本文選題：IPSec　切入點：IKEv2　出處：《西安電子科技大學》2014年碩士論文　論文類型：學位論文

【摘要】：VPN（Virtual Private Network，虛擬專用網(wǎng)）是一種在不安全的網(wǎng)絡上建立安全、虛擬網(wǎng)絡通道的技術，IPSec（Internet Protocol Security，互聯(lián)網(wǎng)協(xié)議安全）是VPN技術的一種實現(xiàn)方式，其主要通過對IP數(shù)據(jù)包的加密與認證來確保IP數(shù)據(jù)包在傳輸過程中的安全性。隨著網(wǎng)絡技術的不斷發(fā)展，接入企業(yè)用戶的網(wǎng)絡帶寬已經(jīng)從傳統(tǒng)的十兆、百兆發(fā)展到千兆、萬兆級別，而現(xiàn)有的Windows平臺IPSec客戶端軟件由于自身設計等因素，在千兆網(wǎng)絡環(huán)境下安全過濾帶寬較低，造成了網(wǎng)絡帶寬的浪費。此外，由于Windows操作系統(tǒng)的不斷升級，現(xiàn)有的IPSec客戶端軟件在新版本操作系統(tǒng)上普遍存在一定的兼容性問題。 本文針對現(xiàn)有Windows平臺IPSec客戶端軟件的不足，基于Windows內核網(wǎng)絡過濾驅動與AES-NI（Advanced Encryption Standard-New Instruction，高級加密標準-新指令集）技術設計并實現(xiàn)了一款Windows平臺高性能IPSec客戶端軟件。該軟件主要分為用戶層應用程序與內核層網(wǎng)絡過濾驅動程序兩個部分，其中用戶層應用程序使用IKEv2（Internet Key Exchange，互聯(lián)網(wǎng)密鑰交換）協(xié)議與IPSec網(wǎng)關協(xié)商建立VPN通道；內核層針對不同的Windows操作系統(tǒng)版本分別使用NDIS IM（Network Driver Interface Specification Intermediate，網(wǎng)絡驅動接口標準中間層）與WFP（Windows Filtering Platform，Windows過濾平臺）兩種內核網(wǎng)絡過濾驅動框架實現(xiàn)了IPSec過濾驅動程序，其解決了IPSec實現(xiàn)過程中常見的MTU（Maximum Transmission Unit，最大傳輸單元）與大數(shù)據(jù)包分片等問題，并使用AES-NI技術對IPSec的處理進行加速。 千兆以太網(wǎng)環(huán)境中測試結果表明，本文所實現(xiàn)的客戶端軟件能夠滿足實際的功能需求，借助于AES-NI技術將IPSec處理性能提升至500Mbps左右，，且具有良好的操作系統(tǒng)版本兼容性與穩(wěn)定性。該軟件目前已經(jīng)成功部署于某部門使用，在近半年的使用過程中運行穩(wěn)定、性能良好。
[Abstract]:VPN(Virtual Private Network (Virtual Private Network) is a kind of implementation method of VPN technology, which is to establish security on an insecure network, and the technology of virtual network channel is IPSec Protocol Security (Internet Protocol Security). With the continuous development of network technology, the network bandwidth of access enterprise users has developed from the traditional 10 megabytes, 100 megabytes to gigabytes. The existing IPSec client software of Windows platform, because of its own design and other factors, has low security filtering bandwidth in gigabit network environment, resulting in a waste of network bandwidth. In addition, because of the continuous upgrading of Windows operating system, The existing IPSec client software generally has some compatibility problems in the new version of the operating system. This paper aims at the deficiency of IPSec client software in existing Windows platform. Based on Windows kernel network filter driver and AES-NI(Advanced Encryption Standard-New structuring, advanced encryption standard-new instruction set), a high performance IPSec client software based on Windows platform is designed and implemented. The software is mainly divided into user layer application and kernel layer network. Two parts of the network filter driver, The user layer application program uses IKEv2(Internet Key Exchange (Internet key Exchange) protocol to negotiate with the IPSec gateway to establish the VPN channel. For different versions of Windows operating system, two kernel network filter driver frameworks, NDIS IM(Network Driver Interface Specification Intermediate (Network driver Interface Standard Intermediate) and WFP(Windows Filtering platform, are used to implement IPSec filter driver. It solves the problems of MTU(Maximum Transmission unit (maximum transmission unit) and large packet slicing in the process of IPSec implementation, and uses AES-NI technology to accelerate the processing of IPSec. The test results in gigabit Ethernet environment show that the client software realized in this paper can meet the actual functional requirements, and the processing performance of IPSec can be improved to about 500Mbps with the help of AES-NI technology. The software has been successfully deployed in some departments and has been running stably in the past half a year.
【學位授予單位】：西安電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.1

【參考文獻】

相關期刊論文 前4條

1 鄧e

本文編號：1600274