Title :
Analysis and improvement of IKEv2 against denial of service attack
Author :
Xiaowei, Zhu ; Haigang Zhou ; Jun, Liu
Author_Institution :
Inst. of Commun. Eng., PLA Univ. of Sci. & Technol., Nanjing, China
Abstract :
IKEv2 is the new version of Internet Key Exchange protocol. Despite of its several advantages, it is still vulnerable to denial of service attack. In this paper, we propose an improvement of IKEv2, which is based on the shared secret and asymmetric distribution of calculations. By analyzing the improved IKEv2 with a cost-based framework, we conclude that the improvement is secure against DoS attack. Furthermore, associated with cookie mechanism, the improvement can prevent flooding attack from spoofed IP addresses. And the improvement can also achieve the identity authentication in advance, resist man-in-the-middle attack and replay attack.
Keywords :
IP networks; Internet; computer network security; message authentication; protocols; IKEv2; asymmetric distribution; cookie mechanism; denial of service attack; identity authentication; internet key exchange protocol; man-in-the-middle attack; replay attack; shared secret; spoofed IP address; Cryptography; DoS attack; IKEv2; cost; man-in-the-middle attack; replay attack;
Conference_Titel :
Information Networking and Automation (ICINA), 2010 International Conference on
Conference_Location :
Kunming
Print_ISBN :
978-1-4244-8104-0
Electronic_ISBN :
978-1-4244-8106-4
DOI :
10.1109/ICINA.2010.5636375
