The Study Of Security Mechanism Based On IP

The increasingly popularization of Internet brings great changes to the manners of people's living and working. As people enjoy the convenience bring by network technology, security issues also come into consideration. Network security also becomes one of the research hotspots in the computer domanial.People have designed manifold security mechanism according to diverse requirements. For example, socks protocol server, manifold types firewalls. At the same time security mechanisms correlated to application also appeared, i.e. are security e-mail(S/MIME, PGP), kerberos, ssl. These security mechanisms are implemented on the diverse protocol layers and have corresponding characteristics. Commonly speaking, security services on the higher layer protect applications, security services on the lower level layer protect communication medium. But the Internet communication is manifold diverse application combinations communicating on diverse mediums. That is to say, when users security requirement spans protocol layers, how to offer a universal security mechanism on Internet becomes a problem to solve.The core of the Internet is TCP/IP protocols and is based on unreliable datagram communication. In the layered model of communication protocols, IP layer is the lowest layer of likely realizing end-end security commnucation. The security mechanism based on the IP layer can offer security services to all applications and is the only security mechanism that can offer universal sercurity services. In this paper we research the security mechanism based on the IP layer-IPSec protocol.IPsec is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, protection against replays, confidentiality, and limited traffic flow confidentiality. These services are provided at the IP layer, offering protection for IP and/or upper layer protocols.In this paper we study the security mechanism based on IP, Because IPSec protocol is asecurity mechanism based on cryptograph, we discussed cyptograhical algorithm firstly, then we analyze the cryptographical modes in the enviroment of IP communications. We also research AES algorithm and it's application in IPSec protocol. Finally we bring forward a implement model of IPSec protocol base on the Linux system and analyze the main algorithms. The main reseach works we do as follows:(1) Cryptograph is the effective and the only technicle to ensure data confidentiality. In this paper we expended the basic concept and class of encrpytion techniques.. Finally we analized the AES algorithm and its application in IPSec protocol.(2) Because the communication of IP datagram has charaisteristics of itself, we analized the influence that IP datagram communication does on encryption modes,and put forward some design rules.(3) We analized the implement mechanism of IPSec protocol in the fourth chapter, then we put forward a implement model of IPSec protocol and made a detailed description of implement algorithm.