The Research Of IPSec End-to-End Auto-configuration Scheme Based On IPv6

Posted on:2010-11-07

Degree:Master

Type:Thesis

Country:China

Candidate:S Ning

Full Text:PDF

GTID:2178360275480512

Subject:Communication and Information System

Abstract/Summary:

PDF Full Text Request

Security services to establish secure channels between end hosts can be implemented in each layer of the Internet architecture, e.g., application layer, transport layer such as SSL/TLS, and IP layer such as IPSec. Among them, IPSec is best suited to provide security services for end to end hosts. The reason is that IPSec is like a peer-to-peer model, not a server-client model, and all IP applications can use IPSec to protect their communications. On the other hand, IPSec is mandatory for IPv6 to fully support security services, so IPSec will be greatly used in the network based on IPv6.IKE is the automatic key exchang protocol of IPSec and there are many parameters that need to be configured for IPSec/IKE in advance for setting up secure channels between end hosts. In addition, IPSec/IKE requires per host configuration to establish end-to-end secure channels, and almost current implementations of IPSec /IKE require manual configuration for users. These make the IPSec /IKE configuration of the host more complex and limit the applications in practice.Though solutions of auto-configuration for end-to-end secure channels have been proposed, these solutions have their disadvantages respectively. As a result, state management costs are incerased to the system. Therefore, it is a great need to provide a solution that not only realize automatic configuration for end-to-end secure channels but also reduce system cost of network environments.Based on the research of existing proposals, the thesis provides an improved auto-configuration method for end-to-end secure channels in mobile IPv6 network with a less state management cost. It not only realized auto-configuration for end-to-end secure channels, but had some new features. One characteristic is that it implemented state management by multicastHence it has less advertisement messages during all the peers. Another characteristic is that it optimized the way of getting the on-line member list. The acquisition of the list is drive on demand. By use of the two technologies, it improved the volume of advertisement messages in mobile IPv6 network. Finally, the less state management cost of the new proposal is verified by simulation and comparision with the existing solution.

Keywords/Search Tags:

IPSec, end-to-end, auto-configuration, state management, multicast, On-demand

PDF Full Text Request

Related items

1	Multicast-based Secure Communications Technology Research
2	The Improvement And Implementation Of IPSec Multicast Key Management Protocol (GDOI)
3	The Research And Implementation Of Group Security Association Management Protocol Of Multiple-Source Multicast Based On IPSec
4	Design And Implementation Of Ipsec-based Vpn Gateway
5	Design And Implement Of Gateway Auto Configuration And Traffic Detecting In Universal Identifier Network
6	Study Of Virtual Private Network Based On IPSec
7	Design And Implementation Of State Cryptography IPsec VPN Server Software Based On Openswan
8	Research Of Auto-Configuration And Management In Terminal
9	Design And Implementation Of IKE Protocol And Research Of Key Management For Multicast
10	Design And Implement On Network Address Auto-configuration System