Analytical Improvement And Implementation For Internet Key Exchange Protocol

In the open network architecture, the protection for data confidentiality, integrity and authentication according to the security requirements firstly depends on the shared key of the communicating parties when the secret and sensitive information is transferred. The ultimate objective of Internet Key Exchange protocol is to consult, create and manage the shared key between communication entities, and to approve those entities’authentication. Internet Key Exchange protocol is the most basic, central and significant component of the Internet Protocol Security (IPSec) system. Thus it needs in-depth analysis to complicated security threats and network attacks that Internet Key Exchange protocol faces. In the meantime, it needs to continuously develop the Internet Key Exchange protocol and block the potential security loopholes and hidden dangers by integrating more effective information security technology and method for meeting the growing network application requirements.This paper gives a comprehensive overview of the IPSec security protocol theoretical system. Based on the systematic research about the Internet Key Exchange protocol specification, its basic theories, the technical framework, and the application and research status, we elaborately analyze the security flaws of IKE, IKEv2, JFK protocols and find some shortcomings. For example, both of the parties of some protocols such as JFK have weak capability to resist the attacks from computing resources DoS. By organically combing of the identification protocol and identity-based key exchange protocol, this paper proposes two improved Internet Key Exchange protocols respectively based on the security of the RSA algorithm and the elliptic curve algorithm. The improved protocols can not only effectively achieve the initiator and responder’s identities but also have enhanced ability to resist the attacks from computing resource DoS for both initiator and responder. Finally, this paper implements the improved Internet Key Exchange protocols on the basis of in-depth study of the popular open source technology solutions in nowadays.