| 一种抗D oS攻击的轻量级密钥交换协议 |
| |
| 引用本文: | 鲁志萍,许军.一种抗D oS攻击的轻量级密钥交换协议[J].人天科学研究,2014(11):158-162. |
| |
| 作者姓名: | 鲁志萍 许军 |
| |
| 作者单位: | 江苏信息职业技术学院物联网工程系,江苏无锡214011 |
| |
| 摘 要: | 在IPSec大规模部署应用下,分析了IKEv2和JFK两种现有协议安全及性能缺陷,提出了一种轻量级密钥交换协议LKE ,该协议能有效减少报文交互数量,降低计算资源开销。通过经典 Puzzle机制和两轮异步Diffie -Hellman交换,解决了抗DoS攻击与完美前向安全特性难以共存的问题。仿真结果表明,LKE对低带宽通信环境具有较强的适应性,在低于384kbps的无线链路条件下,LKE协议的收敛时间相比IKEv2和JFK分别减少了20%和10%。
|
| 关 键 词: | 密钥交换 IKEv2 JFK 拒绝服务攻击 完美前向安全 |
A Lightweight Key Exchange Protocol With Anti-DoS Attack |
| |
| Abstract: | By analyzing security and performance deficiencies of IKEv2 and JFK in the large-scale deployment of IPSec ap-plications ,the paper proposes a lightweight key exchange protocol (LKE) in order to reduce the number of messages and the cost of computing resources effectively .LKE solves the coexistence of both anti-DoS attack and perfect forward secrecy by classical puzzle and two round asynchronous exchanges .It is shown by simulation that LKE strongly accommodates communication with limited bandwidth and exceeds IKEv2 and JFK in performance .LKE acquires less convergence time by 20% and 10% respectively while the wireless bandwidth decreases to less than 384kbps . |
| |
| Keywords: | Key Exchange IKEv2 JFK Denial of Service Attack Perfect Forward Secrecy |
| 本文献已被 维普 等数据库收录! |
