支持TNC的IPsec VPN系統(tǒng)的研究
發(fā)布時間:2019-01-09 15:56
【摘要】:傳統(tǒng)的VPN技術(shù)在用戶接入時只對用戶的合法性進行認證,并不對用戶終端的安全性進行檢查,用戶終端攜帶病毒、木馬程序,這樣的用戶接入網(wǎng)絡(luò)是十分危險的。TCG組織的TNC架構(gòu)能夠提供用戶身份認證和平臺完整性檢查功能,保護企業(yè)網(wǎng)絡(luò)不受接入終端中惡意代碼和系統(tǒng)漏洞的危害,但TNC主要應(yīng)用在局域網(wǎng)中,很少在VPN中應(yīng)用。本文研究“支持TNC的IPsec VPN系統(tǒng)”,就是要將TNC技術(shù)應(yīng)用到遠程接入技術(shù)IPsec VPN中,使得用戶接入時,,不僅身份合法,而且平臺完整性也符合要求。 本文首先介紹了TNC架構(gòu)和IPsec VPN技術(shù),然后介紹了IKEv2的EAP消息擴展,以使系統(tǒng)支持TNC需要的EAP消息的傳遞。在此基礎(chǔ)之上,利用strongSwan、TNC@FHH和FREERADIUS設(shè)計并搭建了支持TNC的IPsec VPN系統(tǒng)。然后,根據(jù)安全需求,設(shè)計并實現(xiàn)了對BOOTLOADER和防火墻進行安全狀態(tài)檢查的相關(guān)模塊。最后對系統(tǒng)進行了測試,在IPsec VPN環(huán)境下實現(xiàn)了用戶身份認證和平臺完整性度量。
[Abstract]:The traditional VPN technology only authenticates the legitimacy of the user when they access the user, and does not check the security of the user terminal. The user terminal carries the virus and Trojan program. This kind of user access network is very dangerous. The TNC architecture of TCG organization can provide user identity authentication and platform integrity check function, and protect enterprise network from malicious code and system vulnerability in access terminal. But TNC is mainly used in LAN, but rarely in VPN. In this paper, "IPsec VPN system supporting TNC" is studied, which is to apply TNC technology to remote access technology (IPsec VPN), so that the user's identity is not only legal, but also the platform integrity meets the requirements. This paper first introduces the TNC architecture and IPsec VPN technology, then introduces the EAP message extension of IKEv2 to enable the system to support the EAP message delivery required by TNC. On this basis, IPsec VPN system supporting TNC is designed and built by using strongSwan,TNC@FHH and FREERADIUS. Then, according to the security requirements, design and implementation of the BOOTLOADER and firewall security status check module. Finally, the system is tested, and user identity authentication and platform integrity measurement are realized in IPsec VPN environment.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2405835
[Abstract]:The traditional VPN technology only authenticates the legitimacy of the user when they access the user, and does not check the security of the user terminal. The user terminal carries the virus and Trojan program. This kind of user access network is very dangerous. The TNC architecture of TCG organization can provide user identity authentication and platform integrity check function, and protect enterprise network from malicious code and system vulnerability in access terminal. But TNC is mainly used in LAN, but rarely in VPN. In this paper, "IPsec VPN system supporting TNC" is studied, which is to apply TNC technology to remote access technology (IPsec VPN), so that the user's identity is not only legal, but also the platform integrity meets the requirements. This paper first introduces the TNC architecture and IPsec VPN technology, then introduces the EAP message extension of IKEv2 to enable the system to support the EAP message delivery required by TNC. On this basis, IPsec VPN system supporting TNC is designed and built by using strongSwan,TNC@FHH and FREERADIUS. Then, according to the security requirements, design and implementation of the BOOTLOADER and firewall security status check module. Finally, the system is tested, and user identity authentication and platform integrity measurement are realized in IPsec VPN environment.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前8條
1 周明天;譚良;;可信計算及其進展[J];電子科技大學(xué)學(xué)報;2006年S1期
2 王曄澄;譚成翔;;EAP-IKEv2協(xié)議研究和安全分析[J];計算機安全;2008年12期
3 張紅旗,李景峰;基于屬性證書的X.509證書改進方案[J];計算機工程與應(yīng)用;2001年20期
4 徐明迪;張煥國;嚴飛;;基于標記變遷系統(tǒng)的可信計算平臺信任鏈測試[J];計算機學(xué)報;2009年04期
5 劉宏偉;衛(wèi)國斌;;可信計算在VPN中的應(yīng)用[J];計算機應(yīng)用;2006年12期
6 陳卓;張正文;;Internet密鑰交換協(xié)議IKEv2研究[J];計算機應(yīng)用與軟件;2008年02期
7 陳卓,張正文,王瑞民;IKE安全機制的研究[J];計算機工程與設(shè)計;2004年04期
8 雷懷玉,任新華;基于EAP/TLS的無線局域網(wǎng)安全認證系統(tǒng)的研究與實現(xiàn)[J];太原理工大學(xué)學(xué)報;2005年05期
本文編號:2405835
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2405835.html
最近更新
教材專著
