Reserch On Security Key Technology Of SSL VPN

With the rapid development of internet and communication technology, VPN (Virtual Private Network) technology is developing rapidly; their application in the network has also been expanding, and emerging new technical requirements constantly. SSL VPN (Security Socket Layer Virtual Private Network), as a new type of remote access technology of the network application layer, has many advantages due to its mature SSL-based protocol. It meets the needs of many users, and has been applied in the corporations increasingly in recent years.SSL VPN, as a new network security technology, is in a continuous application and improvement stage. Inevitably it has some defects and deficiencies which need to be improved in practical applications, such as system performance and endpoint security gaps. Therefore, there is important practical significance to study SSL VPN.According to the network security research projects that I participated in the Hangzhou Huawei Symantec Corporation, from improving the SSL protocol, this paper puts forward an improved scheme of SSL VPN, and implements the related key technologies. This paper's work is as follows:1. Introduce the concept of VPN and SSL VPN, describe the four key technologies of SSL VPN in detail, and focus on the analysis of SSL VPN security, mainly to discuss its shortcomings, and make needed improvements and analysis.2. I emphasize on the SSL protocol, and analyze the advantages and disadvantages of SSL, including its deficiencies of safety performance; I note why it needs to be improved. Then I give a few improved program, including PKI-based SSL protocol, the SSL protocol based on deal passward, the SSL based on access control, and the SSL based on elliptic curve cryptography (ECC) algorithm; Through comprehensive and comparative analysis on these improved SSLs, ultimately I make use of SSL improvement program which combined PKI technology and ECC encryption algorithm, to enhance security and speed of the encryption and decryption.3. I make an optimized design for VPN system with improved SSL, including SSL VPN client and SSL VPN server design.The client also adopts the virtual card technology, and uses free and open source OpenSSL library as SSL module's prototype; server-side focus on analyzing the authentication system's design.4. Introduce Open VPN and OpenSSL development libraries and technology, then give several concrete implementation of the main modules, including the handshake processing module, record processing module, the virtual network adapter module, port forwarding module, and finally the performance of optimized system is tested and analyzed.