| 基于IPSec的虚拟专用网络密钥交换实现及其安全分析 |
| |
| 引用本文: | 吴越,疏朝明,卜勇华,胡爱群,毕光国.基于IPSec的虚拟专用网络密钥交换实现及其安全分析[J].东南大学学报(自然科学版),2002,32(4):551-557. |
| |
| 作者姓名: | 吴越 疏朝明 卜勇华 胡爱群 毕光国 |
| |
| 作者单位: | 东南大学无线电工程系,南京,210096 |
| |
| 基金项目: | 国家“九五”科技攻关重点资助项目 (2 0 0 0 A3 2 12 ) |
| |
| 摘 要: | 本文研究了基于IPSec结构的虚拟专用网密钥交换的基本概念和原理,详细地阐述了通过一系列参数的协商在非安全的公共IP网络中建立安全通信的密钥交换机制,给出了基于Linux系统的客户机/服务器VPN密钥交换的软件实现,对其安全特性作出了分析,指出其具有抗服务拒绝攻击,抗中间人攻击,抗连接插入攻击和防止窍听等安全性能,最后对今后研究发展的方向作了进一步的展望。
|
| 关 键 词: | IPSec 虚拟专用网 IP安全协议 密钥交换 网络安全 |
| 文章编号: | 1001-0505(2002)04-0551-07 |
Key exchange implementation and security analysis for IPSec based virtual private network |
| |
| Wu Yue,Shu Chaoming,Bu Yonghua,Hu Aiqun,Bi Guangguo.Key exchange implementation and security analysis for IPSec based virtual private network[J].Journal of Southeast University(Natural Science Edition),2002,32(4):551-557. |
| |
| Authors: | Wu Yue Shu Chaoming Bu Yonghua Hu Aiqun Bi Guangguo |
| |
| Abstract: | IPSec (IP security) is the de facto standard of implementing virtual private network on network layer, while key exchange and management mechanism is crucial for IPSec protocols. A thorough study on fundamental concepts and principles of key exchange for IPSec based VPN (virtual private network) is conducted and the details of the security key exchange mechanism on non secure public IP based network through a set of parameters negotiation is illustrated. A software implementation of Client/Server model VPN key exchange upon Linux operating system is presented and its security performance such as anti denial of service, anti connection lijacking, anti the man in the middle attack and anti eavesdropping etc. are analyzed. Finally the paper gives a prospective view of IKE (Internet key exchange) research. |
| |
| Keywords: | virtual private network IP security internet key exchange |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
