VPN网络构架及数据加密与密钥管理体系实现

【作者】 于秦；

【导师】 毛玉明；

【作者基本信息】 电子科技大学 ， 通信与信息系统， 2002， 硕士

【摘要】 本论文分为四大部分。第一部分在简要介绍了VPN发展背景、VPN基础技术、VPN安全性和VPN的类型的技术上，着重对VPN的隧道技术(特别是三层隧道协议IPSec)进行系统研究分析，为构建基于IPSec的VPN模型打下理论基础。第二部分设计实现了基于IPSec的VPN网络方案，并对VPN模型的建立过程及具体实现进行详细介绍。第三部分在系统介绍因特网密钥交换协议IKE的基础上，实现IKE协议在两个希望进行安全化通信的系统之间建立安全联结、协商加密算法以及生成共享会话密钥的方法、同时协商身份认证的过程。第四部分是软件实现部分，在简要介绍密码学相关知识的基础上，设计实现经典的RSA算法，包括用M-T-D方法产生大素数以及RSA公开密钥算法加密解密数据，并在此基础上设计了一个RSA公钥密码系统模型，该模型用javascript演示RSA算法的实现过程。更多还原

【Abstract】 It is a trend of Virtual Private Networks (VPNs) to be used for information exchange between enterprises and military information system. At the same time the networks security is becoming more and more important. There are many ways to deal with the information security and privacy in VPN. But Data encryption technique and Keys management are the key technique to implement VPN.This paper is divided into four main parts. The first part introduces some general principles of VPN technology including PKI technology, VPN tunneling technology and VPN protocols such as L2TP and IPSec.Then we systematically analyzes the application-layer protocol IKE (Internet Keys Exchange) and the process of making use of IKE to negotiate security policy and exchange the session keys for a transaction.The third part introduces cryptography including data encryption technology and some kinds of data encryption algorithms description such as RSA,DSS/DSA and Diffie-Hellman in detail. Encryption is used to ensure the confidentiality, integrity and authenticity of the two end points in the private network. So it is the key technology in implementation of VPN.The fourth part is the software designs of getting prime number (using M-T-D method) and the RSA encryption/decryption algorithm. Additionally, I establish a demonstration model of RSA .更多还原