通用可组合安全的Internet密钥交换协议

Abstract

Abstract:

The new Internet key exchange protocol (IKEv2) is analyzed, and it is found that the protocol can not achieve active identity protection to the initiator and has the security flaw of authentication failure in its initial exchange. However, it is necessary to protect the identity information to the initiator under the environment of a wireless access network. In this paper, a novel key exchange protocol for the wireless network based on IKEv2 initial exchange is proposed, which realizes active identity protection to the initiator by the responder explicitly proving his true identity, and achieves successful authentication by reconstructing the authentication payload. With the Universally Composable (UC) security model, this new protocol is analyzed in detail, with the analytical results showing that it affords provably UC security. Performance analysis and simulation results show that the proposed protocol has less computation and communication overhead.

Key words: Internet protocol security, key exchange, Internet key exchange protocol, provably secure, universally composable

CLC Number:

TP393

PENG Qing-quan;PEI Qing-qi;YANG Chao;MA Jian-feng. Universally composable secure Internet key exchange protocol[J].J4, 2009, 36(4): 714-720.

References

［1］Harkins D, Carrel D. Internet Key Exchange［EB/OL］. ［1998-11-11］. http://tools.ietf.org/rfc/rfc2409.txt.
［2］Kaufman C. Internet Key Exchange (IKEv2) Protocol［EB/OL］.［2005-12-25］. http://tools.ietf.org/rfc/rfc4306.txt.
［3］Krawczyk H. SIGMA: the ‘SIGn-and-Mac' Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols［C］//Advances in Cryptology-CRYPTO'2003 LNCS 2729. Berlin: Springer-Verlag, 2003: 400-425.
［4］Boyd C, Mao W, Paterson K. Deniable Authentication for Internet Protocols［C］//Proceedings of IWSP'03 LNCS 3364. Berlin: Springer-Verlag, 2003: 137-150.
［5］Tschofenig H, Kroeselberg D, Pashalidis A, et al. EAP IKEv2 Method［EB/OL］. ［2007-09-27］. http://tools. ietf. org/id/draft-tschofenig-eap-ikev2-15.txt.
［6］Bellare M, Rogaway P. Entity Authentication and Key Distribution［C］//Advances in Cryptology-Crypto'93 LNCS 773. Berlin: Springer-Verlag, 1994: 232-249.
［7］Canetti R, Krawczyk H. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels［C］//Advances in Cryptology-Eurocrypt'01 LNCS 2045. Berlin: Springer-Verlag, 2001: 453-474.
［8］Canetti R. Universally Composable Security: a New Paradigm for Cryptographic Protocols［EB/OL］. ［2005-12-14］. http://eprint.iacr.org/2000/067.ps.
［9］Canetti R, Dodis Y, Pass R, et al. Universally Composable Security with Pre-Existing Setup［C］//Proceedings of the 4th Theory of Cryptology Conference (TCC) LNCS 4392. Berlin: Springer-Verlag, 2007: 61-85.
［10］杨超, 曹春杰, 马建峰. 通用可组合安全的Mesh网络认证协议［J］. 西安电子科技大学学报, 2007, 34 (5): 814-817.
Yang Chao, Cao Chunjie, Ma Jianfeng. Universally Composable Secure Authentication Protocol for Wireless Mesh Networks［J］. Journal of Xidian University, 2007, 34(5):814-817.
［11］Meadows C. Analysis of the Internet Key Exchange Protocol Using the URL Protocol Analyzer［C］//Proceedings of IEEE Symposium on Security and Privacy'99. Los Alamitos: IEEE, 1999: 216-231.
［12］Canetti R, Krawczyk H. Universally Composable Notions of Key Exchange and Secure Channels［C］//Advances in Cryptology-Eurocrypt'02 LNCS 2332. Berlin: Springer-Verlag, 2002: 337-351.

[1]	ZHANG Zinan;GUO Yuanbo;YANG Kuiwu;HUANG Huixin;YANG Zhanhai. Universally composable security authenticated key exchange protocol [J]. J4, 2014, 41(5): 185-191.
[2]	SUN Jin;HU Yupu. Fully secure attribute-based broadcast encryption [J]. J4, 2012, 39(4): 23-28+154.
[3]	XIAO Hong;WANG Hong;MA Runnian;CUI Jie. Provably secure threshold FFS signature scheme in the random oracle model [J]. J4, 2011, 38(6): 130-133+151.
[4]	DING Yong. Key management scheme for WSN using ECC [J]. J4, 2008, 35(4): 739-742.

Universally composable secure Internet key exchange protocol

PDF (PC)

Like

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 4

Metrics

Comments

Recommended 10