Font Size: a A A

Research And Implementation Of High Performance Virtual Private Network Based On Network Processor

Posted on:2004-01-21Degree:DoctorType:Dissertation
Country:ChinaCandidate:F ZhangFull Text:PDF
GTID:1118360122960154Subject:Computer Science and Technology
Abstract/Summary:PDF Full Text Request
The development of Internet application increases the connection demand, Internet has become the main media of information propagation, more and more focus has project on security and integrity of information transmission, authentication of information source. As development of Internet, the network device in the next generation is high process and easy program. And it can provide much new network function in the same soft architecture. And now the network processor is come on. As network processor become core hardware in the next generation network device. The research in this paper is security of network information transmission based-on network processor.The dissertation analyzes the security of TCP/IP protocol, on the basis of compare secure scheme characteristics in layer of network, transport and application. We give the tendency of this area and bring the point that the network layer security protocol is fit for the need of much way security transmission, it is also the main method to construct virtual private network.The IXP1200 network processor is analyzed in this paper. The IXP1200 is a integration data processor. It provide high performance process and it can fit for all kind of network communication occasion. The application of IXP1200 network processor includes much service exchange computer, routers, service provider/ integration platform of communication company and corporation edge; core system of much G bit router; Virtual Private Network,Firewall and Intrusion Detection Systems; VoIP gateway and web exchange device. The research of network processor in this paper is Virtual Private Network. Active compute element is adopted in this paper, and it can expand flexible new network service function.The dissertation analyzes the data flow of TCP/IP protocol stack, a software architecture is brought forward that is based on IXP1200 network processor. It is extended new services in the architecture. And it can not impact the original architecture. The data that is transported or received is processed by the architecture. The secure service in the secure module can protect security of packet in the transmission.IP security protocol is analyzed in the paper. IP security protocol is an opened standard frame that established by Internet Engineering Task Force. And transmission security is provided in the Internet. It is applied in IP layer, security protection andauthentication is used for IP packets. The AH protocol provides authentication for IP packets, and ESP protocol provides authentication and privacy for IP packets. It can provide security service that includes access control, integrality, authentication, replay attack protection, privacy and privacy of finite communication.Authentication of Internet key is an important measure to authenticate identity of user. The paper introduces an expanded and public key mechanism to construct hierarchical public key distributed architecture.Management of Internet key is a necessary condition to communicate security. The paper introduces Internet key exchange protocol to provide key management. And finite state machine is use for the procedure of Internet key exchange. It can provide compact model for network protocol by finite state machine. We provide a dynamically detecting method to verify the liveliness of opposite peer that can avoid the network congestion.Security policy, which defines the security association to protect the communication between two entities, is an important part of the IPSec. This paper proposes architecture for security policy system. It describes approaches for defining and representing security policy and security association. A novel method is proposed to overcome the difficulty of real-time refreshing security policy in traditional network framework by using the computing power of program. It has high scalability when VPN node joins virtual private network. When security policy in security policy server is modified, the modified security policy is deployed to VPN node securely and real-time, and it can...
Keywords/Search Tags:network security, IP security protocol, virtual private network, TCP/IP protocol stack, authentication protocol, Encapsulating Security Payload protocol, Internet key exchange protocol, finite state machine, liveliness, security policy system
PDF Full Text Request
Related items