邢新景,张朝阳,王匡

DOI: https://doi.org/10.3969/j.issn.1003-8329.2003.04.009

2003-01-01

Wireless Communication Technology

Abstract:The WEP security algorithm used in IEEE 802.11 wireless LAN is introduced. Under the basis of a systematical analysis, flaws embedded in WEP are pointed out, and correspondingly, several attacking methods are provided to prove the weakness of WEP. The upgraded version of WEP algorithm-TKIP was also introduced and analyzed. At last, some potential solutions to the security problems are also proposed in using existing IEEE 802.11 equipments.

ZHANG Chaodong,XU Mingwei

DOI: https://doi.org/10.3321/j.issn:1000-0054.2006.07.024

2006-01-01

Abstract:The version 2 of the Internet Key Exchange Protocol(IKEv2) will become a request for comments.Analyses of IKEv2 have shown that IKEv2 is susceptible to denial of service(DoS) attacks based on IP fragment and degenerate message attacks.DoS attacks can be handled by using an IP address preferred list.An improved way to generate keying materials to protect against degenerate message attacks is based on shared secrets.Analysis results indicate that these two measures improve IKEv2's ability to resist DoS attacks and degenerate message attacks.Measures based on the IP address preferred list can be used directly when implementing IKEv2.The improved methods to generate keying material can be used as a reference for the next version of IKEv2.

ZHANG Ling-ling,PAN Xue-zeng,CUI Yu-zeng

2005-01-01

Abstract:Comparing the difference between IKEv2 and IKE,the advantages of IKEv2 on the complex of the implementation and the low delay were analyzed.The message exchange and the generation of various keys of IKEv2 was introduced, an implementation approach of IKEv2 using the security coprocessor were proposed.This implementation can accelerate the process of key generation,message encryption and integrity verify check.

刘东喜,张连华,白英彩

2003-01-01

Abstract:This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.

LIU Xin,MAO Yu-ming

DOI: https://doi.org/10.3969/j.issn.1672-2892.2005.01.015

2005-01-01

Abstract:Now the network security service is provided by the security gateway.The most widely used protocol is Internet Key Exchange protocol (IKE).The initial IKE standards work well for peers with fixed IP address.But with the development of the network,especially after the mobile network is introduced,the methods of accession have been multiplied,which has aroused a problem that the IP address of the computer is no longer fixed.How to provide the security service in such a kind of network is a current focus.In this paper,how to combine the IKE with the Authentication Methods is introduced.The advantages and disadvantages of the ways are discussed.The situations in which such ways could work best are analyzed. In the end a conclusion is drawn that in the network in which the IP address is not fixed,the performance of the IKE could be promoted.

Jianqing Fu,Xiaoning Jiang,Lingdi Ping,Rong Fan

DOI: https://doi.org/10.1109/icime.2009.14

2009-01-01

Abstract:In this paper, we identify a vulnerability of IEEE 802.11 wireless Mesh LANs in which a compromised mesh point can still receive data from other mesh points. Then we propose a new protocol that can counter this attack by considering the effective period of both the mesh points (MPs) when decide the lifetime of the key shared between them. We also amend 802.11s draft in order not to bring about a fundamental change to the whole key hierarchy, and propose a protocol to refresh the shared key when it expired. Then we prove the security of the protocol using protocol composition logic (PCL).

Liu Xiang-jiang

2009-01-01

Abstract:Since the Point-to-Point protocol (PPP) provides no protection for the negotiations of algorithms, the Internet key exchange (IKE) protocol is introduced into PPP for the negotiations of shared keys and authentication, compression and encryption algorithms. Through the integrity protection of the control messages, this method effectively solves the security problem of negotiations in PPP. The analysis of the method shows that it is much more secure and more effective than the original PPP.

吴越,疏朝明,卜勇华,胡爱群,毕光国

DOI: https://doi.org/10.3321/j.issn:1001-0505.2002.04.003

2002-01-01

Abstract:IPSec (IP security) is the de facto standard of implementing virtual private network on network layer, while key exchange and management mechanism is crucial for IPSec protocols. A through study on fundamental concepts and principles of key exchange for IPSec based VPN (virtual private network) is conducted and the details of the security key exchange mechanism on non-secure public IP based network through a set of parameters negotiation is illustrated. A software implementation of Client/Server model VPN key exchange upon Linux operating system is presented and its security performance such as anti-denial-of-service, anti-connection lijacking, anti-the man-in-the-middle attack and anti-eavesdropping etc. are analyzed. Finally the paper gives a prospective view of IKE (Internet key exchange) research.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.03.008

2010-01-01

Abstract:The security of a recently proposed password-based authenticated key exchange protocol was analyzed. Al- though it was provably secure in the standard model, it was vulnerable to reflection attacks. A modify scheme was pro- posed, which eliminated the defect of original scheme and improved the efficiency of the protocol. The security of the proposed scheme had been proven in the standard model under DDH assumption. The results show that it provides per- fect forward secrecy.

