Analysis and Improvement of IKEv2 against Denial of Service Attack
IKEv2 is the new version of Internet Key Exchange protocol. Despite of its several advantages, it is still vulnerable to denial of service attack. In this paper, we propose an improvement of IKEv2, which is based on the shared secret and asymmetric distribution of calculations. By analyzing the improved IKEv2 with a cost-based framework, we conclude that the improvement is secure against DoS attack. Furthermore, associated with cookie mechanism, the improvement can prevent flooding attack from spoofed IP addresses. And the improvement can also achieve the identity authentication in advance, resist man-in-the-middle attack and replay attack.
IKEv2 DoS attack cost man-in-the-middle attack replay attack
Zhu Xiaowei ZHOU Haigang Liu Jun
Institute of Communications Engineering PLA University of Science and Technology Nanjing,China
国际会议
昆明
英文
350-355
2010-10-17(万方平台首次上网日期,不代表论文的发表时间)