| With the tightly cooperation of embedded system and network, ensuring the communication security of important data among embedded systems has become an important searching orientation in embedded field. IPSec is nearly the best network security projects for its ability to provide security services for IP network and prevent many network attacks which disturbs people endlessly.Based on deep analysis on the features of network security and research on IPSec protocol, the thesis proposes the security structure, mode and application method of embedded network. The system is designed with the Freescale's 32bit ColdFire processor MCF52233 as MCU, and the ColdFire_TCP/IP_Lite which is the free TCP/IP protocol stack of Freescale as software platform. The ColdFire_TCP/IP_Lite includes a very nice Real Time Operation System (RTOS) NicheTask. The IPSec embedding method is used to realize the IPSec stack on the embedded system. The design and implementation of Authentication Header (AH), Encapsulation Security Payload (ESP), Security Association (SA) and Security Policy (SP) are described in the specific modules. HMAC-MD5 and HMAC-SHA1 are used in AH protocol to provide packet's integrity, data source authentication and anti-reply services. The IP packets and padding context are encrypted by ESP protocol through key algorithms to protect data and ensure the limited data stream. ESP also provides the authentication services just as the AH protocol. SA includes the authentication and encrypt key and the algorithms, and provides two safe association of mutual communication between two ends. All the protocols above can provide many different security services for the data.The IPSec protocol and embedded system realized in this thesis have characteristics of less cost and bulk, high transports speed and is easy to use. They can be used widely in many fields such as teledata collection, industry control and so on. |
PDF Full Text Request