本文選題：IPsec　切入點(diǎn)：VPN　出處：《西安電子科技大學(xué)》2014年碩士論文　論文類(lèi)型：學(xué)位論文

【摘要】：近年來(lái),互聯(lián)網(wǎng)越來(lái)越深入地應(yīng)用到人們的生活中,給人們的生活帶來(lái)了極大的便利,然而伴隨其產(chǎn)生的網(wǎng)絡(luò)安全問(wèn)題也越來(lái)越嚴(yán)重。作為網(wǎng)絡(luò)安全的最重要的保障手段之一,IPsec VPN技術(shù)廣泛地被應(yīng)用于網(wǎng)絡(luò)安全的各個(gè)重要節(jié)點(diǎn)中。當(dāng)今廣為使用的IPsec VPN技術(shù),無(wú)論是安全協(xié)議,還是密碼算法全部都是來(lái)自國(guó)外組織或機(jī)構(gòu)制定的標(biāo)準(zhǔn)。為適應(yīng)我國(guó)自身的安全需求,我國(guó)國(guó)家密碼管理局批準(zhǔn)了一系列國(guó)密標(biāo)準(zhǔn)的密碼算法。在此基礎(chǔ)上制訂了基于國(guó)密標(biāo)準(zhǔn)密碼算法的VPN技術(shù)規(guī)范。本文基于《IPsec VPN技術(shù)規(guī)范(2010版)》,在開(kāi)源IPsec VPN服務(wù)器Openswan的基礎(chǔ)上,對(duì)基于國(guó)密標(biāo)準(zhǔn)的IPsec VPN技術(shù)進(jìn)行了研究和實(shí)現(xiàn)。主要的研究成果為:1.系統(tǒng)地研究了開(kāi)源IPsec VPN服務(wù)器Openswan的系統(tǒng)整體架構(gòu)、密碼算法系統(tǒng)和IKE協(xié)商流程。2.改進(jìn)了開(kāi)源IPsec VPN服務(wù)器Openswan,增加了對(duì)國(guó)密標(biāo)準(zhǔn)密碼算法的支持,按照國(guó)密標(biāo)準(zhǔn)的IPsec VPN技術(shù)規(guī)范的IKE協(xié)商流程的要求,修改了Openswan的IKEv1協(xié)商流程。3.對(duì)Linux 2.6內(nèi)核的IPsec實(shí)現(xiàn)NETKEY模塊進(jìn)行了研究,擴(kuò)大了Linux 2.6內(nèi)核的IPsec實(shí)現(xiàn)所支持的密碼算法集,使之能夠支持國(guó)密標(biāo)準(zhǔn)的密碼算法。4.深入研究了Linux內(nèi)核的加密框架和向其中添加自定義密碼算法的方法。將國(guó)密標(biāo)準(zhǔn)的密碼算法注冊(cè)進(jìn)Linux內(nèi)核的加密框架中,使得內(nèi)核其他模塊能夠在需要的時(shí)候調(diào)用國(guó)密標(biāo)準(zhǔn)的密碼算法,完成所需的密碼運(yùn)算。向Linux內(nèi)核加密框架注冊(cè)對(duì)稱加密算法有cipher、同步塊和異步塊三種方式,本論文分別嘗試了這三種注冊(cè)方式對(duì)于系統(tǒng)的加密性能的影響。最終使用了異步塊的注冊(cè)方式實(shí)現(xiàn)了整個(gè)系統(tǒng)。5.在以上研究成果的基礎(chǔ)上實(shí)現(xiàn)了符合《IPsec VPN技術(shù)規(guī)范(2010版)》的國(guó)密標(biāo)準(zhǔn)IPsec VPN服務(wù)器。對(duì)服務(wù)器進(jìn)行了全面的測(cè)試,取得了良好的測(cè)試結(jié)果。
[Abstract]:In recent years, the Internet has been used more and more deeply in people's life, which brings great convenience to people's life. As one of the most important means of network security, IPsec VPN technology is widely used in every important node of network security. Nowadays, IPsec VPN technology is widely used in network security. Whether it is a security protocol or a cryptographic algorithm, it is a standard formulated by a foreign organization or organization. The State Cryptography Administration of China has approved a series of national cryptographic algorithms. On this basis, the VPN technical specification based on the state-secret standard cipher algorithm has been established. This paper is based on the < IPsec VPN Technical Specification (2010)], and on the basis of the open source IPsec VPN server Openswan. This paper studies and implements the IPsec VPN technology based on the national secret standard. The main research result is: 1. The system architecture of the open source IPsec VPN server Openswan is systematically studied. The cryptographic algorithm system and IKE negotiation flow. 2. The open source IPsec VPN server Openswan. has been improved, and the support for national secret standard cryptographic algorithm has been increased. According to the requirements of IKE negotiation flow of IPsec VPN technical specification, This paper modifies the IKEv1 negotiation flow of Openswan .3.Study the IPsec implementation NETKEY module of the Linux 2.6 kernel, and expand the set of cryptographic algorithms supported by the IPsec implementation of the Linux 2.6 kernel. The encryption framework of the Linux kernel and the method of adding the custom cryptographic algorithm to it are studied in depth. The cryptographic algorithm of the national secret standard is registered into the encryption framework of the Linux kernel. Other modules of the kernel can call the standard cryptographic algorithm when needed, complete the required cryptographic operation. Register the symmetric encryption algorithm with the Linux kernel encryption framework in three ways: cipher, synchronous block and asynchronous block. In this paper, the effect of these three registration methods on the encryption performance of the system is tried. Finally, the asynchronous block registration method is used to realize the whole system. 5. On the basis of the above research results, the IPsec VPN technology specification is implemented. China Security Standard IPsec VPN Server. The server has been fully tested. Good test results have been obtained.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【共引文獻(xiàn)】

相關(guān)碩士學(xué)位論文 前9條

1 簡(jiǎn)校榮;基于歷史IP過(guò)濾的防御實(shí)驗(yàn)系統(tǒng)研究與實(shí)現(xiàn)[D];華南理工大學(xué);2013年

2 林益鋅;基于文件系統(tǒng)過(guò)濾驅(qū)動(dòng)的跨平臺(tái)網(wǎng)站防篡改系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];華南理工大學(xué);2013年

3 周浩;基于Cortex-A8的拉力試驗(yàn)機(jī)控制器原理樣機(jī)設(shè)計(jì)與實(shí)現(xiàn)[D];華中科技大學(xué);2013年

4 舒翔;基于虛擬機(jī)的安全監(jiān)控系統(tǒng)設(shè)計(jì)與實(shí)現(xiàn)[D];華中科技大學(xué);2013年

5 張海濤;可演進(jìn)的Locator/ID分離網(wǎng)絡(luò)體系結(jié)構(gòu)[D];清華大學(xué);2013年

6 李s，

本文編號(hào)：1572927