| IP Security Protocol is a newly suite of security protocols for Internet. It provides a set of security services for traffic at the IP layer, in both the IPv4 and IPv6 environments. IPSec protocols can be divided into seven groups. In this paper we introduce a main architecture broadly covering the general concepts, security requirements, definitions, and mechanisms defining IPSec technology. IPSec uses two protocols to provide traffic security services — Authentication Header (AH) and Encapsulating Security Payload (ESP). Because most of the security services provided by IPSec require the use of cryptographic keys, IPSec relies on a separate set of mechanisms for putting these keys in place. It requires support for both manual and automated distribution of keys. A specific public-key based approach — IKE is specified for automated key management. By use of Netfilter mechanism, we have added the IPSec processing module into the old IP protocol stack, then effectively realized the IPSec protocol. We do research for the use and realization of DPD (Dead Peer Detection). In order to ensure delete messages' arrival to a certainty, we put forward a method of assuring and resending delete message and give its realization. Since the problem of detecting the non-synchronization of IPSec SA between the security gateways is yet not solved by DPD now, we put forward a method to resolve this problem. The method is to exchange SPIs of IPSec SAs between the security gateways by set these data over DPD packet and then use these data to synchronize the IPSec SAs of the security gateways. At last, according to networks in practice, we discuss the alternation of dead peer detecting.
|
PDF Full Text Request