Ip Security Communication Scheme Based On Cpk

Computer network security, as a most important part of information security, has been attracting great attention all the time. With high development of network, security challenges are increasing dramatically. Nowadays people are accustomed to pay more attention to Internet and wireless network security while ignoring security problems to LAN. In fact, LAN has gained tremendous development in recent years as nearly all the enterprises have already set up their own local network. If the local network isn't protected, the sensitive data (financial reports, password etc) will probablely be intercepted and even be modified. The main reason about this is that LAN adopted TCP/IP protocol which has serious problems when it comes to security.This paper designs and implements an IP security communication scheme based on CPK. One side, it figured out how to trace the communication identity, the other side, it established the protection of data integrity, confidentiality, anti-replay and non-repudiation.The scheme proposed in the paper can largely help to enhance the security ability up to following standard [1]:1) Each node in the network can read only packets addressed to this node.2) Each node in the network can verify the source and integrity of packets.3) Each packet addressed to a particular node may be accepted only once.In order to follow the above rules, the system requires identity authentication and key exchange before communication. Tracing the source of the data packets can be reached by identity authentication and a session key produced by key exchange can be used to encrypt data and bring message authentication code aiming to guarantee data integrity and confidentiality. Checking serial numbers can make sure that data packets will be received only once while CPK signature ensures the non-repudiation.