针对密钥交换协议IKE报文传输往返次数太多、对拒绝服务攻击防范脆弱以及协议规范和功能机制太复杂等缺陷,目前出现了两个替代协议——IKEv2以及JFK(快速密钥交换协议)。由于相对于IKE和IKEv2,JFK更加简单和高效,主要对JFK协议进行研究和分析。介绍了JFK的协议内容,分析了JFK协议在PFS、身份保护、防DoS攻击、防重放攻击以及防中间人攻击等方面的安全性,并从协议复杂程度和效率两方面对JFK协议的性能进行了探讨,最后还指出了JFK协议存在的问题。%Internet Key Exchange (IKE) protocol exists a series of defects, such as too many times of inter- active messages during the key exchange period, vulnerability against DoS attacks and complicated protocol specification and functional mechanisms. Two alternatives, IKEv2 and Just Fast Keying(JFK) protocol, are put forward. Compared with IKE and IKEv2, JFK is simpler and more efficient. This paper focuses on the research and analysis of JFK protocol. It states the content of JFK, analyzes the security aspects of JFK on PFS, identity protection, anti -DoS attacks, anti -replay attacks and anti -middle attacks, and discusses the performance issues based on the complexity and efficiency of JFK. Finally, issues of JFK protocol still need to be studied are proposed.
展开▼
