Analysis and improvement of the Internet-Draft IKEv3 protocol

作者:Cheng, Qingfeng*; Lu, Siqi; Ma, Jianfeng
来源:International Journal of Communication Systems, 2017, 30(9): e3194.


Internet protocol (IP) is the kernel of the TCP/IP protocol family. Because IP is the only one that is shared by all high-level protocols in TCP/IP. So the security of the IP is particularly important to the whole communication network. Fortunately, IPsec provides excellent protection for the kIP security. As a part of the IPsec, Internet Key Exchange (IKE) protocol can achieve security association negotiation, key generation, and identity authentication. The study of IKEv2, both in its application and security analysis, has been relatively mature. When the Internet Engineering Task Force published the Internet-Draft IKEv3 protocol, there is not much attention and research on it. In this paper, we analyze the security and authentication of IKEv3 by formal verification and show that IKEv3 is susceptible to reflection attack and DoS attack. Then we propose a new variant of the IKEv3 protocol, which both resists reflection attack and mitigates the impact of the DoS attack.