Font Size: a A A

Design And Implementation Of Dynamic Configuring VPN Based On IPv6-CIPE

Posted on:2010-08-31Degree:MasterType:Thesis
Country:ChinaCandidate:Z J ZhaoFull Text:PDF
GTID:2178360272495786Subject:Computer application technology
Abstract/Summary:
With the fast development of motor vehicle industry and people's ideas on consumptionchanging day by day, electronic products fixed on motor vehicles have been the hot spot inmarket. At present, the cost of them takes up 20%~30% in the whole cost of a car, and itmay increases to 50% in future. In particular, the guidance system of cars which canprovide essential information and the best route every time will begin to be the new hotspot of car consumption.Even cars contain electronic products and guidance system,they can not be protectedfrom dangerous absolutely. Besides, drivers themselves and the connection among driversneed instant and general security system in monitoring; consequently, the trend of car innetwork will be necessary, and it brings forth the combination of car monitoring system andnavigation system. In order to do monitoring, we should establish smooth and reliablenetwork connection, by which the vehicle gateway sends messages to internet acrosswireless modules CDMA,GSM,and GPRS, and then the data packet is forwarded to theserver or monitoring center by internet. This kind of system has been used in a number ofmajor corporations, but their work is limited to transmit data in IPv4 network..The limition of IPv4 have been exposed as the rapid and drastic development and theexpanding of scale, and the vital one is that the resources of IP addresses are shortage.Some experts predict that all of the IP addresses will be distributed in 5 or 10 years on thedeveloping speed of internet presently. Some measures have been taken to make good useof IPv4 address, such as Classless InterDomain Routing and Network Address Translation,but they are not able to solve the problems radically.IPv6 can overcome the disadvantage of IPv4 successfully with its 128 digital addressroom; what's more, IPv6 adopts plenty of technologies such as Classification addressmode,High-performance IP header,QoS, DHCP,authentication and encryption etc. If IPv6can be applied to the vehicle gateways, the automotive industry can obtain a valuabledeveloping opportunity. This paper explains the process that the data is transmitted safelyand reliably between vehicle gateways and a server based on Hybrid Network IPv4-IPv6.Nowadays, the official CIPE module can run only in IPv4 network but not at all in IPv6.To breakthrough the limitation, this paper studies the characteristic of CIPE and the methodof transmission of UDP message based on IPv6, and produces the encryption andencapsulation model of IP6-in-IP6 by the standard kernel encapsulated model of IP-in-IP.This model is made up of two parts: a. kernel moduleThis paper researches the mechanism of UDP binding between a device and a socket. Ithas to bind the sock struct which manages to send or receive data packets if they want to inthe customize format. What they should do is to redefine and to load send function andreceive function. When the work has been finished, the kernel will deal with data packetsaccording to the module of receiving and sending.In receiver module, the type of data should be judged at first, because different typesneed different ways to be dealed with. Generally, there are data-forward packet type, keyinteractive packet type and control packet type. Control packet type needn't decrypt and itcan be transmitted to application layer directly with some slight modifications; otherwise itshould be decrypted and the type of the decrypted- packet should be judged. If thedecrypted- packet is a data one , IPv6 header and UDP header on it should be removedbefore it is sent back to protocol stack, or it should be processed in the way of receivingmessage.In send module, there are two parts: the interaction of sending new keys and forwardingdata packets by device. CIPE device can't recognize a packet unless the interactive key isused on the condition that point-to-point link between CIPEs is established and data willnegotiate the key. Sending new interactive key means sending the negotiated information;while forwarding data packet by device means forword the data packet sent by distancehost to CIPE device across route mechanisms ,and it is indicated that CIPE processes thepacket through the send function hard_start_xmit. Both the two modules will encrypt andencapsulate data packets, and what the difference between them is that when deviceforward data packets it will form a new IPv6 header and UDP header which processes theencrypted data packet as a payload data and sends it to protocol stack.b. The deamonA deamon is mainly in charge of uploading devices and negotiating interactive key.When uploading devices, the main task is to set necessary argument information, and makethe information transmitted to kernel layer by I/O.The kernel module can manageinformation in itself after registering the struct cipe.The negotiation of the interactive keymainly coordinate two keys of different CIPE device.In the whole program system, data has to across two public network systems: IPv4 andIPv6. We have to encrypt data before it enters into IPv4 and decrypt it before quitting thenetwork. In that case,we can transmit the data packet safely and reliably in the two networksystems. So do it in IPv6 network.This means we have to encrypt and decrypt data twiceevery time. Proxy can simplify the process ,because it is a station of forwarding datapackets between two different CIPEs, and it ignores the part of data which is encrypted, butonly analysis the protocol header.Apart from that, in order to adapt the condition that the proxy supports the situation thatone server connect to many vehicle gateways, each vehicle gateway needs a CIPE module, i.e. one CIPE6 to many CIPE, but at first the proxy should support port mapped mechanism;Besides, the proxy have to match the maps of sending and requesting come fromneighbors,in that case,it can be an undivided unit constituted of CIPE6,proxy,and manyvehicle gateways.Finally, to improve the effect of the proxy transmitting data and ensure the safety, we addfirewall policy in it. The firewall joint the I/O port of character device, and it carries out thepolicy that set firewall dynamically using configuration files.In view of the requirement of our program, this paper researches and exploits aone-to-many VPN model with dynamic configuration based on a complex network ofIPv4-IPv6 under the network technology,hardware technology and software technology atpresent. It has been applied to the program of vehicle gateway security and it goes well. Inaddition, we can enrich this model by personal safe policy, and do protocol conversion ofIPv4-IPv6 in complex network. This model is not only easy to be used but also helpful toimprove the security ability of network, especially in the transition stage of IPv4 andIPv6,which helps the VPN of complex network of IPv4 and IPv6 to be put into practice.
Keywords/Search Tags:IPv6, CIPE, VPN, Vehicle Gateway, Proxy
Related items