改进IKEv2协商的建议

The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007) Pub Date : 2007-10-14 DOI:10.1109/SECUREWARE.2007.4385329

Lari Iso-Anttila, J. Ylinen, P. Loula

{"title":"改进IKEv2协商的建议","authors":"Lari Iso-Anttila, J. Ylinen, P. Loula","doi":"10.1109/SECUREWARE.2007.4385329","DOIUrl":null,"url":null,"abstract":"IKEv2 is a new key exchange protocol in the IPsec network and IKEv2 includes a method to detect when it is under denial-of-service (DoS) attack. In case IKEv2 is not under DoS attack it can use initial exchange, but when IKEv2 is under DoS attack cookie negotiation may be used. Cookie negotiation adds an extra round trip to the initial exchange, and protection that is easy to pass by. The resistance to DoS attacks is actually weaker in IKEv2 than in JFK or full-SIGMA in different networks. This paper presents improved cookie negotiation to remedy this weakness. The proposed cookie negotiation delays the responder's calculation work to the last second and computational load is kept as low as possible.","PeriodicalId":257937,"journal":{"name":"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)","volume":"75 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A Proposal to Improve IKEv2 negotiation\",\"authors\":\"Lari Iso-Anttila, J. Ylinen, P. Loula\",\"doi\":\"10.1109/SECUREWARE.2007.4385329\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IKEv2 is a new key exchange protocol in the IPsec network and IKEv2 includes a method to detect when it is under denial-of-service (DoS) attack. In case IKEv2 is not under DoS attack it can use initial exchange, but when IKEv2 is under DoS attack cookie negotiation may be used. Cookie negotiation adds an extra round trip to the initial exchange, and protection that is easy to pass by. The resistance to DoS attacks is actually weaker in IKEv2 than in JFK or full-SIGMA in different networks. This paper presents improved cookie negotiation to remedy this weakness. The proposed cookie negotiation delays the responder's calculation work to the last second and computational load is kept as low as possible.\",\"PeriodicalId\":257937,\"journal\":{\"name\":\"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)\",\"volume\":\"75 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-10-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECUREWARE.2007.4385329\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECUREWARE.2007.4385329","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

IKEv2是IPsec网络中出现的一种新的密钥交换协议，它包含了一种检测自己是否受到DoS (denial-of-service)攻击的方法。当IKEv2没有受到DoS攻击时，可以使用初始交换，但当IKEv2受到DoS攻击时，可能会使用cookie协商。Cookie协商在初始交换的基础上增加了额外的往返，并提供了易于通过的保护。在不同的网络中，IKEv2对DoS攻击的抵抗力实际上要弱于JFK或full-SIGMA。本文提出了改进的cookie协商来弥补这一缺陷。提议的cookie协商将响应者的计算工作延迟到最后一秒，并且计算负载尽可能低。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Proposal to Improve IKEv2 negotiation

IKEv2 is a new key exchange protocol in the IPsec network and IKEv2 includes a method to detect when it is under denial-of-service (DoS) attack. In case IKEv2 is not under DoS attack it can use initial exchange, but when IKEv2 is under DoS attack cookie negotiation may be used. Cookie negotiation adds an extra round trip to the initial exchange, and protection that is easy to pass by. The resistance to DoS attacks is actually weaker in IKEv2 than in JFK or full-SIGMA in different networks. This paper presents improved cookie negotiation to remedy this weakness. The proposed cookie negotiation delays the responder's calculation work to the last second and computational load is kept as low as possible.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)

自引率

0.00%

发文量