检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]四川师范大学电子工程学院,成都610068 [2]四川大学信息安全研究所,成都610064
出 处:《四川大学学报(自然科学版)》2006年第1期118-122,共5页Journal of Sichuan University(Natural Science Edition)
基 金:国家973基金(1999035801)
摘 要:提出了一种在IPSec中实现一包一密的方案,在该方案中,当IPSec通信实体需要加密IP包时,其通过临时产生的随机数与预先分发的分割密钥进行运算导出工作密钥,从而实现对每个IP包采用不同的密钥加密.最后对该方案的正确性和安全性进行了分析,并指出了该方案的应用场合.The confidentiality security service provided by IPSec for communication is dependent on the cipher algorithm and key used by the two parties of communication. Although the IPSec protocol specifies that the two parties of communication can ascertain the key in automatic or manual manner, no matter what manner is adopted, the result eventually is that both sides will use the invariable key to encrypt or decrypt a mass of packets in a period of time, which can't be suitable for the occasions which have especial demands for security. The paper proposed a scheme which can implement one-packet key in IPsec. In the scheme, when a IPsec entity needs to encrypt an IP packet, it derives the working key from a random number generated temporarily and the intersected key distributed in advance, which achieves the purpose that the two parties of communication use different key to encrypt or decrypt every IP packet. The paper also analyzed the correctness and security of the scheme and pointed out the appropriate application occasion for which the scheme is suitable.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.185