中文摘要：

针对IKEv2协议存在的对通信实体的身份保护不足和系统开销大等问题，提出了一种安全高效的改进的IKEv2协议。新协议采用了基于签密的可认证密钥协商来代替D-H密钥交换，在交换秘密信息的同时实现了对协议的发起者与响应者之间的双向认证；并且协议的响应者先主动证明自己的身份，确保了对发起者进行主动身份保护。基于认证测试方法对该协议进行形式化分析表明：新协议具有很好的秘密性和双向认证性；同时，该协议只需三条消息，具有简单、高效的特点。

英文摘要：

IKEv2 protocol can＇ t achieve mutual authentication between the correspondents, and ＇,it have flaw of system requirement. This paper presented an improved IKEv2 protocol to avoid these flaws. In the new protocol, adopted the authentiCated key agreement algorithm based on signcryption to replace the D-H key exchange algorithm to realize mutual authentication between the endpoints and the responder, it first authenticated to actively protect the initiator＇ s identity. Then＇ formally verified the new protocol＇ s security properties based on authentication tests. The results show that it has a better performance in security. In addition, the new protocol is very simple and efficient.