节点文献

虚拟专用网若干关键技术的研究及实践

A Research and Practice of the Key Technologys of VPN

【作者】 王勇

【导师】 陈晓苏;

【作者基本信息】 华中科技大学 , 计算机系统结构, 2006, 硕士

【摘要】 随着网络通讯活动的日益频繁,Internet上传输的数据也面临着与日俱增的攻击手段的考验,在这种情况之下,许多保障网络数据传输安全的技术也应运而生,虚拟专用网VPN(Virtual Private Network)就是其中一种较为有效的方法。基于VPN的成本、安全性及可扩展性的考虑,利用中间层驱动技术,通过在两个安全网关之间构建安全传输隧道,设计并实现了一个基于IPsec(Internet Protocol Security)的简易VPN系统IMD-VPN(Intermediate Driver VPN)。给出了IMD-VPN的体系结构,描述了系统的工作流程。给出了IMD-VPN中封装/解封装模块、加密/解密模块及验证模块的详细设计,并阐述了模块中验证、加密等功能实现的相关算法以及实现中需考虑的主要问题。IMD-VPN系统结构清晰、简单,其VPN软件采用NDIS中间层驱动技术编写,便于对数据包结构进行修改,提高了系统的扩展性。同时,由于中间层驱动程序工作在底层,可以直接截获处理数据包,所有发送和接收的数据包必须经过VPN软件的处理,不能被跳过或忽略,进一步增强了系统的安全性。实验结果表明,IMD-VPN在客户端成功的截获并重新封装要发送的数据包,在截获到数据包后,可按需要对数据包结构做必要的修改,为网络安全协议的加载提供了必要条件。同时服务端将解封装后的原始数据包转发到目的主机,实现了VPN的封装/解封装这一核心功能。

【Abstract】 As the communication activity through Internet becomes more frequent, more and more attacks are threating the security of the data transported. To solve the problem, many techniques to protect the data are invented. VPN(Virtual Private Network) is one of the available choice.In order to build a less expensive, more secure and more extendable VPN, the IMD technology is used. A simple VPN system named IMD-VPN(Intermediate Driver VPN) based on IPSec(Internet Protocol Security) is designed and implemented to build a secure tunnel between two secure gateways. The architecture of the system is designed and the flow of the system is described. A particular design of encapsulate/decapsulate module, encode/decode module and validate module is provided to describe the flow and functions of the system. Also, the main problems should be considered when implement the system are discussed.IMD-VPN system has a simple structure which is easy to understand. The VPN software is coded with IMD technology, which allow the structure of the data to be changed. At the same time, because the IMD works at a low level of the operation system, it can capture and deal with the packet directly. No packet can jump over or ignore the software. As a result, an additional secure assurance is gained.The result shows that, IMD-VPN can successfully capture and reencapsulate the packets to be sent at the client. Before packets are sent, they can be changed. The server can decapsulate the received packets and send it to the target computer. After these operations, the key function of VPN is implemented.

  • 【分类号】TP393.1
  • 【被引频次】5
  • 【下载频次】169
节点文献中: