DocumentCode
3097651
Title
Analysis and improvement of IKEv2 against denial of service attack
Author
Xiaowei, Zhu ; Haigang Zhou ; Jun, Liu
Author_Institution
Inst. of Commun. Eng., PLA Univ. of Sci. & Technol., Nanjing, China
Volume
1
fYear
2010
fDate
18-19 Oct. 2010
Abstract
IKEv2 is the new version of Internet Key Exchange protocol. Despite of its several advantages, it is still vulnerable to denial of service attack. In this paper, we propose an improvement of IKEv2, which is based on the shared secret and asymmetric distribution of calculations. By analyzing the improved IKEv2 with a cost-based framework, we conclude that the improvement is secure against DoS attack. Furthermore, associated with cookie mechanism, the improvement can prevent flooding attack from spoofed IP addresses. And the improvement can also achieve the identity authentication in advance, resist man-in-the-middle attack and replay attack.
Keywords
IP networks; Internet; computer network security; message authentication; protocols; IKEv2; asymmetric distribution; cookie mechanism; denial of service attack; identity authentication; internet key exchange protocol; man-in-the-middle attack; replay attack; shared secret; spoofed IP address; Cryptography; DoS attack; IKEv2; cost; man-in-the-middle attack; replay attack;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Networking and Automation (ICINA), 2010 International Conference on
Conference_Location
Kunming
Print_ISBN
978-1-4244-8104-0
Electronic_ISBN
978-1-4244-8106-4
Type
conf
DOI
10.1109/ICINA.2010.5636375
Filename
5636375
Link To Document