西电-IPSec的VPN的研究与实现

VIP免费
3.0 李琳琳 2024-10-14 6 4 3.85MB 64 页 15积分
侵权投诉
IPSec VPN 的研究与实现
摘要
随着政府上网、电子商务、金融电子化等不断推进,网络应用越来越广泛,企业和组织
机构不断发展壮大,过去的那种大投入、高消费、低利用的网络建设方式已经不能适应企业
和组织的发展需要。在这种情况下,虚拟专用网(Virtual Private Network, VPN)技术应运
而生,它综合传统数据网络的性能优点和 Internet 网络结构的优,彻底改变了传统
络的建设方式,符合企业和组织发展的需求,代表了当今网络发展的最新趋势。但需要指出
的是:如果在未采取安全措施的虚拟专用网上传输数据时,数据容易被监听、篡改和伪造,
将会给企业和组织造成难以估量的损失。
针对 Internet 的安求,网工务组(IETF)于 1998 年 11 月了 IP 层
标准 IPSec(IP Security)。其目标是为 IPv4 IPv6 提供具有较强的互操作能力、高质量和
IPSec 在的 IP 包
Internet 这样无保护的网络中传送敏感信息的安全保证。IPSec 实现多种安全服务,包括访
问控制、无连接完整性、数据源验证、抗重播、机密性(加密)和有限的业务流机密性。
本文首先介绍了 VPN 所涉及的各项安全技术,包括隧道协议、加密技术、认证技术等,然
后分基于 IPSec 协议的 VPN 网络安全体系结构以及各组能、工作方式,
上给出了 IPSec VPN ,提出了使协议开关Linux的 NetFilter 机制
将 IPSec 理嵌入 IP 使哈希表实现安关联;使Radix构实现安策略
的设计思想着重讨论框架结构、关键技术。最后一个应用实进行验证和测试
关键字:传输安全,虚拟专用网,隧道协议,IP 安全协议,安全联盟安全协议,
验证协议,公共设施
IPSec VPN 的研究与实现
Abstract
With the development of E-Government, E-Business, E-Finance, we have entered an
information era, which is based on the Internet. With the development of enterprises and
organizations, it’s not fit for them to set up the networks by high investments, high consumption and
in return by low value in use. VPNs technologies were developed in that time, which make full use
of the benefits of conventional networks and the structure of Internet. VPNs, which completely
change the situations and fit for the need of enterprises and organizations, are the trend of networks
development. But we should give attention to the security of VPNs. If the hackers sniff, alter or fake
the unprotected data while transferring through public networks, it may cause incalculable loss.
With much concern to networks security, Internet Engineering Task Force (IETF) provided the IP
security guarantee for transferring sensitive information in an unprotected network in Nov., 1998.
IPSec provides these security services at the IP layer. It protects and authenticates IP packets
transferring between IPSec devices. With IPSec, data needn't worry about being sniffed, altered or
faked while transferring through Internet. IPSec is a framework of open standards that provides data
confidentiality, data integrity, and data authentication between participating peers. IPSec makes the
Virtual Private Networks (VPNs) available.
In this paper, we introduce security technologiesused in VPN, such as tunneling protocol,
encryption, and authentication and so on, and explainthe architecture of VPN based on the protocol
of IP Security (IPSec). After these, we propose the realization of IPSec VPN. In the realization, we
discuss the design of implementing the transaction of IPSec with the protocol switching table and
the NetFilter mechanism in Linux, implementing Security Association Database (SAD) with Hash
table and implementing Security Policy Database (SPD) with the structure of Radix tree. We also
discuss the architecture and key technologies in detail. Finally, we use an example to test this
syatem.
Key words: the security of transport, Virtual Private Network VPN), Tunneling Protocol, IP
Security Protocol (IPSec), Security Association (SA), Encapsulating Security Payload (ESP),
Authentication Header (AH), Public Key Infrastructure (PKI)
IPSec VPN 的研究与实现
IPSec VPN 的研究与实现
摘要...............................................................................................................................................................................1
Abstract.........................................................................................................................................................................2
第一章 绪论.................................................................................................................................................................7
1.1课题研究背景...............................................................................................................................................7
1.2 国内外研究...........................................................................................................................................8
1.3 课题的研究意义...........................................................................................................................................9
1.4 本文的...........................................................................................................................................9
第二章 虚拟专用网...................................................................................................................................................10
2.1 VPN 概述......................................................................................................................................................10
2.1.1 VPN .....................................................................................................................................10
2.1.2 实施 VPN 的优点..............................................................................................................................10
2.1.3 VPN 的分....................................................................................................................................11
2.2 VPN 关键技术.........................................................................................................................................13
2.2.1 隧道技术.........................................................................................................................................13
2.2.2 认证技术.................................................................................................................................13
2.2.3 数据加密技术.................................................................................................................................14
2.3 VPN 的实施方.......................................................................................................................................15
2.3.1 PPTP................................................................................................................................................16
2.3.2 L2TP................................................................................................................................................17
2.3.3 IPSec..............................................................................................................................................17
2.3.4 PPTP/L2TPlIPSec 的...........................................................................................................18
第三章 IPSec 概述.............................................................................................................................................21
3.1 IPSec 安全体系结构和.....................................................................................................................21
