纯IPv6网络中IPSec的研究与应用

【作者】 孙为；

【导师】 袁占亭；

【作者基本信息】 兰州理工大学 ， 通信与信息系统， 2003， 硕士

【摘要】 本文从网络安全的现状谈起，探讨了网络安全的主要威胁因素和相应的攻击手段，同时也归纳了针对这些威胁因素和攻击手段而采取的提高网络安全的安全措施和技术手段。详细分析了IPv6的安全协议——IPSec的安全能力、IPSec的安全体系的构成、IPSec的工作方式以及IPSec在IPv4和IPv6中的实现方式。论述了IPSec在IP报文的完整性、机密性、数据来源认证和抗重播等方面的能力，IPSec的基本协议——认证报文头(AH)和安全封装载荷报头(ESP)与IPSec安全体系的其它组成部分如安全策略、加密和认证算法、密钥管理等如何合作，共同完成对IP报文的安全保护。 本文对IPSec在纯IPv6网络中的应用进行了实验研究。在这些实验中，实现了针对不同的通信流应用不同的IPSec策略；通过选择符的使用形成了比较细致的保护策略；创新性的将IPSec策略应用到了移动IPv6网络中。对应用IPSec策略前后的网络性能进行了量化分析。得出了应用IPSec策略会对网络传输性能产生影响以及其程度大小的初步结论。在进行了有关测试之后，根据这些测试数据，总结了实验结果；分析了目前实验的不足；并对技术的进一步研究提出了自己的建议和思考。更多还原

【Abstract】 At the begin of the dissertation, we has discussed the state of security on Internet, analyzed the factors caused frangibility of Internet, and intrudced some means used to provide security services for Internet. After that, this dissertation focuses on deep research on secure network access as follows. The IPv6 security component IPSec is analyzed in detail in the structure, function, work mode and implementation of IPSec in IPv4 and IPv6. The ability of keeping the IP packet’s integrity, secrecy, authentication, data origination, anti-relay is discussed. The relationship of IPSec component Authentication Header (AH), Encapsulating Security Payload (ESP) and IKE (Internet Key Exchange) is also talked about. This discussion of IPSec makes the impression that IPSec make IP layer security enough.Then, I have designed a group of experiments based the fore theory, further proceeding research for IPSec applied in the native IPv6. In these experiments, realized to aim at the different communication stream apply the different the policy of IPSec; Pass the usage of selectors forminged the meticulous protection policy; creatively applied the policy of IPSec to mobile IPv6 network inside. In the dissertation I have compared the network transmission performance that before and after applied IPSec policy to carry through the quantitative analysis. Get a fringe conclusion that applied the IPSec policy would influence network transmission performance and its degree. After implemented experiments, accorded to these test dataes, analyzed deficiency of currently experiments, and put forward our suggestion and consideration for further research of technical in future.更多还原