| This thesis has made thorough research and analysis to the new dynamic key exchange mechanism IKEv2, and given out a detail scheme that introduces the PKI into IKEv2. Besides the original RSA algorithm, the PKI system has applied new ECC algorithm that features high security strength. The thesis has proposed to combine ECC, PKI to IKEv2 protocol, so as to improve and enhance the current IKEv2 protocol. Furthermore, this thesis has designed and implemented an enhanced IKEv2 prototype based on Linux kernel 2.6. Its specific research and implementation includes:Analyzing current IKEv1 protocol; summarizing its major disadvantages.Tracing the development of IKE-related protocols; studying the newest IKEv2, including its protocol specifications and interaction in negotiation; and also analyzing its advantages compared with IKEv1 in respect of elegance, security, reliability and functionalities, etc.Researching PKI techniques; applying cryptographic keys, certificates and authentication mechanism into IKEv2 to improve the security level of IKE and the VPN gateway's extensibility; giving out the specific integration design scheme.Exploring ECC and the advantages of applying ECC to current PKI; Implementing the authentication based on ECC certificates and ECDH key exchange, so as to further raise the security level and efficiency in IKEv2 negotiation.Testing the prototype with results that the prototype could work smoothly and its efficiency has been improved greatly, thus the superiority of IKEv2 and the validation of optimization based on ECC in IKEv2 are proved in practice. The prototype has got its initial design goal.The research of this thesis has sponsored by the natural science foundation of Jiangsu Province for the project"Research on High Strength VPN Security Gateway Techniques and Core System Based on PKI and ECC"(Project Number: BK2004039). |
PDF Full Text Request