| 激进模式下对IKEv1的中间人攻击分析 |
| |
| 引用本文: | 周梦,白建荣. 激进模式下对IKEv1的中间人攻击分析[J]. 电子科技大学学报(社会科学版), 2010, 0(1) |
| |
| 作者姓名: | 周梦 白建荣 |
| |
| 作者单位: | 北京航空航天大学教育部信息、计算与行为重点实验室; |
| |
| 基金项目: | 国家自然科学基金(10871017);;北京市自然科学基金(102026) |
| |
| 摘 要: | 分析了对IKEv1的一种中间人攻击方法,该方法基于IKEv1密钥交换在预共享密钥认证机制下的激进模式。实施中间人攻击的步骤是首先利用IKEv1的离线口令穷举获取预共享密钥,获得预共享密钥后,把Diffie-Hellman(DH)中间人攻击原理应用于IKEv1的激进模式,实现对IKEv1的中间人攻击。通过分析该模式的中间人攻击原理,得出了对IKEv1的激进模式进行中间人攻击的条件、实施方法并评估了其对IPsec的危害性。由于该模式存在用户名枚举漏洞,攻击者可以离线穷尽预共享密钥,在现实中IKE中间人攻击的威胁是存在的,建议在使用IPsecVPN时不使用激进模式的密钥协商,并加强中间路由器的安全防护。
|
| 关 键 词: | 密码体制 IKEv1协议 中间人攻击 信息安全 |
Analysis to Man-in-the-Middle Attack for IKEv1 on the Aggressive Mode |
| |
| ZHOU Meng , BAI Jian-rong. Analysis to Man-in-the-Middle Attack for IKEv1 on the Aggressive Mode[J]. Journal of University of Electronic Science and Technology of China(Social Sciences Edition), 2010, 0(1) |
| |
| Authors: | ZHOU Meng BAI Jian-rong |
| |
| Affiliation: | Laboratory in Mathematics;Information and Behaviour of the Ministry of Education;Beijing University of Aeronautics and Astronautics Haidian Beijing 100083 |
| |
| Abstract: | In the paper a method of man-in-the middle attack to IKEv1 is discussed and analyzed is based on the aggressive mode of IKEv1 key exchange with pre-share-key authentication.The conditions and implementing methods of the attack are obtained by analyzing the principle of the attack to IKEv1 on the mode.For implementing man-in-the middle attack,the pre-share-key is first achieved by exhaustion method with offline password of IKEv1.The theory of Diffie-Hellman (DH) man-in-the middle attack to applied to the agg... |
| |
| Keywords: | cryptography IKEv1 protocol man-in-the-middle attack security of data |
| 本文献已被 CNKI 等数据库收录! |
