基于CPK的IPSec协议的改进研究

介绍了采用基于组合公钥（CPK）技术的认证原理,提出一种简化或取消第三方CA机构或证明,减少庞大的支持机构和维护量,从而达到简化IPSec协议的实现过程和提高认证效率。     

VxWorks操作系统下IKE协议的IPv6实现

在深入剖析IKE协议和嵌入式操作系统VxWorks的基础上,提出了一种基于VxWorks操作系统、支持IPv4/v6双栈的IKE协议实现方案,文中阐述了设计思路以及IKE各模块的功能及实现方法,并介绍了运行及测试结果。     

IPSec中密钥交换协议IKE的安全性研究及改进

IKE协议的高效实现是IPSec的关键，在分析了IKE协议的基础上针对主模式交换下预共享密钥验证算法的不足，提出了抵御两种攻击的改进方案。     

IPSec系统中安全联盟及密钥生成过程分析

分析了IPSec系统中IKE协议的功能,构成及工作过程,给出了IKE在生成安全联盟过程中用到的消息格式和各个时期产生的密钥源料和密钥,讨论了在不同认证方式下的信息交换过程及安全强度。     

Two Modifications on IKE Protocol with Pre-shared Key Authentication

This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.