本文關(guān)鍵詞： 隧道 隧道代理 隧道建立協(xié)議 安全性　出處：《哈爾濱工業(yè)大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著互聯(lián)網(wǎng)的快速發(fā)展，IPv4協(xié)議的不足日益暴露，32位構(gòu)成的IP地址不足以滿足網(wǎng)絡(luò)節(jié)點(diǎn)增長所需，安全性和移動(dòng)性方面又存在先天性缺陷，所以，設(shè)計(jì)出地址長度128位，使用加密協(xié)議保證安全性，移動(dòng)性方面表現(xiàn)良好，與現(xiàn)存的其它各層協(xié)議相兼容的IPv6協(xié)議是互聯(lián)網(wǎng)發(fā)展所必然的。但I(xiàn)Pv4協(xié)議已經(jīng)廣泛應(yīng)用，IPv6協(xié)議不能與IPv4協(xié)議兼容，將存在較長一段時(shí)間的過渡時(shí)期，在過渡時(shí)期，研究的重點(diǎn)是如何實(shí)現(xiàn)IPv4網(wǎng)絡(luò)和新建IPv6網(wǎng)絡(luò)之間的互通技術(shù)。在雙棧技術(shù)，隧道技術(shù)，網(wǎng)絡(luò)地址翻譯技術(shù)三大類技術(shù)中，隧道技術(shù)在透明，廉價(jià)和靈活性方面等優(yōu)勢顯著，不過其配置復(fù)雜工作量較大的缺點(diǎn)限制了它的大規(guī)模發(fā)展，為此，開始研究隧道代理技術(shù)來實(shí)現(xiàn)隧道的自動(dòng)化配置。 本文先深入研究了過渡時(shí)期隧道技術(shù)等互通技術(shù)的研究目的和意義和到現(xiàn)階段的研究情況，重點(diǎn)研究了隧道技術(shù)的研究現(xiàn)狀和相關(guān)的安全性問題。接著對三類技術(shù)的實(shí)現(xiàn)原理和工作方式進(jìn)行了綜述，主要進(jìn)行三種技術(shù)的異同比較和優(yōu)勢分析，接著詳細(xì)介紹了隧道技術(shù)和隧道代理技術(shù)，印證式說明本文要研究的隧道代理的原因。隧道代理系統(tǒng)的使用引出了一些安全問題，而且現(xiàn)在的安全監(jiān)測系統(tǒng)并不監(jiān)測隧道流量也不對其過濾，可以引發(fā)多種形式的外部攻擊，加之隧道代理模型本身導(dǎo)致的缺陷，，非法分子可以利用這些安全缺陷向隧道代理模型節(jié)點(diǎn)發(fā)起攻擊，所以，本文重點(diǎn)分析了隧道代理的安全性缺陷并給出安全性增強(qiáng)技術(shù)方案。接著設(shè)計(jì)并實(shí)現(xiàn)了基于TSP協(xié)議的隧道代理模型系統(tǒng)，詳細(xì)描述了TSP協(xié)議和隧道代理服務(wù)器端的實(shí)現(xiàn)細(xì)節(jié)，隧道代理模型系統(tǒng)的整體構(gòu)建，并進(jìn)行功能性測試，深入分析隧道代理使用過程中的信息交互過程，加入內(nèi)容過濾模塊并進(jìn)一步實(shí)驗(yàn)，對實(shí)驗(yàn)結(jié)果進(jìn)行分析并對本文實(shí)現(xiàn)的隧道代理系統(tǒng)在性能上和功能上的進(jìn)一步擴(kuò)展進(jìn)行了展望。
[Abstract]:With the rapid development of the Internet, the shortage of IPv4 protocol is increasingly exposed that the 32-bit IP address is not enough to meet the needs of network node growth, and there are congenital defects in security and mobility. Therefore, the address length of 128 bits is designed. The use of encryption protocol to ensure security, mobility performance is good, compatible with other existing protocols of the IPv6 protocol is inevitable in the development of the Internet, but the IPv4 protocol has been widely used in the IPv6 protocol can not be compatible with the IPv4 protocol, There will be a long period of transition. During the transition period, the emphasis of the research is how to realize the interworking technology between IPv4 network and new IPv6 network. In the three kinds of technologies, double stack technology, tunnel technology and network address translation technology, the two stacks technology, the tunnel technology, and the network address translation technology are three kinds of technologies. Tunnel technology has many advantages such as transparency, low cost and flexibility. However, its complex configuration and large workload limit its large-scale development. Therefore, tunnel agent technology has been studied to realize the automatic configuration of tunnel. In this paper, the purpose and significance of the interworking technology of tunnel technology in transition period and the current research situation are studied in depth. This paper focuses on the research status of tunnel technology and related security problems. Then, the realization principle and working mode of three kinds of technologies are summarized, and the similarities, differences and advantages of the three technologies are analyzed. Then the tunnel technology and the tunnel agent technology are introduced in detail, which explains the reasons of the tunnel agent to be studied in this paper. The use of the tunnel agent system leads to some safety problems. Moreover, the current security monitoring system does not monitor the tunnel flow nor filter it, which can lead to various forms of external attacks, plus the defects caused by the tunnel agent model itself. Illegal elements can exploit these security flaws to attack tunnel agent model nodes, so, In this paper, the security defects of tunnel agent are analyzed and the security enhancement scheme is given. Then, the tunnel agent model system based on TSP protocol is designed and implemented, and the implementation details of TSP protocol and tunnel proxy server are described in detail. The whole system of tunnel agent model is constructed, and the function test is carried out. The process of information exchange in the process of using tunnel agent is deeply analyzed, and the content filtering module is added and further experiments are carried out. The experimental results are analyzed and the further expansion of the performance and function of the tunnel agent system implemented in this paper is prospected.
【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 龔文芳;錢華林;;IPv6隧道代理機(jī)制中的DDoS攻擊安全性分析[J];微計(jì)算機(jī)信息;2005年26期

本文編號：1531491