检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《计算机工程与应用》2008年第5期158-161,共4页Computer Engineering and Applications
基 金:江西省自然科学基金(the Natural Science Foundation of Jiangxi Province of China under Grant No.0411041;No.0611057)
摘 要:论文先简单介绍了互联网密钥交换协议IKEv2,然后利用著名的模型检测工具SPIN对其进行了建模和分析。在建模的过程中,作者发现现有的建模方法很难对结构复杂的协议IKEv2进行建模,而且用现有的建模方法建立的模型可读性差、自动化程度不高,验证效率也比较低,因此现有的建模方法只适用于对简单协议进行建模。针对这些不足之处,提出了一种程序可读性、自动化程度及验证效率均较好的建模方法,而且这种建模方法特别适合对复杂的安全协议进行建模。最后利用SPIN对IKEv2协议的模型进行了验证,发现IKEv2协议不能抵御主动攻击,并给出了两个攻击序列图。针对IKEv2协议不能保护发起者身份的缺陷,提出了自己的一种改进意见。This paper first gives a simple introduction of the Internet Key Exchange Protocol IKEv2,then conducts a modeling and analysis of the protocol by using the famous model checking tool SPIN.The author finds the existing modeling method hardly applicable because of the highly complex structure of IKEv2 protocol,and that it can only be used for some simple protocols due to its poor readability,low automatization and verification efficiency.Thus the paper proposes another method of modeling which overcomes all the above mentioned disadvantages and which is particularly useful for complicated protocols.At last,the verification of the IKEv2 protocol model based on SPIN shows that this protocol is incapable of resisting initiative attack.Based on this discovery,two charts are given describing the attack and a personal view is presented to improve IKEv2 protocol's ability to protect the identity of initiator.
关 键 词:IKEV2 模型检测 SPIN PROMELA IP隧道
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.12
