| VPN (Virtual Private Network) is such a kind of technic that a private network is built in the public network, thus the data can transmit in public network through secure densification channel. IPSec (IP Security) is currently one of the main protocols constructing VPN. SA(Security Association)must be established and an agreement should be reached on how to protect and exchange information and other public security settings before exchange data between two IPSec VPN computers.IKE (Internet Key Exchange) protocol is the major part of IPSec, responsible for the dynamic negotiation and managing SA. however, many disadvantages are still exist in IKE, which will cause many problems in its security , efficiency and accomplishment. Thus IKEv2 protocol and JFK(Just Fast Keying)protocol are brought forward as the substitute for IKE to simplify protocol and resolve the problems of IKE.From the view of practical and simple and convenient, JFK protocol is chosen as the research object of this thesis, which is safer , higher efficient and simpler than IKE protocol. However JFK itself has some defects such as it hasn't realized PFS(Perfect Forward Secrecy), and can not achieve complete non-state interaction etc. Based on the detail analysis of JFK protocol, the thesis proposes some improvement program to make JFK perfect while reserving its advantages. According to the analysis of JFK and consulting current popular IKE protocol accomplishment program, this thesis brings forth an improved JFK protocol accomplishment program, and introduces the main function and realization method of each part, and validates the validity of improvements and the feasibility of accomplishment program through the experiment. The last part of this thesis is the introduction of some expansion functions of JFK protocol, which are brought forth to meet various operation requirements in different environment. The basic principles and how to realize in JFK of the expansion functions are simply introduced in the thesis. |
PDF Full Text Request