【作者】 张英霞；

【导师】 武金木；

【作者基本信息】 河北工业大学 ， 计算机应用技术， 2005， 硕士

【摘要】 随着计算机网络、各种电子化服务行业的飞速发展,人们对网络通信、数据安全的要求越来越高。如何保证信息和网络自身安全性的问题,尤其是在开放互联环境中进行商务等机密信息的交换中,如何保证信息在存取和传输中不被窃取、篡改,已成为企业和大众非常关注的问题。曾经一只376字节大小的Slammer蠕虫仅在一天之内便横扫韩国骨干网上的路由器和交换机,使韩国互联网陷入瘫痪。有人计算过,如果Slammer能在15分钟内传播全球,全球骨干路由器将陷入瘫痪,无药可救。事实证明,人们忽略了对路由器等网络设备的安全保护,使之成为安全防护体系中的薄弱环节,从而成为各种安全事件的攻击目标。路由器作为数据转发的中继站,牵一发而制全身,其安全性直接影响到与之相连的网络。如何能够更快、更安全的在网络上传递信息,是路由器方面的一个热门课题。为了使路由器将合法信息完整、及时、安全地转发到目的地,许多路由器厂商开始考虑增强路由器的安全机制来确保网络的安全。于是出现了各种安全路由器或实现安全路由功能的趋势。本篇论文研究的重点就是利用一种加密解密速度更高,保密性更强的新的加密算法---排列码加密解密算法,构建更具安全性的加密路由机制。课题的基本设想是在模拟路由器上安装具有加密功能的通用网络驱动,通过驱动对拦截到的IP数据包进行加密解密,从而实现多网段之间安全路由的目标。找寻到一种能够将排列码加密解密算法和路由机制结合在一起的有效、合理的方式是课题的核心问题,在通过多次试验之后,最终找到一种遵循Windows的网络统一接口规范NDIS的底层驱动GNetDrivet(适用于网络的物理层和应用层之间),它具有拦截、分筛IP数据包的功能。最重要的是,GNetDriver支持和排列码加密解密算法的结合,最终将具有加密功能的驱动程序安装在模拟路由器上,来实现对在多网段之间传递的IP数据包的加密解密功能。本课题为目前安全路由的“效率不高”问题提出一种解决参照。同时该方案的研发定位于网络核心产品,预测其将具有较高的实用价值和应用前景。更多还原

【Abstract】 With the development of the computer network and all kinds of electronic service trade, people will need higher security of the data via net. How to guarantee the info and the security of network itself, especially the commerce info that is exchanged in a open and mutual join condition, how to assure the info not to be filched or juggled when depositing and transferring, is already a focus issue to enterprise and the people.Only one day, a Slammer worm, which its size is just 376 bytes, swept all the Routers and switches in Korea and paralyzed Korea’s network. Someone ever accounted that if the Slammer could spread more quickly, you would find it all over the world and global backbone Routers would follow the Korea’s backbone Routers and nothing could do it. The cases are not alarmism, in fact, if people lose sight of protecting the network devices, such as Router, so that it could become the most weakness node and it could be the attacked aim. The Router, as a relay station, plays an important role in the network, its security decide the whole network’s security, therefore, it usually be attacked viciously. How to transfer info more quickly and securely via network is hot subject on Router. In order to make Router to transmit the data integrality, in good time and safely, many Router manufacturers begin to boost up Router’s secure mechanism, and then all kinds of secure Router or carrying out secure Router function become appear.The stress of this paper is to make use of a kind of new encryption algorithm with higher speed and better keeping secret — Permutation Code to build a more secure encrypt Router mechanism. In this paper, I setup a net-driver with encrypt function in two servers (simulated Router), which play a Router’s role in the LAN, the net-driver could hold up IP data and encrypt or decrypt the data, thus implement multi-net security Router. During study the dissertation, it is not easy for me to find a way tocombine the Permutation Code to the Router effective and reasonable. After many tests, I found a network driver named GNetDriver, which accord with Windows NDIS, and be the same with between the physics layer and the application layer. The most important is, GNetDriver can hold out the Permutation Code, in the end, the encapsulated driver will be installed in simulated Router. The simulated Router can implement transfer in multi-net and encrypt/decrypt IP data.This paper brings forward a solution to the problem of inefficient Safe modular. At the same time, this project purpose is the network core product and it would have better practicably value and applied future.更多还原