本文選題：衛(wèi)星IP網(wǎng)絡(luò)　切入點：IPsec　出處：《電子科技大學(xué)》2014年碩士論文

【摘要】：衛(wèi)星IP網(wǎng)絡(luò)作為地面IP網(wǎng)絡(luò)的延伸,已經(jīng)成為當(dāng)前信息基礎(chǔ)設(shè)施建設(shè)的重要組成部分。由于衛(wèi)星IP網(wǎng)絡(luò)是將TCP/IP協(xié)議棧承載于衛(wèi)星信道上,因此,它繼承了衛(wèi)星信道差錯率高、傳輸時延長、信道不對稱以及廣播等固有特性。前三個特性對終端設(shè)備之間的TCP通信會產(chǎn)生實質(zhì)性的影響,帶來TCP性能問題;而廣播特性以及全球范圍的覆蓋能力,又帶來了衛(wèi)星IP網(wǎng)絡(luò)的安全問題。IPsec是IETF提出的Internet安全框架,它為IP層提供標準、可靠、可擴充、基于加密的安全性,包括訪問控制、數(shù)據(jù)源認證、抗重放攻擊、數(shù)據(jù)完整性、數(shù)據(jù)機密性等服務(wù)。是目前唯一的能夠在任何形式的網(wǎng)絡(luò)通信中提供安全保護,最完整、最易于擴充的一種安全解決方案。對于TCP在衛(wèi)星IP網(wǎng)絡(luò)中的性能問題,業(yè)界主要提出了兩類性能增強技術(shù):端到端的解決辦法和基于中間件的解決辦法。前者雖然能在一定程度上提高TCP在衛(wèi)星IP網(wǎng)絡(luò)中的性能,但不能徹底消除衛(wèi)星信道對TCP性能的影響。后者使用性能增強型網(wǎng)關(guān),通過將TCP分段,能夠極大地提高衛(wèi)星IP網(wǎng)絡(luò)中TCP的性能。對于衛(wèi)星IP網(wǎng)絡(luò)的安全問題,業(yè)界主要提出了基于IPsec的多層安全保護方案和用傳輸層安全機制代替IPsec的安全方案。然而,基于性能增強型網(wǎng)關(guān)的TCP性能增強技術(shù)與IPsec的端到端特性相沖突,傳輸層安全機制又存在使用局限性和性能方面的不足。這兩種方案均不能有效應(yīng)用于衛(wèi)星IP網(wǎng)絡(luò)中。為此,本文對當(dāng)前的衛(wèi)星IP網(wǎng)絡(luò)技術(shù)、IPsec技術(shù)以及業(yè)界針對衛(wèi)星IP網(wǎng)絡(luò)提出的安全解決方案進行了詳盡的研究�；贗Psec進行改進,提出了一種全新的衛(wèi)星IP網(wǎng)絡(luò)安全解決方案。首先,針對衛(wèi)星IP網(wǎng)絡(luò)長時延、高誤碼的特性,全新設(shè)計了一套基于公鑰體制的密鑰協(xié)商協(xié)議;然后,為了盡可能在不降低衛(wèi)星IP網(wǎng)絡(luò)傳輸效率的基礎(chǔ)上適應(yīng)TCP性能增強技術(shù),對IPsec的封裝模式和作用域進行了改進設(shè)計;最后,為了進一步提高衛(wèi)星IP網(wǎng)絡(luò)的傳輸效率,引入了PMTU發(fā)現(xiàn)技術(shù)和IPComp技術(shù),并針對改進后的IPsec封裝模式進行了適應(yīng)性改進�；谏鲜鲅芯亢驮O(shè)計,本文對適用于衛(wèi)星IP網(wǎng)絡(luò)的IPsec網(wǎng)關(guān)進行了原理樣機的設(shè)計和工程實現(xiàn),并對主要功能和性能進行了測試和驗證。
[Abstract]:Satellite IP network, as an extension of terrestrial IP network, has become an important part of current information infrastructure construction.Because the satellite IP network carries the TCP/IP protocol stack on the satellite channel, it inherits the inherent characteristics of the satellite channel, such as high error rate, extended transmission time, asymmetric channel and broadcast.The first three characteristics will have a substantial impact on the TCP communication between terminal devices, which will bring about the problem of TCP performance, while the broadcast characteristics and the global coverage capability will bring about the security problem of satellite IP network. IPsec is the Internet security framework proposed by IETF.It provides standard, reliable, extensible, encryption-based security for the IP layer, including access control, data source authentication, replay protection, data integrity, data confidentiality, and so on.It is the only security solution that can provide security protection in any form of network communication and is the most complete and easy to expand.For the performance of TCP in satellite IP networks, two kinds of performance enhancement techniques are proposed: end-to-end solutions and middleware based solutions.Although the former can improve the performance of TCP in satellite IP network to some extent, it can not completely eliminate the influence of satellite channel on TCP performance.The latter can greatly improve the performance of TCP in satellite IP network by segmenting TCP using performance enhancement gateway.For the security of satellite IP network, the industry mainly puts forward the multi-layer security protection scheme based on IPsec and the security scheme of replacing IPsec with transport layer security mechanism.However, the TCP performance enhancement technology based on the performance enhancement gateway conflicts with the end-to-end characteristics of IPsec, and the transport layer security mechanism has its limitations and performance shortcomings.Neither of these schemes can be effectively applied to satellite IP networks.In this paper, the current satellite IP network technology IPsec technology and the industry for satellite IP network security solutions are studied in detail.Based on the improvement of IPsec, a new security solution for satellite IP network is proposed.First of all, in view of the long delay and high error rate of satellite IP network, a new key agreement protocol based on public key system is designed, and then, in order to adapt to the TCP performance enhancement technology without reducing the transmission efficiency of satellite IP network as much as possible, a new key agreement protocol based on public key cryptosystem is designed.Finally, in order to further improve the transmission efficiency of satellite IP network, PMTU discovery technology and IPComp technology are introduced, and adaptive improvement is made for the improved IPsec encapsulation mode.Based on the above research and design, this paper designs and implements the principle prototype of IPsec gateway suitable for satellite IP network, and tests and verifies the main function and performance.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TN927.2

【參考文獻】

相關(guān)期刊論文 前2條

1 肖躍;秦紅祥;;國內(nèi)外衛(wèi)星通信產(chǎn)業(yè)技術(shù)應(yīng)用現(xiàn)狀和發(fā)展趨勢[J];衛(wèi)星與網(wǎng)絡(luò);2010年07期

2 韓松,鄧迎春;衛(wèi)星TCP/IP數(shù)據(jù)傳輸技術(shù)[J];現(xiàn)代電信科技;2000年02期

，

本文編號：1709443