材料研究信息安全传送中IPSec协议的实现

【作者】 周旺；

【导师】 陈艾；

【作者基本信息】 电子科技大学 ， 材料物理与化学， 2002， 硕士

【摘要】 网络信息安全问题不仅越来越受到生活在网络信息社会中的个人与公司的重视，而且已涉及到社会生活的方方面面。为了建立安全可靠的信息网络，进行安全技术的研究与设计应用是必要与迫切的。 人们希望在Internet上安全，低成本地存取自己所需信息，这使虚拟专用网(VPN)的需求日益增长。VPN技术可使机密信息在开放、不安全的Internet上安全传输。常见的VPN协议有L2TP，IPSec，SOCKS 5． IPSec实际上是一组协议套件，包括认证头部(AH)—为IP通信提供认证服务；封装有效载荷(ESP)—对IP数据进行加密；Internet密钥交换(IKE)—用于建立安全联结。AH确保包在传输中没有被修改。ESP利用对称加密算法(如DES，三重DES)加密有效载荷。AH与ESP一起为IP包提供机密性，完整性和身份源认证服务。 本论文主要研究了IPSec VPN技术，并在Windows下开发了VPN client，该软件可使进入与外出通信得到透明的IPSec保护。Client实现为Windows下的一个中间层驱动程序。这种实现方式也就是通常所说的“堆栈中块的实现”。对操作系统上层而言，它表现为一个网络驱动程序，整个Windows IP协议栈与所有的上层应用程序不需要知道底层的细节。本软件基于IPSec标准，通过加密，压缩和认证来保护传输数据的完整性和机密性。更多还原

【Abstract】 Information security problem in the network has been not only paid attention by individuals and companies of network information society increasingly, but also involved in all aspects. For building reliable and secure information networks, it is of great necessity and urgency to make research on security technology.The availability and inexpensive access of the Internet, has resulted in an increasing demand for Virtual Private Network (VPN) solutions. VPNs provide the means to conduct secure communication of private information on the open and rather insecure Internet. Currently, there are a handful of VPN protocols rising to the surface in the industry - namely L2TP, IPsec, and SOCKS 5.IPSec is actually a suite of protocols.The suite includes the Authentication Header (AH), which addresses authentication for IP traffic, the Encapsulating Security Payload (ESP), which defines encryption for IP data,the Internet Key Exchange(IKJE),which facilitates the transfer of IPSec security associations (SAs). The Authentication Header ensures that the packet has not been altered or tampered with during transmission. ESP is the protocol that handles encryption of IP data at the packet level. It uses symmetric and cryptographic algorithms like Data Encryption Standard (DES), and triples DES to encrypt the payload.Together, the IPSec ESP and AH protocols provide privacy, integrity, and authentication of IP packets.The technology of IPSec VPN is focused in the thesis. We developed VPN Client software to enable completely transparent IPSec protection for traffic to and from a PC while it is running a familiar Microsoft Windows environment. The client implemented as an NDIS intermediate device driver that runs under Windows. This implementation is commonly referred to as a "bump-in-the-stack" approach. It appears as a network driver to the upper operating system, which allows the entire Windows IP stack and all applications to function without any knowledge of the IPSec software. Using standards-based IPSec technology, VPN Client extends the integrity and confidentiality of data traveling outside of enterprise networks by providing encryption, compression, and authentication.更多还原