【作者】 刘淼；

【导师】 孙传林；

【作者基本信息】 华中科技大学 ， 信息安全， 2009， 硕士

【摘要】 手持智能终端越来越多地被应用于移动办公、移动金融、移动证券等领域,但是这些服务都要求较高的安全性和可靠性。因此,无线传输数据的安全通信保障越来越重要,为手持智能终端建立一个虚拟移动专用网系统是一个可行的解决方案。通过对传统虚拟专用网技术的深入研究,提出了一个能够在手持智能终端上实现虚拟专用网的模型。该模型主要包括三大模块:虚拟移动专网客户端、安全策略服务器以及虚拟专网网关。利用驱动程序构造出一个虚拟网卡,针对DHCP报文和ARP报文伪造应答报文进行回复,针对数据报文进行捕获。为了实现对虚拟网卡的收发报文缓存进行正确控制,设计了排他锁来实现资源管理。为了降低对手持智能终端的系统资源消耗,增强系统的兼容性,提出了一种基于虚拟网卡的IPSec处理模型。该模型利用虚拟网卡从系统底层截获数据包并传送到操作系统应用模式中再对数据包进行分析和安全处理,使得以前必须在操作系统核心模式进行的复杂操作转移到了应用模式。虚拟专用网的隧道仅仅保证了数据传输过程中的安全,为了杜绝不安全因素通过虚拟专用网传播,从数据源头上进行安全控制,提出了一种使用钩子技术对应用程序入口进行拦截的方法来对使用虚拟专用网的手持智能终端设备的运行环境进行实时监控。最后通过实际的应用测试,验证了整体方案的可行性,实现了一个运行于Windows Mobile操作系统之上的手持智能终端虚拟移动专网系统。更多还原

【Abstract】 Hand-hold intelligent terminals are more and more used for mobile office, mobile financial, mobile stock services and so on. However, these services demand highly security and reliability. Thus it is more and more important to protect the data transfer process by wireless. A virtual private network system can ensure the data security during mobile communications.After the deep research about Virtual Private Network technology, a model that how to realize the technology on hand-hold intelligent terminals is established. The model contains three parts: the virtual mobile network client, the security policy server and the gateway of virtual mobile private network.A virtual network adapter is created with hardware diver. It can send fake answer packets to respond DHCP and ARP packets. If the packets are data packets, it will capture them all. In order to control the cache of sending and receiving packets, the share-lock is designed to manage the resources.In order to low down the occupation rate of the system’s resources and to enhance the system’s compatibility, the IPSec processing model, which is based on the virtual network adapter, is discussed. The virtual network adapter is used to capture data packets from the bottom of system kernel and send these packets to the unit in the user mode, which is used to analyze packets and process them with security policy. The detail implement of IPSec based on this is researched.Virtual Private Network only guarantees the safety of the data transfer process. In order to prevent the threat from the Internet spreading by way of the virtual private network, as well as to deal with security control from the source of the data, the technology that to use HOOK to intercept the API can be used to monitor the system environment of the hand-hold intelligent terminal by real-time, when virtual private network is in use. Finally, practical tests have been done to verify the feasibility of the solution. The realization based on Windows Mobile operating system is successful.更多还原