Research And Application Of IPSec Man-in-middle Attack Detection And Defense Strategy

As a security protocol,IPSec(Internet Protocol Security)has its own unique security mechanism compared to other Virtual Private Network(VPN)protocols.At the same time,IPSec has strong flexibility and adaptability to emerging technologies,which makes the application fields and scenarios of IPSec more and more extensive.And the security of IPSec is getting more and more attention.This article implements a man-in-the-middle attack in the real IPv4 network environment with five default IPSec VPNs configuration settings on four operating systems,namely Windows 7,Windows 10,Android,and iOS.What's more,this paper implements a detection and defense prototype system for this attack.First,this paper analyzes the vulnerability of IPSec and the feasibility of man-in-the-middle attacks.And the interaction mechanism of the establishment of the IPSec protocol is studied.What's more,the framework of the ISAKMP protocol and the implementation principles of two key exchange protocols OAKLEY and SKEME are analyzed in detail.After elaborating on the negotiation interaction process of the IKE and the communication principles of encapsulated security load protocol,this paper further analyzes them from attack and detection defense angle of view.Second,this paper proposes a new method of IPSec man-in-the-middle attack.For the knowledge of the establishing process of IPSec protocol and key technologies for connection establishment,this paper firstly explores the characteristics of data packets of IKE negotiation period and then preprocesss traffic of the negotiation process.Based on the specific structure and function of different data packages,this paper proposes the process and algorithm of exchanges key materials,negotiates security policies as well as a final secure establishment with server when the other side of the network acts as a middleman or a client.Third,this paper presents a new method of detection method and defense strategy to deal with the IPSec man-in-the-middle attack method.We analyze and summarize the characteristics of the flow of man-in-the-middle attacks,and propose an attack identification method based on time interval and an attack type recognition method based on the frequency of specific message.According to different detection results,this paper proposes a simple and feasible defense strategy based on the implementation principle of IPSec and different purposes of defense for the reference of security service and users.Finally,this paper designs and implements a verification platform,which includes two systems,namely an IPSec man-in-the-middle attack system and a detection and defense prototype system.Up to now,as far as we know,no one before has published any work in this area.Therefore,the research in this paper is kind of a groundbreaking work.It's proved in the verification platform that the communication content security of IPSec applications is facing challenges in a real network environment,which provides important reference for future researches related to IPSec as well as for key technologies related to network security.