【作者】 安黎；

【导师】 吴志美；

【作者基本信息】 中国科学院研究生院（软件研究所） ， 计算机应用技术， 2003， 硕士

【摘要】 随着越来越多的个人和机构联入互连网，网络安全问题成了世界各地研究的焦点。为了解决这个问题，实现网络信息传输的保密性、完整性、身份认证等安全特征，我们着手对IPSec安全协议体系和虚拟专用网VPN技术进行研究。 本文从网络安全的现状出发，详细介绍了安全协议IPSec技术和虚拟专用网VPN技术的原理，重点论述了对基于IPSec的安全路由器R101的设计与实现，并对R101的功能和性能进行测试。 全文共分五章。第一章简要介绍了网络安全的含义和关键技术。第二章详细介绍了IPSec和VPN网络安全技术的原理，包括VPN的含义和IPSec协议族。第三章是本论文的重点，提出了安全路由器的总体设计思想和体系结构，主要包括IPsec在Linux操作系统下的实现和对硬件加密的设计实现，以及对国家安全标准规定的各项安全功能的支持。第四章对R101的功能和性能进行测试，并获得测试结论。第五章是全文的总结，提出对R101改进的意见和未来的发展方向。更多还原

【Abstract】 With more and more people and organizations connected to the Internet, network security has become a major concern and the focus of extensive research throughout the world. To solve this problem, and to provide confidentiality, integrity and authentication for information transmission on the network, we engaged on the research of IPSec protocol and Virtual Private Network (VPN).This paper starts with the background information on the status of network security, followed by a brief introduction of the theories of IPSec and VPN. The design and implementation of security router R101 with IPSec are described in detail. The tests of the functionality and capability of R101 and their results are also discussed.This thesis consists of five chapters. The first chapter introduces the background information of network security and key technologies. The second chapter surveys the theories of IPSec and VPN, which includes the meaning of VPN and several protocols of IPSec. The third chapter, which is the main body of the thesis, describes the overall design strategy, and the router architecture. The Linux-based implementation of IPsec, the design of Hardware-based Encryption, and the support of security functions specified by national standards on IT security are discussed with emphasis. In chapter 4, we present the tests of the function and capability of R101 and their results. The last chapter draws the conclusion of our study, points out the recommendations on improving R101, and indicates the future research directions of the system.更多还原