Hu Xiong,Yanan Chen,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.02.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.’s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.

吴越,史小红,曹秀英,毕光国

DOI: https://doi.org/10.3969/j.issn.0255-8297.2003.02.018

2003-01-01

Journal of Applied Sciences

Abstract:This paper describes the vulnerability of the wired equivalent privacy(WEP) protocol in current IEEE802. 11 WLAN standard, such as key sequence reuse, key management and refreshment, message authentication and integrity, etc. It also presents a security solution for WLAN based on IP Security (IPSec) and discusses the fundamental principles of data origin authentication, integrity protection, anti-replay protection and key exchange, Finally it describes their software implementations, makes a security analysis of the solution and looks into the future research.

AO Qingyun,FAN Ruohan,BAI Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.04.031

2001-01-01

Abstract:Key establishment is the heart of data protection that relies on cryptography, and it is an essential component of the packet protection mechanisms in many Internet security protocols. In this paper, we introduce some key negotiation schemes based on Diffie-Hellman key exchange technology. We also give some discussion on each of them.

CHEN Aiguo,LIN Wei,LUO Guangchun,ZHANG Qiang

2013-01-01

MANNED SPACEFLIGHT

Abstract:To solve the conflict between TCP segment-based transport layer performance enhancement technology and IPSec protocol,the multi-layer IPSec technology has been proposed. But traditional IKE protocols can not meet the needs of Multi-layer IPSec key exchange. Based on the IKEv2,a lightweight space Quadri-party Internet Key Exchange Protocol (LSQ-IKE) is presented which can operate in multi-layer IPSec. LSQ-IKE makes a key agreement for the four parties,including two communication sides and two trusted middle nodes. It creates two security associations (SA) and the corresponding session keys to protect the communication process. One of the SA protects the IP packet header and the other protects the payload field,which meets the requirements of multi-layer IPSec key exchange. The analysis shows that LSQ-IKE uses fewer steps to achieve a Quadri-party key exchange than protocols that already exists. So LSQ-IKE has the low-cost and lightweight features.

Wu Liu,HaiXin Duan,Ping Ren,Jianping Wu

DOI: https://doi.org/10.1109/ICGCS.2010.5543034

2010-01-01

Abstract:As the rapid development of Internet and information technology, more and more people now access Internet via Wireless Local Area Network (WLAN) with many features such as: mobility, convenience and low-cost, but the security flaws existed in RC4, WEP and WPA lead to security issues in WLAN. In this paper, we present several serious security flaws in these protocols, stemming from misapplication of cryptographic primitives and discuss in detail each of the flaws, the underlying security principle violations, and implement relative attacks to show the weakness of WLAN protocols. © 2010 IEEE.

SUN Wei-ping,YIN Xia,SHI Xin-gang

2006-01-01

Journal of Computer Applications

Abstract:A black box testing method aiming at IKE(Internet Key Exchange) protocol performance was proposed,which was based on the self-developed platform of protocol integrated test system. Flexible test suite was designed according to characteristics of IKE,and the IKE performance testing was done on one actual host,all kinds of parameters' impact on IKE performance was analyzed. This test method is applicable to IKE tests in different devices.

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

Wei Yang,Pla Information

2003-01-01

Abstract:The exploitation of security gateway or security router is based on the deep understanding of IPSec protocols.In fact, IKE protocol can realize th e automated management of IPSec security parameters, and has high superiority i n technique.From the point of view of realizing IKE protocol, this paper explai ns how IKE daemon thread works,and analyzes emphatically message negotiations o f IK E protocol.

Jun Lei,Xiaoming Fu,Dieter Hogrefe,Jianrong Tan

DOI: https://doi.org/10.1016/j.cose.2007.01.001

IF: 5.105

2007-01-01

Computers & Security

Abstract:IEEE 802.11 wireless LAN has become one of the hot topics on the design and development of network access technologies. In particular, its authentication and key exchange (AKE) aspects, which form a vital building block for modern security mechanisms, deserve further investigation. In this paper we first identify the general requirements used for WLAN authentication and key exchange (AKE) methods, and then classify them into three levels (mandatory, recommended, and additional operational requirements). We present a review of issues and proposed solutions for AKE in 802.11 WLANs. Three types of existing methods for addressing AKE issues are identified, namely, the legacy, layered and access control-based AKE methods. Then, we compare these methods against the identified requirements. Based on the analysis, a multi-layer AKE framework is proposed, together with a set of design guidelines, which aims at a flexible, extensible and efficient security as well as easy deployment.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.31449/inf.v34i3.308

2010-01-01

Informatica

Abstract:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for passwordauthenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S3PAKE.

ZHANG Shu-bin,SUN Hao,WU Yue

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.10.031

2007-01-01

Abstract:This paper describes EAP-AKA authentication method. By giving the safety assessment of the authentication method,some security loopholes are pointed out,the possible attacks analyzed,some improvement suggestions according to these problems proposed,and the feasibility of the modified agreement illustrated.