中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
因特网密钥交换协议的研究与实现
作者: 王斌
答辩日期: 2000
专业: 计算机应用
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: IPSec协议 ; IKE协议 ; 安全关联(SA)
其他题名: Research and Implementation of Internet Key Exchange
摘要: 该论文从介绍IPSec协议开始,重点论述了其中的解决密钥协商问题的IKE协议.并且结合具体的科研工作,描述了在Linux操作系统上如何实现IKE协议.全文共有六个章节.第一章介绍了Internet的发展现状,存在的安全隐患和Internet上典型的攻击,阐述了在TCP/IP协议族的各层实现安全机制的优缺点,并介绍了虚拟私用网的概念,以及目前实现虚拟私用网的两种隧道协议.第二章描述了IPSec协议族所包含的协议、IPSec的工作模式、建立安全关联的方法.然后重点介绍了IPSec协议族中的IKE协议,包括IKE协议的两阶段协商,IKE协议定义的负载格式,以及IKE协议定义的交换模式.第三章结合我们的科研工作,阐述了如何在Linux操作系统中设计和实现IKE协议.包括如何在内核中创建和管理安全关联数据库,如何实现PF_KEY套接字接口和PF_KEY消息,如何设计IKE协议的主模式和快速模式的状态机等等.第四章描述了安全路由器的实现,安全路由器的外部接口,以及硬件加密设备的实现,并对安全路由器进行了测试.第五章对全文进行了简单的总结,并给出了一些可用于提高虚拟私用网效率的技术.
英文摘要: Originally IP packets defined by IPv4 don't contain any security characteristic. Attackers can easily forge the address of the IP packets, revise their content, replay them in a later time, and eavesdrop data during transmission. In order to make up the innate deficiency of the IPv4, IPSec protocol provides a kind of standard and robust security mechanism, and can be used to provide security protection for IP and higher layer protocols. But before IPSec protocol can be used widely, a problem must be resolved. The problem is how to negotiate keys automatically through Internet. And it is what this paper mainly deals with. First, this paper introduces the concept of IPSec protocol and discusses emphatically the IKE protocol which resolves the problem of key negotiation. Then, according to our current research work, I describe in detail the procedure on how to realize IKE protocol in Linux. There are totally five chapters in this paper. The first chapter shows the current development status of Internet , some network security problems and some classic Internet attacks, discusses the advantages and disadvantages to realize network security on different TCP/IP layers, and gives a simple introduce about Virtual Private Network and two kinds of VPN tunneling pro to coals. The second chapter introduces the protocols contained in IPSec protocol stack, the work modes and the methods to build Security Associations. Then the detail of IKE protocol is described, including the two negotiating phases, the format of all IKE payloads, and the exchange mode defined by IKE. In the third chapter, combined with our current research, I describe how to design and realize IKE in Linux OS. The realization includes establishing and managing security association database in Linux kernel, developing PF_KEY socket interface and PF_KEY message, and designing the state machines of IKE main mode and IKE quick mode. In the fourth chapter, I depict the realization of the VPN router, the out interface of the VPN router, and the realization of hardware encryption. In the end, I describe the test to the VPN router. Chapter 5 draws the conclusion and indicts the future direction of the system.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6554
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW008634.pdf(2656KB)----限制开放-- 联系获取全文

Recommended Citation:
王斌. 因特网密钥交换协议的研究与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2000-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[王斌]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[王斌]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace