detailed description of the security services at the network layer protocol of the IPSec security architecture and principle, and one of the AH protocol, ESP protocol, security association, security policy and the process conducted in-depth study and understanding of the The importance of IKE protocol. Then, the focus of the IKE protocols, including IKE protocol messages defined in the load, switching mode, IKE negotiation phase of the message processing and the exchange process.Secondly, based on the analysis of IKE Protocol IKE protocol flaw obtained that IKE protocol are vulnerable to denial of service attack is in the key of the negotiation phase of a failure when the exchange of information to be used, a large number of calculations and negotiations lead to consumption of system resources associated denial of service sexual assault; the middle attack vulnerability is that the agreement is based on the Diffie-Hellman key exchange protocol over the authentication mechanism. In a deep understanding of the premise of IKE protocol proposed ECC-based digital signature algorithm with solutions to improve the IKE protocol in IPSec protocol vulnerable to denial of service attacks, middle attacks and identity protection. |
PDF Full Text Request