本文選題：VPN + IPsec�。� 參考：《電子科技大學(xué)》2014年碩士論文

【摘要】：虛擬專用網(wǎng)是互聯(lián)網(wǎng)技術(shù)與通信技術(shù)結(jié)合的產(chǎn)物,同時(shí)客觀需求也促使VPN技術(shù)的理論和實(shí)現(xiàn)技術(shù)突發(fā)猛進(jìn)地發(fā)展。IPsec VPN技術(shù)主要應(yīng)用于遠(yuǎn)程接入內(nèi)網(wǎng),從而便于實(shí)現(xiàn)移動(dòng)辦公,VPN技術(shù)還能對(duì)通信內(nèi)容提供保護(hù),以防被竊取和篡改,還可以對(duì)資源服務(wù)器保障安全。隨著安全技術(shù)發(fā)展VPN技術(shù)受到各界的青睞,其中I Psec VPN技術(shù)因?yàn)樘峁┑臋C(jī)密性與完整性得而到了普遍的應(yīng)用,能提供節(jié)儉、安全和可靠的電信業(yè)務(wù)。在對(duì)IPsec VPN國(guó)內(nèi)外現(xiàn)狀和關(guān)鍵技術(shù)闡述的基礎(chǔ)上,本文對(duì)Linux環(huán)境網(wǎng)關(guān)中的I Psec VPN的需求進(jìn)行了系統(tǒng)分析。設(shè)計(jì)了針對(duì)經(jīng)過(guò)網(wǎng)關(guān)的IP包進(jìn)行IPSec處理提供保護(hù)或?qū)?jīng)過(guò)IPSec的數(shù)據(jù)包解析轉(zhuǎn)發(fā)。在構(gòu)造IPSec安全系統(tǒng)中,針對(duì)IP協(xié)議存在的安全問(wèn)題,采用AH與ESP協(xié)議相關(guān)的技術(shù),同時(shí)結(jié)合對(duì)稱加解密算法DES、公鑰加解密算法RSA、消息摘要技術(shù)以及數(shù)字簽名技術(shù)對(duì)IP數(shù)據(jù)包提供完整性服務(wù)與機(jī)密性服務(wù),以彌補(bǔ)IP協(xié)議的安全缺陷。同時(shí)針對(duì)網(wǎng)絡(luò)中密鑰交換過(guò)程的容易遭受攻擊的問(wèn)題,采用I KE相關(guān)技術(shù)以及Diffie-Hellman密鑰交換算法為因特網(wǎng)的密鑰交換提供安全保障措施。最后根據(jù)系統(tǒng)架構(gòu)設(shè)計(jì)及實(shí)現(xiàn)情況對(duì)所做的系統(tǒng)進(jìn)行了測(cè)試,主要是測(cè)試結(jié)構(gòu)模塊間IPsec VPN協(xié)作完整性,測(cè)試結(jié)果表明設(shè)計(jì)與實(shí)現(xiàn)的正確性,而且系統(tǒng)運(yùn)行穩(wěn)定,符合實(shí)際的需求。但是本文實(shí)現(xiàn)系統(tǒng)在后臺(tái)控制方面以及算法效率方面仍存在研究提高的空間。
[Abstract]:Virtual private network is the result of the combination of Internet technology and communication technology. At the same time, the objective demand also promotes the theory and realization of VPN technology to develop suddenly. IPsec VPN technology is mainly used in remote access intranet. Thus the mobile office VPN technology can also protect the communication content from being stolen and tampered with, and can also guarantee the security of the resource server. With the development of security technology, VPN technology is favored by all walks of life. Among them, I Psec VPN technology is widely used because of its confidentiality and integrity, and it can provide thrifty, secure and reliable telecommunication services. Based on the current situation and key technologies of IPsec VPN, this paper systematically analyzes the requirements of I Psec VPN in Linux environment gateway. This paper designs IPSec protection for IP packets that pass through gateway or parses and forwards packets passing through IPSec. In the construction of IPSec security system, aiming at the security problems of IP protocol, we adopt the AH and ESP protocol related technology. At the same time, it combines symmetric encryption and decryption algorithm des, public key encryption and decryption algorithm RSA, message digest technology and digital signature technology to provide integrity and confidentiality services for IP packets, so as to make up for the security defects of IP protocol. At the same time, aiming at the problem that the key exchange process in the network is vulnerable to attack, the key exchange algorithm based on Ike and Diffie-Hellman is used to provide security measures for the key exchange in the Internet. Finally, according to the design and implementation of the system architecture, the system is tested, which mainly tests the IPsec VPN cooperation integrity between the structure modules. The test results show that the design and implementation are correct, and the system runs stably. Meet the actual needs. However, there is still room for improvement in background control and algorithm efficiency.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【共引文獻(xiàn)】

相關(guān)期刊論文 前3條

1 劉運(yùn);李穎;;一種大型軟件自動(dòng)構(gòu)建方案的設(shè)計(jì)與實(shí)現(xiàn)[J];佳木斯大學(xué)學(xué)報(bào)(自然科學(xué)版);2014年01期

2 丁文學(xué);蔡瑞英;;B/S體系結(jié)構(gòu)中持久層的設(shè)計(jì)與實(shí)現(xiàn)[J];微計(jì)算機(jī)信息;2008年03期

3 汪誠(chéng)波;駱靜峰;何欽銘;;一種新的設(shè)計(jì)模式——接口呼叫模型[J];計(jì)算機(jī)系統(tǒng)應(yīng)用;2008年01期

相關(guān)碩士學(xué)位論文 前10條

1 孫代耀;基于Ajax技術(shù)的培訓(xùn)學(xué)校智能化辦公系統(tǒng)研究與開(kāi)發(fā)[D];中國(guó)海洋大學(xué);2010年

2 陳潔敏;電子運(yùn)維系統(tǒng)中作業(yè)管理模塊的設(shè)計(jì)和實(shí)現(xiàn)[D];華南理工大學(xué);2010年

3 郝麗;基于Java設(shè)計(jì)模式的網(wǎng)絡(luò)監(jiān)控框架的設(shè)計(jì)與實(shí)現(xiàn)[D];大連交通大學(xué);2010年

4 和翠葦;昆明地稅車船稅管理系統(tǒng)的分析與設(shè)計(jì)[D];云南大學(xué);2010年

5 劉黎;本科教學(xué)水平評(píng)估管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];西安電子科技大學(xué);2010年

6 王娟;無(wú)紙化考試考務(wù)管理系統(tǒng)設(shè)計(jì)與實(shí)現(xiàn)[D];西安電子科技大學(xué);2010年

7 艾曉燕;科技管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];西安電子科技大學(xué);2010年

8 滿媛媛;網(wǎng)上打印電子繳款憑證系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];南京理工大學(xué);2010年

9 耿立博;基于B/S架構(gòu)的酒店管理系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];電子科技大學(xué);2011年

10 苑東宇;黑龍江移動(dòng)自有業(yè)務(wù)平臺(tái)的分析與設(shè)計(jì)[D];北京郵電大學(xué);2011年

，

本文編號(hào)：1941231