| IPSec is a kind of IP Security Standard presented by IETF in November 1999. It can provide security service for transportation applications on IP layer. IKE(Internet Key Exchange Protocol) is the automatic key exchange and management protocol for IPSec.The thesis first studies the Security Architecture and the relations between IKE and the other parts of IPSec. IPSec supports high-intensity safe handling on the IP layer, including services of access control, unlink integrity, data source authentication, anti-replay protection, confidentiality and the safety of limited transmission. Due to the above characteristics, IPSec is widely used to achieve point-to-point security, Virtual Private Network and security tunnel.The thesis then deeply analyses IKE protocol. IKE is the automatic key exchange and management protocol for IPSec. IKE security is the base of the IPSec security. IKE is a mixed protocol composed of the framework of ISAKMP, the exchange patten of Oakley and the key sharing technology of SKEME. The thesis mainly analyses the composition of IKE, the exchange stage, the exchange model and authentication mode. Then it explains the process of how IKE creates the security alliance SA, and how IKE produces the encryption and authentication information.The thesis also analyzes the specific application of IKE based on Linux, the Openswan software. On a deep analysis of the structure and working principle of Openswan, we realized Linux-based Openswan configuration for net-to-net mode, roadwarrior mode and security gateway server. We separately used RSA signature and X.509 certificate to set up a VPN channel. It has been used in teaching practice. Based on this channel, it can provide security for network IP transmission.Finally, the paper analyzes the security problem in IKE, and provides two solution schemes pointed to two kinds of IKE security problems. |
PDF Full Text Request