| IKE protocol is the best internet key exchange protocol for IPSEC, which in charge of the negotiation and management of SA dynamically. Four different identity authentication mechanisms are introduced in the IKE main mode while it is designed to protect the private identity, include the preshared key, the digital signature and two public key encryptions. Those four types of authentication determine the message payload constructions in the IKE main mode protocol.The topic has done a lot of works with an emphasis on the main mode authentication mechanism of IKE protocol. First, we deeply researched the exchange principle and authentication mechanisms of IKE main mode,, systemically analyzed the potential security problems in the preshared key, the digital signature and two public key encryptions. According to the problems, we presented different solutions respectively from different ways. Second, we summarized two famous implementation projects of IKE protocol—SWAN and raccoon in KAME, pointed out the exit problems and especially analyzed the implementation of the negotiation of the IKE main mode of the two projects. Third, we realized the revised solution of preshared key based IKE protocol we presented with C language and the open source code of Racoon under Linux platform. We not only proved the application of for dynamic users in the lab, but also did a good supplement for Racoon project. Thus, we realized a new key index solution used in preshared key based authentication of IKE main mode. |
PDF Full Text Request