Computer Engineering and Applications ›› 2009, Vol. 45 ›› Issue (2): 106-108.DOI: 10.3778/j.issn.1002-8331.2009.02.030

• 网络、通信、安全 • Previous Articles     Next Articles

Design of supporting ECC digital certificate in IKEv2 authentication

LU Jie-ru,SU Bing   

  1. School of Information Science & Engineering, Jiangsu Polytechnic University,Changzhou,Jiangsu 213164,China
  • Received:2007-12-17 Revised:2008-03-10 Online:2009-01-11 Published:2009-01-11
  • Contact: LU Jie-ru

支持ECC数字证书的IKEv2认证设计

陆洁茹,苏 兵   

  1. 江苏工业学院 信息科学与工程学院,江苏 常州 213164
  • 通讯作者: 陆洁茹

Abstract: The digital certificate has a very important influence on the security and efficiency of IKEv2 initial exchanges.An authentication technique based on the ECC certificate is proposed,the mutual authentication of IKEv2 initial exchanges based on ECC certificate under IPSec VPN system is implied.With the same test system and the same security,the efficiency of IKEv2 initial exchanges using ECC certificate is higher than using RSA certificate.The authentication based on ECC,X.509 certificate can effectually imporve the efficiency and security of IKEv2 initial exchanges.

Key words: Internet Key Exchange version 2(IKEv2), ECC, X.509 digital certificate, digital signature

摘要: 数字证书对因特网密钥交换协议版本2IKEv2(Internet Key Exchange version 2)的初始化交互协商的安全及效率有很大的影响。提出了一种基于ECC数字证书的身份认证机制,并在IPSec VPN系统的IKEv2初始化过程中应用ECC数字证书实现了通信双方的身份认证。在同等测试条件下,相同安全等级的ECC证书与RSA证书对IKEv2协商效率的对比结果表明,采用基于ECC的X.509证书进行身份认证,能够有效地提高IKEv2初始化过程的效率和安全强度。

关键词: 因特网密钥交换协议版本2, 椭圆曲线密码, X.509数字证书, 数字签名