本文關(guān)鍵詞： 虛擬網(wǎng)卡 隧道協(xié)議 虛擬專用網(wǎng) SSL協(xié)議 網(wǎng)絡(luò)安全　出處：《哈爾濱工業(yè)大學(xué)》2016年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著經(jīng)濟(jì)的不斷發(fā)展,企業(yè)業(yè)務(wù)及規(guī)模的逐步擴(kuò)展,多數(shù)公司轉(zhuǎn)型為分布式的組織結(jié)構(gòu),呈現(xiàn)出總部與多個(gè)分支機(jī)構(gòu)協(xié)同辦公模式。分支機(jī)構(gòu)內(nèi)部通常采用內(nèi)部網(wǎng)絡(luò)的形式進(jìn)行組網(wǎng),不同分支之間需要以安全的方式傳遞企業(yè)內(nèi)部信息,而總部也需要將分布于各地的網(wǎng)絡(luò)互聯(lián)以方便統(tǒng)一管理。傳統(tǒng)的解決方案是通過租用專用網(wǎng)絡(luò)實(shí)現(xiàn),但這種方式已經(jīng)不能滿足當(dāng)前對(duì)于帶寬及安全性的需求,而且需要支付高昂的費(fèi)用。Internet的出現(xiàn)極大地方便了人們的信息交流過程。自80年代發(fā)展至今,越來越多的設(shè)備接入Internet,很多企業(yè)使用這一公共信道進(jìn)行跨域資源訪問。由于Internet最初設(shè)計(jì)是基于信任模型建立的,因此需要使用一定的機(jī)制為企業(yè)內(nèi)部信息傳輸提供安全性保障,基于此誕生了包括防火墻及入侵檢測(cè)系統(tǒng)等一系列的網(wǎng)絡(luò)安全技術(shù)。虛擬專用網(wǎng)(VPN)通過在公共鏈路上虛擬出一條加密的通信隧道較好地滿足了企業(yè)對(duì)于內(nèi)部數(shù)據(jù)安全傳輸?shù)男枨�。目前市�?chǎng)上VPN的種類繁多,實(shí)現(xiàn)方式更是層出不窮,較為主流的是使用隧道協(xié)議實(shí)現(xiàn),包括工作在TCP/IP協(xié)議棧的第二層(數(shù)據(jù)鏈路層)的隧道協(xié)議PPTP,L2F,L2TP;網(wǎng)絡(luò)層中基于IPSec的隧道協(xié)議;傳輸層中基于SSL的隧道協(xié)議。比較而言,二層協(xié)議的安全機(jī)制已經(jīng)難以滿足目前的需求;IPSec協(xié)議族是目前公認(rèn)安全性最好的體系,但存在配置復(fù)雜性及難以通過NAT設(shè)備的缺點(diǎn);基于SSL的隧道協(xié)議提供了一種在安全與易用兩者之間較好的折衷方案。本課題綜合了IPSec以及SSL兩種方案的優(yōu)點(diǎn),設(shè)計(jì)并實(shí)現(xiàn)了一種基于虛擬網(wǎng)卡的私有隧道協(xié)議。并通過USB-Key作為硬件支持,依托于開源加密庫Open SSL,以簡(jiǎn)單高效的方式保障了安全通信。通過系統(tǒng)的功能測(cè)試和性能測(cè)試,證明了本文設(shè)計(jì)實(shí)現(xiàn)的私有隧道協(xié)議具備較好的網(wǎng)絡(luò)通信能力,能夠滿足用戶在傳輸效率和數(shù)據(jù)安全性保障兩方面的需求,具有較高的研究與實(shí)用價(jià)值。
[Abstract]:With the continuous development of the economy, and gradually expand the business scale and the majority of Companies in transition to distributed organizational structure, showing a pattern of collaborative office headquarters and multiple branches. The branches are usually used in the form of internal network within the network, the need to transfer between different branches of internal information in a secure manner, and headquarters needs to be distributed throughout the network to facilitate unified management. The traditional solution is by renting a dedicated network, but this way has been unable to meet the current demand for bandwidth and security, but also need to pay the high cost of the emergence of the.Internet greatly facilitates the exchange of information for people. Since 80s so far, access to Internet devices more and more, many enterprises use the public channel cross domain resource access. Because the original Internet design is based In the trust model, so it is necessary to use some mechanism to provide security for the enterprise internal information transmission, based on the birth of the network security technology includes a series of firewall and intrusion detection system. The virtual private network (VPN) through public communication link in a virtual tunnel encryption can better meet the enterprise the internal demand for secure data transmission. There are many kinds of VPN on the market, implementation is more mainstream is emerge in an endless stream, using the tunnel protocol, including work in the second layer of the TCP/IP protocol stack (data link layer) tunnel protocol PPTP, L2F, L2TP; network layer tunnel protocol based on IPSec transmission; layer tunnel protocol based on SSL. In comparison, the security mechanism of the two layer protocol has been difficult to meet the needs of the present; IPSec protocol is currently recognized as the best security system, but there are The configuration complexity and cannot pass the NAT equipment fault; tunnel protocol based on SSL provides a safe and easy to use a good compromise between the two. This paper combines the advantages of IPSec and SSL two programs, the design and implementation of a private tunnel protocol based on virtual NIC. And through USB-Key as hardware support based on the open source Open encryption library, SSL, in a simple and efficient way to protect the security of communication. Through the system function test and performance test, proved that the private tunnel protocol this paper introduces the design and implementation of network communication ability is good, can satisfy the users in the transmission efficiency and data security of the two aspects of demand, has high research with the practical value.

【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP393.08
，

本文編號(hào)：1522061