| In order to make up the innate deficiency of the IPv4, VPN provides a kind of standard and robust security mechanism, and it can be used to provide security protection for IP and higher layer protocols. So far, it still has the flaw, the safe problem of Internet Key Exchange (IKE) already has become one of research hot spots.The current statement of network security is discussed, introduced the structure of IPSec, which can provide security service in network layer, IKE protocol is analyzed in detail, including the protocol framework, the process of negotiation, the format of IKE messages.In according to relating theory researches and analysises, the dissertation puts forward the suggestion of improvement for several kinds of attacks, which exist when IKE is put into practice. Designed a new scheme that adopts one kind of new Cookie to defend man-in-middle attack. In many occasions, the user uses a dynamic IP address, the dissertation improves pre-shared-key authentication to support dynamic IP. The dissertation describes the thoughts of the design and detailed approaches of corresponding modules and discusses its main flow charts. Finally it builds a simulation platform of VPN in the local area network environment. The results indicate that the scheme strengthening resisting the ability that man-in-middle attack and supporting dynamic IP address. |
PDF Full Text Request