本文選題：IPsec　切入點：VPN　出處：《西安電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：近年來,互聯(lián)網(wǎng)越來越深入地應(yīng)用到人們的生活中,給人們的生活帶來了極大的便利,然而伴隨其產(chǎn)生的網(wǎng)絡(luò)安全問題也越來越嚴重。作為網(wǎng)絡(luò)安全的最重要的保障手段之一,IPsec VPN技術(shù)廣泛地被應(yīng)用于網(wǎng)絡(luò)安全的各個重要節(jié)點中。當今廣為使用的IPsec VPN技術(shù),無論是安全協(xié)議,還是密碼算法全部都是來自國外組織或機構(gòu)制定的標準。為適應(yīng)我國自身的安全需求,我國國家密碼管理局批準了一系列國密標準的密碼算法。在此基礎(chǔ)上制訂了基于國密標準密碼算法的VPN技術(shù)規(guī)范。本文基于《IPsec VPN技術(shù)規(guī)范(2010版)》,在開源IPsec VPN服務(wù)器Openswan的基礎(chǔ)上,對基于國密標準的IPsec VPN技術(shù)進行了研究和實現(xiàn)。主要的研究成果為:1.系統(tǒng)地研究了開源IPsec VPN服務(wù)器Openswan的系統(tǒng)整體架構(gòu)、密碼算法系統(tǒng)和IKE協(xié)商流程。2.改進了開源IPsec VPN服務(wù)器Openswan,增加了對國密標準密碼算法的支持,按照國密標準的IPsec VPN技術(shù)規(guī)范的IKE協(xié)商流程的要求,修改了Openswan的IKEv1協(xié)商流程。3.對Linux 2.6內(nèi)核的IPsec實現(xiàn)NETKEY模塊進行了研究,擴大了Linux 2.6內(nèi)核的IPsec實現(xiàn)所支持的密碼算法集,使之能夠支持國密標準的密碼算法。4.深入研究了Linux內(nèi)核的加密框架和向其中添加自定義密碼算法的方法。將國密標準的密碼算法注冊進Linux內(nèi)核的加密框架中,使得內(nèi)核其他模塊能夠在需要的時候調(diào)用國密標準的密碼算法,完成所需的密碼運算。向Linux內(nèi)核加密框架注冊對稱加密算法有cipher、同步塊和異步塊三種方式,本論文分別嘗試了這三種注冊方式對于系統(tǒng)的加密性能的影響。最終使用了異步塊的注冊方式實現(xiàn)了整個系統(tǒng)。5.在以上研究成果的基礎(chǔ)上實現(xiàn)了符合《IPsec VPN技術(shù)規(guī)范(2010版)》的國密標準IPsec VPN服務(wù)器。對服務(wù)器進行了全面的測試,取得了良好的測試結(jié)果。
[Abstract]:In recent years, the Internet has been used more and more deeply in people's life, which brings great convenience to people's life. As one of the most important means of network security, IPsec VPN technology is widely used in every important node of network security. Nowadays, IPsec VPN technology is widely used in network security. Whether it is a security protocol or a cryptographic algorithm, it is a standard formulated by a foreign organization or organization. The State Cryptography Administration of China has approved a series of national cryptographic algorithms. On this basis, the VPN technical specification based on the state-secret standard cipher algorithm has been established. This paper is based on the < IPsec VPN Technical Specification (2010)], and on the basis of the open source IPsec VPN server Openswan. This paper studies and implements the IPsec VPN technology based on the national secret standard. The main research result is: 1. The system architecture of the open source IPsec VPN server Openswan is systematically studied. The cryptographic algorithm system and IKE negotiation flow. 2. The open source IPsec VPN server Openswan. has been improved, and the support for national secret standard cryptographic algorithm has been increased. According to the requirements of IKE negotiation flow of IPsec VPN technical specification, This paper modifies the IKEv1 negotiation flow of Openswan .3.Study the IPsec implementation NETKEY module of the Linux 2.6 kernel, and expand the set of cryptographic algorithms supported by the IPsec implementation of the Linux 2.6 kernel. The encryption framework of the Linux kernel and the method of adding the custom cryptographic algorithm to it are studied in depth. The cryptographic algorithm of the national secret standard is registered into the encryption framework of the Linux kernel. Other modules of the kernel can call the standard cryptographic algorithm when needed, complete the required cryptographic operation. Register the symmetric encryption algorithm with the Linux kernel encryption framework in three ways: cipher, synchronous block and asynchronous block. In this paper, the effect of these three registration methods on the encryption performance of the system is tried. Finally, the asynchronous block registration method is used to realize the whole system. 5. On the basis of the above research results, the IPsec VPN technology specification is implemented. China Security Standard IPsec VPN Server. The server has been fully tested. Good test results have been obtained.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【共引文獻】

相關(guān)碩士學(xué)位論文 前9條

1 簡校榮;基于歷史IP過濾的防御實驗系統(tǒng)研究與實現(xiàn)[D];華南理工大學(xué);2013年

2 林益鋅;基于文件系統(tǒng)過濾驅(qū)動的跨平臺網(wǎng)站防篡改系統(tǒng)的設(shè)計與實現(xiàn)[D];華南理工大學(xué);2013年

3 周浩;基于Cortex-A8的拉力試驗機控制器原理樣機設(shè)計與實現(xiàn)[D];華中科技大學(xué);2013年

4 舒翔;基于虛擬機的安全監(jiān)控系統(tǒng)設(shè)計與實現(xiàn)[D];華中科技大學(xué);2013年

5 張海濤;可演進的Locator/ID分離網(wǎng)絡(luò)體系結(jié)構(gòu)[D];清華大學(xué);2013年

6 李s，

本文編號：1572927