| The design of IP protocol did not consider of the issues of security, which leads to huge amounts of security issues. For this situation, IPsec come into exist. IPsec encrypts and authenticates IP packets in the network layer in order to ensure the confidentiality and the integrity of the data.However, under the current network environment, communicating parties can not locate each other properly. At the same time, there's a large number of application on NAT and firewall devices. These make it difficult to establish IPsec links. In this regard, we proposed a SIP-based application-aware VPN communication system.In this system, we use HTTP-S/MIME two-way authentication mechanism using virtual key ring to resolve the authentication issue of SIP users. Then, we can get the IP address of a user by analyzing the SIP message in order to locate him/her. In addition, we can use SIP message assign the port number that IKE uses, and encapsulate ESP packets by using UDP, so that we can resolve the problem of NAT passthrough efficiently. The implementation of the system will make IPsec more flexibility and convenience. |
PDF Full Text Request