[1]吴越,疏朝明,卜勇华,等.基于IPSec的虚拟专用网络密钥交换实现及其安全分析[J].东南大学学报(自然科学版),2002,32(4):551-557.[doi:10.3969/j.issn.1001-0505.2002.04.003]
 Wu Yue,Shu Chaoming,Bu Yonghua,et al.Key exchange implementation and security analysis for IPSec based virtual private network[J].Journal of Southeast University (Natural Science Edition),2002,32(4):551-557.[doi:10.3969/j.issn.1001-0505.2002.04.003]
点击复制

基于IPSec的虚拟专用网络密钥交换实现及其安全分析()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
32
期数:
2002年第4期
页码:
551-557
栏目:
计算机科学与工程
出版日期:
2002-07-20

文章信息/Info

Title:
Key exchange implementation and security analysis for IPSec based virtual private network
作者:
吴越 疏朝明 卜勇华 胡爱群 毕光国
东南大学无线电工程系,南京 210096
Author(s):
Wu Yue Shu Chaoming Bu Yonghua Hu Aiqun Bi Guangguo
Department of Radio Engineering, Southeast University, Nanjjing 210096, China
关键词:
虚拟专用网 IP安全协议 因特网密钥交换
Keywords:
virtual private network IP security internet key exchange
分类号:
TP309
DOI:
10.3969/j.issn.1001-0505.2002.04.003
摘要:
本文研究了基于IPSec结构的虚拟专用网密钥交换的基本概念和原理,详细地阐述了通过一系列参数的协商在非安全的公共IP网络中建立安全通信的密钥交换机制,给出了基于Linux系统的客户机/服务器VPN密钥交换的软件实现,对其安全特性作出了分析,指出其具有抗服务拒绝攻击、抗中间人攻击、抗连接插入攻击和防止窃听等安全性能,最后对今后研究发展的方向作了进一步的展望.
Abstract:
IPSec(IP security)is the de facto standard of implementing virtual private network on network layer, while key exchange and management mechanism is crucial for IPSec protocols. A thorough study on fundamental concepts and principles of key exchange for IPSec based VPN(virtual private network)is conducted and the details of the security key exchange mechanism on non-secure public IP based network through a set of parameters negotiation is illustrated. A software implementation of Client/Server model VPN key exchange upon Linux operating system is presented and its security performance such as anti-denial-of-service, anti-connection lijacking, anti-the man-in-the-middle attack and anti-eavesdropping etc. are analyzed. Finally the paper gives a prospective view of IKE(Internet key exchange)research.

参考文献/References:

[1] Steven Brown.Implementing virtual private networks[M].New York:McGraw-Hill Companies Inc,1999.1-50.
[2] Kent S,Atkinson R.RFC2401M,Security architecture for the Internet protocol[S].Nov 1998.
[3] Kent S,Atkinson R.RFC2402,IP authentication header[S].Nov 1998.
[4] Kent S,Atkinson R.RFC2406,IP encapsulation security payload(ESP).Nov 1998.
[5] Maughan D,Schertler M,Schneider M,et al.RFC2408,Internet security association key management protocol(I SAKMP)[S].Nov 1998.
[6] Harkins D,Carrel D.RFC2409,Internet key exchange[S].Nov 1998.
[7] Orman H.RFC2412,The Oakley key determination protocol.Nov 1998.

备注/Memo

备注/Memo:
基金项目: 国家“九五”科技攻关重点资助项目(2000-A32-12).
作者简介: 吴越(1968—),男,博士生; 胡爱群(联系人),男,教授,博士生导师; 毕光国(联系人),男,教授,博士生导师.
更新日期/Last Update: 2002-07-20