The Research Of The VPN Security Mechanism Based On Mobile Agent

The revolution of modern networking necessitates many new security methods to protectour communications from intruders. The firewall technique is the method which people oftenused to prevent the users without authorizations from attacking our information. It caneffectively prevent intruders from visiting the local networks;filtrate the ill information andallow the local users to use the global resources without endangering the local network's data.In addition, people widely use the virtual private network technique to transmit privatedata on the safe side in the insecure network. The VPN makes use of insecure public networkas the transmission medium. It uses the encryption methods and the tunneling techniques toachieve the security which the private network does. The VPN technique also can save thecost;provide the long-distance interview;provide strong expansibility;manage easily and soon. It could be the mainstream of the enterprise network in the future.But both the two techniques have the shortage in security. So people combine the twotechniques to result in a virtual private network based on firewall which called FVPN. FVPNis safer. It can both protect the information's privacy and integrity and let the VPN have thefunction of the firewall. But in FVPN using an encryption method to protect the integrity andprivacy of data may prevent a firewall from inspecting incoming or outgoing data from thelocal network. Because according preconcerted security policy, the firewall should translatethe information into plaintext, and the firewall share the key with the encryption. That is tosay, in FVPN transmission, the encrypted information has been decrypted. It may result inbeing attacked and reduce the security. This dissertation's goal is to eliminate the conflicts. Inthis dissertation, we define a new approach named VPNAgent system to combining these twotechniques by handling a virtual private network through a firewall by a mobile agent. TheVPNAgent system also is a type of the distributed firewall.The mobile agent is a self-determination program. It can migrate from one computer toanother according its own will in the isomerous network, i.e. the program can choose the timeand the destination of the migration;it can append on any computer and migrate itself toanother computer and resume to execute. Because the mobile agent has so many strong pointssuch as self-determination and reducing the network traffic, today it has been used in manyfields. In this dissertation, the mobile agent will work at the end point of the VPN as adelegate of the firewall. It will inspect the information according the security police which ittakes and sign the legitimate information. When the information pass by the firewall, thefirewall will check the signature they carry and choose to pass or deny without decryption.In this dissertation, we lucubrate the security mechanisms of the virtual private networkbased on the firewall technique and the mobile agent. The main work and achievements areas follows:1) We lucubrate the security mechanisms of the virtual private network and the firewall;introduce the mobile agent into the VPN;ameliorate the existing security mechanisms of thevirtual private network and the firewall;make the top-secret information pass through thefirewall without decryption and thereby satisfy the users' desire for more secure of the VPN.2) We define the architecture of the VPN system base on the mobile agent which iscalled VPNAgent system and define each cell's function and work flow of the architecture indetail.3) We lucubrate the transport protocols and the encryption techniques of the networkand discuss the transport protocols and the encryption techniques which our system need use.In this dissertation, the protocols which VPNAgent system mainly use are:Identification verification and authentication protocol: one or more peers of thecommunication participants may need to verify the identity of the other prior tocommunicating. In this dissertation, we suppose every participant has its own X.509certificate generated by a trusty certification authority, which shows the user information,including its public key for authentication and keys exchange process. However, we can useother certifications.Keys exchange protocol: The VPN protocol uses symmetric and asymmetricalgorithms to exchange keys. The VPN protocol uses an asymmetric key exchangeinfrastructure for verification processes and initial keys exchange to derive session keys.Hash and signature algorithms: The encryption and decryption protocols are up tothe VPN network. The VPNAgent may use a digital signature algorithm to sign the packets.4) We model the system;design and carry out part of the VPNAgent system and analysethe performance and the security of the system.