摘要
由于IKE协议中签名认证方式易受中间人攻击,因此IKE协议存在用户ID泄漏的安全隐患。针对该问题,文章提出了一种隐藏用户ID的解决方案。此方案既保持了ISAKMP的框架结构又可以有效地抵御中间人攻击和暴力破解手段,而且付出的系统代价很小。此方案已被一款IPSec协处理器的设计所采纳。
Becauae Internet key exchange authentication with signatures is vulnerable to the man-in-the-middle attack, the user ID may expose to the outside in the IKE protocol. Aimeing at this issue, this paper proposes a solution to hide the user ID. This solution not only maintains the framework of ISAKMP but also resists the man-in-the-middle attack and brutal force attack effectively, with cheap system cost. This solution has already adopted by the design of an IPSec coprocessor.
出处
《计算机工程》
CAS
CSCD
北大核心
2006年第19期154-156,共3页
Computer Engineering
基金
国家科技部"863"计划立项及滚动基金资助项目(2003AA1Z1440
2005AA1Z1150)
