关键词: 云计算, 密钥交换, IKEv2, 拒绝服务, 发起者身份隐藏

Abstract: By analyzing security requirement of key agreement in cloud computation environment and the defect of security performance for IKEv2, an improved key agreement protocol IKE-C was proposed in order to solve the problem of adaptability of the existing key agreement protocols in cloud computation environment. Puzzle, key material and delaying the transmission of ID were adopted in order to promote the ability of anti-DoS (Denial of Service) attack and overcome the problem that sender identity would be leaked because of man-in-the-middle attack. Performance comparison was conducted in the paper. The simulation result indicates that IKE-C gets shorter convergence time than IKEv2 with the same network scale, and performance superiority is more obvious as clients are increasing.

Key words: cloud computing, key exchange, Internet Key Exchange version 2 (IKEv2), Denial of Service (DoS), initiator ID privacy