Premium
Analysis and improvement of the Internet‐Draft IKEv3 protocol
Author(s) -
Cheng Qingfeng,
Lu Siqi,
Ma Jianfeng
Publication year - 2017
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.3194
Subject(s) - computer science , ipsec , security association , computer security , computer network , reflection attack , internet layer , internet protocol , internet protocol suite , authentication protocol , the internet , ip tunnel , internet security , challenge handshake authentication protocol , otway–rees protocol , key (lock) , security service , network access control , information security , cloud computing security , world wide web , operating system , cloud computing
Summary Internet protocol (IP) is the kernel of the TCP/IP protocol family. Because IP is the only one that is shared by all high‐level protocols in TCP/IP. So the security of the IP is particularly important to the whole communication network. Fortunately, IPsec provides excellent protection for the kIP security. As a part of the IPsec, Internet Key Exchange (IKE) protocol can achieve security association negotiation, key generation, and identity authentication. The study of IKEv2, both in its application and security analysis, has been relatively mature. When the Internet Engineering Task Force published the Internet‐Draft IKEv3 protocol, there is not much attention and research on it. In this paper, we analyze the security and authentication of IKEv3 by formal verification and show that IKEv3 is susceptible to reflection attack and DoS attack. Then we propose a new variant of the IKEv3 protocol, which both resists reflection attack and mitigates the impact of the DoS attack.