Implementation And Research Of Secure Transmission In Linux Based On IPSec

Along with the rapid development of the Internet, more and more corporations enter the Internet. The dependent of people for the Internet becomes better. At the same time, the requirement of Internet-security becomes stronger more and more. But the Internet protocol based on TCP/IP is only considered connection, opening and compatibility without security at the design phase. So the IP datagram is probably forged or juggled in transmission, the integrity, confidentiality and authenticity of the information are not assuring. The establishment of IPSec (IP Security) protocol offers security indemnificatory for unsecured IP network.IP Security Protocol (IPSec) is the standard security IP protocols defined by the Internet Engineering Task Force (IETF), and it provides cryptographically-based security and interoperation at network layer. It can be used in IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, rejection of replayed packets, confidentiality (encryption) and limited traffic flow confidentiality. EPSec uses two protocols to provide traffic security 桝uthentication Header (AH) and Encapsulating Security Payload (ESP). Both AH and ESP are vehicles for access control, based on the distribution of cryptographic keys and the management of traffic flows relative to these security protocols.At the begin of the dissertation, we analysed the familiar network attacked means in TCP/IP-protocols, discussed some measures used to provide security services for Internet, put forward the IPSec protocol which can radically settle network security problems. After that, this dissertation focus on deep research on IPSec protocol system architecture: the transport mode and tunnel mode of IPSec security association relative to IPSec's implement and Internet Key Exchange Protocol and so on. On this base, we discussed the means based on IPSec protocol used to provide security services on network access at IP layer. These means include peer to peer secure network access, gateway to gateway secure network access and peer to gateway secure network access.According to this, we take advantage of IPSec to design and construct an example of a secure transmission in peer to peer at IP layer, and successfully implemented it in the FreeBSD operation system whose kernel is open. In the end, we tested the security mechanism of IPSec that has been implemented by data monitoring and FTP network service, tested result testified the IPSec model implemented can offer the integrity, confidentiality and authenticity of data transmission at IP layer, solved the network attacked problems that IP datagram is forged, juggled or wiretapping in transmission, advanced security in network transport.