IPSec Application And It's Performance Research Based On AES-CCM Mode

With the development of computer network, the safe problem in network increase serious. Comparing with other safe mechanism, the major advantage of the network layer's safe mechanism is transparency. When it offer safety service , it don't ask for the application layer do any change. For protecting the safety of IP datagram , IPSec is present the mainstream network layer's safe mechanism. It offer data confidentiality, integrity , data source identity certification and anti-replay protective etc. safe service for network layer and its upper protocol.Firstly, this paper introduces the architecture, realization and application analysis of IPSec, as well as introduces it's present research situation and progress. Application based on IPSec, the encryption algorithm' selecting directly effect systematic security. The traditional encryption algorithm's security intensity is scarcity, its key' length is too short to resist the attack of the differential cryptanalysis and linear analysis, and exist considerable serious safe trouble. Secondly, this paper analyse AES algorithm and the contrast performance of DES and think AES algorithm's advantage is very obvious. Finally, this paper also elaborates the CCM mode of AES algorithm in IPSec, and from security and efficiency carry out performance evaluation for it. Conclusion is AES-CCM mode in security and efficiency gets good balance and have good application prospectCCM mode is a kind of simultaneous offer encryption and certification service's mode, this is it's advantage comparing with other operating mode applying in IPSec. On the specific application of IPSec, security and efficiency is the key of project's success or failure. AES-CCM mode use counter mode application simple, systematic expense little, may raise the efficiency of encryption. AES algorithm is presented in allusion to differential cryptanalysis and linear analysis. Therefore, the security of AES algorithm in current stage have enough guarantee. Because security relies on encryption algorithm and don't rely on the operating mode of encryption algorithm, the operating mode of encryption algorithm don't harm the security of algorithm , the security of AES-CCM mode also have guarantee. So AES-CCM mode in IPSec must get extensive application. However, AES algorithm will coordinate according to actual application condition and the definition of IPSec, this paper also discusses the problem.Certainly, in actual application, IPSec can also bring some bad effects. For example, it can influence the other protocol. Because of data's encryption, so the traditional data link layer's compress technology will not receive any effect In addition because of IPSec is a end-to-end protocol, useing IPSec in broadcast's environment needs some skills, at the same time also have some problem that at present can not be solved properly, this show mainly broadcast source verification and key management. These problem are worthy of research and solution in security field.