Implementation For IKEv2 In Linux

Posted on:2008-07-15

Degree:Master

Type:Thesis

Country:China

Candidate:J Y Liu

Full Text:PDF

GTID:2178360215472247

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

In the beginning, the designers of Internet take no account of the security problems. With the rapid development of Internet and network security issues are becoming increasingly prominent. To enhance network security, IETF (Internet Engineering Task Force) announced the IP security standards (IPsec) in November 1998. IPsec provides a standard, robust and inclusive mechanism. It can provide some security assurances for IP and upper protocol , such as authentication, confidentiality, and other key management, etc.IKE (Internet Key Exchange) is an important component of IPsec protocol, whose main function is to realize exchange and management of the IPsec. IKEv1 is a kind of mixed protocol composed of ISAKMP, Oakley and SKEME, with the higher demand for the performance, security, many content increased and as a result the whole protocol more and more complex, lack of consistency. Therefore, in October 2005 the IETF working group issued the second edition of IKE, IKEv2. IKEv2 simplifies the redundant function of IKEv1, enhances the security, integrate all the protocols in one document (RFC4306).At present, the study on IKEv2 in China is still in the preliminary theory stage, and the real realization is rarely. Therefore, this paper will focus on the aspects of design and realization of the IKEv2 protocol. This paper analyses IKEv2 deeply through comparing with IKEv1, including the composition of IKEv2 protocol, IKEv2 negotiation process, IKEv2 message format, IKEv2 key exchange and the security of the protocol. On the basis of study of IKEv2 protocol mechanisms and implemention technology, this paper presents a practical realization project of IKEv2, with reference of famous open source, openikev2, adopting object-oriented C++ programming language, and based on the Linux platform to achieve a safe IKEv2 system with basic functions and good expansion.The system consists of the following five subsystems: system management, network communication, message exchange, payload handling, Encryption Algorithm and kernel communication. It adopts the PF_KEYv2 socket for communication between IKE and the operating system kernel secure database. In this paper, the design concept and function of the various subsystems are described and their work processes are introduced. The test results show that exchange of the key can be completed and SA can be established.

Keywords/Search Tags:

IPsec, IKEv2, Security Association, payload

PDF Full Text Request

Related items

1	Ikev2 Implementation Technology. Ipsec System
2	Embedded Platform Based On The Ipsec Vpn Technology Research-the Ikev2 Implementation Technology
3	Research And Implementation Of VPN Based On IPSec
4	Research Of IKEv2 Based On Extensible Authentication Mechanism
5	Based Ipsec Vpn Network Security Technology Research And Realization
6	Improved Design Of IKE And The Framework Of Its Implementation
7	Study Of IPSec Technique And Its Implementation On The Router
8	The Study And Realization Of Vpn Based On The Protocol Of Ip Security On Linux Platform
9	The Study And Realization Of VPN Based On The Protocol Of IP Security On Linux Platform
10	Security Mechanism Research And Implementation Of IKEv2 Protocol