The Research And Design Of Security Gateway Based On IPSec Protocol

The main subject of this paper is the design of Security Gateway that can set up a Virtual Private Network (VPN). The gateway adopts IPSec protocol as the security protocol of the network layer.IPSec protocol is composed of three parts: security protocol, Internet key exchange (IKE) and encryption. Firstly, the paper analyzes IPSec protocol architecture, and introduces each component function and their relationship. Authentication Header (AH) and Encapsulating Security Payload (ESP) protocol are two concrete parts of security protocol, and are research emphases in this paper. AH protocol provides data source authentication and integrality protection functions; ESP protocol provides encryption and optional authentication functions. Each or both of AH and ESP can be employed by users at the same time. IKE protocol is designed to configure encryption ways, authentication ways and keys of communication peers automatically. IPSec protocol defines so many encryption algorithms that the paper dose not analyze them one by one. In addition the paper researches into the policy parts that are not defined by protocol and discussed their tasks and functions.Because of complexity of IPSec protocol, it is hard to realize. This paper only realizes IPSec protocol functions, but not for business destination. Linux operation system is selected for IPSec protocol. They are integrated through revising Linux IP protocol stack based on Linux modularization programming ideas. This paper adopts two ways to describe the realization: one is the processing flow of data packets; the other is each packet-handling module. The key idea and technique are introduced manifestly through above ways. The paper also presents a way to optimize performance: IPSec anti-replay bi-directional sliding window protocol. This paper sets up a simple experimentation environment to verify the design and brings forward the main factors of affecting system performance. Finally, the paper summarizes the key technologies and development direction of IPSec protocol.