3.2 IPSec 的工作原理.....................................................................................................................................22
3.2.1处理过程.................................................................................................................................23
3.2.2 进入处理过程.................................................................................................................................25
3.3 安全联盟(SA).............................................................................................................................................25
3.4 认证(AH).................................................................................................................................................26
3.4.1 AH 格...........................................................................................................................................27
3.4.2 AH 操作...................................................................................................................................28
IPSec VPN 的研究与实现
3.5 ESP..............................................................................................................................................................30
3.5.1 ESP 数据包.............................................................................................................................30
3.5.2 ESP 操作.................................................................................................................................32
3.6 Internet 钥交换.................................................................................................................................34
3.7 章小......................................................................................................................................................34
第四章 VPN 网关的设计与实现.............................................................................................................................36
4.1 总休..............................................................................................................................................36
4.2 VPN 的工作流程................................................................................................................................38
4.2.1 外出数据包的处理........................................................................................................................38
4.2.2 进入数据包的处理.........................................................................................................................38
4.3 VPN 的设计细节...............................................................................................................................40
4.3.1 IKE 动态管理模块设计...............................................................................................................40
4.3.2 IPSec 的工作模式.......................................................................................................................40
4.3.3 策略库的设计................................................................................................................................41
4.3.4 安全联盟数据库的设计.................................................................................................................44
4.4 关键模块实现所用的技术......................................................................................................................45
4.4.1 IKE 动态管理模块...........................................................................................................................45
4.4.2 IPSec 处理模块................................................................................................................................48
4.4.3 IPSec 处理模块与应用程的接................................................................................................52
第五章 利用 IPSec 构造 VPN 测试..............................................................................................................53
5.1 结构设.......................................................................................................................................................53
5.2 构造过程.......................................................................................................................................................54
5.2.1 配置...........................................................................................................................................54
5.2.2 Frees/WAN 的安...........................................................................................................................55
5.2.3 Frees/WAN 配置...........................................................................................................................55
5.2.4 构造 VPN ..........................................................................................................................57
5.3 VPN 关测试..............................................................................................................................................59
5.3.1 测试...........................................................................................................................................59
5.4 应用测试..............................................................................................................................................61
第六章 与展...................................................................................................................................................63
IPSec VPN 的研究与实现
6.1 全文......................................................................................................................................................63
6.2 课题......................................................................................................................................................63
致谢.............................................................................................................................................................................65
参考....................................................................................................................................................................66
第一章 绪论
1.1课题研究背景
随着 Internet 的迅速发展,利用已有的 Internet 设施来提供广泛入的服务的
越来越高。原始 Internet 服务方式如 WWW,FTP,E-MAIL等,人们还希望可
的利用已经人们的 Internet。
摘要:

IPSec的VPN的研究与实现摘要随着政府上网、电子商务、金融电子化等不断推进,网络应用越来越广泛,企业和组织机构不断发展壮大,过去的那种大投入、高消费、低利用的网络建设方式已经不能适应企业和组织的发展需要。在这种情况下,虚拟专用网(VirtualPrivateNetwork,VPN)技术应运而生,它综合了传统数据网络的性能优点和Internet网络结构的优点,彻底改变了传统网络的建设方式,符合企业和组织发展的需求,代表了当今网络发展的最新趋势。但需要指出的是:如果在未采取安全措施的虚拟专用网上传输数据时,数据容易被监听、篡改和伪造,将会给企业和组织造成难以估量的损失。针对Internet的安...

展开>> 收起<<
西电-IPSec的VPN的研究与实现.doc

共64页,预览7页

还剩页未读, 继续阅读

相关推荐

更多
立即下载
作者:李琳琳 分类:高等教育资料 价格:15积分 属性:64 页 大小:3.85MB 格式:DOC 时间:2024-10-14

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

推荐作者

热门标签

/ 64
评分 收藏
分享
立即下载 VIP免费下载
客服
关注