Design And Implementation Of Security Protocol For Low Cost Network Appliance

With the development of embedded system and communication network, especially the development of IPv6, more and more applications for Low Cost Network Appliance (LCNA) appear. For the common security problem to network appliance and the characteristic of Low Cost Network Appliance (For example, the limited resource and the certain application bound to the device), some researches on the security functions appeared. The research based on IPSec/IKE is one of the branches.This thesis provides a simplification solution based on the feature of LCNA and IPSec/IKE and gives out the details of the implementation as well. First, this thesis introduces the concept and feature of LCNA and analysis the requirement on implementing the stack on LCNA. After the introduction of security requirement for LCNA, IPSec/IKE is introduced. The background and the pre-work of this thesis are introduced as well.Second, this thesis analysis each part of IPSec and provides the simplification solution. These part include AH and ESP, Transport and Tunnel Mode, etc. After the detailed simplification solution, the thesis gives out the implementation of IPSec, including the major data structure and the process of main function. Third, this thesis analysis IKE and provides the simplification solution. The main contents are about the simplification of Main Mode and Aggressive Mode, simplification of four types of authentication method for phase 1 negotiation, introduction of phase 2 negotiation, simplification of Perfect Forward Security (PFS), simplification of security parameters negotiation and New Group Mode. This thesis gives out the major data structure and the process of main functions as well.At last, this thesis compares the simplified solution and the traditional implementation in such field as security functions provided, capability to the entire protocol. This thesis compares the overhead of protocol processing with IPSec to the one without IPSec, so that the impact of IPSec can be evaluated. The thesis presents the size of the source code and the binary executable codes so that the result can be reference by other researches.